Category: Regulatory

Fraud tip Friday! Coming soon the New EU Whistleblower Protection Law

Soon all public and private organizations in the EU with more than fifty (50) employees will soon be required to comply with a new EU Whistleblower Protection law. The new law highlights the importance of responsive, transparent, and timely whistleblowing case management. So just implementing a hotline is not enough. Organizations must consider confidentiality, acknowledgment of the tip or compliant, response times, the competence of persons receiving the reports, communication with the whistleblower, and feedback on how the case is being processed. The new law also includes the right to report concerns externally while remaining legally protected. That’s a risk organizations must avoid. With the December 2021 deadline fast approaching, there is no better time for management and boards to act. 

Read more!

» Read More

DOJ Revises its Guidance on the Evaluation of Corporate Compliance Programs

Without any fanfare, the U.S. Department of Justice Criminal Division has once again revised its Evaluation of Corporate Compliance Programs (“ECCP”).  The ECCP  remains  organized around three overarching questions that prosecutors ask when evaluating compliance programs, with some revisions, which are in bold text below:

Is the corporation’s compliance program well designed?
Is the program being applied earnestly and in good faith? In other words, is the program being implemented adequately resourced and empowered to function effectively?
Does the corporation’s compliance program work in practice?

While most of the document is identical to the 2019 Guidance, there are subtle and noticeable revisions.  The revisions appear to be designed to help provide additional clarity when answering the above three questions. 

» Read More

Whistleblowers: A Fraud Triage System

As the use of whistleblower programs continues to grow, many organizations find themselves struggling to manage burgeoning caseloads. As a result, serious fraud investigations can be delayed (with mounting losses) while less consequential complaints are being investigated. The lack of a timely, systematic and repeatable process for evaluating and prioritizing whistleblower tips that contain allegations of ethical breaches can also expose an organization to increased regulatory risk.

While there is no single, “right” method for following up on whistleblower complaints, the most effective approaches often resemble the medical triage programs that hospitals and first responders use to allocate limited resources during emergencies, or a crisis situation.

Here are some useful guidelines for designing and implementing a fraud triage system.

» Read More

The Role of the Board of Directors in Compliance Oversight

Under the U.S. Federal Sentencing Guidelines, in order to receive credit for having an effective compliance program, and thereby reduce the fines imposed on the organization, a Board of Directors must be “knowledgeable about the content and operation of the compliance and ethics program,” and must “exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.” In addition, in criminal actions against a business organization, including the FCPA, the DOJ’s Justice Manual instructs prosecutors to ask and answer several questions, including: 1) Do the Directors exercise independent review of the company’s compliance program? and 2) Are Directors provided timely and accurate information sufficient to enable the exercise of independent judgment?

» Read More

The Compliance Shift – Now for Tomorrow!

Where is compliance headed in the 2020’s? Certainly, technological solutions will be a big part of the future of compliance programs and controls. Compliance is rapidly emerging and being viewed as a critical business process. Moving away from the days in which it was driven by legalese and where lawyers are responsible for crafting compliance policies and procedures.  These advances provide opportunity for innovation, and enable compliance to recede from being viewed as a cost center led by the “head of business denial”, to being viewed as value added function to the business. Simply put, a more effective compliance program contributes to more efficient business processes, which leads to greater profitability.

» Read More

COVID-19 – Coronavirus: Crisis Management, Business Continuity, Fraud, and More!

Crisis Management: Some of the biggest mistakes made when handling a crisis are not dealing with the problem head-on, thoughtless or insincere comments, lack of communication with stakeholders, unprepared spokespeople, getting defensive after receiving backlash, or, sitting back and letting the problem grow. Domino’s, Sony, Samsung, BP, United Airlines, Equifax, KFC, are all good examples of companies who stumbled with crisis management. Companies should study these crises and learn from the mistakes!

In addition, fraud, compliance, and integrity risks may change. A crisis situation can and often does increase the pressure on senior management and of course salespeople to meet their sales targets! Deviant behavior is easily justified.

» Read More

IIA Philadelphia and Baker Tilly’s Fraud & Ethics Symposium is Postponed! Stay tuned for the new date.

This one-day fraud symposium, sponsored by Baker Tilly’s Global Forensic, Compliance and Integrity Services, and Solutions Practice Group and hosted by the Institute of Internal Auditors, Philadelphia Chapter, will include topics such as:

•Culture
•Current trends in white-collar crime
•Tone is the middle
•Policy management
•Case study on a local fraud

Discover who will be speaking and register for the event!

» Read More

Speaking and Training on Fraud, Compliance, Ethics, and More…

Welcome to my site. I have spoken and been the keynote speaker for many conferences, including the ABA, ACC, ACFE, IIA, and IMA to name a few. I have designed customized training for the board, senior leadership, legal, compliance, internal audit, and others for some of the world’s largest organizations.

» Read More

Reputation Risk Management Doesn’t Have a Start or End Date!

How can we protect our brand? What are we doing to protect our brand? Questions all board members should be constantly asking.  Reputational risks can damage the most well-crafted business strategies and is a growing challenge that companies around the world are still learning how to manage.

By definition, reputational risk refers to the potential for negative publicity, public perception, or uncontrollable events to adversely impact a company’s reputation, thereby affecting its revenue.

Board directors covet their company’s reputation because it’s their most valuable asset. A study by Deloitte and Forbes affirmed this conviction, but should not surprise anyone.  Senior-level executives also agreed that their company’s reputation presented the greatest risk to the company’s ability to achieve business strategies.

» Read More

e-Guide for Chief Compliance Officers

This e-book is intended as a guide for Chief Compliance Officers (CCOs) and those responsible for developing and implementing compliance policies and procedures for an organization. Compliance, when done properly and embraced fully, should be seen as a necessary business process. It is our vision that companies have more than a best-in-class compliance program going forward.
The time is now for companies to take the next step up to make compliance a part of the business process of the organization. This would not only allow companies to meet the Department of Justice’s requirement that compliance programs be more fully operationalized, but it is our firm belief that a more effective compliance program will make the company’s internal controls operate more efficiently and enable it to operate more profitably. With the increased efficiencies for compliance offered by data analytics and AI, a robust compliance program can demonstrate internal commercial inefficiencies which can be remediated for greater return from assets.

Crisis Management – Lights, Camera, Action!

Some of the biggest mistakes made when handling a crisis are not dealing with the problem head on, thoughtless or insincere comments, lack of communication with stakeholders, unprepared spokespeople, getting defensive after receiving backlash, or, sitting back and letting the problem grow. Domino’s, Sony, Samsung, BP, United Airlines, Equifax, KFC, are all good examples of companies who stumbled with crisis management.  Organizations should study these crises and learn from the mistakes!

» Read More
Author: Jonathan T. Marks, CPA, CFF, CFE


Partner, Firm Practice Leader - Global Fraud & Forensic Investigations, Compliance, & Integrity Services

Communication and work product may be privileged and confidential.

Attribution

The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at jtmarkscpa@gmail.com

Jonathan T. Marks, his firm, their affiliates, and all related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

Archives
Categories
©2020 All rights reserved.