Podcasts about uk bribery act

Bribery and corruption remain major risks for businesses worldwide, with enforcement agencies ramping up scrutiny and penalties for non-compliance. Without strong anti-bribery policies, companies face financial, legal, and reputational fallout. One of the most effective (yet often overlooked) ways to mitigate bribery risks? A robust gifts and hospitality reporting framework. In this episode, we'll explore how businesses can enhance transparency and accountability to protect themselves from bribery risks. From real-world case studies of bribery scandals to practical compliance strategies, our experts break down the essentials of an effective anti-bribery programme. Key topics include: Bribery legislation 101: Understanding the UK Bribery Act, the Foreign Corrupt Practices Act (FCPA), and global enforcement trends. Identifying bribery risks: The industries, transactions, and scenarios where businesses are most vulnerable. The power of transparency: Why a well-structured gifts and hospitality policy can help prevent bribery before it starts. Lessons from major bribery cases: What businesses can learn from high-profile enforcement actions. Building a strong anti-bribery framework: Essential steps for compliance, from risk assessments to employee training. Bribery can be hard to prove—but that's exactly why prevention is key. Tune in for expert insights on safeguarding your business and ensuring compliance in an increasingly regulated world!

India's complex regulatory landscape presents significant challenges for businesses navigating anti-bribery enforcement, compliance frameworks, and evolving data privacy concerns. With shifts in global regulatory priorities — such as changes in US FCPA enforcement and the growing influence of the UK Bribery Act — companies must stay proactive in risk management. As technology, including AI and machine learning, reshapes investigations, organisations need robust compliance programmes to mitigate fraud, money laundering, and corruption risks in an evolving enforcement environment.  Join host Brian Mich as he speaks with forensic expert Sushmit Bhattacharya about the intricacies of compliance and investigations in India. They discuss the impact of shifting global anti-corruption policies, the role of AI in forensic analysis, and how businesses can strengthen governance in the face of increasing regulatory scrutiny. From navigating FCPA and UK Bribery Act enforcement to handling emerging risks in data collection and privacy, this episode offers valuable insights for legal and compliance professionals operating in India.  Find out more.

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. This episode delves into the UK's Failure to Prevent Fraud guidance. The podcast spans the initial implications and conflicts these new provisions present, especially in the context of GDPR and compliance with bribery investigations. Jonathan explains the concept of ‘failure to prevent fraud,' drawing parallels with the 2010 UK Bribery Act, and outlines six key principles organizations must adhere to to demonstrate compliance. Additionally, the episode delves into specific steps compliance professionals should take before the new provisions come into force by July 2025, including gap analysis, policy updating, training, and more. Key takeaways: Failure to Prevent Bribery and Fraud New Legislation and Its Implications Reasonable Procedures Under the Failure to Prevent Fraud Act Comparing Fraud and Bribery Compliance Steps for Compliance Professionals Resources: Connect with Tom Fox LinkedIn Connect with Jonathan Armstrong Twitter LinkedIn PunterSouthall Learn more about your ad choices. Visit megaphone.fm/adchoices

This special collaboration between the HSF Sydney and London offices explores the experiences of those who have been dealing for the last 13 years with the failure to prevent bribery offence under section 7 of the UK Bribery Act 2010. Join Kate Meakin (Partner, HSF London), Christine Wong (Partner, HSF Sydney) and Dan Hyde (Senior Associate, Sydney) who offer helpful, timely and thoughtful guidance for those preparing for the 8 September commencement of the similar new Australian corporate offence of failing to prevent bribery of a foreign public official.

On the docket today, we embark on a crucial exploration into the intricacies of international business law with a focus on anti-corruption measures. In this episode, we delve into the landscape of anti-corruption laws, dissecting key regulations like the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. We navigate the extraterritorial reach of these laws and their profound impact on global business transactions. Venturing further, we unravel the implications for international businesses, shedding light on potential legal consequences and penalties for non-compliance. Our journey takes a deep dive into the FCPA, dissecting its provisions, enforcement mechanisms, and recent developments, offering practical insights for businesses to ensure compliance. We also scrutinize the necessity of robust corporate compliance programs, emphasizing the role of Legal English in drafting effective policies. Real-world case studies bring these concepts to life, extracting lessons and best practices. Additionally, we address the cultural nuances of compliance and explore the crucial role of due diligence in preventing corruption in business transactions. As we navigate these intricate waters, our mission is to empower legal professionals with the knowledge needed to ensure global compliance with anti-corruption laws.For the show notes for this episode, go here. Comment below the show notes if you have any questions about this episode.For more about this podcast, go here. For ways to improve your Legal English, go here.For the Intro To Legal English Course, go here. This is a free course!Have you watched our YouTube Channel? Go here.Willing to support the show? Buy Me a Coffee.---Discover Our Writing Journal - Unlock the power of effective Business English writing with our new book: 4 Business English Writing Journal: 365 Daily Prompts for Global ProfessionalsElevate your communication skills as a global professional with 365 daily prompts tailored to enhance your language proficiency. Join us on a transformative journey towards mastering Business English.To read more about or to purchase, go to the Amazon page here or read more Here.---Check out our website: 4 Business-EnglishImprove Your Communication SkillsIn the modern business world, communication is key to success. Often, communication is conducted in English. Whether you are dealing with native-English speakers, or English as a Second Language speakers, you need to communicate effectively in the lingua franca of the 21st Century: English. There are many common business terms that you need to understand, and some you need to master. Often, academic English courses do not teach these business phrases or lexicon. That is where 4 Business English can help.This site is designed with business professionals in mind. People who need to improve their professional English skills - reading, writing, conversational, or even public speaking and giving formal presentations. Support the show

ChatGPT and other generative AI tools have caused a sensation in the marketplace. Some are heralding AI as the best innovation to come along since the internet, while others are fearful of its unforeseen, large-scale impact. For the E&C practitioner, what are the major risks and mitigation strategies that need to be in place? On this episode of LRN's Principled Podcast, host Susan Divers explores the current and evolving risk landscape surrounding ChatGPT and generative AI with Jonathan Armstrong, a partner at the legal compliance firm Cordery.  For a full transcript of this podcast, visit the episode page at LRN.com.   Guest: Jonathan Armstrong Jonathan Armstrong is an experienced lawyer based in London with a concentration on compliance and technology. His practice includes advising multinational companies and their counsel on risk and compliance across Europe. Cordery gives legal and compliance advice to household name corporations on prevention, training, and cure—including internal investigations and dealing with regulatory authorities. Jonathan has handled legal matters in more than 60 countries involving cybersecurity and ransomware, investigations of various shapes and sizes, bribery and corruption, corporate governance, ethics code implementation, reputation, supply chain, ESG, and global privacy policies. Jonathan has been particularly active in advising multi-national corporations on their response to the UK Bribery Act 2010 and its inter-relationship with the US Foreign Corrupt Practices Act (FCPA).   Jonathan qualified as a lawyer in the UK in 1991 and has focused on technology and risk and governance matters for more than 20 years. He is regarded as a leading expert in compliance matters. Jonathan has been selected as one of the Thomson Reuters stand-out lawyers for 2023 —an honor bestowed on him every year since the survey began. In April 2017, Thomson Reuters listed Jonathan as the 6th most influential figure in risk, compliance and fintech in the UK. In 2016 Jonathan was ranked as the 14th most influential figure in data security worldwide by Onalytica.  In 2019 Jonathan was the recipient of a Security Serious Unsung Heroes Award for his work in Information Security. Jonathan is listed as a Super Lawyer and has been listed in Legal Experts from 2002 to date.    In July 2023 Jonathan was appointed to the New York State Bar Association Presidential Task Force on Artificial Intelligence. Jonathan sits on the Task Force with leading practitioners, regulators, judges and academics to develop frameworks for the use and control of AI in the legal system.  Guest: Susan Divers Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years' accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance. Prior to joining LRN, Mrs. Divers served as AECOM's Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM's ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers' thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company's ethics and compliance program. Mrs. Divers' background includes more than thirty years' experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative. Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008.

By Adam Turteltaub For organizations working to avoid corruption it can be a lonely fight. While a sales or compliance team may know that there are many others out there who would not pay a bribe, when facing a corrupt demand, they tend to be on their own. The maritime industry, though, has taken a major step to change the dynamic. In this extended, in-depth podcast, Cecilia Muller Torbrand, Chief Executive Officer at Maritime Anti-Corruption Network (MACN), explains how they pursued a collective action approach that now includes about 200 companies. The maritime industry is very exposed to corruption risk. A given ship can touch many jurisdictions over a short period of time. Captains are often very far from their headquarters and encounter multiple government touch points when approaching a port. The corruption they face varies dramatically, but it is frequently manifested with requests for facilitation payments: some token of appreciation. The challenge is a legal one since facilitation payments are prohibited under the UK Bribery Act. It is also a practical one, when the appreciation turns into a demand and expectation. When a captain turns down the request, it can lead to a host of problems, ranging from confiscated passports to endless, time consuming inspections. To help fight this problem MACN began about 10 years ago with just 8-10 companies. It has since grown to around 200. The companies recognized they could not fight the problem alone and had to work together. Success has been driven by a focus on solutions rather than finger pointing. They also, when possible, seek to bring in the local government. Armed with a database of over 50,000 incidents of corrupt demands they are able to use data, rather than anecdotes, to advocate for change and demonstrate how systemic the issue is. The results have been substantial, and over time the MACN logo on a ship has come to mean a great deal in countries where they are active. It actively helps dissuade bribe seeking. MACN has also created a Global Port Integrity Program (GPIP). It leverages the data collected on corruption incidents to provide members with a port-by-port look at corruption risk, enabling better preparation. Secondly GPIP has enabled them to provide a level of transparency not before seen that can help ports understand how they need to improve. All these efforts have led to remarkable results with measured improvements on the ground. Listen in to learn more about what MACN has done, and, perhaps, use it as a model for your industry.

Corporate boards are feeling more pressure than ever from a variety of stakeholders—government prosecutors and regulators, institutional investors, corporate activists, consumers, and others seeking responsible change in an ever-changing global economy. As the concept of both corporate and individual accountability continues to expand, how can boards adapt their approach to governance and oversight to meet these increasingly complex expectations? In this episode of LRN's Principled Podcast, host Susan Divers is joined by Michael Volkov, the CEO of the Volkov Law Group and author of the recent white paper “Directors Dancing on the Head of a Pin: Corporate Boards Face Escalating Risks and Enforcement Challenges.” Listen in as they discuss the global challenges corporate boards are facing in 2023, and the steps they can take to meet regulatory pressures.    Guest: Michael Volkov Michael Volkov specializes in ethics and compliance, white collar defense, government investigations, and internal investigations. Michael devotes a significant portion of his practice to anti-corruption, sanctions, trade, antitrust, and AML compliance and defense. He regularly assists clients on FCPA, UK Bribery Act, AML, OFAC, Export-Import, Securities Fraud, and other issues.  Michael has extensive trial experience and has developed a problem-solving approach to serve client needs. He has extensive contacts in the federal government and on Capitol Hill. Given his broad government experience, he represents clients in federal and state court, before the Justice Department and other federal agencies, and on Capitol Hill.   Prior to launching his own law firm, Mr. Volkov was a partner at LeClairRyan (2012-2013); Mayer Brown (2010-2012), Dickinson Wright (2008-2010); Deputy Assistant Attorney General in the Department of Justice (2008); Chief Counsel, Subcommittee on Crime, Terrorism and Homeland Security, House Judiciary Committee (2005-2008); and Counsel, Senate Judiciary Committee (2003-2005); Assistant US Attorney, United States Attorney's Office for the District of Columbia (1989-2005); and a Trial Attorney, Antitrust Division, United States Department of Justice (1985-1989).  Mr. Volkov resides in Washington, D.C., San Diego, California, and Marsala, Italy, with his wife and six children. He and his wife enjoy traveling, the arts, and philanthropic activities. Mr. Volkov is an avid tennis player.    Host: Susan Divers Susan Divers is the director of thought leadership and best practices with LRN Corporation. She brings 30+ years' accomplishments and experience in the ethics and compliance arena to LRN clients and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance, and sharing substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance. Prior to joining LRN, Mrs. Divers served as AECOM's Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM's ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers' thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company's ethics and compliance program. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.  Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics.   For a transcript of this podcast, please visit the episode page at LRN.com.

