Posted on 1 Comment

Speaking and Training on Fraud, Compliance, Ethics, and More…

Welcome to my site. I have spoken and been the keynote speaker for many conferences, including the ABA, ACC, ACFE, IIA, and IMA to name a few. I have designed customized training for the board, senior leadership, legal, compliance, internal audit, and others for some of the world’s largest organizations.

“I have had the pleasure to hear Jonathan Marks speak on a number of occasions. …most recently at a Fraud conference sponsored by the Long Island Institute of Internal Audit. Jonathan gave a dynamic and engaging half day presentation on fraud in financial reporting. He engages his audience with his expertise and knowledge of risk management, fraud and internal audit. His ability to share his experiences in fraud investigations over the past thirty years coupled with his interactive approach with his audience made for a compelling and memorable presentation.” Chief Audit Executive 

If you are interested in booking me for your next event or need customized training, please email me with the date or dates, location and address of presentation, the audience make-up, the subjects you would like covered, and the duration of the talk or training.

I have provided you with some Selected Training Programs (See below) and please peruse my blog posts for some additional topics and ideas. Keep in mind I speak and provide training on most anything related to governance, risk, and compliance, with a focus on fraud and forensics.

I will do my best to get back to you quickly.

Thank you!

 

Jonathan Pic

Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE and NACD Board Fellow

Selected Training Programs

Management Override of Internal Controls

The risk of management override of internal controls to commit fraud exists in any organization. When the opportunity to override internal controls is combined with powerful incentives to meet accounting objectives, senior management might engage in fraudulent financial reporting. This session will examine management override, focusing on the differences between the override of existing controls versus other, more prevalent breakdowns. It will also explore actions to help mitigate the threat of management override, approaches to auditing for management override and the psychology behind management’s override of controls. You Will Learn How To:

  • Identify red flags of management overriding controls
  • Ascertain an approach to auditing for management override
  • Assess the latest trends and research regarding management override of controls
  • Develop a better fraud risk assessment that highlights areas and gatekeepers that might have a greater chance of overriding controls.

Operationalizing Compliance – Master Class with Tom Fox, Esquire

The Master Class developed by Tom Fox, provides a unique opportunity for any level of FCPA compliance practitioner, from the seasoned Chief Compliance Officer (CCO) and Chief Audit Executive (CAE), Chief Legal Counsel (CLO), to the practitioner who is new to the compliance profession.

If you are looking for a training class to turbocharge your knowledge on the nuts and bolts of a best practices compliance program going forward, this is the class for you to attend. Moreover, as I limit the class to 20 attendees, you will have an intensive focus group of like-minded compliance practitioners with which you can share best practices. It allows us to tailor the discussion to your needs. Mary Shirley, an attendee at the recent Boston Master Class said, “This is a great two-day course for getting new folks up to speed on what matters in Compliance programs.

Tom Fox is one of the leading commentators in the compliance space partners with Jonathan T. Marks to bring a unique insight of what many companies have done right and many have done not so well over the years. This professional experience has enabled him to put together a unique educational opportunity for any person interested in anti-corruption compliance. Simply stated, there is no other compliance training on the market quite like it. Armed with this information, at the conclusion of the Doing Compliance Master Class, you will be able to implement or enhance your compliance program, with many ideas at little or no cost.

The Doing Compliance Master Class will move from the theory of the FCPA into the doing of compliance and how you must document this work to create a best practices compliance program. Building from the Ten Hallmarks of an Effective Compliance, using the questions posed from the Evaluation of Corporate Compliance Programs and the FCPA Corporate Enforcement Policy as a guide, you will learn the intricacies of risk assessments; what should be included in your policies and procedures; the five-step life cycle of third-party risk evaluation and management; tone throughout your organization; training and using other corporate functions to facilitate cost-effective compliance programs.

