Ethics and Compliance: Active Board Involvement Is a Must
Establishing and supporting a corporate compliance program is widely recognized as one of the fundamental responsibilities of a corporate board of directors. But merely seeing that there is a compliance program in place is by no means an adequate effort. The Board must also actively oversee that function. Active oversight is essential if a company’s business plan includes strategies, practices, or other elements that could be considered high-risk. Such situations call for even more involvement and active engagement by the Board.
FCPA - The Role of The Board and More!
One of the FCPA themes for 2020 has been hiding in plain sight all along. The FCPA requirement that “reporting companies to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that, among other things, transactions are executed following management’s general or specific authorizations, and access to assets is permitted only in accordance with management’s general or specific authorization.” But what if the violation of this requirement occurs in a non-foreign (IE., the U.S.) and in a non-bribery situation.
The Continued Evolution of Best Practices for Compliance Programs!
SEC’s Enforcement Powers Increase!
In summary, The Amendments double the SEC’s statute of limitations for disgorgement to 10 years in intentional fraud cases, grant the SEC 10 years to seek equitable relief in all cases, codify the SEC’s ability to obtain disgorgement in federal court proceedings, and make other changes that expand the SEC’s enforcement authority.
Internal Audit and Compliance - SEC Awards More Than $300,000 To Whistleblower With Audit Responsibilities
Chief Compliance Officers (CCOs) and Personal Liability
The Properly Designed Exit Interview a Necessary Step in Uncovering Ethical Violations
Board of Directors Oversight
Under the U.S. Federal Sentencing Guidelines, in order to receive credit for having an effective compliance program and thereby reduce the fines imposed on the organization, a Board of Directors must be “knowledgeable about the content and operation of the compliance and ethics program.” It must “exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”
Herbalife - “Quis Custodiet Ipsos Custodes” - Translated: Who Will Guard the Guards Themselves, or Who will Watch the Watchmen?
Herbalife's business relationship in China was committed to illegal activity, which it knew or should have known violated the FCPA. Specifically, beginning in late 2006, Herbalife China provided improper benefits and payments to government officials to obtain direct selling licenses for two cities. Herbalife paid out millions of dollars in bribes. Fraudulent expense reimbursements were used to fund the bribes, which is is a common tactic for these types of bribes.Specifically, the SEC found that Herbalife China paid bribes through extravagant meals, gifts, and other benefits given to Chinese officials to obtain sales licenses and remove negative media coverage in China. Managers at the subsidiary asked employees to falsify expense report documents, for example, adding names to meal receipts to get below the company's per head spending limit. It also found that the payments and benefits were inaccurately recorded and that Herbalife failed to maintain a sound system of internal controls.
Donut Holes! Dunkin’ Data Breach Settlement
Dunkin’ was repeatedly alerted to attackers’ ongoing attempts to log in to customer accounts by a third-party app developer. The app developer even provided Dunkin’ with a list of nearly 20,000 accounts that had been compromised by attackers over just a sample five-day period. "Yet, Dunkin’ failed to investigate the attacks to identify other customer accounts that had been compromised, determine what customer information had been acquired, or whether customer funds had been stolen. Dunkin agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks.
Tipsters - SEC Adds Clarity, Efficiency and Transparency to Its Whistleblower Award Program
On Wednesday, September 23. 2020, the SEC voted to adopt amendments to the rules governing its whistleblower program. According to the SEC, the amendments are meant to “provide greater transparency, efficiency and clarity, and to strengthen and bolster the program.”The amendments were proposed for public comment in June 2018 and have been adopted with some changes.
FCPA - Mergers & Acquisition Due Diligence
When a company acquires another company, the successor company can be liable for the acquired company’s activities before acquisition. The U.S. Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) have administered Foreign Corrupt Practices Act (“FCPA”) enforcement actions against successor companies in cases involving egregious and sustained violations, where the successor company directly participated in the violations, or where the successor company failed to stop the misconduct from continuing after the acquisition.This writing explores some key steps that should be taken pre and post acquisition.
Compliance snubbed? Three Lines Model or Enterprise Resiliency Model?
In July 2020, The Institute of Internal Auditors ("IIA") updated its Three Lines of Defense Model ("Model") to emphasize more active forms of risk management and governance that appear to go beyond merely defensive maneuvers made by the internal audit function. Some believed the old model sent a message that we should fear risk. I never saw it that way. I understood the subliminal message was the model was about achieving objectives, which requires both the creation and the protection of value. The new model does a much better job of confirming that risk management contributes "to achieving objectives and creating value, as well as to matters of "defense" and protecting value."Learn why the Enterprise Risk Resilient Model might be a better choice.