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent ABB Foreign Corrupt Practices Act resolution. Jonathan considers the ABB enforcement action from the UK perspective and opines how a UK judge might consider the company's recidivism differently than the DOJ did. He rants about ongoing tech scams.   Some of the highlights  include:  1.     What were the facts? 2.     How would UK court's view recidivist behavior under the UK Bribery Act? 3.     Where was the SFO? 4.     What is the status of the investigation in Germany? Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, we speak with Wilson Ang, a dispute resolution lawyer at Norton Rose Fulbright Singapore and head of the Asia regulatory compliance and investigations practice, as well as Jeremy Lua, a dispute resolution lawyer at Norton Rose Fulbright Singapore focusing on regulatory investigations and compliance.Wilson focuses on strategic governance issues, including conducting internal investigations on business ethics and anti-corruption matters, often involving the US Foreign Corrupt Practices Act, the UK Bribery Act, and the Singapore Prevention of Corruption Act. Wilson has extensive experience designing and implementing compliance programs, conducting integrity due diligence reviews and handling complex and sensitive issues involving bribery, fraud, sanctions, money laundering/terrorist financing, cyber-security attacks, data breach incidents, competition law and financial services regulatory violations in Asia and beyond. Wilson's practice also involves ESG issues like modern slavery and business human rights due diligence, health and safety matters, environmental regulatory disclosures and corporate governance. Jeremy is experienced in a broad range of complex regulatory investigations and compliance matters, focusing on data protection, cybersecurity and technology matters, often assisting clients in navigating crisis situations, such as responding to data breach and cybersecurity incidents. He has also represented and advised clients on investigations initiated by the Personal Data Protection Commission of Singapore (PDPC). Jeremy's practice includes matters involving anti-bribery and corruption, anti-money laundering, sanctions, export controls and financial fraud, as well as ESG issues like modern slavery and business human rights due diligence. Before joining Norton Rose Fulbright, Jeremy was a Deputy Public Prosecutor at the Attorney-General's Chambers of Singapore, with a focus on technology crime. In this podcast, Wilson and Jeremy share the latest updates in cybersecurity and data protection regulations across the Asia region, and the legal considerations that organisations need to keep in mind when developing cybersecurity and data protection measures.The ongoing digital transformation has increased the available surface areas for threat actors to exploit, including human processes. Wilson shares an example of how Norton Rose Fulbright advised an international bank in its efforts to recover almost half a million dollars from a sophisticated attack by a threat actor, which conducted a lot of reconnaissance work to succeed with its attack. The ongoing Razer vs Capgemini case has also put a spotlight on third-party risk in the data privacy context. Wilson provides a broad perspective on third-party IT supplier risk management, noting that “digital supply chains can be a point of weakness for the organisation. The chain reaction from a single attack on one supplier can compromise the whole network of organisations downstream”. He cautions that, however, “trying to obtain recourse is not straightforward.”Jeremy expands on this issue, providing an overview of the breach notification obligations, including expected timeframes and considerations around the risk of harm. He advises organisations not to “jump the gun”, and instead focus on securing a reasonable level of confidence in the facts of the matter, before taking the next step. On the prevalent threat of ransomware and the rise of the ransomware-as-a-service model, they urge organisations to take note of sanctions requirements surrounding ransomware payments—especially for those operating in multi-markets—to avoid triggering further legal issues.Wilson and Jeremy wrap up the podcast by sharing some of the emerging cybersecurity and data protection regulations that they are tracking in the region. These include the Chinese Personal Information Protection Law and Thailand's Personal Data Protection Act, which came into force on 1st June 2022. Wilson also shared that, when it comes to personal data breach incidents, there is increasing recognition of emotional distress as a form of actionable “loss or damage”. Jane Lo, Singapore Correspondent speaks with Wilson Ang, Partner, Head of Asia Regulatory Compliance and Investigations practice, Norton Rose Fulbright Singapore and Jeremy Lua, Dispute Resolution Lawyer, Norton Rose Fulbright Singapore.

As businesses try to navigate the broader macro-economic problems caused by the Russian aggression – such as rising energy prices, disrupted supply routes, inflation, currency fluctuations, financial markets volatility, etc. – , they are also facing new regulations, as a result of the international sanctions taken against Russia following its declaration of war on Ukraine on February 24, 2022. Indeed, several governments and international organizations, mainly led by the U.S. and the E.U., massively expanded pre existing sanctions on Russian individuals and businesses right on the day the war started. Almost overnight, the Russian government responded in kind, with sanctions against many countries and international organizations. Today, we discuss the most recent set of international sanctions against Russia, what they mean for businesses, and how to practically navigate the challenges they raise.Our guest today is Ethan Heinz, attorney and counsel at Dentons. Currently based in Prague in Czech Republic, Ethan focuses on M&A/corporate work, sanctions, ABC, and other compliance work in the European region. Ethan worked in the Dentons Moscow office for over 13 years and continues to assist international and Russian companies on compliance issues involving Russia and neighboring jurisdictions, in particular with respect to the sanctions programs of the US, EU and other jurisdictions, and also with respect to the US Foreign Corrupt Practices Act, the UK Bribery Act, and other anti-bribery regulations. He also advises from time to time on shareholder conflicts and commercial disputes, and has participated in various arbitrations, litigations and mediations.Brand & New is a production of the International Trademark AssociationHosted by Audrey Dauvet - Contribution of M. Halle & S. Lagedamond - Music by JD BeatsFOR MORE INFORMATION, VISIT INTA.ORGTo go further:- About Ethan Heinz: https://www.dentons.com/en/ethan-heinzAlso of interest:https://www.inta.org/resources/the-status-of-intellectual-property-in-russia-and-ukraine/https://ec.europa.eu/info/sites/default/files/business_economy_euro/banking_and_finance/documents/faqs-sanctions-russia-ipr_en.pdf

In this episode of Law, disrupted, John is joined by a professor of Ethics and Finance at NYU's Stern School of Business and a director of the Center for Business and Human Rights, Michael Posner. He is also joined by Julianne Hughes-Jennett, Head of Quinn Emanuel's ESG practice and experienced litigator of business and human rights issues. Together, they discuss what we really understand the term “human rights” to mean for business and the current challenges regarding human rights implementation across the business world.The three begin by delving into the meaning of “human rights” and their legal ramifications for business, including whether “human rights” means different things in different jurisdictions.Michael moves the conversation towards due diligence in relation to human rights and enforcement of human rights in connection with business, noting recent legislative examples, including the Uyghur Forced Labor Prevention Act, which was created to make sure the US doesn't support forced labor among ethnic minorities in the Xinjiang region. Julianne picks up with recent EU developments, including the Corporate Sustainability Due Diligence Directive and legislation such as the Failure to Prevent Act in France. She also posits whether the UK Bribery Act's section 7, failure to prevent offense, could be a model for a provision for a mechanism for a failure to prevent human rights impact by the business. This could bring greater legal certainty for businesses and victims, alike.Finally, the trio mulls over the meaning of ESG and how it has evolved since its creation around 20 years ago. Michael notes that companies often heed such guidelines cynically in the name of ROI. He also emphasizes the financial implications of social issues related to labor supply chains.

Find out more on our website: https://bit.ly/3tSqaJZ Corruption is a term increasingly used in political discourse and international relations. But what does it really mean, and can understanding the world through the lens of corruption reveal anything new? This webinar will look across the world from Afghanistan to Ukraine, examining concepts such as state capture and strategic corruption, and discuss the role of London as a centre for corrupt capital. It will conclude by analysing global leadership on tackling corruption, and where that might be heading. Speaker: Robert Barrington is Professor of Anti-Corruption Practice at the Centre for the Study of Corruption, University of Sussex. His research focuses on global corruption trends and corruption in developed economies, and he lectures on the Masters in Corruption & Governance. He was formerly the head of Transparency International (TI) in the UK, and is currently Chair of TI's International Council. At TI, he led the campaigns to secure the Bribery Act, a national Anti-Corruption Strategy for the UK and the introduction of Unexplained Wealth Orders. Previous roles include Director of Governance & Sustainable Investment at F&C Asset Management, overseeing Europe's leading ESG funds, and CEO (Europe) of the Earthwatch Institute in Oxford. Robert is a member of the ICAEW's Corporate Governance Committee, and has been a long-term adviser to the UK government on subjects including the Bribery Act, export credits and the post-Brexit procurement regime. Publications include a new book on ‘Understanding Corruption', ‘How to Bribe', ‘Adequate Procedures – Guidance to the UK Bribery Act', and ‘Corruption in the UK'. He holds a degree from Oxford University and a PhD from the European University Institute.

The green credentials of nuclear power have come under recent scrutiny in the European Union, as the bloc ponders whether to label as environmentally friendly investment in the industry. The argument of what's referred to as the taxonomy of nuclear energy is pitting scientist against scientist and, more importantly, the pro-nuclear energy France against the nuclear skeptic Germany. Yet the impasse over how to classify the investment status of nuclear may suit the European Commission, as it navigates its way through a politically charged scientific debate. Also on today's podcast, we take a look at the 10-year anniversary of the UK Bribery Act. The legislation is being regarded as a qualified success that has provided a strong deterrent against corporate wrongdoing. However, the low number of criminal convictions means that corrupt top executives won't be losing much sleep.

In honor of David Prowse, the original actor portraying Darth Vader, I am running a podcast series this week on the intersection of compliance and Star Wars. Second in our series on compliance through the lens of Star Wars is Episode V - The Empire Strikes Back, which is my personal favorite of the original three movies. The film begins with a cool battle on the ice planet of Hoth and has some great HR lessons as Darth Vader executes officers for work place failures; demonstrates some dangers involving ineffective training for Luke Skywalker on the tropical plant of Dagobah, where he travels to learn under the Jedi master Yoda who utters the immortal line “Try not! Do, or do not. There is no try”; and ends in Cloud City, a floating gas mining colony in the skies of the planet Bespin run by Han Solo’s old buddy, Lando Calrissian. It also has one of the greatest movie lines of all-time, thundered by Darth Vader to Luke Skywalker, near the end of the film. Today, we consider it for the continued issue of due diligence. Solo and Calrissian go way back and Solo trusts him. Of course, Solo won his starship, the Millennium Falcon, in a card game from Calrrisian but it was never clear just how legit the card had been. Unfortunately for Solo, he was followed to the Cloud City by bounty hunter Boba Fett who alerts the Empire to Solo’s location. Solo’s friendship with Calrrisian is sorely tested when Vader and his Imperial Troops arrive, take Solo, Chewbacca and Princess Leia prisoner and torture them to entice Luke to come to save his friends. During the climactic battle between Luke Skywalker and Darth Vader, there is the BIG REVEAL where Vadar utters the immortal line, “I AM YOUR FATHER”. I thought about these last two points, in the context of knowing who you are doing business with under the FCPA or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof. One of the areas I still receive questions about are the different levels of due diligence. I break due diligence down into three stages: Level I, Level II and Level III. Level I-consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases.  Level II-encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed Internet searches.  Level III-it is an in-country ‘boots-on-the-ground’ investigation and is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Now imagine if Luke had performed a more robust level of due diligence on Darth Vadar? Would he have been able to find out Darth Vadar was his father? Perhaps not but then again, we might not have heard that seminal line “I AM YOUR FATHER”. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special five-part podcast series, I take a deep dive into the recent Herbalife FCPA Resolution. Over the next 5 podcasts Mike Volkov, Jay Rosen, Matt Kelly, Jonathan Marks and Jonathan Armstrong will all bring their own unique perspectives to this settlement. In this concluding Part 5, I am joined by Jonathan Armstrong and we discuss the enforcement action from the UK perspective under the UK Bribery Act.  Some of the highlights include: ·       China is a known high-risk business venue. ·       Licenses are required in China for direct sales.  ·       UK Bribery Act not as concerned with the blurring of public and private officials.  ·       Scottish cases provide some interesting analogies. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Jonathan Armstrong, co-founder of Cordery Compliance. We take a look back at the evolution of UK and EU laws around bribery, data privacy/data protection and modern slavery and the compliance response.     Some of the highlights include: The UK Bribery Act was a seminal law for international anti-corruption enforcement which brought another sheriff to town. How tech monopolies have led to greater enforcement in the UK and EU. How one person can make a change. Max Schrems was a law school student in 2011. How the US model of FCPA enforcement influenced regulators across the globe. The evolution of DPAs in the UK and elsewhere. Armstrong believes the fight against slavery is a job only half well done. Lineup  I hope you will listen in to each episode over this week. The lineup will be: Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement. Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective. Thursday August 27-, August Episode 498-Jay Rosen in changes in compliance from the business development perspective. Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit. Monday, August Episode 500-the Anniversary Episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to the Day 2 of a five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode V, The Empire Strikes Back and due diligence. This movie is my personal favorite of the initial trilogy. During the climactic battle between Luke Skywalker and Darth Vader, there is the BIG REVEAL where Vadar utters the immortal line, “I AM YOUR FATHER”. In the context of knowing who you are doing business with under the Foreign Corrupt Practices Act or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this company President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof. There are three levels of due diligence and you must make a determination which is appropriate for the entity or person you are investigating. If a red flag appears it must be cleared or a risk management strategy articulated to allow moving forward. Level I First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. Level I due diligence addresses such basic issues as whether the third party actually exists, the identities of management, officers, directors and shareholders and whether such persons are on regulators’ watch lists. It can also provide some basic information on whether there are politically exposed persons (PEPs) involved in the third party. Finally, if there are any media reports linking the company to corruption. Level II Level II due diligence encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed Internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties. Level II can give you information on adverse litigation, any bankruptcy proceedings, overt signs of financial difficulty. More generally it will also provide local online information such as corporate filings, regulatory filings, lawsuits and locally archived materials. You also be able to determine if there were any in-country investigations or sanctions from regulatory entities. Level III This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation and is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation. Now imagine if Luke had performed a more robust level of due diligence on Darth Vadar? Would he have been able to find out Darth Vadar was his father? Perhaps not but then again, we might not have heard that seminal line “I AM YOUR FATHER”. Join us tomorrow where we consider Return of the Jedi and effective training.   Learn more about your ad choices. Visit megaphone.fm/adchoices

