Feed aggregator

Tribute to Keith Jackson and Breakthrough Strategies in Compliance

FCPA Compliance & Ethics -

Keith Jackson died last week. He was universally recognized as the Voice of College Football and announced college football games for over 40 years. According to his obituary in the New York Times (NYT), Robert A. Iger, the chief executive of the Walt Disney Company, said of Jackson “For generations of fans, Keith was college [...]

The post Tribute to Keith Jackson and Breakthrough Strategies in Compliance appeared first on Compliance Report.

Compliance into the Weeds-Episode 66, the Salary Penalty for Misconduct

FCPA Compliance & Ethics -

In this episode Matt Kelly and I take a deep dive into a fascinating paper from Harvard Business School. Boris Groysberg and George Serafeim, worked with a global recruitment firm, to study more than 2,000 executive-level job placements from 2004 to 2011, examining a wide range of job placements and pay data since 2004. They [...]

The post Compliance into the Weeds-Episode 66, the Salary Penalty for Misconduct appeared first on Compliance Report.

Webinar: How to Implement an Effective Internal Investigation Program

Corruption, Crime & Compliance Blog -

Webinar: How to Implement an Effective Internal Investigation Program

Tuesday, February 6, 2018, 12 noon EST


An effective ethics and compliance program depends on an efficient internal investigation function. Corporations have to design and implement an internal investigation system that is fair, timely and reliable. To do so, companies need to identify risks, assign resources, monitor investigations and mete out disciplinary actions. A company has to maintain a system that adheres to organizational justice in order to make sure that employees trust the company’s commitment to respond to employee concerns.

Join Michael Volkov, CEO of The Volkov Law Group, as he discusses how companies should implement effective internal investigation programs.

The post Webinar: How to Implement an Effective Internal Investigation Program appeared first on Corruption, Crime & Compliance.

Day 17 of 31 Days to a More Effective Compliance Program-Managing Your Third Parties

FCPA Compliance & Ethics -

The building blocks of any compliance program lay the foundations for a best practices compliance program. For instance, in the lifecycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, [...]

The post Day 17 of 31 Days to a More Effective Compliance Program-Managing Your Third Parties appeared first on Compliance Report.

Preparing C-Level Employees to Address Risk

Risk Management Monitor -

As risks associated with technology and cybersecurity have increased in the last decade, it is more imperative than ever that corporations undertake the proper protocols to protect themselves.

When it comes to implementing risk management processes, many assume C-level executives head up these efforts, involving key departments throughout their organizations. According to a recent study conducted by NC State’s Poole College of Management, however, 80% of organizations surveyed from all over the world have no formal risk training for executives.
A quick look at recent headlines shows how quickly a cybersecurity incident can damage a corporate brand. Many companies that have recently experienced data breaches also have been exposed by the media because of ineffective or nonexistent integrated risk management strategies. This can be for a variety of reasons, from executives trying to hide the breach to the belief that they can resolve the issue before it grows into something larger or, possibly the worst of the options, they are not aware that the breach is even occurring.

So how do we make risk a priority for executives? In my opinion, it comes down to properly re-framing the mindset of executives around risk through effective education and training.

Educate executives on risk types
When it comes to business, the term “risk” generally produces negative connotations, causing many to avoid addressing the phrase—and the issues—altogether. From workplace injuries, data breaches and even social media nightmares, risks tend to mean trouble for executive teams. The reality, however, is that not all risk is bad. Thus, executive teams must be able to distinguish good risk from bad risk.

What constitutes good risk? Simply put; proactive risk choices that benefit the company. These can include exploring emerging markets and growth opportunities, expanding operations into new product areas and even partnering with new vendors. While these risks can produce negative results, given that they are actively pursued by leadership teams shows that they are intended to better the company and its employees.

Executive teams need to understand the differences in positive and negative risks and their larger impact to their organizations. Specifically, understanding multiple risk types exist can change the approaches your management team takes to recognize and address risks, which will echo throughout your organization.

Train executives on how to address negative risks
Executives must realize negative risks are unavoidable. Because negative incidents will happen, executive teams must learn how to bring proactive approaches to managing these speedbumps in daily operations. Thus, formal training programs should be implanted to educate executives on proper risk management.

Training programs should include internal and external communications strategies, both with positive and negative risks, remediation strategies for negative risks and provide tips on how leadership teams can be risk thought leaders throughout the organization.