Big Data, Cross Border Matters, Third Party Issues, Regulatory Difficulties, and Compliance Problems are just some of the things Baker Tilly’s Global Forensic Investigations, Compliance, and Integrity Practice Tackle.
Our experience conducting fraud investigations, domestically and globally, allows us to advise our clients on measures they can take to prevent fraud from occurring and detect issues before they expand. Our clients look to us to design anti-fraud programs and controls, perform anti-bribery and anti-corruption compliance assessments, and perform proactive fraud examinations to identify possible red flags or indicators of fraudulent activity. Because of our collective skills and the depth and breadth of our experiences, we are also able to design and enhance compliance programs and serve as integrity monitors. Correcting deficiencies, addressing gaps in controls, and remediation of specific issues is important at the end of every investigation to prevent the same or similar frauds from recurring.We address these important client needs at the end of our investigations and can assist with implementing remedial actions.
The Continued Evolution of Best Practices for Compliance Programs
In 2019 and 2020, the federal government released significant information which directly impacted compliance professionals. We cover all three releases in this eBook, the 2020 Evaluation of Corporate Compliance Programs - Guidance Document, the 2019 Framework for OFAC Compliance Commitments, and the 2019 Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.These three documents provided not only the government’s refreshed thinking on what constitutes a best practices compliance program. I have combined all three onto a best practices document.
COVID-19 - Fraud On The Rise is No Surprise!
Last week, the Association of Certified Fraud Examiners (” ACFE”) published the results of a survey taken by more than 1,800 anti-fraud professionals in late April and early May 2020, while we were deep into the Covid-19 crisis. The findings, for the most part, are not surprising, but does reveal some disappointing information. While I have not seen a raw copy of the survey, I was surprised the ACFE didn’t ask if the company’s fraud risk assessment was reviewed and modified accordingly.In addition, the survey highlights trends in the overall level of fraud. Survey respondents provided information about their current observations and expected changes regarding ten (10) specific types of fraud.
DOJ Revises its Guidance on the Evaluation of Corporate Compliance Programs
Without any fanfare, the U.S. Department of Justice Criminal Division has once again revised its Evaluation of Corporate Compliance Programs (“ECCP”). The ECCP remains organized around three overarching questions that prosecutors ask when evaluating compliance programs, with some revisions, which are in bold text below:Is the corporation’s compliance program well designed?Is the program being applied earnestly and in good faith? In other words, is the program being implemented adequately resourced and empowered to function effectively?Does the corporation’s compliance program work in practice?While most of the document is identical to the 2019 Guidance, there are subtle and noticeable revisions. The revisions appear to be designed to help provide additional clarity when answering the above three questions.
Whistleblowers: A Fraud Triage System to Manage Burgeoning Caseloads
As the use of whistleblower programs continues to grow, many organizations find themselves struggling to manage burgeoning caseloads. As a result, serious fraud investigations can be delayed (with mounting losses) while less consequential complaints are being investigated. The lack of a timely, systematic, and repeatable process for evaluating and prioritizing whistleblower tips that contain allegations of ethical breaches can also expose an organization to increased regulatory risk. While there is no single “right” method for following up on whistleblower complaints, the most effective approaches often resemble the medical triage programs that hospitals and first responders use to allocate limited resources during emergencies or a crisis situations. Here are some useful guidelines for designing and implementing a fraud triage system.
Getting the Monkey off your Back - A Road Map that will help lead you in times of Crisis
Risks change! It's critical to continuously evaluate the situation, because new risks may emerge and risk previously identified may have a different velocity and rhus the speed of impact might change - some may slow and some may increase.
Bribery Schemes and Their Compliance Responses
This writing will highlight some of the more unusual bribery schemes described in 2019 Foreign Corrupt Practices Act (FCPA) enforcement actions and also consider their impact on compliance programs, what they mean for the compliance professional and how the government could potentially use these cases to require more effective compliance programs going forward.Fraudsters are always looking for loopholes and weak spots to exploit. The same is true for those engaged in bribery and corruption. The role of every compliance professional is to prevent, detect and remediate. By following some of the approaches I have outlined, you can move towards more robust detection.