On today's episode of Great Women in Compliance, Lisa speaks with Letitia Adu Ampoma, Director, Peverett Maxwell.   Peverett Maxwell provides compliance consulting and advisory services to organisations working in Africa, and she is based in Ghana. Lisa and Letitia met at the 2016 SCCE European conference and heard Letitia speak about the culture of compliance in Africa, and the differences between Africa and the west, and also between countries and regions in Africa.Letitia's career has taken her all over the world, and she started in compliance when she moved back to Ghana just as the UK Bribery Act was introduced.  She has become a leader in global compliance, and discussed cultural differences that all compliance practitioners should consider when working in Africa, the importance of how to focus on processes and goals, and key compliance trends in Africa right now, especially mobile banking and data privacy. Letitia has lived all over the world, and this has impacted her viewpoint both on best practices in compliance and in business as a whole.  Letitia has always followed her instinct, whether it was to move home to Ghana from the UK, or to get involved in compliance, or to work in companies or now at Peverett Maxwell in her current role.  Her wealth of knowledge and experiences - makes her a #gwic and great friend.

Awareness, Behaviour, Legal and Regulatory Requirements, with Jonathan Armstrong Welcome to Series 2, Episode 7 of the Re-Thinking the Human Factor Podcast. Joining us on the show today is Jonathan Armstrong, a lawyer who helps multinational clients with risk and compliance across Europe. Recent projects include lots on data breach, GDPR & data transfer, UK Bribery Act 2010, internal investigations, ethics & compliance code implementation, emerging technology, and corporate governance & online reputation. He has also written articles on technology and compliance related topics. He is a Fellow of The Chartered Institute of Marketing (FCIM) and Vice-Chair of the New York State Bar Association International Section. Jonathan has also spoken at conferences in the US, China, Brazil, Canada, Vietnam, Singapore, Dubai & across Europe. In addition, he’s been involved in the development of a number of technology applications going back to the 1990s and was twice a Regional Finalist in the UK Government dti/ISI Awards for Innovation in e-commerce.   JOIN JONATHAN ARMSTRONG AND BRUCE HALLAS AS THEY DISCUSS THE FOLLOWING: Training / Practice for helping to not only reduce the likelihood of cyber attacks, but also how to address a problem when something goes wrong (which it inevitably will at some point) The law is increasingly saying that companies must implement some form of education and awareness training, and when a breach does happen, companies must have their arguments ready pre-breach so they can respond effectively to a breach and be able to defend their efforts to stave off the attack Those who have managed breaches most effectively are those who have run simulations and had a plan in place Stakeholder management The role Education and Awareness plays in terms of how a regulator might look at a breach How to spot training programs that will pass regulations vs those that won’t The disparity between the cost of high-quality training vs the cost of handling a breach or facing fines for non-compliance   MORE ABOUT JONATHAN ARMSTRONG: LinkedIn   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team

Speaking at the TRACE European Forum, Michelle de Kluyver of Addleshaw Goddard provides a comprehensive and insightful update on the UKBA and recent enforcement trends in the UK.

Michelle de Kluyver of Addleshaw Goddard discusses the UK Bribery Act in a lively, informative interview.

St Paul's Institute, in conjunction with the Chartered Institute of Management Accountants (CIMA), hosted this discussion on the UK Bribery Act - exploring how it will be implemented and what it means for the business community.

While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the FCPA, UK Bribery Act or others; this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in the ‘why’ they should do business ethically and in compliance with such laws but it is more that power is shifting inside corporations. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:  Will Canada approve DPAs for use in anti-corruption prosecutions? TI-Canada recommends they come into use. See article in Corporate Compliance by clicking  here. Also see interview with RCMP Superintendent Denis Desnoyers in  GIR.Midyear FCPA enforcement report by Stanford Law Journal. See article in  WSJ.The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in  Compliance Week.Are Mexican anti-corruption efforts moving forward or not. See pro see article entitled,  New Mexican Anti-Corruption Law Enters into Force Global Compliance News. For con see article by Juan Montes  Mexican Antigraft Efforts Falter, in WSJ.With the departure of Walter Shaub from the US Office of Governmental Ethics and Hui Chen as the Compliance Counsel, who will lead the US ethics and compliance efforts. See Jaclyn Jaeger’s article in the  Compliance Week.Everything Compliance-Episode 14 is out. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Episode 15 will go up on July 27.Former Haitian Telco exec pleads guilty, Dick Cassin reports in the  FCPA Blog. Dmitrij Harder jailed five years for FCPA offenses. See article by Dick Cassin the  FCPA Blog.The twins are back home from summer camp. What does it mean for the Rosen household?Jay previews his weekend report. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:  Will Canada approve DPAs for use in anti-corruption prosecutions? TI-Canada recommends they come into use. See article in Corporate Compliance by clicking here. Also see interview with RCMP Superintendent Denis Desnoyers in GIR. Midyear FCPA enforcement report by Stanford Law Journal. See article in WSJ. The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in Compliance Week. Are Mexican anti-corruption efforts moving forward or not. See pro see article entitled, New Mexican Anti-Corruption Law Enters into Force Global Compliance News. For con see article by Juan Montes Mexican Antigraft Efforts Falter, in WSJ. With the departure of Walter Shaub from the US Office of Governmental Ethics and Hui Chen as the Compliance Counsel, who will lead the US ethics and compliance efforts. See Jaclyn Jaeger’s article in the Compliance Week. Everything Compliance-Episode 14 is out. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Episode 15 will go up on July 27. Former Haitian Telco exec pleads guilty, Dick Cassin reports in the FCPA Blog. Dmitrij Harder jailed five years for FCPA offenses. See article by Dick Cassin the FCPA Blog. The twins are back home from summer camp. What does it mean for the Rosen household? Jay previews his weekend report. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including: HSBC monitor report protected from release. See article in Reuters by clicking here. The Odebrecht scandal continues to resonate across South America. See Dick Cassin’s post in the FCPA Blog. The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in Compliance Week. Roy Snell says it’s not who’s who but who gets it. See article in SCCE Compliance and Ethics Blog. Tom announces the rollout of the Compliance Podcast Network. It includes This Week in FCPA, FCPA Compliance Report, Compliance Report-International Edition, 12 O’Clock High, Unfair and Unbalanced, Compliance into the Weeds, Across the Board, Everything Compliance, One Month to a More Effective Compliance Program. See Tom’s article in the FCPA Compliance and Ethics Blog. The next Everything Compliance podcast is in production. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Part I will go up on Thursday, July 20. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including: HSBC monitor report protected from release. See article in Reuters by clicking  here.The Odebrecht scandal continues to resonate across South America. See Dick Cassin’s post in the  FCPA Blog.The first half of 2017 has brought the final resolutions of only two FCPA matters from the new administration, but they were both declinations. Both declinations have significantly strengthened the FCPA Pilot Program as a clear path forward for every company that finds itself in FCPA hot water. See Tom’s article in  Compliance Week.Roy Snell says it’s not who’s who but who gets it. See article in SCCE Compliance and Ethics Blog.Tom announces the rollout of the Compliance Podcast Network. It includes This Week in FCPA, FCPA Compliance Report, Compliance Report-International Edition, 12 O’Clock High, Unfair and Unbalanced, Compliance into the Weeds, Across the Board, Everything Compliance, One Month to a More Effective Compliance Program. See Tom’s article in the FCPA Compliance and Ethics Blog.The next Everything Compliance podcast is in production. Topics include Walter Shaub’s departure from OGE and does it even matter? Jesse Eisinger’s book The Chickenshit Club; the SFO, UK Bribery Act and the Rolls-Royce enforcement action; differences in DPA practice in the US & UK; Trump Administration & FCPA enforcement; EU’s GDPR; and Hui Chen’s departure from Justice Department; both her public rebuke of Trump, and the substance of how she believes her guidance has been mis-interpreted. Part I will go up on Thursday, July 20. Learn more about your ad choices. Visit megaphone.fm/adchoices

In an article entitled “How to Launch and Operate a Legally-Compliant International Workplace Report Channel” or in compliance parlance, a hotline, author Donald Dowling of the law firm of White and Case, provided a useful guide to help navigate the challenges of setting up a multi-national whistleblower’s hotline, such as is required under the FCPA and UK Bribery Act. The majority of his article “analyzes the six categories of laws that can restrict whistleblower hotlines abroad, focusing on compliance.” You should obtain a copy of this article and keep it for reference in regards to your company’s hotlines. It is available on the White and Case website, by clicking here. Laws Mandating Whistleblower Procedures This group of laws “comprises mandates that require setting up whistleblower hotlines in the first place.” This includes the US Sarbanes-Oxley (SOX) as well as other jurisdiction laws which generally protect whistleblowers from retaliation but do specifically require any hotlines be set up on a company wide basis. Dowling also found a couple of countries, Norway and Liberia, which require general receiving and processing of “public interest disclosures.” Laws Promoting Denunciations to Government Authorities This category of laws generally related to legal requirements for the reporting of illegal acts to government authorities in two ways. First, these laws encourage whistleblowing to government which then compete with employer hotlines by enticing internal whistleblowers to divert denunciations from company compliance experts and over to outside law enforcers who indict white collar criminals. This first approach is found in Dodd-Frank, which offers bounties. Second, these “laws that require (as opposed merely to encourage) government denunciations rarely except corporate hotline sponsors. These laws therefore force hotline sponsors to divulge hotline allegations over to law enforcement.” This second approach is found in SOX which “requires an employer to offer internal hotline procedures”. Laws Restricting Hotlines Specifically This category is exemplified by European data protection laws which act to restrict companies’ freedom to launch and operate reporting programs. Dowling believes that these laws are based upon the fact that Europeans “see hotlines as threatening privacy rights of denounced targets and witness”. Also this would seem to be in response to the totalitarian past from the World War II era. The author identifies what he termed “the four biggest hurdles” set up to frustrate hotlines in EU jurisdiction. They are “(1) restrictions against hotlines accepting anonymous denunciations; (2) limits on the universe of proportionate infractions on which a hotline accepts denunciations; (3) limits on who can use a hotline and be denounced by hotline; and (4) hotline registration requirements. Laws Prohibiting Whistleblower Retaliation This category will be familiar to US compliance practitioners through the applications of US laws such as SOX, Dodd-Frank and numerous state whistleblower statutes. Additionally, the author lists numerous foreign jurisdictions which have such laws. But here he believes that the key is communication because in many countries and foreign jurisdictions, there is no tradition of protection of persons who make reports against superiors so that an “employer needs to overcome worker fear of reprisal for whistleblowing.” Laws Regulating Internal Investigations Typically laws on internal investigation do not impact hotlines because a hotline is a “pre-investigation tool.” However, the author believes that No. 4 above, communication by the employer is critical to complying with laws that enact procedural safeguards for persons under investigation. Heavy-handed communications about a hotline could blow back against employers in claims by employees that “an employer rigged the investigation process.” So companies should ensure that communications about hotlines do not convey an “overzealous approach to complaint processing and investigations.” Laws Silent on, but Possibly Triggered By, Whistleblower Hotlines Here the author recognizes that the title of this category “is necessarily vague and determining which laws fall into it is difficult.” Nevertheless, he writes that the most “likely candidates are data protection laws silent on hotlines and labor laws imposing negotiation duties and work rules.” Regarding the former, the author argues that hotlines are not databases but conduits for the transmittal of information. He acknowledges that EU data privacy laws reject this distinction and treat hotlines as if they were databases where information is stored. He does not identify other jurisdictions which yet take this aggressive approach but he believes this may become a trend. The labor law issue is also tricky and may turn on the interpretation of whether the institution of a hotline is viewed as substantive change in working conditions under a union-management labor agreement and therefore subject to collective bargaining. There are several key inquiries you should make for your hotline. What jurisdiction are you in and what is the binding law or laws which will govern you going forward. Must you confine your hotline reporting to specific topics or is it open to all issues? Can anonymous allegations be brought forward in the jurisdiction in question. Do you have a hotline staffed in-house or do you use an external third party vendor? Finally, must you disclose hotline data to government regulators? Three Key Takeaways You must understand the jurisdiction you are in and the laws which govern your hotline. Can you use information which is reported anonymously? Must you disclose any data to government regulators? Learn more about your ad choices. Visit megaphone.fm/adchoices