Remember, an executive team that places value on proper risk management planning and training will produce a similar culture, enterprise wide.

This will allow organizations to more proactively manage risks before they snowball into larger issues, ensuring long-term success.

Consider creating risk committees
Since all C-level executives are crunched for time, risk management often falls to the back burner. In many situations, I’ve found it beneficial for the C-suite to create corporate risk committees. Designed to reduce the burden on corporate executives by providing an advisory board to report on risks, corporations can benefit from dedicated professionals examining risks throughout the organization in areas including IT and operations.

These committees serve as an extension of the C-suite and can create better transparency, while providing informed insights to help leadership teams make better, more educated decisions.
Remember the importance of a top-down approach
No matter what approach you take to educate your executive team and get them more involved in risk management, corporations must remember enterprise risk management requires working from the top down. As risk professionals, we must do our best to gain leadership buy-in and conduct enterprise-wide training to stay ahead of risk. If NC State’s study has taught us anything, it’s that we still have a lot to learn.

McKinsey, South Africa and the FCPA

FCPA Compliance & Ethics -

Do you recall the boycott of South Africa from the 1970s and 1980s as a lexicon of the global fight against apartheid? The boycott extended from business to sporting events and everything in between. The campaign was one of the key reasons for the fall of the white minority government. Now a new campaign fighting [...]

The post McKinsey, South Africa and the FCPA appeared first on Compliance Report.

AML Regulation and Compliance Trends

Corruption, Crime & Compliance Blog -

Regulators and enforcement agencies continue to pursue aggressive regulations and requirements for financial institutions (a very broad definition under Title 31 of the US Code and regulations).  The new administration does not show any signs of altering the course of agency priorities.  Money laundering, sanctions and securities enforcement has continued at a straight-forward pace from the Obama Administration.

The most significant upcoming development is FinCEN’s new Customer Due Diligence rule, which is effective in May 2018.  This new rule targets beneficial owner requirements and is long overdue since the United States is behind many other countries in requiring such disclosures.

FinCEN also has expanded its geographic targeting orders (GTOs) to additional jurisdictions to ensure that title companies report suspicious cash transactions to purchase real estate in high-risk cities and areas.  Eight cities (and additional New York City boroughs) are now on FinCEN’s GTO list. (Here is related FinCEN advisory on GTOs).

As to other priorities, Bank Secrecy Act and AML compliance has experienced increased focus on Suspicious Activity Report filing requirements.  The SEC and FINRA have devoted significant efforts to enforcing these requirements, especially against broker-dealers.  The banking agencies continued their focus on BSA and AML compliance and reviewing AML compliance program functions and elements.

Over the last few years, the New York Department of Financial Services has become a force to regulatory and enforcement force against national and global banks that maintain branches in New York.  The NYDFS requires certifications as to compliance with AML transaction monitoring and filtering programs.

Financial regulators also have converged compliance with cybersecurity and AML requirements.  The NYDFS issued in 2016 cybersecurity regulation requirements.  Meanwhile, on the federal side, banking regulators have mandated that compliance programs address AML and cybersecurity risks.  The SEC has pushed companies to enhance their cybersecurity disclosures as a further means to prod companies into addressing cybersecurity risks.  The BSA SARs filing requirements now incorporate cybersecurity issues as well.

De-risking is another hot topic in the AML regulatory arena which occurs when financial institutions withdraw from certain business lines or countries that the institutions find are too risky.  This particular concern arises when financial institutions operate foreign correspondent bank accounts.  In response to high compliance costs and regulatory scrutiny, banks have withdrawn from correspondent banking in high-risk countries.  Regulators have clarified certain requirements in this area – first, that there is no expectation that US banks conduct due diligence on the customers of the foreign financial institution and that AML and OFAC enforcement regime is not zero tolerance when it comes to customers of foreign financial institutions.

U.S. depository institutions are required to assess the money laundering risk presented by their foreign correspondent accounts by addressing: (1) the nature of the FFI’s business and the markets it serves; (2) the type, purpose, and anticipated activity of the account; (3) the nature and duration of the account relationship; (4) the supervisory regime of the jurisdiction in which the FFI is licensed; and (5) information about the FFI’s AML record.  Although there is currently no requirement for U.S. depository institutions to conduct due diligence on an FFI’s customers, banks should consider whether the due diligence information provided by their FFI customers is sufficient to fully assess the AML and sanctions risks posed by the foreign correspondent banking relationship. U.S. depository institutions often have to request additional information about the underlying activity in an FFI’s account in order to satisfy their risk-based obligations.