Highlights of the training include:

  • Understanding the underlying legal basis for the law, what is required for a violation and how that information should be baked into your compliance program;
  • What are the best practices of an effective compliance program;
  • Why internal controls are the compliance practitioners best friend;
  • How you can use transaction monitoring to not only make your compliance program more robust but as a self-funding mechanism;
  • Your ethical requirements as a compliance practitioner;
  • How to document what you have accomplished;
  • Risk assessments – what they are and how you can perform one each year.

You will be able to walk away from the class with a clear understanding of what anti-corruption compliance is and what it requires; an overview of international corruption initiatives and how they all relate to FCPA compliance; how to deal with third parties, from initial introduction through contracting and managing the relationship, what should be included in your gifts, travel, entertainment (GTE) and hospitality policies; the conundrum of facilitation payments; charitable donations and political contributions, and trends in compliance. You will also learn about the importance of internal controls and how to meet the strict liability burden present around this requirement of FCPA compliance.

Ethics and Governance Training

This session will cover how ethics is key to good governance and how governance fits into your anti-fraud program. Moreover, we will explore the components of a Sample Code of Ethics, the cost of ethical lapses, organizational situations that encourage bad behavior, the new ethics paradigm, and how to spot a moral meltdown.

Corporate Governance During a Crisis

We also discuss leading practices in crisis management and present several scenarios allow the participant(s) to work though mock crisis scenarios. For example, in your first week at your company, you just received information about an alleged massive fraud and you are now in a crisis. In this session, members of the audience will play different roles within the company (members of the board, legal department, managers, etc.) to have a discussion, including:

  • What type of crisis plan do you have, if any?
  • What to do and how to formulate a plan of action?
  • Who to call first, how to prioritize tasks, and where to prioritize resources?
  • Who (internal and external players) to get involved and when to get them involved
  • What data is needed when a crisis hits?
  • How to prepare for the media and when to reach out?
  • How to communicate with customers, vendors and suppliers, regulatory agencies, and other parties?

Fraud Risk Assessment Process and Guidance

Many professionals struggle with developing a fraud risk assessment that is meaningful. We discuss the objectives of a fraud risk assessment, the components of a fraud, and key considerations for developing an effective assessment. Then we explore the sources of risk, the fraud risk universe, and some of the key components of the assessment. Lastly, we walk through the key steps in the assessment process and walk through a sample fraud risk assessment that considers COSO’s Principle 8, which contains considerably more discussion on fraud and considers the potential of fraud as a principle of internal control.

FCPA (Bribery and Corruption): Building a Culture of Compliance

This session covers why compliance is important and the new guidance issues by the DOJ. We also explore current regulatory enforcement trends, whistleblowers Under Dodd-Frank, the U.S. Federal Sentencing Guidelines, risk-based third-party due diligence, way to thwart an investigation, differences and similarities between the FCPA and the U.K. Bribery Act, successor liability, and provides the participant with a proven 13-Step Action Plan.

Fraud Investigations

Knowing what to do when an allegation of fraud is presented is critical. Failing to understand the process could jeopardize the ability to prosecute wrongdoers. This session discusses why investigations are important, inherent risk and exposures, the types of investigations: internal and independent, board considerations, triaging an allegation, investigative challenges, and keys to running a successful investigation, and why root cause analysis should be considered after completing the investigation.

Third Party Risk Management and Oversight

Third party risk is the biggest nemesis when it comes to FCPA violations. This session discusses the key components of a compliance program and why it needs to be evolving to meet the business and compliance challenges, which are constantly occurring across the globe. We explore the latest DOJ guidance on the evaluation of corporate compliance programs. We build our discussion on the foundation of the key steps to be included in a third-party risk management program and cover some of the red flags of agents and consultants.

Putting the Freud in Fraud: The Mind Behind the White Collar Criminal

To properly fight corporate fraud we need to understand how a fraudster’s normal differs, so executives, managers and board members can develop more effective anti-fraud programs that take into account the behavioral and environmental factors that are common in cases of white-collar crime. By establishing an environment in which ethical behavior is expected — and by understanding how white-collar criminals look at the world differently — it is possible to begin closing the gaps in internal controls, develop a proactive fraud risk assessment and response program and significantly reduce the financial and reputational risks associated with fraud.