In this second of a two-part series, we conclude the panel’s discussion of the first 100 days of the Trump administration as it relates to compliance. This episode concludes with the panelists’ rants. For Matt Kelly’s posts see the following: Compliance in the Trump Era: More Markers Placed Trump Administration Whacks Telco Firm for $892 Million Drone Industry Pan Trump’s Regulatory Trump Risk Disclosures Start Rolling In First SEC Whistleblower Award of Trump Era Sessions Dodges, Weaves, Promises on FCPA For Mike Volkov’s posts see the following: Yates, AG Sessions and Individual Criminal Prosecutions New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance FCPA Remediation Focus on Supervisory Personnel FPCA Pilot Program Motors On For the Cordery Compliance client alerts see the following: EU conflicts minerals compliance legislation DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010? For Jay Rosen’s posts see the following: Still in the Enforcement Business and Evaluation of Corporate Compliance Programs “It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength” For Tom Fox’s posts see the following: The Trump Administration-Kaos is Bad for Business The Trump Administration-Failures in Leadership and Management The Trump Administration-Preparing for a Catastrophe The Trump Administration-the Business Response DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration Learn more about your ad choices. Visit megaphone.fm/adchoices

In this second of a two-part series, we conclude the panel’s discussion of the first 100 days of the Trump administration as it relates to compliance. This episode concludes with the panelists’ rants. Matt Kelly opens with a discussion of regulatory enforcement under the Trump administration, how the ‘Trump Effect’ is negatively impacting corporations, industry responses to deregulation issues and lays down some markers around compliance issues under the new administration. For Matt Kelly’s posts see the following: Compliance in the Trump Era: More Markers Placed Trump Administration Whacks Telco Firm for $892 Million Drone Industry Pan Trump’s Regulatory Trump Risk Disclosures Start Rolling In First SEC Whistleblower Award of Trump Era Sessions Dodges, Weaves, Promises on FCPA   Mike Volkov rounds out the discussion with a review of where the DOJ is currently under AG Sessions, remarks by DOJ officials on FCPA enforcement, the future of the Pilot Program and DOJ Compliance Counsel, Hui Chen.  For Mike Volkov’s posts see the following: Yates, AG Sessions and Individual Criminal Prosecutions New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance FCPA Remediation Focus on Supervisory Personnel FPCA Pilot Program Motors On   For the Cordery Compliance client alerts see the following: EU conflicts minerals compliance legislation  DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?   For Jay Rosen’s posts see the following:  Still in the Enforcement Business and Evaluation of Corporate Compliance Programs “It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”   For Tom Fox’s posts see the following: The Trump Administration-Kaos is Bad for Business The Trump Administration-Failures in Leadership and Management The Trump Administration-Preparing for a Catastrophe The Trump Administration-the Business Response DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration  The members of the Everything Compliance panel include: Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com. Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Today I want to focus on incentives, looking at senior management and compensation. I thought about this inter-connectedness of compensation in a compliance program, focusing up the corporate ladder when I read a recent article in the New York Times (NYT) by Gretchen Morgenson, in her Fair Game column, entitled “Ways to Put the Boss’s Skin In the Game”. Her piece dealt with a long-standing question about how to make senior executives more responsible for corporate malfeasance? Her article had some direct application to anti-corruption compliance programs such as those based on the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Morgenson said the issue was “Whenever a big corporation settles an enforcement matter with prosecutors, penalties levied in the case – and they can be enormous – are usually paid by the company’s shareholders. Yet the people who actually did the deeds or oversaw the operations rarely so much as open their wallets.”  She went on to explain that it is an economic phenomenon called “perverse incentive” which is one where “corporate executives are encouraged to take outsized risks because they can earn princely amounts from their actions. At the same time, they know that they rarely have to pay any fines or face other costly consequences from their actions.” To help remedy this situation, the idea has come to the fore about senior managers putting some ‘skin in the game’. Her article discussed three different sources for this initiative.  The first was a proxy proposal in front of Citigroup shareholders which “would require that top executives at the company contribute a substantial portion of their compensation each year to a pool of money that would be available to pay penalties if legal violations were uncovered at the bank.” Further, “To ensure that the money would be available for a long enough period – investigations into wrongdoing take years to develop  -  the proposal would require that the executives keep their pay in the pool for 10 years.”  The second came from William Dudley, the President of the Federal Reserve Bank of New York, who made a similar suggestion. His proscription involved a performance bond for the actions of bank executives. Morgenson quoted Dudley from his speech, “In the case of a large fine, the senior management and material risk takes would forfeit their performance bond. Not only would this deferred debt compensation discipline individual behavior and decision-making, but it would provide strong incentives for individuals to flag issues when problems develop.”  Morgenson reported on a third approach which was delineated in an article in the Michigan State Journal of Business and Securities Law by Greg Zipes, “a trial lawyer for the Office of the United States Trustee, the nation’s watchdog over the bankruptcy system, who also teaches at the New York University School for Professional Studies.” The article is entitled, “Ties that Bind: Codes of Conduct That Require Automatic Reductions to the Pay of Directors, Officers and Their Advisors for Failures of Corporate Governance”. Zipes proposal is to create a “contract to be signed by a company’s top executives that could be enforced after a significant corporate governance failure. Executives would agree to pay back 25 percent of their gross compensation for the three years before the beginning of improprieties. The agreement would be in effect whether or not the executives knew about the misdeeds inside their company.”  As you might guess, corporate leaders are somewhat less than thrilled at the prospect of being held accountable. Zipes was cited for the following, “Corporate executives are unlikely to sign such codes of conduct of their own volition.” Indeed Citibank went so far as to petition the Securities and Exchange Commission (SEC) “for permission to exclude the policy from its 2015 shareholder proxy.” But the SEC declined to do and at least Citibank shareholders will have the chance to vote on the proposal.   In the compliance context, these types of proposals are exactly the type of response that a company or its Board of Directors should want to put in place. Moreover, they all have the benefit of a business solution to a legal problem. In an interview for her piece, Morgenson quoted Zipes as noting, “This idea doesn’t require regulation and its doesn’t require new laws. Executives can sign the binding code of conduct or not, but the idea is that the marketplace would reward those who do.” For those who might argue that senior executives can not or should not be responsible for the nefarious actions of other; they readily take credit for “positive corporate activities in which they had little role or knew nothing about.” Moreover, under Sarbanes-Oxley (SOX), corporate executives must make certain certifications about financial statement and reporting so there is currently some obligations along these lines.  Finally, perhaps shareholders will simply become tired of senior executives claiming they could not know what was happening in their businesses; have their fill of hearing about some rogue employee(s) who went off the rails by engaging in bribery and corruption to obtain or retain business; and not accept that leaders should not be held responsible.  Three Key Takeaways Perverse incentives are named that for a reason, they really are bad. How can you create positive incentives in your organization? There is a business response to the legal issue. Employ it.  This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox. Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode is the first of a two-part series of podcasts dedicated to the chaotic (at best) first 100 days of the Trump administration as it related to compliance. Today we have Jonathan Armstrong and Jay Rosen. Next week Matt Kelly and Mike Volkov.  Jonathan Armstrong leads a discussion of the Trump administrations devolution of Privacy Shield, GDPR and what they mean for American companies doing business in the UK and EU. He discusses the key differences in the DOJ’s Evaluation of Corporate Compliance Programs in an FCPA analysis and under the Bribery Act, differences in the EU approach to conflict minerals and under the Trump Administration and concludes by giving us his thoughts on what Brexit means for compliance. For the Cordery Compliance client alerts see the following: EU conflicts minerals compliance legislation  DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010? BREXIT Glossary Jay Rosen considers what companies the intersection of business and politics under the Trump administration, the business response he has observed to Trump administrations steps and miss-steps, the comments made by DOJ representatives at Q1 conferences and the vibe of compliance conference attendees. For Jay’s post see,  Still in the Enforcement Business and Evaluation of Corporate Compliance Programs “It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength” For Matt Kelly’s posts see: Compliance in the Trump Era: More Markers Placed Trump Administration Whacks Telco Firm for $892 Million Drone Industry Pan Trump’s Regulatory Trump Risk Disclosures Start Rolling In First SEC Whistleblower Award of Trump Era Sessions Dodges, Weaves, Promises on FCPA   For Mike Volkov’s posts see the following: Yates, AG Sessions and Individual Criminal Prosecutions New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance FCPA Remediation Focus on Supervisory Personnel FPCA Pilot Program Motors On   For Tom Fox’s posts on the Trump administration’s first 100 days see the following: The Trump Administration-Kaos is Bad for Business The Trump Administration-Failures in Leadership and Management The Trump Administration-Preparing for a Catastrophe The Trump Administration-the Business Response DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration The members of the Everything Compliance panel include: Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com. Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Today, I conclude my review of FCPA enforcement actions that involved the corporate hiring function. From these three cases I have considered, it is clear that HR must be involved in compliance and if HR hiring controls are over-ridden there must be an appropriate consideration of the risk management issues. In November 2016, JP Morgan Chase (JPM) and its subsidiary, JPMorgan Securities (Asia Pacific) Limited (JPM-APAC) resolved its FCPA matter, obtaining a NPA from the DOJ with a penalty of $72MM, agreeing to a Cease and Desist Order (“Order”) from the SEC, with a penalty consisting of profit disgorgement and interest of $135MM, and reaching an agreement with the Federal Reserve Bank (Fed) for a Consent Cease and Desist Order (Fed Order) to put in place a best practices compliance program and pay a penalty of $61MM. The total fines and penalties paid by JPM for its violation of the FCPA was $268 MM. The conduct involved JPM-APAC’s Client Referral Program, named the “Sons & Daughters Program” (Sons and Daughters), which targeted children of high Chinese government officials and employees of state-owned enterprises, other close family members and even close friends and associates of foreign officials and employees of state-owned enterprises for hiring in a blatant attempt to win business. It was designed, created and implemented by the top management of JPM-APAC, which went so far as to keep a tally of those persons hired by JPM-APAC and JPM tied to specific business development. As noted in the NPA, “certain senior executives and employees of (JPM-APAC) conspired to engage in quid pro quo agreements with Chinese officials”. The language quid pro quo is replete throughout the settlement documents because that is the specific language used by JPM-APAC personnel when discussing Sons and Daughters. These actions led to over $100MM in profit to JPM. While JPM was certainly aware that many of these hires did not meet the companies stringent hiring requirements, there never seemed to be oversight of this illegal program or even investigation into the clear red flags presented by the company’s actions. What is more JPM knew the high-risk in hiring family members of foreign officials as far back as 2001 and indeed, had a written policy prohibiting such conduct. However, in 2006, this program morphed into a targeted program “directly attributable linkage to business opportunity”, and lasted until 2013. Over seven years, over 100 family members went through the program, with parents in more than 10 different Chinese government agencies. The program extended from new hires to summer internships to lateral hires. JPM-APAC tracked the metrics of Sons and Daughters, the with “a spreadsheet that tracked hires to specific clients, while also tracking revenue attributable to those hires.” This spreadsheet was so detailed that it delineated “columns for each hire, the referring client, the relationship of the candidate, and the amount of revenue generated attributable to the hire in U.S. dollars.” Finally as noted in the NPA, a of the purpose of this level of documentation “was to track deals that resulted from the hires and measure revenue associated with Client Referral Program hires.” So the corruption scheme and the benefits obtained therefrom were fully documented. The Son and Daughters program began as a FCPA risk management tool and listed five requirements to be considered for hire at JPM-APAC: “(1) whether the applicant was qualified for the position; (2) whether the applicant had gone through the normal interviewing process; (3) whether the referring client/potential client was government-related; (4) whether the firm was actively pitching for any business from the client/potential client; and (5) whether there was an “expected benefit to JPMorgan” for hiring the referred candidate.” These criteria were designed to act as internal control to prevent illegal hiring under the FCPA but it morphed into a program to disguise the true reason for these hires. Worse, it appears that both the HR and compliance functions were complicit in the scheme to violate the FCPA because on at least one instance where the JPM-APAC business unit sponsor noted on the form “[t]he hiring of this candidate will place JPMorgan in a more favorable position for securing future business from the client.” This business justification morphed into the next iteration, “The candidate will be trained by JPMorgan for couple of years and then go to local bank. Thus, will bring more business”; all because the company’s compliance and HR functions “instructed the JPMorgan-APAC employee to remove the offending language, writing, “[h]iring of the candidate should not be for the purposes of securing future business of the firm. Please remove.” Further damning to the JPM-APAC compliance and HR functions was that of the more than 200 candidates hired through the Sons and Daughters program, none were rejected by either HR or compliance. In addition to the tying of business to the hiring’s under the Sons and Daughters program, there was the additional problem that these hires did not meet JPM’s basic hiring and retention standards. According to the Order, one JPM-APAC representative described those hired under the program “as a protected species requiring [senior management] input. His reporting line to you is accountable but like national service.” Both the Order and NPA were replete with document evidence that the hires under Sons and Daughters did not meet minimum hiring standards and they often failed to meet minimum standards for retention at the company. The Box Score is a summary from the NPA of some of the candidates which clearly did not meet JPM hiring standards, yet who were hired and where such hires under the Sons and Daughters program brought benefits to JPM.   Foreign Official or SOE employee Reasons for hire Candidate deficiencies Deficiencies as JPM employee Benefit tied to hire Client 1 Maintain good relationship with client     $4.82MM profit Client 2 Quid pro quo for business     JPM-APAC lead underwriter on IPO Client 3   Not very impressive, poor GPA Attitude issue. He doesn’t seem to care about work. Don’t need to have an intern doing nothing JPM-APAC lead underwriter on IPO Client 4 Promised IPO work Not qualified for job at JPM. Tech and quantitative skills ‘light’ Communication skills and interest in work lagged his peers JPM-APAC lead underwriter on IPO. $23.4MM profit Government Official 1 Father would go the extra mile to help JPM Worst business analyst candidate ever seen Immature, irresponsible and unreliable. Sent out sexually inappropriate emails JPM-APAC lead underwriter on IPO Government Official 2 Hire would ‘significantly’ influence role of JPM-APAC Unlikely to meet hiring standard New York not comfortable with his work. Recommends he follow a different career path JPM-APAC lead underwriter on IPO   One thing that the resolution decidedly does not stand for is the proposition that a company can never hire a family member of a foreign official or employee of a state-owned enterprise. Indeed, it was one JPM-APAC compliance officer (albeit a new one) in 2013 who stopped the entire Sons and Daughters program with the following reason for denying a family member a position at the company, writing, “I’m afraid from an anti bribery [sic] and corruption standpoint, we cannot create positions to accommodate client requests….”. This statement clearly shows that when an official refers a family member for hire, a red flag should go up. It also demonstrates why compliance should be involved in any high-risk endeavor. If there is no position which the candidate can fill based upon their own qualifications at your company, that should be the end of the discussion, full stop. What are the criteria compliance can advise to HR to operationalize the compliance issues in hiring? There are three questions I suggest be used to analyze the hiring of a family member of foreign official or state-owned enterprise. They can also be installed as internal controls. Does the candidate meet your firm’s hiring criteria? Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate? Has the foreign official made or will make a decision that will benefit your company? If the answer to the first question is “No” and the second two “Yes”, you may well be in a high-risk area of violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, Document, Document, and Document your investigation, both the findings and the conclusions. These questions can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Further, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA or other anti-bribery/anti-corruption regime such as the UK Bribery Act. Three Key Takeaways Never institutionalize your illegal conduct. Develop a set of HR internal controls around hiring and compliance. Always put a second set of eyes on any exceptions granted. This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.     Learn more about your ad choices. Visit megaphone.fm/adchoices

