Dear FCPA Blog,
Just wanted to thank you again for your efforts and say that I think we’re in the midst of a great change in the fight against corruption.
Dear FCPA Blog,
Just wanted to thank you again for your efforts and say that I think we’re in the midst of a great change in the fight against corruption.
“Bribery is a crime of opportunity,” says Matt Ellis, author of How to Pay a Bribe. Two parties in the right place at the right time could convince themselves that the benefits of any deal far outweigh the risks and consequences of getting caught.
This intersection is where well-meaning employees can inadvertently cross the line. Employees may find themselves in an atmosphere of temptation and pressure from multiple areas. They could be working in a culture in which bribes are considered a normal part of doing business. Furthermore, your own corporate culture could contribute to pressure by emphasizing sales and performance to a degree that leads employees to believe you’d prefer the revenue over ethical behavior.
Richard Bistrong spent many years on the front lines of international business and understands this struggle all too well. His actions there led him to eventually cooperate with US and UK law enforcement for 5 years and serve 14 months in prison for violating the FCPA.
In a recent webcast, Richard shared some proactive measures the compliance function can take to make your company’s culture less confusing for employees in order to ensure that spoken and unspoken organizational messages all align with anti bribery compliance.
“Making people happy” and “paying tolls” are two entries in the colorful dictionary of the language of bribery. Many employees work in a company where there’s a culture against whistleblowing, and therefore think, “This is only a red flag if I make it one.”
Unfortunately, as Richard shared, “Bribery is not a one-size-fits-all model.” It’s never as obvious as big bags of cash changing hands, he says, it’s subtle; it’s language and getting comfortable. This is where Richard first confronted corruption – he started to participate in overseas corruption, simply by head-nodding.
“When I first started working overseas, intermediaries were sharing with me that they were bribing, using many words other than ‘bribe,’ but not asking me for anything. They were just letting me know that to win tenders they were intertwining legitimate and corrupt services. That was how I first started to confront corruption, and ‘nodded’ my way as a co-conspirator to violating the FCPA.”Richard Bistrong, FCPA & Anti-Bribery Compliance Consultant
So, how does one avoid becoming a co-conspirator by falling into a “getting used to it” mentality that opens the way to greater corrupt thinking and subverts the company’s expectations of behavior?If It Quacks Like a Bribe, Then It’s a Bribe
Sugar-coated language can deceive the average careful, conscientious employee into violating compliance laws. This is where good habits built in to workplace culture have the most power; word-policing seems like a nit-picky thing to do, but one has to think about who is supplying the front-line employees with information. Putting yourself into the mindset of employees’ experiences is the most powerful way to understand and combat culture from the ground up.
Just like police forces on their own may never succeed in eliminating crime, compliance rules and departments alone may never ensure appropriate behavior in relation to integrity and governance, at least on a sustainable basis. Rules and regulations will always lag innovation; employees can always collude to subvert controls; on the other hand, a corporate culture founded on values and integrity is more likely to [consistently] produce right choices by employees as individuals and groups even when no one is watching, with compliance checks as a complementary layer of verification. (Integrity, culture and compliance)Opeyemi Agbaje, Contributor
A webcast participant asked about Richard’s stance on facilitation payments which provided a perfect example of the issue with language and not calling something what it truly is. “Facilitation payments are requests for small bribes. Just treat them as such.” The more focus on trying to find a way around compliance, the more peril there is. While Richard stresses that his is not a legal perspective, his opinion is that facilitation payment exceptions are pretty unique to the U.S. and we need to consider how this exception might impact the thinking at the front lines. Richard thinks “the healthiest front-line perspective is to think of a facilitation payment as a bribe and put the legal issue aside.”6. Define Your Tipping Points
In the webcast, Jimmy Lin – facilitator from The Network – and Richard described all of these covert conversations and hidden languages as “a bunch of small gray clouds.” There is a thin line between getting close and getting too comfortable with third parties and intermediaries, especially when there are no witnesses. Rules for navigating those relationships are not always clearly defined, which leaves front-line employees vulnerable to trespassing unknowingly into non-compliant territory.
