Category: Compliance

Board of Directors Oversight

Under the U.S. Federal Sentencing Guidelines, in order to receive credit for having an effective compliance program, and thereby reduce the fines imposed on the organization, a Board of Directors must be “knowledgeable about the content and operation of the compliance and ethics program,” and must “exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”

» Read More

Herbalife – “Quis Custodiet Ipsos Custodes” – Translated: Who Will Guard the Guards Themselves, or Who will Watch the Watchmen?

Herbalife’s business relationship in China was committed to illegal activity, which it knew or should have known violated the FCPA. Specifically,  beginning in late 2006, Herbalife China provided improper benefits and payments to government officials to obtain direct selling licenses for two cities.
Herbalife paid out millions of dollars in bribes. Fraudulent expense reimbursements were used to fund the bribes, which is is a common tactic for these types of bribes.

Specifically, the SEC found that Herbalife China paid bribes through extravagant meals, gifts, and other benefits given to Chinese officials to obtain sales licenses and remove negative media coverage in China. Managers at the subsidiary asked employees to falsify expense report documents, for example, adding names to meal receipts to get below the company’s per head spending limit. It also found that the payments and benefits were inaccurately recorded and that Herbalife failed to maintain a sound system of internal controls.

» Read More

SEC and its New Silent Whistleblower: Risk Based Data Analytics

The SEC just announced its first actions arising from investigations generated by the Enforcement Division’s EPS (Earnings Per Share) Initiative, which utilizes risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.

» Read More

Coming soon the New EU Whistleblower Protection Law

Soon all public and private organizations in the EU with more than fifty (50) employees will soon be required to comply with a new EU Whistleblower Protection law. The new law highlights the importance of responsive, transparent, and timely whistleblowing case management. So just implementing a hotline is not enough. Organizations must consider confidentiality, acknowledgment of the tip or compliant, response times, the competence of persons receiving the reports, communication with the whistleblower, and feedback on how the case is being processed. The new law also includes the right to report concerns externally while remaining legally protected. That’s a risk organizations must avoid. With the December 2021 deadline fast approaching, there is no better time for management and boards to act. 

Read more!

» Read More

Three Lines Model or Enterprise Resiliency Model?

In July 2020, The Institute of Internal Auditors (“IIA”) updated its Three Lines of Defense Model (“Model”) to emphasize more active forms of risk management and governance that appear to go beyond merely defensive maneuvers made by the internal audit function.  

Some believed the old model sent a message that we should fear risk. I never saw it that way. I understood the subliminal message was the model was about achieving objectives, which requires both the creation and the protection of value. The new model does a much better job of confirming that risk management contributes “to achieving objectives and creating value, as well as to matters of “defense” and protecting value.”

Learn why the Enterprise Risk Resilient Model might be a better choice.

» Read More

Webinar – July 28, 2020 – Best Practices for Conducting Remote Internal Investigations

In this pandemic era, global companies have been challenged to maintain a reliable and effective internal investigation program. Companies have relied on remote investigation strategies to collect and review documents and conduct interviews. In conducting remote investigations, companies have to ensure that they follow investigation requirements, maintain the confidentiality of the process, and comply with applicable data privacy rules and security requirements.

In this webinar, Jessica Sanderson, Partner at The Volkov Law Group, and Jonathan T. Marks, Partner| Leader of the Global Forensic Investigation, COmpliance & Integrity Practice at Baker Tilly, will discuss best practices for conducting remote internal investigations. They will outline strategies for collecting and reviewing documents, analyzing financial data, and conducting interviews using remote technologies.

» Read More

The Continued Evolution of Best Practices for Compliance Programs

In 2019 and 2020, the federal government released significant information which directly impacted compliance professionals. We cover all three releases in this eBook, the 2020 Evaluation of Corporate Compliance Programs – Guidance Document, the 2019 Framework for OFAC Compliance Commitments, and the 2019 Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.

These three documents provided not only the government’s refreshed thinking on what constitutes a best practices compliance program. I have combined all three onto a best practices document.