Day 1-  The Role of Human Resources in Operationalizing Compliance This month, I will consider the role of Human Resources (HR) in operationalizing a best practices compliance program. I have long advocated for a greater role of Human Resources (HR) in a compliance program. Indeed, one sign of a mature Foreign Corrupt Practices Act (FCPA) compliance and ethics program is the extent to which a company’s HR Department is involved in implementing a solution. While many practitioners do not immediately consider HR as a key component of a FCPA compliance solution, it can be one of the lynch-pins in spreading a company’s commitment to compliance throughout the employee base. HR can also be used to ‘connect the dots’ in many divergent elements of a FCPA compliance and ethics program. Even more importantly is the operationalization of compliance into the fabric of the business. One of the key indicia of compliance program effectiveness is how thoroughly each separate corporate discipline incorporates compliance into its everyday job functions. An active and functioning compliance program will literally be alive in each department in an organization. HR has as many touchpoints as any other corporation function with employees. From interviews to onboarding, through evaluations and performance appraisals, even to the separation process; HR leads many of the corporate touchpoints. Each one of these touchpoints can be used teach, educate and reinforce the message of doing business ethically and in compliance with laws such as the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act or any similar legislation. The Department of Justice Evaluation of Corporate Compliance Programs (Evaluation) listed four specific areas of HR touchpoints in a best practices compliance program, found under Prong 8, Incentives and Disciplinary Measures  Accountability – What disciplinary actions did the company take in response to the misconduct and when did they occur? Were managers held accountable for misconduct that occurred under their supervision? Did the company’s response consider disciplinary actions for supervisors’ failure in oversight? What is the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the type(s) of conduct at issue? Has the company ever terminated or otherwise disciplined anyone (reduced or eliminated bonuses, issued a warning letter, etc.) for the type of misconduct at issue?   Human Resources Process – Who participated in making disciplinary decisions for the type of misconduct at issue?   Consistent Application – Have the disciplinary actions and incentives been fairly and consistently applied across the organization?   Incentive System – How has the company incentivized compliance and ethical behavior? How has the company considered the potential negative compliance implications of its incentives and rewards? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations?  When you consider the number of touchpoints, HR has in the employment life cycle, its role in facilitating the operationalization of compliance becomes clear. At each of these touchpoints, HR can take the lead in operationalizing compliance. Additionally, each touchpoint provides an opportunity for ongoing communications with a prospective employee, newly hired employee, seasoned employee or one moving up into the ranks of management about the need for ethical dealings and compliance with company values as set out in the Code of Conduct and operationalized in the compliance policies and procedures.  By using these touch points HR can demonstrated the shared commitment requirement found in Prong 2 of the Evaluation as well as provide ongoing communications as laid out in Prong 6. There are few other corporate departments which have so many employee touchpoints as HR. Every compliance practitioner should use HR to operationalize compliance through the variety of touchpoints and expertise available to a compliance professional through a corporate HR department. As a key first step, I would suggest that every compliance professional head down to your corporate HR department and have a cup of coffee with your functional equivalent. Find out not only what they do but how they do it and then explore how you can further operationalize your compliance program through these HR-employee touchpoints. Over this next month, I will be considering the role of HR in all of these steps and more. Further, over the past 20 months there have been 3 Foreign Corrupt Practices Act (FCPA) enforcement actions which spoke directly to the role of HR and hiring in a compliance program. I will begin with these three cases and move through the employment lifecycle. Three Key Takeaways  What are the HR-employee touchpoints at your company? HR professionals can bring new, dynamic and innovative techniques to compliance communications. Go down and have a cup of coffee with the head of your corporate HR department. Find out what they do and how they do it.   Learn more about your ad choices. Visit megaphone.fm/adchoices

I end this one month series by taking things a different direction. Today I do not focus on third party risk management but on third parties as a compliance innovation source for your organization. It is universally recognized that third parties are your highest Foreign Corrupt Practices Act (FCPA) risk. What if you could turn your third party from a liability under the FCPA to an innovation partner to your compliance program? This is an area that not many compliance professionals have mined but once again in compliance, you are only limited by your imagination.  In an article in Third Party Management Review by Jennifer Blackhurst, Pam Manhart and Emily Kohnke, entitled “The Five Key Components for Third  party Innovation”, the authors asked “what does it take to create meaningful innovation across third party partners?” One reason compliance innovation with third parties can be so power is that it cannot only affect costs but can move to gain a competitive advantage. To do so companies need to see their third parties as partners and not simply as entities to be squeezed for costs savings.  Their findings identified five components common to the most successful innovation partnerships. They are: “(1) Don’t Settle for the Status Quo; (2) Hit the Road in Order to Hit Your Metrics; (3) Send Prospectors Not Auditors; (4) Show Me Yours and I’ll Show You Mine; and (5) Who’s Running the Show?”  Don’t Settle for the Status Quo  This means that you should not settle for simply the status quo in compliance. Innovation does not always come from a customer or even an in-house compliance practitioner. Here the key characteristics were noted to be “cooperative, proactive and incremental”. You need to be leading the compliance innovation discussion rather than falling from behind. If a third party can suggest a better method to make compliance more efficient or cost effective, particularly through a technological solution, it may well be something you should consider.  Hit the Road in Order to Hit Your Metrics  To truly understand your compliance risk from all third parties, you must get out of the ivory tower and hit the road. This is even truer when exploring compliance innovation. You do not have hit the road with the “primary goal to be the inception point for innovation” but through such interactions, innovation can come about organically, as a part of your ongoing third party relationship. There is little downside for a compliance practitioner to go and visit a third party and have a “face-to-face meeting simply to get to know the partner better and more precisely identify that partner’s needs.”  Send Prospectors Not Auditors  While an audit clause is critical in any third party contract, both from a commercial and FCPA perspective, this exercise should be considered as such. You can establish a point of contact as an innovation manager for your third parties” Every third party should have a relationship manager, whether that third party is on the sales side or the Supply Chain side of the business. Moreover, the innovation partners are “able to see synergies where [business] partners can work together for the benefit of everyone involved.”  Show Me Yours and I’ll Show You Mine  As with all relationships, trust plays an important role in third party compliance innovation, as “Firms in successful innovations discussed a willingness to share resources and rewards and to develop their partners’ capabilities.” The authors believe that “Through the process of developing trust, firms understand their partner’s strategic goals.” I cannot think of a more applicable statement about FCPA compliance. Another way to consider this issue is that if a third party partner has trust in you and your compliance program, they could be more willing to work with you on the prevent and detect prongs of compliance regimes. Top down command structures may well be counter-productive.  Who’s Running the Show?  This means “who is doing what, but also what each firm is bringing to the relationship in terms of resources and capabilities.” In the compliance regime, it could well lead to your third party taking a greater role in managing compliance in a specific arena or down a certain set of vendors. Your local third  party might be stronger in the local culture, which could allow it to lead to collaborations by other vendors in localized anti-corruption networks or roundtables to help move the ball forward for doing business in compliance with the FCPA or other anti-corruption laws such as the UK Bribery Act.  The authors ended by remarking, “we noticed that leveraging lean and process improvement was mentioned by virtually every firm.” This is true in the area of compliance process improvement, which is the essential nature of FCPA compliance. Another interesting insight from the authors was that utilization can increase through such innovation in the third party. Now imagine if you could increase your compliance process performance by considering innovations from your third parties?  The authors conclude by stating that such innovation could lead to three “interesting outcomes (1) The trust and culture alignment is strengthened through the partnership innovation process leading to future innovations and improvement; (2) firms see what is needed in terms of characteristics in a partner firm so that they can propagate the success of prior innovations to additional partners; (3) by engaging third party partners as innovation partners, both sides reap rewards in a low cost, low risk, highly achievable manner.” With some innovation, you may well be able to tap into a resource immediately available at your fingertips, your third party.  Three Key Takeaways Use your third parties as innovators to assist your compliance program. Change your thinking about third parties and make them your partners. Do not settle for the status quo.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for Learn more about your ad choices. Visit megaphone.fm/adchoices