Look carefully at the relationships between third parties and employees. While you want to be culturally sensitive, going on holidays and spending extensive time together could be an indicator of numerous red flags.Richard Bistrong, FCPA & Anti-Bribery Compliance Consultant
Front-line teams tend to embrace the adage that bribes are “win-win situations,” and use that as justification for unethical decisions. As Richard role-played, “My company gets the sale, I make my bonus, the third party’s happy and the undercompensated public official also gets something to make ends meet. Who’s really getting hurt here?”Gaze Into Your Crystal Ball
The truth is that there are many victims of corruption. The compliance function holds the responsibility to communicate the societal and economic consequences of bribery as to deepen the understanding of why it is imperative “to say no.” Thieves of State (Sarah Chayes) discusses the effects on society that stem from acute cases of corruption. Social breakdowns are direct results of poor governance, and very often these regimes function as “criminal enterprises” where public officials buy their way into certain roles knowing that bribes will be collected as a result of their demands.
To illustrate the perils of front-line thinking, Richard’s presentation defined the “perfect storm” during which, at the intersection of all paths, an employee is exposed to and might think about acting corruptly. By choosing to address these issues, the CCO is able to greatly influence the course of the front-line decision-making, and to provide tipping points which all lead to ethical decisions and behavior.
You can fix what you know, and understanding the real-world corruption challenges which overseas business teams face in their work, can then help you to be a partner in developing and calibrating compliance tools to help them manage and mitigate those risks.Richard Bistrong, FCPA & Anti-Bribery Compliance Consultant
So, it’s all about prediction. Francesca Gino’s Sidetracked: Why Our Decisions Get Derailed, and How We Can Stick to the Plan addresses the psychology of making decisions and why our decisions go off course. A good compliance officer seeks to understand those behavioral dynamics and to protect their employees from ethical peril. As Scott Killingsworth, Partner, Bryan Cave, shared in Ethikos, compliance officers need to “know what actually happens in the head of the salesperson at the crossroads when the fateful bargain is offered and a decision must be made on the spot.”
Now that you know what they face in the field after you follow the steps outlined in Part 1 and Part 2, you’ve had open conversations with your sales teams and have a better understanding of what the tipping points leading to unethical behavior may be. This understanding allows you to create more targeted training and communications programs to specifically address these scenarios. Let your employees know what the dangers of different business environments may be and address the points at which they might be likely to struggle. By discussing those situations before they are encountered, the tipping points become less of an influence as your front-line employees become more grounded and confident in their decision-making.Next Steps
If you would like to hear more of what Richard had to say about what he’s learned from his experience, be sure to download the Behind the Bribe Webcast to watch on-demand. If you’re more interested in Richard’s take on international compliance, I encourage you to download his whitepaper, Behind the Bribe: What Compliance Officers Can Learn From A First Hand Account Of The Dark Side Of International Business for more of an inside look at his suggestions for global compliance.
In the meantime, consider joining us in New York on July 23rd when Richard Bistrong will speak at a complimentary half-day event with the former US/UN Prosecutor who launched the investigation into his case, Robert Appleton.Share Your Thoughts With Us
What kinds of euphemisms for unethical behavior does your sales team face in the field? How do you talk to your employees about their tipping point situations? You can join the conversation by commenting on the blog, messaging us on JDSupra or messaging me directly on LinkedIn.
Richard Bistrong is CEO of Front-Line Anti-Bribery LLC. He consults, writes and speaks about compliance issues from his experience as an international sales VP and conviction for violating the FCPA, where he pleaded guilty and served fourteen and a half months in prison. He can be reached via his website, Twitter and e-mail.For More Information About Anti Bribery Compliance, Check Out These Resources:
Join us on July 23rd for a complimentary, half-day event for a limited audience in the New York area, where you will have the chance to hear from and network with ethics and compliance experts Richard Bistrong of Front-Line Anti-Bribery LLC and Robert Appleton of Day Pitney. In a “Catch Me If You Can” like panel, a former US and UN prosecutor and former FCPA violator/turned cooperator discuss the realities of corporate anti bribery compliance.