The post AML Regulation and Compliance Trends appeared first on Corruption, Crime & Compliance.

The New Voice of The Whistleblower

The Network Inc. GRC Blog -

Seven years after the launch of the U.S. Securities and Exchange Commission’s (SEC) whistleblower program, the voice of the whistleblower is starting to sound very different. It’s a little stronger, a little bolder, and a little louder. Learn what the landscape of modern whistleblower reporting looks like in 2018.

The New Voice of The Whistleblower

Ethics & Compliance Matters™ by NAVEX Global -

Seven years after the launch of the U.S. Securities and Exchange Commission’s (SEC) whistleblower program, the voice of the whistleblower is starting to sound very different. It’s a little stronger, a little bolder, and a little louder. Learn what the landscape of modern whistleblower reporting looks like in 2018.

Gerry Zack on What Led Him to The Society of Corporate Compliance and Ethics & Health Care Compliance Association [Video Podcast]

The Compliance & Ethics Blog -

By Adam Turteltaub adam.turteltaub@corporatecompliance.org On October 16, 2017 Gerry Zack was named as the Incoming CEO of the SCCE/HCCA.  Take a look at these videos (or listen in to the audio-only versions) to get to know Gerry. Part 1 In Part 1 he discusses his background in audit, fraud, and compliance.  He also shares his […]

Day 16 of 31 Days to a More Effective Compliance Program-the Third-Party Risk Management Process

FCPA Compliance & Ethics -

As every compliance practitioner is well aware, third parties still present the highest risk under the Foreign Corrupt Practices Act (FCPA). The Department of Justice Evaluation of Corporate Compliance Programs devotes an entire prong to third party management. It begins with the following: Risk-Based and Integrated Processes – How has the company’s third-party management process [...]

The post Day 16 of 31 Days to a More Effective Compliance Program-the Third-Party Risk Management Process appeared first on Compliance Report.

Annual Data Privacy Day to Focus on Safeguarding Data

Risk Management Monitor -

Last year was certainly a turning point in the history of online privacy and cyber security. Between ransomware attacks, the Equifax breach and the Federal Communication Commission’s vote to repeal net neutrality regulations—just to name a few high-profile incidents in the United States—businesses and citizens have more reasons than ever to safeguard their information.

To address this important issue, the annual Data Privacy Day (DPD) will be held Jan. 28, with online and in-person events leading up to it now that celebrate individual users’ rights to privacy and aim to prevent cyber theft and risk. DPD has been led by the National Cyber Security Alliance (NCSA) in the U.S. since 2011 and “highlights our ever-more connected lives and the critical roles consumers and businesses play in protecting personal information and online privacy,” said NCSA Executive Director Michael Kaiser.

DPD was created to commemorate the 1981 signing of Convention 108 by the Council of Europe and is observed by more than 47 countries. It was the first legally binding international treaty dealing with privacy and data protection and officially recognized privacy as a human right. NCSA also co-hosts National Cybersecurity Awareness Month and the Department of Homeland Security’s Stop.Think.Connect. campaign, which aims to increase the public’s understanding of cyber threats.

“Our personal information and our habits and interests fuel the next generation of technological advancement, like the Internet of Things, which will connect devices in our homes, schools and workplaces,” Kaiser said. “Consumers must learn how best to protect their information and businesses must ensure that they are transparent about the ways they handle and protect personal information.”
On Jan. 25, LinkedIn will live-stream an event from its San Francisco office exploring the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” The broadcast will feature TED-style talks and panel discussions with experts focusing on the pressing issues that affect businesses and consumers. Additional DPD happenings include Twitter chats and networking gatherings to maintain a dialogue about the importance of privacy rights.
The relevance does not end on Jan. 29, noted Richard Purcell, DPD advisory board member and chief executive officer of Corporate Privacy Group. He has witnessed the event’s evolution and its impact on risk management and privacy professionals.