Auditing of third parties is critical to any best practices compliance program and an important tool in operationalizing your compliance program. This is a key manner in which a company can manage the third party relationship after the contract is signed and one which the government will expect you to engage in going forward.  You should plan out four to six weeks in advance, you should perform the audit with your legal counsel’s lead to preserve privilege, work with the business sponsor to establish key business contacts, discuss audit rights and processes with the third party, you should prepare initial document request lists for financial information queries, take the time to review findings from previous audits and resolutions and also review details of opened and closed internal investigations, if there are any Code of Conduct questionnaires available take care to review and finally be cognizant of any related Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement actions.  The next step is to determine the entry points of foreign government involvement; (1) direct and (2) indirect. The direct category includes: customs and duties, corporate taxes and penalties, social security or national insurance issues for employees, obtaining in-country visas and work permits, public official gifts and entertainment, training of and attendant travel for employees of government owned entities, procurement of business licenses and permits to perform work and, finally, areas around police escort and security. In the indirect category, some of the key areas to review are: customs agents and freight forwarders, visa processors, commercial sales agents, including distributors and, finally, those who might be consultants or other channel partners.  Document review and selection is important for this process, you should ask for as much electronic information as possible well in advance of your audit. It is much easier to get database records for internal audits than audits of third parties. Try and obtain records in database or excel format and not simply in .pdf. Request the following categories of documents; trial balance, chart of accounts, journal entry line items, financial and compliance policies, prior audited financial statements, bank records and statements, a complete list of agents or intermediaries and revenue by country and customer.  Your lead interviewer needs to be culturally sensitive, patient and must negotiate a good working relationship with the forensic auditors on your audit team, who will be reviewing the documents from their professional perspective. Regarding potential interviewees, focus on those who interact with government entities, foreign government officials or third parties, including those personnel involved with:  Business Leadership Sales/Marketing/Business Development Operations Logistics Corporate Functions: Human Resources, Finance, Health, Safety and Environmental, Real Estate and Legal.  For the interview topics, there are several lines of inquiry. Remember this is an audit interview, not an investigative interview. You should not play ‘got-cha’ in this format. You should avail yourself of the opportunity to engage in training while you are interviewing people. The topics to interview on included:  General policies and procedures; Books and records pertaining to FCPA risks; Test knowledge of FCPA and UK Bribery Act including facilitating payments and their understanding of your company’s prohibitions; Regulatory challenges they may face; Any payments of taxes, fees or fines; Government interactions they have on your behalf; and Other compliance areas you may be concerned about or that would impact your company, including: trade, anti-boycott, anti-money laundering, anti-trust.  In the review of the General Ledger (GL) accounts, you should consider commission payments to agents and representatives, any facilitating payments made, all payments around travel, meals and entertainment, payments made around training, gifts, charitable contributions, political donations and sales and promotion expenses. If there were payments made for customs or freight forwarders and other processing agents, permits, licenses, taxes and other regulatory expenses should be reviewed. Additionally any entries pertaining to community contributions and social responsibility payments should be assessed and, finally, a review of any security payments, extortion payments, payments to legal consultants or tax advisors or fines and penalties should be considered.  Regarding bank accounts and cash disbursement controls, you should review the following:  Review controls around bank accounts and cash disbursements; Identify and review authorized signers, approval levels, and bank reconciliations; Ensure all bank accounts are included in the General Ledger; Identify and review certain bank and cash disbursement transactions; Identify offshore bank accounts.  In the area of cash funds review the following:  Review controls around petty cash funds; Ascertain processes in place regarding disbursement and reconciliation of cash funds; Identify and review payments to government officials, agents, or any unusual or suspicious activities; and Identify and review certain bank transactions and test for any improper payments. For gifts, travel and entertainment, you should explore payments made through employee-reimbursed expenses, scrutinize for any suspicious expenses submitted, expenses lacking adequate documentation, incorrect posting; and identify and review accounts associated with gifts, meals, entertainment, travel, or promotion. In the area of payroll, consider the risks around the use of ghost employees, hiring of relatives of government employees, and the use of bonus payments and be sure to request a payroll listing and review for any such persons.  You should review GL accounts and expenses for related items. In taking a look at payments under local law, you should obtain list of payments to the government required by local laws and identify and review payments to government authorities or employees, customs authorities or agents, income taxes authorities or license requirements. For payments made to third parties, you should review commission and expense payments for compliance with company policy and also trace payments to the third party’s bank account.  Three Key Takeaways Be prepared. It is not an investigative interview but an audit interview. Listen, listen, listen.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.   Learn more about your ad choices. Visit megaphone.fm/adchoices

The building blocks of any Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program lay the foundations for a best practices compliance program. For instance in the lifecycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third party management becomes more important. It is also the one where the rubber meets the road of operationalizing compliance.  In an issue of Supply Chain Management Review in an article by Mark Trowbridge, entitled “Put it in Writing: Sharpening Contracts Management to Reduce Risk and Boost Supply Chain Performance”, provided useful insights into the management of the third party relationship. While the focus of the article was having a strategic approach to contracts management, the author’s “five ways to start professionalizing your approach to outsourcing contracts” were an excellent manner to consider steps in the management of third party relationships.  The key is to have a strategic approach to how you structure and manage your third party relationships. This may mean more closely partnering with your third parties to help manage the anti-corruption compliance risk. It would certainly lead towards enabling your company to “control risk while optimizing the performance” of your third parties. To achieve these goals, I have revised Trowbridge’s prescriptions from suppliers to third parties.  Consolidate Third Parties but Retain Redundancy  It is incumbent that consolidation in your third party relationships to a smaller number to “yield better cost leverage.” From the compliance perspective, it also should make the entire third party lifecycle easier to manage, particularly steps 1-4. However, a company must not “over-consolidate” by going down to a single source supplier. You should build a diversified supplier base, with a through “dual-sourcing”. From the compliance perspective, you may want to have a primary and secondary third party that you work with in a service line or geographic area to retain this redundancy.  Keep Tabs on Subcontracted Work  This is one area that requires an appropriate level of management. If your direct contracting party has the right or will need to subcontract some work out, you need to have visibility into this from the compliance perspective. You will need to require and monitor that your direct third party relationship has your approved compliance terms and conditions in their contracts with their subcontractors. You will also need to test that proposition. In other words, you must require, trust and then verify.  When Disaster Strikes, Make Sure Your Company is Legally Protected This is where your compliance terms and conditions will come into play. One of the things that I advocate is a full indemnity if your third party violates the FCPA and your company is dragged into an investigation because of the third party’s actions. Such an indemnity may not be worth too much but if you do not have one, there will be no chance to recoup any of your legal or investigative costs. Another important clause is that any FCPA violation is a material breach of contract. This means that you can legally, under the terms of the contract, terminate it immediately, with no requirement for notice and cure. Once again you may be somewhat constrained by local laws but if you do not have the clause, you will have to give written notice and an opportunity to cure. This notice and cure process may be too long to satisfy the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) during the pendency of a FCPA investigation. Finally, you need a clause that requires your third party to cooperate in any FCPA investigation. This means cooperation with you and your designated investigation team but it may also mean cooperation with US governmental authorities as well.   You also need the ability to move between third parties if the need arises. This is the redundancy issue raised above. You do not want to be stuck with no approved freight forwarders or other transporters in a certain geographic area. If a compliance related matter occurs, you may well need certain contractual rights to move your work and to require your prime third party to cooperate with the transition to your secondary third party.  Keep Track of Your Third Parties’ Financial Stability  This is one area that is not usually discussed in the compliance arena around third parties but it seems almost self-evident. You can certainly imagine the disruption that could occur if your prime third party supplier in a country or region went bankrupt; but in the compliance realm there is another untoward Red Flag that is raised in such circumstances. Those third parties under financial pressure may be more easily persuaded to engage in bribery and corruption than third parties that stand on a more solid financial footing. You can do this by a simple requirement that your third party provide annual audited financial statements. For a worldwide logistics company, this should be something easily accomplished.  You should take advantage of automated financial tracking tools to keep track of material changes in a third parties’ financial stability. You should also use your in-house relationship manager to regularly visit key third party relationships so an on-the-ground assessment can be a part of an ongoing conversation between your company and your third parties.  Formalize Incentives for Third Party Performance  One of the key elements for any third party contract under the FCPA or UK Bribery Act is the compensation issue. If the commission rate is too high, it could create a very large pool of money that could be used to pay bribes. It is mandatory that your company link any commission or payment to the performance of the third party. If you have a long-term stable relationship with a third party, you can tie compensation into long-term performance, specifically including long-term compliance performance. This requires the third party to put skin into the compliance game so that they have a vested, financial interest in getting things done in compliance with the FCPA or other anti-corruption compliance regimes. By linking contractual compensation to performance, there should be an increase in third party performance. This is especially valuable when agreed upon key performance indicator (KPI) metrics can be accurately tracked. This would seem to be low hanging fruit for the compliance practitioner. If you cannot come up with some type of metric from the compliance perspective, you can work with your business relationship team to develop such compliance KPIs.  You should rank third parties based upon a variety of factors including performance, length of relationship, benchmarking metrics and KPIs. This is a way for the compliance practitioner to have an ongoing risk ranking for third parties that can work as a preventative and even proscription prong of a compliance program and allow the delivery of compliance resources to those third parties that might need or even warrant them.  Three Key Takeaways Have a strategic approach to third party risk management. Rank third parties based upon a variety of factors including compliance and business performance, length of relationship, benchmarking metrics and KPIs. Keep track of the financial stability of your third parties.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Justice Department Evaluation of Corporate Compliance Programs states in Prong 10, Appropriate Controls – What was the business rationale for the use of the third parties in question? What mechanisms have existed to ensure that the contract terms specifically described the services to be performed, that the payment terms are appropriate, that the described contractual work is performed, and that compensation is commensurate with the services rendered?   You should incorporate compliance terms and conditions into your contracts with third parties. You must have appropriate compliance terms and conditions in every contract with third parties. I would suggest that you prepare a template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.  What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.” Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:  payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract; the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual; the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law; the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.  I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.  In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.  Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation. Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner. Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments. No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company's prior written consent (to be based on adequate due diligence). Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training. Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship. On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training. Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct. Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.  Many do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum compliance terms and conditions. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator.  Three Key Takeaways There is no set formula for clearing of red flags or the evaluation of due diligence. Know when to say enough has been done. You must Document Document Document your evaluation of any red flags.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Most companies fully understand the need to comply with the FCPA requirements around third parties as they represent the greatest risks for an FCPA violation. However, most companies are not created out of new cloth but are ongoing enterprises with a fully up and running business in place. This means they may need to bring resources to bear to comply with the FCPA while continuing operating an ongoing business. This can be particularly true in the area of performing due diligence on third parties. Many companies understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of third party risk and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. The information that you should have developed in Steps 1 & 2 of the third party management process should provide you with the initial information to consider the level of due diligence that you should perform on third parties. This leads Step 3 in the five steps of the third-party management-Due Diligence.  Jay Martin, CCO at BakerHughes often emphasizes that a company needs to evaluate and address its risks regarding third parties. This means that an appropriate level of due diligence may vary depending on the risks arising from the relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.  Our British compliance cousins of course are subject to the UK Bribery Act. In its Principle IV of an Adequate Procedures compliance program, the UK Ministry of Justice (MOJ) stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of Principle IV is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The MOJ said that due diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”  Carol Switzer, writing in Compliance Week related that you should initially set up categories for your third parties of high, moderate and low risk. Based upon which risk category the third party falls into, you can design specific due diligence. She defined low risk screening as “trusted data source search and risk screening such as the aforementioned World Compliance”; moderate risk screening as “enhanced evaluation to include in-country public records…and research into corporate relationships”; high risk screening is basically a “deep dive assessment” where there is an audit/review of third party controls and financial records, in-country interviews and investigations “leveraging local data sources.”  A three-step approach was also discussed favorably in Opinion Release 10-02. In this Opinion Release, the DOJ discussed the due diligence that the requesting entity performed. “First, it [the requestor] conducted an initial screening of six potential grant recipients by obtaining publicly available information and information from third-party sources…Second, the Eurasian Subsidiary undertook further due diligence on the remaining three potential grant recipients. This due diligence was designed to learn about each organization’s ownership, management structure and operations; it involved requesting and reviewing key operating and assessment documents for each organization, as well as conducting interviews with representatives of each MFI to ask questions about each organization’s relationships with the government and to elicit information about potential corruption risk. As a third round of due diligence, the Eurasian Subsidiary undertook targeted due diligence on the remaining potential grant recipient, the Local MFI. This diligence was designed to identify any ties to specific government officials, determine whether the organization had faced any criminal prosecutions or investigations, and assess the organization’s reputation for integrity.”  Three Key Takeaways You must have enough information to fully identify the owners, ultimate beneficial owners and related parties to determine if there is foreign official involvement. All commentary on best practices compliance programs require an appropriate level of due diligence. The best practice is to use a professional due diligence provider to perform due diligence level 2 and 3.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.   Learn more about your ad choices. Visit megaphone.fm/adchoices