On 14 July 2015, Iran and the EU/E3+3 (China, France, Germany, the Russian Federation, the United Kingdom, the United States, and the European Union) announced that they had agreed on
The post Outline of EU and U.S. Sanctions Relief for Iran under Joint Comprehensive Plan of Action appeared first on Global Compliance News.
We all know the importance of promoting a culture of compliance and ethics. The benefits of an ethical culture are substantial and worth every penny of investment in creating and promoting such a culture. We do not need to spend time justifying why an ethical culture is important to company financial success – it is critical for corporate sustainability and profitability.
Not every company has a culture of compliance and ethics. In fact, many companies do not have a positive culture.
What do those companies look like? Or to put it another way, what are some of the signs of a weak culture of compliance and ethics? I can name a few signs.
Obsession with Quarterly Financial Performance – Demand by corporate stakeholders for positive financial performance has become almost instantaneous – no longer are companies managed for long-term results or sustainable results. Companies have to perform each quarter, and if they do not, then something is wrong.
When the Board, the CEO and senior management adopt this credo, look out – obsession with financial performance can easily translate into cutting corners for the “greater good” of a positive quarterly report. “Cutting corners,” however, undermines any hope for a culture of compliance and ethics. Strong financial performance is not antithetical to strong ethical performance. Often, the two can go hand in hand.
Devotion to quarterly financial reports can easily filter to sales staff who each have to meet performance goals. Putting pressure on sales staff can lead to cutting corners on compliance and legal requirements – accurate financial reporting, meeting sales staff, revenue recognition issues, and lots of other pitfalls, including bribery and antitrust violations.
Making Excuses for the CEO’s Compliance Commitment – When the board, senior managers, or the Chief Compliance Officer justify a CEO’s failure to address explicitly compliance requirement by offering weak justifications, the company’s culture is on the rocks. Another manifestation of such excuses is when everyone cites the CEO’s recorded message in support of ethics and compliance, which may have been recorded 24 months ago, the company is running down a dangerous path, where financial goals and accomplishments are the be all and end all of company success.
GroupThink Denial and Acceptance – We all know this one but it is more than evident but never explicitly called out. Senior managers will reinforce a denial or an explanation by offering a positive statement that is contrary to fact, but is met with nods of acceptance and even explicit agreements. We have worked at organizations where everyone is tested in a sense – by accepting the group’s explanation and justification for a situation that calls for difficult and uncomfortable resolutions. GroupThink is a dangerous concept because no one person is forced to lie or deny by themselves – in a sense, the lie and the denial becomes a group process that reinforces and supports members of the group from having to face difficult issues.
Lackadaisical Check-the-Box Attention to Compliance Functions – When the Board, the CEO and senior management appear disinterested when discussing the importance of compliance training, internal investigations, complaint breakdowns, and other “mundane” compliance issues, the company’s culture and commitment to compliance is in poor shape. Corporate boards, CEOs and senior managers enjoy discussing new business opportunities, creative strategies and approaches to increasing company business. Companies with weak cultures visibly become deflated when discussing some of the check-the-box items relating to compliance and ethics. If you see it, you know it. Companies that display this kind of inattention are not committed to ethics and compliance but are only interested in compliance functions as a way to say – “we did it and now lets move on to more interesting topics.”
The post 4 Signs of a Weak Culture of Compliance and Ethics appeared first on Corruption, Crime & Compliance.
With so many studies and surveys giving us a picture of the compliance and ethics landscape it can be hard to find time to read them all (trust me). I’ve spent some time recently digging through some of this research and wanted to share some stats that stood out to me.41% of the bottom quintile of compliance programs find preforming risk assessments challenging because of insufficient technology
LRN’s 2015 Ethics and Compliance Effectiveness Report has been talked about quite a lot for its analysis of compliance reporting structure (and how the majority of programs still report through legal or have a dual-hat GC/CCO). But there are some other gems of information in their comprehensive survey. (Quite a few actually.)
