Posted on

Compliance Thought Leaders You Should Be Following by Matt Kelly

Compiling a list of thought leaders in ethics and compliance is fun, but so challenging. There are simply too many thoughtful people in this field — which is itself enormous and wide-ranging — to call out everyone worth following. So below is a small slice of the thinkers in corporate ethics and compliance that I try to follow.

How should we define a thought leader, exactly? I define it literally. First, someone who thinks about corporate compliance issues, and puts those thoughts into words. Some bloggers and tweeters, for example, do a superb job passing along what happened, but not why or how it happened. 

Second, thought leaders lead. They raise questions about what should or could happen in ethics and compliance, even if practical obstacles today make achieving those goals difficult right now. Thought leaders provide context around the events of today to suggest what might be possible tomorrow.

Compliance Thought Leaders You Should Be Following

Without further delay (and in no particular order), here are a handful who fit that description.

Hui Chen, the former Justice Department compliance counsel who left that role in 2017. Since then Chen has been a consultant and prolific thinker about how compliance programs should work. For example, Chen often says a modern compliance function should have data analysts, auditors, and organizational behavior experts, rather than a fleet of lawyers. Does that make logical sense? Yes. Is it the case in most companies, with budgets of maybe $1 million tops? No. But should compliance officers ponder how to achieve that by, say, 2025, given the way business risk are evolving? Absolutely.

Kristy Grant-Hart, a former compliance officer now hanging her own shingle at Spark Compliance Consulting, who gives great career advice for compliance officers. Grant-Hart has written three books on how to succeed both in your job and in your career — and all of her advice hinges upon time management, building alliances, considering new options. Over the long course of a career, that’s much more valuable wisdom than news of the latest FCPA enforcement action. 

John Reed Stark, the Securities and Exchange Commission’s first cybersecurity enforcement specialist in the 1990s, who now runs his own consulting firm on all things cybersecurity and compliance. He writes and talks often about incident response plans, disclosing cybersecurity risks, regulatory enforcement around cybersecurity issues, and the like. Even when you disagree with his analysis (as I sometimes do), Stark always makes you think.

Cydney Posner, special counsel at the Cooley law firm and author of the firm’s Cooley PubCo blog. Posner does a great job watching corporate governance and securities issues: everything from reform of proxy advisory firms to climate change disclosure, to trends in SOX compliance reporting. Her posts can sometimes run long, but they are worth it. The “Sidebar” posts within larger posts are worth your time, too.

Jonathan T. Marks, a partner in the global forensic investigations and compliance practice at Baker Tilly and superb thinker on issues around fraud, internal control, and financial reporting. Let’s be honest: most compliance officers are lawyers, so they know the law and investigations; but few are auditors, and even fewer understand the forensics involved in tracing financial misconduct through bogus invoices, shoddy corporate payment systems, poor whistleblower hotlines, and they like. Marks, who is not a lawyer, does make those connections. He shares his thoughts on his own blog,, several times a week.

Tom Fox, long-time FCPA commentator and author of the FCPA Compliance & Ethics Report blog. Honestly, however, these days Fox churns out more content, on more issues, through the Compliance Podcast Network that he runs. That’s where you can get a weekly run-down on FCPA compliance issues; discussion of good board governance practices; analysis of innovation in compliance, and more. (Disclosure: Fox and I host a “Compliance Into the Weeds” podcast weekly where we take deep dives into compliance news of the day.)

Francine McKenna, a writer for Marketwatch about financial reporting and corporate governance news, and tweeter extraordinaire on the same subjects. After a first career in auditing, McKenna began a second career in the 2000s writing about the audit industry, which eventually brought her to Marketwatch. She does an outstanding job showing exactly how corporate or regulatory moves connect to financial reporting, and vice-versa.

And while I am reluctant to place myself among such esteemed company, some people do praise my own blog at and my Twitter feed as pretty thoughtful. I just think I’m very funny.

CCO’s Are True Thought Leaders

Of course, this list is by no means comprehensive. I excluded anyone from compliance vendors to avoid the appearance of playing favorites, but some astonishingly bright minds work in the vendor world. The intellectual wattage among audit firms, law firms, and consulting firms is amazing. Most firms run their own blogs; I follow those too. 

Source: GAN Integrity (modified)

Posted on

FCPA: CEO Overriding/Circumventing and Exploiting Internal Controls, and Issuing False Certifications


The Securities and Exchange Commission (“SEC”) announced that Westport Fuels Systems, Inc. (Westport”), a Canadian clean fuel technology company headquartered in Vancouver, Canada, and its former chief executive officer, Nancy Gougarty (“Gougarty”), age 64 of Leesville, South Carolina, have agreed to pay more than $4.1 million to resolve charges that they violated the Foreign Corrupt Practices Act (“FCPA”) by paying bribes to a foreign government official in China.

SEC’s Order

According to the SEC’s order, beginning no later than 2016, Westport, acting through Gougarty and others, engaged in a scheme to bribe a Chinese government official to obtain business and a cash dividend payment by transferring shares of stock in Westport’s Chinese joint venture to a Chinese private equity fund in which the government official held a financial interest.  The SEC order states that Westport concealed the identity of the Chinese private equity fund in its public filings, as well as in its books and records, by falsely identifying a different entity as the counterparty to the transaction. Gougarty caused Westport’s violations by circumventing Westport’s internal accounting controls and signing a false certification concerning the sufficiency of those controls.
“A company’s commitment to compliance is only as strong as the effort put in by senior management,” said Charles Cain, Chief of the SEC Enforcement Division’s FCPA Unit. “Here, the chief executive exploited weaknesses in the company’s controls to engage in bribery, undermining shareholder interests.

The SEC’s order finds that Westport violated the anti-bribery, books and records, and the internal controls provisions of the Securities Exchange Act of 1934 and that Gougarty caused certain of Westport’s violations. 

Westport violated, and Gougarty caused Westport’s violation of, Section 13(b)(2)(B) of the Exchange Act which requires every issuer with a class of securities registered pursuant to Exchange Act Section 12 to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that (i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any difference


Without admitting or denying the SEC’s findings, respondents consented to a cease-and-desist order. Westport also agreed to pay $2,546,000 in disgorgement and prejudgment interest and a civil penalty of $1,500,000, and Gougarty agreed to pay a civil penalty of $120,000. In determining to accept Westport’s offer, the SEC considered remedial acts undertaken by Westport concerning its anti-corruption and financial reporting compliance programs, and its cooperation afforded SEC staff.

Practice Considerations

Revisit your Code of Conduct. The SEC cited the fact Westport’s Code of Conduct omitted any reference to due diligence when engaging in a transaction with a third party in which a government official may have a financial interest.

Regarding overriding or circumventing internal controls, The PCAOB states that Management is in a unique position to perpetrate fraud because of its ability to directly or indirectly manipulate accounting records and prepare fraudulent financial statements by overriding established controls that otherwise appear to be operating effectively.

By its nature, management override of controls can occur in unpredictable ways. The PCAOB outlines several procedures to specifically address the risk of management override of controls. I highly recommend reviewing the procedures.

I welcome your comments and suggestions.


Jonathan T. Marks, CPA, CFE

Attribution: PCAOB, SEC, WSJ