The next step in the five-step process is the Questionnaire. The term ‘questionnaire’ is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. The questionnaire should be mandatory step for any third party that desires to work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk, but run away from doing business with such a party.  In the 2011 UK Ministry of Justice’s (MOJ), discussion of Six Principals of an Adequate Procedures compliance program, they said the following, a Questionnaire, “means that both the business person who desires the relationship and the foreign business representative commit certain designated information in writing prior to beginning the due diligence process.”  One of the key requirements of any successful anti-corruption compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter as small businesses can face quite significant risks and will need more extensive procedures than other businesses facing limited risks. The level of risk that companies face will also vary with the type and nature of the third parties with which it may have business relationships. For example, a company that properly assesses that there is no risk of bribery on the part of one of group of its third parties will require nothing in the way of procedures to prevent bribery in the context of those relationships. By the same token the bribery risks associated with reliance on a third party agent representing a company in negotiations with foreign public officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks.  What should you ask for in your questionnaire? Randy Corey, Executive Vice President (EVP), Global Compliance Officer at Edelmen Inc. said in a presentation at Compliance Week 2012, entitled “3rd Party Due Diligence Best Practices in Establishing an Effective Anti-Corruption Program”, that his company has developed a five-step approach in evaluating and managing their third parties. In Step 3 they ask What Do You Need To Know? Initially, Corley said that the scope of review depends on risk assessment, High Risk, Medium Risk or Low Risk. This risk ranking will determine the level of information collected and due diligence performed. The key element of this step is data collection. The initial step is to have the third party complete an application which should include requests for information on background and experience, scope of services to be provided, relevant experience, list of actual and beneficial owners, references and compliance expertise.  Below are some of the areas which I think you should inquire into from a proposed third party include the following:  Ownership Structure: Describe whether the proposed third party is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials? Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed third party. You should obtain financial records, audited for 3 to 5 years, if available. Obtain the name and contact information for their banking relationship. Personnel: Determine whether the proposed agent will be providing personnel, particularly whether any of the employees are government officials. Make sure that you obtain the names and titles of those who will provide services to your company. Physical Facilities: Describe what physical facilities that will be used by the third party for your work. Be sure and obtain their physical address. •References: Obtain names and contact information for at least three business references that can provide information on the business ethics and commercial reliability of the proposed third party. PEPs: Are any of the owners, beneficial owners, officers or directors politically exposed persons (PEPs). UBOs: It is imperative that you obtain the identity of the Ultimate Beneficial Owner (UBO). Compliance Regime: Does the proposed third party have an anti-corruption/anti-bribery program in place? Do they have a Code of Conduct? Obtain copies of all relevant documents and training materials. FCPA Training and Awareness: Has the proposed third party received FCPA training or certified by a recognizable entity?  One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.  The questionnaire fills several key roles in your overall management of third parties. Obviously, it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform. Three Key Takeaways You must have enough information to fully identify the owners, ultimate beneficial owners and related parties to determine if there is foreign official involvement. All commentary on best practices compliance programs still require questionnaires. If a third party refuses to fully respond to your questionnaire, walk away from the proposed relationship.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Day 1- The Third-Party Risk Management Process This month, I will consider the risk management of third parties in an operationalized compliance program. As every compliance practitioner is well aware, third parties still present the highest risk under the Foreign Corrupt Practices Act (FCPA). The Department of Justice Evaluation of Corporate Compliance Programs devotes an entire prong to third party management. It begins with the following:  Risk-Based and Integrated Processes – How has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes?  This first set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance must have a process for the full life cycle of third party risk management. There are five steps in the life cycle of third party management.  Business Justification and Business Sponsor; Questionnaire to Third Party; Due Diligence on Third Party; Compliance Terms and Conditions, including payment terms; and Management and Oversight of Third Parties After Contract Signing.  Over this month, I will be exploring each of these steps in detail so by the end of this month, you will be able to fully operationalize your third party risk management program.   Step 1 - Business Justification The first step breaks down into two parts:  Business Sponsor Business Justification The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.   Step 2 - Questionnaire The term ‘questionnaire’ is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party.  One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.  Step 3 - Due Diligence Most compliance practitioners understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner.  Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK MOJ stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 - the contract. In the area of compliance terms and conditions, the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.  Step 4 - The Contract You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise. Step 5 - Management of the Relationship I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.  Final Thoughts  I continually give my Mantra of FCPA compliance, which is Document, Document, and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.  Three Key Takeaways Use the full 5-step process for 3rd party management. Make sure you have BD involvement and buy-in. Operationalize all steps going forward by including business unit representatives.  This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC Accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode I visit with Jonathan Armstrong on his views on the new DOJ Evaluation of Corporate Compliance Programs. Armstrong provides a detailed analysis of some of the key differences between how compliance is operationalized in the US as opposed to the UK and EU countries. He explains how the enhanced requirements for root cause analysis, risk assessments and investigations and the supplemented requirements to tie back into the ongoing compliance monitoring and updating, could run afoul of UK and EU data protection and data privacy requirements.  He also considers what a non-US company, subject to the FCPA what should look to as a best practices compliance program to best protect the organization. Finally explores just how far does all of this go? He provides on statistic that puts a huge bow on the difficulties going forward.  For the Cordery Compliance article see the following, US Department of Justice on Evaluation of Corporate Compliance : how does it compare to UK Bribery Act 2010? Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode is dedicated to the Justice Department’s Evaluation of Corporate Compliance Programs, which was released in February. In this episode, Jay Rosen and Jonathan Armstrong provide next insight. Listen to last week’s Episode 8 for commentary from Matt Kelly and Mike Volkov.    Jay Rosen, reporting from the ABA White Collar Conference in Miami, considers the view from the vendor perspective and whether the Evaluation changes a conversation about doing compliance. He reviews the requirements for ongoing monitoring, risk assessments and root cause analysis and the need for companies to explain how something might have fallen through the cracks, leading to a FCPA incident. He points out how CCOs can test a company’s compliance systems. For Jay Rosen’s post see, Still in the Enforcement Business and Evaluation of Corporate Compliance Programs Jonathan Armstrong provides a detailed analysis of some of the key differences between how compliance is operationalized in the US as opposed to the UK and EU countries. He explains how the enhanced requirements for root cause analysis, risk assessments and investigations and the supplemented requirements to tie back into the ongoing compliance monitoring and updating, could run afoul of UK and EU data protection and data privacy requirements. He also considers what a non-US company, subject to the FCPA what should look to as a best practices compliance program to best protect the organization. Finally explores just how far does all of this go? He provides on statistic that puts a huge bow on the difficulties going forward.  For the Cordery Compliance article see the following, US Department of Justice on Evaluation of Corporate Compliance : how does it compare to UK Bribery Act 2010? For Mike Volkov’s posts on the Evaluation see the following:             Under the Dark of Night, DOJ Moves the Compliance Ball;             DOJ’s Compliance Program Evaluation: the Role of the CCO;             DOJ’s Compliance Program Evaluation: Risk Assessment, Policies and       Procedures and Third-Party Risk Management; and             DOJ Compliance Expectations Concerning Training, Internal Investigations and     Audits   For Tom Fox’s posts on these topics see the following:             New DOJ Evaluation-Valuable Document for the Compliance Practitioner,             Part I; and             New DOJ Evaluation-Valuable Document for the Compliance Practitioner,             Part II  For Matt Kelly’s posts see the following:             Fresh FCPA Guidance from the Justice Department; and             Deeper Dive into new DoJ Compliance Guidance   The members of the Everything Compliance panel include: Jay Rosen – Vice President of Business Development and Monitoring Specialist at Affiliated Monitors. Rosen can be reached at JRosen@AffiliatedMonitors.com. Mike Volkov – One of the top FCPA commentators and practitioners around, Volkov is the Founder and Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com. Matt Kelly – Founder and CEO of Radical Compliance and former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com. Jonathan Armstrong – Rounding out this distinguished panel is our UK colleague, a lawyer with Cordery Compliance in London. Armstrong can be reached at armstrong@corderycompliance.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode is dedicated to the Justice Department’s Evaluation of Corporate Compliance Programs, which was released in February. In this episode, Jay Rosen and Jonathan Armstrong provide next insight. Listen to last week’s Episode 8 for commentary from Matt Kelly and Mike Volkov.    Still in the Enforcement Business and Evaluation of Corporate Compliance ProgramsUS Department of Justice on Evaluation of Corporate Compliance : how does it compare to UK Bribery Act 2010? For Mike Volkov’s posts on the Evaluation see the following: Under the Dark of Night, DOJ Moves the Compliance Ball; DOJ’s Compliance Program Evaluation: the Role of the CCO; DOJ’s Compliance Program Evaluation: Risk Assessment, Policies and       Procedures and Third-Party Risk Management; and DOJ Compliance Expectations Concerning Training, Internal Investigations and Audits For Tom Fox’s posts on these topics see the following: New DOJ Evaluation-Valuable Document for the Compliance Practitioner, Part I; and New DOJ Evaluation-Valuable Document for the Compliance Practitioner, Part II For Matt Kelly’s posts see the following: Fresh FCPA Guidance from the Justice Department; and Deeper Dive into new DoJ Compliance Guidance   The members of the Everything Compliance panel include:Jay Rosen – Vice President of Business Development and Monitoring Specialist at Affiliated Monitors. Rosen can be reached at JRosen@AffiliatedMonitors.com.Mike Volkov – One of the top FCPA commentators and practitioners around, Volkov is the Founder and Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.Matt Kelly – Founder and CEO of Radical Compliance and former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com.Jonathan Armstrong – Rounding out this distinguished panel is our UK colleague, a lawyer with Cordery Compliance in London. Armstrong can be reached at armstrong@corderycompliance.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