One of the stats I find most interesting is that some compliance programs are still struggling with outdated technology. When compliance programs were first put into place, many teams pieced together different technology and approaches from a variety of vendors. Now that some time has passed it’s become clear that this piecemeal approach keeps information and departments siloed, making it much harder to get a comprehensive understanding of the program’s effectiveness or an accurate picture of compliance risk and how that feeds into overall organizational risk.
A risk assessment is no small undertaking, but it’s a very important one. When compliance professionals are making the argument that investing in the right technology can have an impressive ROI the ability to better monitor and mitigate risks should be a key selling point.More than 1 in 5 programs in the bottom quintile never preform a formal program assessment
If you don’t know it’s broken, you can’t fix it. Or, more in line with federal expectations, you can’t improve your program if you don’t understand its current state of effectiveness. To put this statistic in a little more perspective, half of the companies in the top quintile of LRN’s study “conduct formal assessments of program effectiveness annually.”
When was the last time your company conducted a program assessment?
Need help getting started? Check out The Practical Guide to Program Review & FSGO Benchmarking – complete with program assessment and inventory templates.40% of the top quintile and 50% of the bottom quintile are not using Code of Conduct violations for risk assessments
This one is a major red flag for me because it appears that even the best programs are ignoring key information that’s right at their finger tips. Most, if not all, compliance programs track Code of Conduct violations, but simply having this information isn’t enough.
It’s time to take our reporting and analysis to the next level and dig into what these violations say about the effectiveness of our programs, what the weaknesses are, how those weaknesses might effect the organization and (most important to program improvement) what is causing these violations. You have the Code of Conduct in place for a reason—to mitigate known risks and promote your company’s culture—so why are teams ignoring the ramifications of violations by not considering them in risk assessments?
Misconduct and noncompliance lead to heightened risk and need to be evaluated and addressed quickly—this includes reassessing your overall risk for accuracy.35% of compliance teams are part of annual business strategy development meetings — 17% are not involved in developing or implementing business strategy at all
Moving on from LRN, this stat comes from PwC’s State of Compliance Survey 2015. One of the main arguments for keeping the CCO role in the hands of the general counsel is that the GC has clout at the executive level that independent compliance departments haven’t yet achieved. This pair of disturbing statics prove just how far compliance still has to go.
Unfortunately, the compliance function is seen all too often as a cost center with little impact on business strategy or return on investment. But that could not be further from the truth. (I can see you nodding your head.) Building the business case for compliance by sharing examples of costly compliance mis-steps is one way to prove the function’s worth and potential impact on the organization.
It’s also extremely important to really listen to the company’s business objectives and five year plan. Compliance is a strict and sometimes negative field (that’s why compliance officers can come across as policy police if they’re not careful to foster the right company culture). Try to resist the urge to be a Negative Nancy and automatically raise issues with the business strategy. Instead, contribute positively to the conversation and help the company productively move in the direction that’s planned but in a compliant, prepared way.35%of teams don’t actively measure compliance cost
If you want a seat at the strategy table, you need to have a full understanding of your program and how it’s fiscally effecting the company. This includes both how much it costs to run your program and what the program has saved the organization in potential fines. (While the latter may be hard to quantify, looking at recent SEC findings can be useful.)
Of course compliance is going to have the reputation of being a cost center if you don’t do anything to dispel that myth. Keep a careful eye on your program’s successes to demonstrate its effectiveness and business contribution. Also keep an eye on the cost of running your program so you can highlight efficiencies and improvements (and find those areas ripe for improvement in the first place).21% of CCOs use a dedicated GRC tool
When PwC surveyed CCOs, they found that less than one third use a dedicated tool specifically designed for their profession—36% “say they’re getting by” with other tools. While that may not seem like a big deal let me put this in perspective: a type writer CAN help you produce the written word, but do you have one sitting on your office desk? I’m going to guess not. Why? Because it’s ineffective, inefficient and can’t actually do what you need it to (like connect to the internet or send an email).