» Read More

SEC & DOJ Release Second Edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act

The SEC and DOJ Resource Guide is intended to provide information for businesses and individuals regarding the U.S. Foreign Corrupt Practices Act (FCPA). The guide has been prepared by the staff of the Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission.

The key changes to the Second Edition reflect developments and issues that are well-known to experienced practitioners. Nevertheless, the updated Guide emphasizes the importance of effective (and “adequately resourced”) compliance programs, risk-based diligence efforts, and voluntary self-disclosures.   

» Read More

COVID-19 – Fraud On The Rise is No Surprise!

Last week, the Association of Certified Fraud Examiners (” ACFE”) published the results of a survey taken by more than 1,800 anti-fraud professionals in late April and early May 2020, while we were deep into the Covid-19 crisis.  The findings, for the most part, are not surprising, but does reveal some disappointing information.  While I have not seen a raw copy of the survey, I was surprised the ACFE didn’t ask if the company’s fraud risk assessment was reviewed and modified accordingly.

In addition, the survey highlights trends in the overall level of fraud. Survey respondents provided information about their current observations and expected changes regarding ten (10) specific types of fraud.

» Read More

DOJ Revises its Guidance on the Evaluation of Corporate Compliance Programs

Without any fanfare, the U.S. Department of Justice Criminal Division has once again revised its Evaluation of Corporate Compliance Programs (“ECCP”).  The ECCP  remains  organized around three overarching questions that prosecutors ask when evaluating compliance programs, with some revisions, which are in bold text below:

Is the corporation’s compliance program well designed?
Is the program being applied earnestly and in good faith? In other words, is the program being implemented adequately resourced and empowered to function effectively?
Does the corporation’s compliance program work in practice?

While most of the document is identical to the 2019 Guidance, there are subtle and noticeable revisions.  The revisions appear to be designed to help provide additional clarity when answering the above three questions. 

» Read More

Internal Investigations and Keywords

Investigative search terms are specific to each situation and are a primary tool used by the investigation team to identify possible relevant information in a data set. However, overly broad or poorly chosen terms or keywords can produce excessive and irrelevant results, or worse, miss the  “smoking gun” e-mail or document. Additionally, have you thought about the list of search terms or keywords being privileged or protected opinion work product in the context of an internal investigation?

» Read More

Whistleblowers: Tipsters not trusting the system? Here’s how to win them back

Whistleblowers: Tipsters not trusting the system? Here’s how to win them back.

Anonymous hotlines and tip-reporting structures are useless, of course, if informants don’t trust them. Employees won’t blow the whistle if they fear reprisals. So, their concerns often don’t enter case-management systems and frauds continue. Here’s how to earn back their trust, take them seriously and transform raw tips into valuable fraud examinations.

» Read More

Whistleblowers: A Fraud Triage System

As the use of whistleblower programs continues to grow, many organizations find themselves struggling to manage burgeoning caseloads. As a result, serious fraud investigations can be delayed (with mounting losses) while less consequential complaints are being investigated. The lack of a timely, systematic and repeatable process for evaluating and prioritizing whistleblower tips that contain allegations of ethical breaches can also expose an organization to increased regulatory risk.

While there is no single, “right” method for following up on whistleblower complaints, the most effective approaches often resemble the medical triage programs that hospitals and first responders use to allocate limited resources during emergencies, or a crisis situation.

Here are some useful guidelines for designing and implementing a fraud triage system.

» Read More

The Role of the Board of Directors in Compliance Oversight

Under the U.S. Federal Sentencing Guidelines, in order to receive credit for having an effective compliance program, and thereby reduce the fines imposed on the organization, a Board of Directors must be “knowledgeable about the content and operation of the compliance and ethics program,” and must “exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.” In addition, in criminal actions against a business organization, including the FCPA, the DOJ’s Justice Manual instructs prosecutors to ask and answer several questions, including: 1) Do the Directors exercise independent review of the company’s compliance program? and 2) Are Directors provided timely and accurate information sufficient to enable the exercise of independent judgment?

» Read More

The Compliance Shift – Now for Tomorrow!