“The community of privacy professionals is not made up of private people. They want to share information,” noted Purcell, who was named Microsoft’s first corporate privacy officer in 2000. “They initiate a dialogue that the officers bring back to their companies. I have seen how it has stimulated events inside corporations and universities that were inspired by Data Privacy Day networking discussions. The professional development aspects of the day are profound.”
Newly released information from NCSA demonstrates how privacy is impacted in both personal and professional environments—from healthcare and retail to social media, home devices and parenting. Some statistics include:

  • In 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in internet of things products from leading brands.
  • 41% of Americans have been personally subjected to harassing behavior online and nearly one in five (18%) has been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.
  • Nearly one-third of consumers do not know that many of the “free” online services they use are paid for via targeted advertising made possible by the tracking and collecting of their personal data.
  • About 78% of respondents to a recent survey of healthcare professionals said they have had either a malware and/or ransomware attack in the last 12 months.

Customs Fraud, Wildlife Crime, and the Value of Whistleblowers

Whistleblower Protection Blog -

In late 2017, federal prosecutors in the Southern District of New York (considered one of America’s most important judicial districts) settled a case against Notations, a garment wholesaler. In a case originally brought by a qui tam relator (a.k.a. a whistleblower), Notations admitted to ignoring repeated warning signs that its Chinese importer was lying about the value of its imported goods to avoid paying customs fees. As a result, Notations has agreed to pay $1 million in fees.

While the Department of Justice did not release the portion of the award that went to the whistleblower, under the False Claims Act a whistleblower plaintiff is entitled to somewhere between 15% and 30% of the total reward.

The principles of this case can and should be applied to the wildlife crime context. As Stephen M. Kohn, Executive Director of the National Whistleblower Center, explained in his award-winning article, expanded use of wildlife whistleblowing could be a boon to animals and the environment. Criminal networks that import wildlife have been known to falsely label their animal products when they enter the country. This is a crime. Customs officials need to be trained to detect such fraud and prosecutors should seek to bring more wildlife crime cases.

The False Claims Act and other laws with whistleblowers provisions like the Lacey Act have the potential to be powerful tools for unearthing wildlife crime. NWC, as a part of its mandate as a Grand Prize Winner of the Global Crime Tech Challenge, is promoting the existence of these reward laws and has a global wildlife program to inform wildlife whistleblowers of their rights.

The Notations case demonstrates how falsified customs documents, whistleblowers, and the False Claims Act intersect. The next frontier for such cases should be wildlife crime.

Read the full DOJ press release here.

Delaware’s Prudent Approach to the Cleansing Effect of Stockholder Approval

The Harvard Law School Forum on Corporate Governance and Financial Regulation -

Posted by William Savitt, Wachtell, Lipton, Rosen & Katz, on Tuesday, January 16, 2018 Editor's Note: William Savitt is a partner at Wachtell, Lipton, Rosen & Katz. This post is based on a Wachtell publication by Mr. Savitt, Ryan A. McLeod, and Anitha Reddy, and is part of the Delaware law series; links to other posts in the series are available here.

In Corwin v. KKR Financial Holdings LLC, 125 A.3d 304 (Del. 2015), the Delaware Supreme Court held that a non-controlling stockholder transaction approved by informed, unaffiliated stockholders is protected by the business judgement rule and that any lawsuit challenging such a transaction should be dismissed absent well-pleaded allegations of corporate waste. Recognizing that today’s sophisticated stockholder body can and does protect its own interests, Corwin held that in the great run of cases, stockholders—rather than plaintiffs’ lawyers or courts—should have the last word.


2017 Year in Review: Securities Litigation and Regulation

The Harvard Law School Forum on Corporate Governance and Financial Regulation -

Posted by Jason Halper, Kyle DeYoung and Adam Magid, Cadwalader, Wickersham and Taft LLP, on Tuesday, January 16, 2018 Editor's Note: Jason Halper is partner and Co-Chair of the Global Litigation Group, Kyle DeYoung is partner, and Adam Magid is Special Counsel at Cadwalader, Wickersham and Taft LLP.  This post is based on a Cadwalader publication by Mr. Halper, Mr. DeYoung, Mr. Magid, Jared Stanisci, James Orth and Aaron Buchman.