It might help you get the job done on the surface but you’re likely missing out on key functionality
Click To Tweet
Relying on other software when you really need to manage a compliance program is along the same lines. It might help you get the job done on the surface, but you’re likely missing out on key functionality and spending way too much time on simple tasks.
The biggest example of this is reporting and analytics. You can get the data from disparate systems, but it takes much longer to collate and analyze this information than it would with a dedicated GRC tool that quickly and easily surfaces the key, integrated information you need to spot trends.66% of employees choose to report concerns directly to their managers
On its face, this stat from CEB’s State of Compliance and Ethics Function 2014 report isn’t all that alarming or surprising. It’s easy and often less intimidating to bring up a potential issue or concern with a familiar face than it is to file an official report. But what compliance professionals should take away from this is the vital importance of having a proxy reporting system that’s as structured and well thought out as the rest of your reporting channels. You need to ensure that managers know what to do with reports, understand the type of information they need to collect and how to file it with the compliance department and are comfortable communicating any disclaimers and follow up actions with their employees. They also need to be 100% completely aware of non-retaliation policies.
No matter how hard you try, you won’t be able to change people’s natural inclinations to go to their boss over your hotline. So embrace this trend and build a program that can support it.
And one last parting statistic (from CEB) for good measure and to help you benchmark:The median compliance and ethics budget per 1,000 employees is $97,333—up 15% since 2012
In my last blog, I analyzed the reasonsfor which CEOs hesitate to communicate on corruption prevention. I would now like to draw attention to CEOs who not only communicate on it and the company’s zero-tolerance for corruption, but who do so with imagination!
What follows are ten examples of communicating on anticorruption compliance that I have observed over the 10 years I have spent chairing the ETHIC Intelligence Certification Committee, which reviews the best practices of corporate corruption prevention programs. Some examples are company or personality specific but they all contain elements which can be adapted to any company’s anti-corruption compliance program in order to meet international best practices.
The post 10 ways for CEOs to communicate the Tone at the Top on anti-corruption appeared first on www.ethic-intelligence.com.
The Hungarian Parliament has recently adopted an amendment (Act No CXXIX of 2015) to the Information Act that will provide regulation regarding how data controllers must treat data breach incidents.
The post Hungary Imposes New Mandatory Data Breach Registry Requirements appeared first on Global Compliance News.
FinCEN has many important responsibilities but one of its more interesting assignments is oversight of anti-money laundering compliance by casinos (and card clubs).
Casinos are under increasing scrutiny these days for lax AML compliance.
In March 2015, FinCEN imposed a $10 million penalty on Trump Taj Mahal in Atlantic City, New Jersey, for violations of the Bank Secrecy Act (BSA). In addition to this hefty civil penalty, Trump Taj Mahal has to conduct periodic external audits to examine its anti-money laundering BSA compliance program and provide those reports to FinCEN and the casino’s board of directors.
Trump Taj Mahal admitted to failure to implement and maintain an effective AML program, failure to report suspicious transactions, failure to properly file currency transaction reports and failure to keep appropriate records as required by the BSA. Trump Taj Mahal had received numerous warnings of deficiencies in previous regulatory examinations, but failed to remediate the problems. Trump Taj Mahal’s records is pretty bleak – in 1998 FinCEN assessed a $477,700 civil money penalty against Trump Taj Mahal for currency reporting violations.
In June 2015, FinCEN assessed a $75 million penalty against Hong Kong Entertainment Investments Ltd., d/b/a Tinian Dynasty Hotel & Casino, for BSA violations. Tinian Dynasty failed to develop and implement an AML program and no member of Tinian Dynasty staff was designated as a BSA officer in the casino. Tinian Dynasty also never conducted an independent test of its systems to ensure compliance, and no one was trained in BSA record keeping or in identifying, monitoring and reporting suspicious activity. The casino operated for years without AML programs in place and was more than happy to assist customers by conducting large financial transactions involving large amounts of cash. In some instances, casino employees provided detailed instructions on how patrons could conduct transactions without being reported or without attracting law enforcement scrutiny.