In this session, we take a closer look at the personality traits of individual perpetrators of massive fraud.

  • Discuss the basics of profiling and identifying elements of behavior common among white-collar criminals.
  • Discover what role company culture plays in the commission of fraud.
  • Hear cutting-edge ideas and methods to help detect and deter fraud.

Fraud Overview

This session is a “nuts and bolts” discussion about fraud and responding to fraud in an effort to reduce the incidence of fraud and white-collar crime. We go into the characteristics of fraud, who commits fraud, the fraud triangle and Pentagon™, the components of fraud, the regulatory environment & the focus on increased personal responsibility, internal controls to deter and detect fraud, and anti-fraud programs.

Triaging a Whistleblower Allegation

As corporations continue to adopt whistleblower programs, many find themselves struggling to manage burgeoning caseloads. As a result, serious internal fraud investigations can be delayed (with mounting losses) while less consequential complaints are being investigated. The lack of a timely, systematic and repeatable process for evaluating and prioritizing whistleblower tips, which can also expose an organization to increased regulatory risk. While there is no single, “right” method for following up on whistleblower complaints, this session discusses Why Investigating allegations or tips are important, why timeliness matters, investigation challenges, and provides the participant with a sample approach.

Skepticism: A Primary Weapon in the Fight Against Fraud

What happens when we don’t ask why? Professional skepticism occurs when those responsible for fighting fraud take nothing for granted, continuously question what they hear and see and critically assess all evidence and statements. This session we discuss the role of independent reviewer or inspector, particularly of your own assumptions, whether you are placing undue weight on prior risk assessments or discounting evidence inconsistent with your expectations, and pressures placed on you to truncate procedures or make unwarranted assumptions to beat time constraints.

Root Cause Analysis 

The regulators are expecting more today and want to know that your remediation efforts are not treating the symptoms), but rather the root cause(s).

Root cause analysis is a tool to help identify not only what and how an event occurred, but also why it happened. This analysis is a key element of a fraud risk management program and is now a best practice or hallmark of an organizations compliance program. When able to determine why an event or failure occurred, it is then possible to recommend workable corrective measures that deter future fraud events of the type observed. It is important that those conducting the root cause analysis are thinking critically by asking the right questions (sometimes probing), applying the proper level of skepticism, and when appropriate examining the information (evidence) from multiple perspectives.

This program is designed to introduce the common methods used for conducting root cause analysis and to develop an understanding of how to identify root causes (not just causal factors) using proven techniques. In addition, we will demonstrate how to initiate a root cause analysis incident exercise and work with senior management, legal, compliance, and internal audit on an appropriate resolution. We also introduce the “spheres” acting around the “meta model of fraud” and how to use those “spheres” in the root cause process. Finally, this program will present the “three lines of defense”, which provides the audit committee and senior management with a better understanding where the break downs occurred.

Posted on 2 Comments

Reputation Risk Management Doesn’t Have a Start or End Date!

Background

How can we protect our brand? What are we doing to protect our brand? Questions all board members should be constantly asking.  Reputational risks can damage the most well-crafted business strategies and is a growing challenge that companies around the world are still learning how to manage.

By definition, reputational risk refers to the potential for negative publicity, public perception, or uncontrollable events to adversely impact a company’s reputation, thereby affecting its revenue.