  Today I want to explore in some detail the first Objective in the COSO 2013 Framework-the Control Environment as a path to operationalize your compliance program. This Objective lays out five steps you can take to put the responsibility on function corporate disciplines to imbue compliance into the fabric of an organization.  A.        Control Environment  Rittenberg said this “sets the tone for the implantation and operation of all other components of internal control. It starts with the ethical commitment of senior management, oversight by those in governance, and a commitment to competent employees.” The five principles of the Control Environment object are as follows:  Principle 1 - The organization demonstrates a commitment to integrity and ethical values. Principle 2 - The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Principle 3 - Management establishes with board oversight, structures, reporting lines and appropriate authorizations and responsibility in pursuit of the objectives. Principle 4 - The organization demonstrates a commitment to attract, develop and retain competent individuals in alignment with the objectives. Principle 5 - The organization holds individuals accountable for their internal control responsibilities in the pursuit of the objective. Principle 1 - Commitment to integrity and ethical values  What are the characteristics of this Principle? First, and foremost, is that an entity must have the appropriate tone at the top for a commitment to ethics and doing business in compliance. It also means that an organization establishes standards of conduct through the creation of a Code of Conduct or other baseline document. The next step is to demonstrate adherence to this standard of conduct by individual employees and throughout the organization. Finally, if there are any deviations, they would be addressed by the company in a timely manner. This requires an auditor to be able to assess if a company has the met its requirements to ethics and compliance and whether that commitment can be effectively measured and assessed. Principle 2 - Board independence and oversight  This Principle requires that a company’s Board of Directors establish oversight of a compliance function, separate and apart from the company’s senior management so that it operates independently in the compliance arena. There should be compliance expertise at the Board level which allows it actively manage its function. Finally, and perhaps most importantly, a Board must actively provide oversight on all compliance control activities, risk assessments, information, compliance communications and compliance monitoring activities. Here, the Board’s Compliance Committee must demonstrate independence. There must also be documented evidence that the Board’s Compliance Committee provides sufficient oversight of the company’s compliance function.  Principle 3 - Structures, reporting lines, authority and responsibility  This may not seem as obvious but it is critical that a compliance reporting line go up through and to the Board. Under this Principle, you should consider all of the structures of your organization and then move to define the appropriate roles of compliance responsibility. Finally, this Principle requires establishment of the appropriate authority within the compliance function. You must be able to assess whether compliance responsibilities are appropriately assigned to establish accountability. Principle 4 - Attracting, developing and retaining competent individuals  This Principle gets into the nuts and bolts of operationalizing compliance. It requires that a company establish compliance policies and procedures. Next there must be an evaluation of the effectiveness of those compliance policies and procedures and that any demonstrated shortcomings be addressed. This Principle next turns the human component of a compliance program. A company must attract, develop and retain competent employees in the compliance function. Lastly, a company should have a demonstrable compliance succession plan in place. You must be able to demonstrate, through compliance policies and their implementation and operationalization a commitment to attracting, developing and retaining competent persons in the compliance function and more generally employees who accept the company’s general principle of doing business ethically and in compliance. Principle 5 - Individuals held accountable  This is the ‘stick’ Principle. A company must show that it enforces compliance accountability through its compliance structures, authorizations and responsibilities. A company must establish appropriate compliance performance metrics, incentives to do business ethically and in compliance and, finally, clearly reward such persons through the promotion process in an organization. Such reward is through an evaluation of appropriate compliance measures and incentives. Interestingly a company must consider pressures that it sends through off-messaging. Finally, each employee must be evaluated in his or her compliance performance; coupled with both rewards and discipline for employee actions around compliance. This Principle requires evidence that can demonstrate to an auditor there are processes in place to hold employees accountable to their compliance objectives. Conversely, if an employee does not fulfill the compliance objectives there must be identifiable consequences. Lastly, if this accountability is not effective, the internal controls should be able to identify and manage the compliance risks that are not effectively mitigated. The COSO formulation for internal controls is a key component for any best practices compliance program; whether based upon a FCPA formulation or another anti-corruption law, such as the UK Bribery Act. Moreover, as it probably the most utilized internal controls formulation under Sarbanes-Oxley 404(b) reporting, it should be well-known to your corporate internal controls function and therefore assessable to you as a Chief Compliance Officer (CCO) or compliance professional. In addition to the Principles articulated herein the specific Points of Focus listed in the COSO 2013 Framework can provide a roadmap for testing and evidencing your compliance program in this area. You should not fail to take advantage of it. Three Key Takeaways The COSO 2013 Framework sets out a structure which the compliance practitioner can use to put compliance into the fabric of an organization. For any public company, using the COSO Framework will allow a full response to any SOX 404(b) inquiry by regulators or auditors. The Control Environment Objective allows for not only implementation of controls but also requires individual accountability, as is set out in the Justice Department Evaluation of Corporate Compliance Programs.  This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.       Learn more about your ad choices. Visit megaphone.fm/adchoices

John MacKessy, writing in the Finance Professionals’ Post, in a piece entitled “Knowledge of Good and Evil: A Brief History of Compliance”, noted that the FCPA and Environmental Protection Act (EPA) “prompted companies to develop internal resources that would actively monitor compliance with the laws, rules, and regulations of their industries.” The next step in the evolution of the compliance profession was the defense procurement scandals from the 1980s, where the industries sales of “$400 hammers and $600 toilet seats” to the US government led to the Defense Industry Initiative (DII). This industry led initiative created “a set of principles endorsing ethical business practices and conduct” within the defense industry for its dealings with the US government. The next step in the evolution of the compliance profession was the 1992 US Sentencing Guidelines which, for the first time, set out what the government would consider for credit in sentencing of organizations. Many tribute these 1992 Sentencing Guidelines for the creation of the modern compliance profession. These guidelines included credit for “the specific elements of an effective compliance and ethics program. Companies that embarked on such programs would be eligible for more lenient sentences. To qualify as “effective,” a company’s compliance program would not only have to establish standards and procedures to prevent and detect criminal conduct, but would have to actively promote a culture encouraging ethical conduct and compliance with the law. The implementation of those guidelines in 2004 reflected the need for corporate boards to demonstrate knowledge of compliance programs and fulfillment of oversight responsibilities as part of monitoring the effectiveness of companies’ compliance and ethics programs.” The next major step was the financial accounting frauds and scandals of the late 1990s and early 2000s including Enron, WorldCom and Tyco. These scandals were so wide-ranging, with senior executive participation, if not directing of the corporate fraud that a new legislative response was required and this response was the passage of the Sarbanes-Oxley Act of 2001 (SOX). Aaron Einhorn, writing in the Denver Journal of International Law & Policy, in an article entitled “The Evolution and Endpoint of Responsibility: The FCPA, SOX, Socialist-Oriented Governments, Gratuitous Promises, and a Novel CSR Code”, said, “sections 302 and 404 of SOX together require corporate executives to state their responsibility for designing internal controls, to create such controls, to assess and evaluate these controls, and to draw conclusions about their effectiveness…” SOX specifically charges executive officers with internal controls duties.” Einhorn ends this section by noting, “internal controls have been transformed from a recitation of general duties lodged upon the corporation as a whole to a statement of specific duties imposed on corporate executives in particular.” This strengthened the compliance professional who was called upon to design these internal controls. The next major legislation which enhanced the compliance function was the Dodd-Frank Act of 2010, passed in response to the 2008 financial crisis. MacKessy pointed to the downfalls of Bear Stearns and Lehman Brothers as drivers of more compliance because they both “demonstrated the degree to which external risk events can create a loss of confidence resulting in permanent reputational damage and impaired shareholder value.” The legal and legislative response has been that companies should design effective compliance programs which use risk based programs as a basis to design, create and implement effective compliance programs. Joe Howell, Executive Vice President (EVP) for Workiva Inc., has gone further, drawing a straight line from the FCPA to SOX to Dodd-Frank in the development of the compliance function. All of this means compliance is not going away, no matter what the law enforcement priorities of the new administration. Companies understand that compliance and business ethics have a role in not only driving business strategies and initiatives but that more compliant companies are better run companies and at the end of the day more profitable because they have better controls. MacKessy ends his piece by stating the compliance programs “can provide multiple rewards - from risk mitigation, to reputational enhancement, to business strategy development.” The compliance discipline is where the harmonic convergence occurs in a corporation. Whether it be specific tasks of making sales, vetting relationships or the spade work of creating policies and procedures, it is compliance that drives the discussion of how we should do business. The corporate compliance profession fulfills the business obligation in doing things the right way for, at the end, it will be the compliance profession which implements the requirements of compliance whether those requirements are anti-corruption laws such as the FCPA, the UK Bribery Act, Anti-Money Laundering (AML), export control, anti-trust regulations, or any other regulation that you can name. Equally importantly, the compliance profession is teaching corporations how to evaluate risks and the compliance profession leads that discussion. It is the compliance profession that is the most innovative in not only protecting corporations, but actually helping corporations do business, do business more efficiently, and do business more profitably. Three Key Takeaways Doing compliance is Doing Business. Properly accomplished, compliance makes a business more efficient and more profitable. Use the Robert Gates as a great example of how the FCPA means more business for US companies. For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.         Learn more about your ad choices. Visit megaphone.fm/adchoices

There are five steps in the life cycle of third party management. Business Justification and Business Sponsor; Questionnaire to Third Party; Due Diligence on Third Party; Compliance Terms and Conditions, including payment terms; and Management and Oversight of Third Parties After Contract Signing.   Step 1 - Business Justification  The first step breaks down into two parts:  Business Sponsor Business Justification  The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.   Step 2 - Questionnaire  The term ‘questionnaire’ is mentioned several times in the FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party. One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.  Step 3 - Due Diligence  Most compliance practitioners understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner.   Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK MOJ stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique.  Step 4 - The Contract  You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.  After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 - the contract. In the area of compliance terms and conditions, the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.  Step 5 - Management of the Relationship  I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.  Final Thoughts I continually give my Mantra of FCPA compliance, which is Document, Document, and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.  Three Key Takeaways Use the full 5-step process for 3rd party management. Make sure you have BD involvement and buy-in. Utilize continuous due diligence going forward.  For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.         Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes for Episode 4, Year End Review, Part I  We turn to the 2016 year in review, in this Part I of a two-part series.    Jonathan Armstrong leads a discussion on a very interesting UK Bribery Act enforcement action out of Scotland involving the Braid Group Ltd. It has some very significant implications for Bribery Act enforcement actions going forward. He also discusses the continued evolution of the UK DPA process and who it all works into the burgeoning global anti-corruption enforcement we saw in 2016. For Cordery’s piece on the Braid case, click  here. For Cordery’s piece on the continued evolution of the UK DPA practice, click  here.  Jay Rosen takes us through a Paul Krugman NYT post on some of the invidiousness of corruption, focusing on the corrupting nature of compliance around undue influence. Rosen explains incentives more than anything else and how such incentives skew the marketplace. He asks a couple of provocative questions. First are there too many FCPA, ethics and compliance conferences? Second, even with the robust FCPA enforcement and maturation of compliance programs, why does corruption still exist? For a link Krugman post, click  here.  Rants will return in a couple of weeks.  The members of the Everything Compliance panel include: Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at rosen@ulgroup.com.Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.comJonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.    Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes for Episode 4, Year End Review, Part I  We turn to the 2016 year in review, in this Part I of a two-part series.    Jonathan Armstrong leads a discussion on a very interesting UK Bribery Act enforcement action out of Scotland involving the Braid Group Ltd. It has some very significant implications for Bribery Act enforcement actions going forward. He also discusses the continued evolution of the UK DPA process and who it all works into the burgeoning global anti-corruption enforcement we saw in 2016. For Cordery’s piece on the Braid case, click here. For Cordery’s piece on the continued evolution of the UK DPA practice, click here.  Jay Rosen takes us through a Paul Krugman NYT post on some of the invidiousness of corruption, focusing on the corrupting nature of compliance around undue influence. Rosen explains incentives more than anything else and how such incentives skew the marketplace. He asks a couple of provocative questions. First are there too many FCPA, ethics and compliance conferences? Second, even with the robust FCPA enforcement and maturation of compliance programs, why does corruption still exist? For a link Krugman post, click here.  Rants will return in a couple of weeks.  The members of the Everything Compliance panel include: Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at rosen@ulgroup.com. Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com. Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.com Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.     Learn more about your ad choices. Visit megaphone.fm/adchoices

This podcast focuses on managing the risks associated with third party relationships, in particular risks related to potential violations of anti-corruption laws — the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act, and looks at what might be learned from recent publicly-announced allegations against UK pharmaceutical company, GlaxoSmithKline PLC. Learn best practices for mitigating third-party risk, informed by latest Department of Justice guidance, and explore tools to help implement those practices.

Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors. This session will feature a discussion on D&O market trends, the UK Bribery Act, M&A litigation trends and the WS&Co. Wealth Security Policy. Featured Woodruff-Sawyer Speakers:Priya Cherian Huskins, Esq., Senior Vice President, PartnerJudy Roberts, Senior Vice President, Partner To listen to this podcast click here.