FinCEN officials have been warning casinos that more enforcement is coming. In fact, FinCEN wants casinos to start implementing a culture of compliance throughout the business and casino functions.
The BSA reporting system depends on suspicious activity reports (SARs). FinCEN looks to these reports to combat money laundering and other criminal activity, including organized crime, drug trafficking and terrorism. FInCEN has detailed regulatory requirements for the filing of such reports by casinos.
The number of SARs filed nationwide has increased nearly 70 percent over the last two years throughout the financial industry, and in casinos. The most common issues cited by SARs involving casinos are alternating transactions to avoid currency transaction report filing. However, SARs have also exposed patrons using casinos to conceal narcotics transactions, moving money in support of international fraud schemes, laundering real estate fraud money and transferring money for other illicit purposes.
FinCEN’s aggressive enforcement attitude towards casinos reflects a long-standing frustration with compliance and the lack of a culture of compliance. FinCEN has stated that it will take into account a casino’s historical compliance record when deciding whether to take an enforcement action or set the amount of a penalty.
Casinos that have repeat violations over multiple exams will receive heightened scrutiny and more severe penalties. FinCEN is including remediation requirements in its enforcement actions to ensure that violators do not repeat failures and compliance deficiencies. In addition, FinCEN may impose corporate monitors or require additional independent testing to meet certain requirements.
Unlike the SEC, FinCEN appears to be more comfortable with “neither admit nor deny” settlements with casinos. Given the possible impact that admissions could have in civil litigation, FinCEN is not wedded to specific admissions in order to settle cases.
FinCEN has made it clear on numerous occasions that it expects casinos to meet the same high standards set for other financial institutions regarding a culture of compliance. Fundamental to the creation and development of a strong culture of compliance, casinos must develop a risk management framework that is engrained into the day-to-day culture of the entity. The entity’s board and management must exercise oversight of the risk management plan to ensure the establishment of effective communication channels, culture change, discipline and accountability.
The post Rolling the Dice: Casinos, FinCEN and AML Compliance appeared first on Corruption, Crime & Compliance.
|RT @EthicalSystems: "We are trying to give advice to organizations that are incredibly complex. When you put individuals together, they… https://t.co/Vs9bDKqorr||4 days 11 hours ago|
|RT @sh_oldenberg: To Understand Complexity, Use 7 Dimensions of Ethical Thinking https://t.co/BAKgEWtIpk https://t.co/5LuaqJIiXc||1 month 6 days ago|
|RT @ComplianceXprts: 7 Things Every SME Exporter Needs To Know About Protecting Their Brand https://t.co/fpfGOQJQDw https://t.co/Z0VibE2IsB||1 month 1 week ago|
|RT @ComplianceXprts: Exporters Guide To Managing Compliance - Download our free ebook now!https://t.co/ypw6RwMrVE https://t.co/2NT9xereA7||1 month 2 weeks ago|
|RT @mikevolkov20: Episode 14 - What Every Compliance Officer Needs to Know About Data Privacy and the EU's GDPR - Corruption, Crime &… https://t.co/iZMjIPsBhs||2 months 2 weeks ago|
|RT @ComplianceXprts: What You Need To Know About Auditing And Risk Management In The Transport Industry https://t.co/IuMnS7mtgd||3 months 14 hours ago|
|RT @EthicalSystems: Our 2017 End of Year Letter from @JonHaidt and @azishf https://t.co/ukjVe2Lqti "This is the time for the business… https://t.co/jUSNcY4gco||3 months 2 days ago|
|RT @ComplianceXprts: Inspection of Facilities and Sporting Venues - Due Diligence https://t.co/uKa3rYTJX0 https://t.co/EBXi6aBsW5||3 months 2 days ago|
|RT @ComplianceXprts: 14 Essentials For Your Compliance Management System https://t.co/FcQa8nRGWm https://t.co/Ru1oVnJelN||3 months 2 weeks ago|
|RT @ComplianceXprts: Our focus is on what people don't want to do. #ce https://t.co/H8vN1euuAr||3 months 2 weeks ago|