Board directors covet their company’s reputation because it’s their most valuable asset. A study by Deloitte and Forbes affirmed this conviction, but should not surprise anyone.  Senior-level executives also agreed that their company’s reputation presented the greatest risk to the company’s ability to achieve business strategies.

gettyimages-1059494628-170667a.jpg

Survey

The Red Flag Group recently conducted a survey, which asked business decision makers 20 questions to determine the importance of protecting reputation.  Highlights of the survey questions include:

  • The biggest perceived threats vs. the biggest actual threats
  • The relationship between reputational risk and legal risk
  • Risk-related attitudes of external stakeholders (consumers, investors and the media)
  • The relationship between risk ownership and risk mitigation

I have highlighted some of the results below.  I encourage you to read the entire survey.

Highlights of Survey

According to the survey, the majority believe that legal and reputational risks are of approximately the same importance.

graphic 1

When looking at the survey results, the most commonly flagged and biggest reputational risks were identified as follows:

graphic 2

What’s also interesting is the survey revealed that a current employee’s actions cause the most harm to reputation.  Alternatively, the threat is from within.

grpahic 3

As previously mentioned, current employees present the highest risk to the company’s reputation.

However, it is interesting that third parties such as distributors, suppliers and former employees are ranked so low given recent headlines about data breaches caused by suppliers handling data of large, international companies. Similarly, if we look at the top five risks previously identified as potentially impacting the company’s reputation, we find that these are some areas that typically involve the use of third parties to perpetrate the misconduct:

  1. Data security breaches
  2. Corruption (FCPA/UKBA)
  3. Fraud
  4. Antitrust and competition
  5. Business continuity

While companies are typically faced with the actions of their own employees for these risk areas, many of the risks above involve a high degree of interactions with outside third parties such as distributors, service providers and vendors. In this sense, the identified problematic groups, perceived top risks and recent examples of reputational risk failures aren’t in congruence. Although it can be more practical to control the existing workforce at a company, there needs to be a focus on external parties who also pose a risk to the company’s reputation..

Mitigation

The strategy of mitigating risks often falls on the shoulders of the department(s) or individuals who own the risks.  Based upon the survey responses, the legal and compliance functions are often identified as owning or providing oversight for some of these risks. This is a slippery slope, because the business or management should own the risks – not legal or compliance!

We have been battling this same issue with internal audit over the years, so let’s set the record straight.

TLD

Internal Audit’s (3rd Line of Defense) objective is essentially to provide independent assurance that risk management, governance and internal control processes are operating effectively.

The Compliance function (2nd Line of Defense) is there to reasonably ensure that the company is complying with all applicable laws, rules and regulations, as well as internal codes of conduct, policies and procedures.  There objective is predominantly operational.

It is management’s job to identify the risks facing the organization and to understand how they will impact the delivery of objectives if they are not managed effectively.  Moreover, management is responsible for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.

graphic 4 who owns it

Data Analytics Can Help Boards Understand

Many boards fear that the lack of control over reputational risk makes it impractical or improbable to manage these risks.  Managing reputational risk requires managing internal and external stakeholders such as customers, employees, vendors; however mitigating reputational risk is a challenging and worthwhile endeavor as this creates and preserves value for any organization.  Boards must acquire and utilize the right set of tools to measure, monitor and analyze reputational risk.  The use of data analytics, if done properly, is a powerful tool that can help identify and quantify market and media response and in some instances unveil new risks that have been hidden or lurking in plain sight.  For example, an uptick in negative social media posts could signify the emergence of a risk such as a possible product recall, negative customer experience, or other risk that could negatively impact the company’s reputation or possibly the reputation of a competitor, which could lead to new opportunities.

Some Keys to Managing Reputation Risk

  1. Include reputation risk as part of the overall risk management strategy
  2. Ensure your enterprise risk assessment proactively identifies, prioritizes and manages key risks – don’t boil the ocean
  3. Ensure policies, procedures, and controls are in place and operating effectively
  4. Train employees and external parties appropriately
  5. Understand your stakeholders expectations
  6. Communicate prioritized risks and risk management strategies effectively
  7. Have a crisis management plan in place and conduct regular simulations or “red ball drills” to properly prepare for the occurrence of a risk event.