Where is compliance headed in the 2020’s? Certainly, technological solutions will be a big part of the future of compliance programs and controls. Compliance is rapidly emerging and being viewed as a critical business process. Moving away from the days in which it was driven by legalese and where lawyers are responsible for crafting compliance policies and procedures.  These advances provide opportunity for innovation, and enable compliance to recede from being viewed as a cost center led by the “head of business denial”, to being viewed as value added function to the business. Simply put, a more effective compliance program contributes to more efficient business processes, which leads to greater profitability.

» Read More

IIA Philadelphia and Baker Tilly’s Fraud & Ethics Symposium is Postponed! Stay tuned for the new date.

This one-day fraud symposium, sponsored by Baker Tilly’s Global Forensic, Compliance and Integrity Services, and Solutions Practice Group and hosted by the Institute of Internal Auditors, Philadelphia Chapter, will include topics such as:

•Culture
•Current trends in white-collar crime
•Tone is the middle
•Policy management
•Case study on a local fraud

Discover who will be speaking and register for the event!

» Read More

Fraud Tip Friday: Lessons From Recent FCPA Enforcement Actions

The United States government’s fiscal year ended on September 30, 2019. Just as in the business world, where many companies try and clear out any unexecuted deals or open contracts, the Securities and Exchange Commission (SEC) cleared out three outstanding Foreign Corrupt Practices Act (FCPA) enforcement actions. The three enforcement actions involved Quad/Graphics Inc., a Wisconsin-based digital and print marketing provider, and its Peruvian subsidiary, Quad/Graphics Peru S.A.; Barclays PLC; and a Canadian clean fuel company Westport Fuels Systems, Inc. and its former Chief Executive Officer (CEO), Nancy Gougarty of Leesville, South Carolina. The terms of each settlement agreement provide a different lesson for compliance practitioners.

» Read More

DOJ Updates FCPA Corporate Enforcement Policy

On November 20th, 2019, The Department of Justice (“DOJ”) announced updates to its Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy. While the changes were relatively minor, the modifications underscored important principles surrounding the FCPA Corporate Enforcement Policy.  

This latest update follows extensive revisions made in March of this year and the announcement that the FCPA Policy will apply as non-binding guidance for all criminal cases; all reflect DOJ’s continued efforts to promote self-disclosures and provide clarity on DOJ’s approach for companies deciding whether to self-disclose. There is little doubt the DOJ has landed on a Corporate Enforcement Policy that took years to develop. The FCPA Corporate Enforcement Policy now applies to all corporate criminal prosecutions except Antirust Division criminal prosecutions that are guided by the Leniency Program. The DOJ is consistently applying the principles and appears to be very comfortable with the results.

» Read More

Speaking and Training on Fraud, Compliance, Ethics, and More…

Welcome to my site. I have spoken and been the keynote speaker for many conferences, including the ABA, ACC, ACFE, IIA, and IMA to name a few. I have designed customized training for the board, senior leadership, legal, compliance, internal audit, and others for some of the world’s largest organizations.

» Read More

Reputation Risk Management Doesn’t Have a Start or End Date!

How can we protect our brand? What are we doing to protect our brand? Questions all board members should be constantly asking.  Reputational risks can damage the most well-crafted business strategies and is a growing challenge that companies around the world are still learning how to manage.

By definition, reputational risk refers to the potential for negative publicity, public perception, or uncontrollable events to adversely impact a company’s reputation, thereby affecting its revenue.

Board directors covet their company’s reputation because it’s their most valuable asset. A study by Deloitte and Forbes affirmed this conviction, but should not surprise anyone.  Senior-level executives also agreed that their company’s reputation presented the greatest risk to the company’s ability to achieve business strategies.

» Read More
Author: Jonathan T. Marks, CPA, CFF, CFE


Partner, Firm Practice Leader - Global Fraud & Forensic Investigations, Compliance, & Integrity Services

Communication and work product may be privileged and confidential.

Attribution

The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at jtmarkscpa@gmail.com

Jonathan T. Marks, his firm, their affiliates, and all related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

Archives
Categories
©2021 All rights reserved.
Skip to toolbar