The securities litigation and regulatory landscape in 2017 defies simple categorization. Plaintiffs filed 226 new federal class actions in the first half of 2017, more than double the average rate over the last 20 years, and an additional 99 federal class actions in the third quarter of 2017. In contrast, new SEC enforcement proceedings declined. After staying on pace with the prior two years with 45 new enforcement actions against public company-related defendants in the first half of fiscal year 2017, the SEC filed only 17 new enforcement actions against public company-related defendants in the second half of the year. The apparent decrease in initiation of enforcement proceedings coincides with the arrival at the SEC of Chairman Walter J. Clayton, who has expressed the view that enforcement actions against issuers rather than individual wrongdoers too often punish the very investors they seek to protect.


How Transparent are Firms about their Corporate Venture Capital Investments?

The Harvard Law School Forum on Corporate Governance and Financial Regulation -

Posted by Sophia J.W. Hamm (The Ohio State University), Michael J. Jung (New York University), and Min Park (The Ohio State University), on Tuesday, January 16, 2018 Editor's Note: Sophia J.W. Hamm is Assistant Professor of Accounting at The Ohio State University Fisher College of Business; Michael J. Jung is Assistant Professor of Accounting at NYU Stern School of Business; and Min Park is a PhD candidate at The Ohio State University Fisher College of Business. This post is based on their recent paper. Related research from the Program on Corporate Governance includes Carrots & Sticks: How VCs Induce Entrepreneurial Teams to Sell Startups, by Jesse Fried and Brian Broughman (discussed on the Forum here).

Corporate venture capital (CVC) refers to direct minority equity investments made by established, publicly-traded firms in privately-held entrepreneurial ventures. CVC investing differs from pure venture capital investing in that financial returns are not the primary consideration, but rather, strategic gains are often the driving motivation to invest. While established firms in the technology, industrial, and healthcare sectors such as Google, General Electric, and Johnson & Johnson have set up CVC subsidiaries to invest billions of dollars in startups, younger firms such as Twitter with relatively smaller cash balances are starting to engage in venture capital investing as well. According to data from CB Insights, firms’ CVC investments in the U.S. were $17.9B in 2015 and $16.1B in 2016, involving 1,603 deals that accounted for nearly one-fifth of overall venture capital deals. CVC investments are now at the highest levels since the dot com era. The motivating research questions we are interested in examining in this setting are: 1) how transparent are firms about their CVC investments, and 2) is CVC investing a productive use of a firm’s capital resources?



Subscribe to Hong Kong Loss Prevention Association 香港防損協會 aggregator

HKLPA (@the_hklpa) Tweets

RT @mikevolkov20: Episode 14 - What Every Compliance Officer Needs to Know About Data Privacy and the EU's GDPR - Corruption, Crime &… https://t.co/iZMjIPsBhs 2 weeks 3 days ago
RT @ComplianceXprts: What You Need To Know About Auditing And Risk Management In The Transport Industry https://t.co/IuMnS7mtgd 3 weeks 5 days ago
RT @EthicalSystems: Our 2017 End of Year Letter from @JonHaidt and @azishf https://t.co/ukjVe2Lqti "This is the time for the business… https://t.co/jUSNcY4gco 4 weeks 21 hours ago
RT @ComplianceXprts: Inspection of Facilities and Sporting Venues - Due Diligence https://t.co/uKa3rYTJX0 https://t.co/EBXi6aBsW5 4 weeks 21 hours ago
RT @ComplianceXprts: 14 Essentials For Your Compliance Management System https://t.co/FcQa8nRGWm https://t.co/Ru1oVnJelN 1 month 2 weeks ago
RT @ComplianceXprts: Our focus is on what people don't want to do. #ce https://t.co/H8vN1euuAr 1 month 2 weeks ago
RT @mikevolkov20: ISO 37001: Board, Top Management and Anti-Bribery Compliance Responsibilities (Part III of V) - https://t.co/WyuoQi5RS3 3 months 1 day ago
RT @RSAFraud: 1 in 4 retailers state loyalty #fraud is one of the most detrimental threats to their e-commerce business… https://t.co/jfkD0QFcRW 3 months 3 weeks ago
RT @ComplianceXprts: FTAs, Risk Management and The Transport Industry #riskmanagement https://t.co/zLp4vMSNno 3 months 3 weeks ago
RT @ComplianceXprts: How To Navigate Audit Road Blocks : Part II Avoid Challenges To The Audit Scope https://t.co/JBDaI1gyEM 4 months 1 day ago