Closing

Reputation risk is real, which means companies should continue to improve their capabilities for managing this risk.  Leading organizations already treat reputation risk as a strategic risk, which is an accelerating trend and a tactic that leads to the creation and preservation of value.

An effective approach to managing reputation risk requires a sustained effort — before, during, and after a crisis. Reputation risk management does not have a start or end date!

Baker Tilly provides services to help manage reputational risk.  Our data analytics capabilities, cultural surveys, and crisis management advisory services provide the tools and strategies to help organizations manage this risk.

I welcome your thoughts and comments, but know that Baker Tilly can help!

Best!

Jonathan Pic
Jonathan T. Marks, CPA, CFE
Posted on

e-Book Compliance Program Game Plan

immersicon_semi_fin_100K
Now, For Tomorrow!

This e-book is intended as a guide for Chief Compliance Officers (CCOs) and those responsible for developing and implementing compliance policies and procedures for an organization. Compliance, when done properly and embraced fully, should be seen as a necessary business process. It is our vision that companies have more than a best-in-class compliance program going forward.

The time is now for companies to take the next step up to make compliance a part of the business process of the organization. This would not only allow companies to meet the Department of Justice’s requirement that compliance programs be more fully operationalized, but it is our firm belief, that a more effective compliance program will make the company’s internal controls operate more efficiently and enable it to operate more profitably. With the increased efficiencies for compliance offered by data analytics and AI, a robust compliance program can demonstrate internal commercial inefficiencies which can be remediated for greater return from assets.

Get the e-book by clicking here!

Best,

Jonathan T. Marks & Tom Fox

jon and tom.png

Keep alert for additional thought leadership coming soon!

Posted on

Caremark, Compliance, and Caution!

open door

Background

A significant June 2019 decision by the Delaware Supreme Court interpreting the Caremark doctrine that limits director liability for an oversight failure to “utter failure to attempt to assure a reasonable information and reporting system exists” prompts this update.

The Court said that in order to “satisfy their duty of loyalty,” “directors must make a good faith effort to implement an oversight system and then monitor itthemselves, because the existence of management- level compliance programs alone is not enough for the directors to avoid Caremark exposure.

The Delaware Supreme Court reversed the Delaware Court of Chancery’s dismissal of a Caremark claim that arose out of the Blue Bell Creameries’ (“Blue Bell”) ice cream listeria outbreak where there was an alleged pattern of disregarded food-safety warnings.  The Delaware Supreme Court’s opinion in this closely watched case provides useful guidance to directors about the proper role of the board in overseeing risk management and compliance programs.

head in sand

Breach of Duty

Caremark defines a director’s duty of care in the oversight context and is at the very least a label attached to what all now agree is a necessary and proper subject of attention for every board of directors: corporate compliance as a function within the broader task of enterprise risk management. Caremark defined duty of care as “the care an ordinarily prudent person in a like position would exercise under similar circumstances”.

The Caremark decision built a high wall for plaintiffs to scale in asserting a board’s failure to comply with duty of care and loyalty standards. A landmark case before the Delaware courts in 1996, the decision written by the Court of Chancery of Delaware for In re Caremark International Inc. clarifies the board’s duties in relation to its oversight activities. The court outlined what plaintiffs must prove when claiming that directors breached their duties, notably that:

  1. Either the directors knew or should have known that violations of the law were occurring; and, in either event,
  2. The directors took no steps in good faith to prevent or remedy that situation; and
  3. Such failure resulted in the losses alleged in the complaint.

Recently, the Delaware Supreme Court overturned and remanded a decision by the Chancery Court, ruling that a Plaintiff had indeed scaled the Caremark standard in their complaint. The case, See Marchand v. Barnhill, No. 533, 2018 (Del. June 18, 2019), involved  the  directors and officers of Blue Bell Creameries’ (“Blue Bell”) founded in 1907,  the creamery produces a product lineup  that includes Blue Bell Ice Cream, Light Ice Cream, No Sugar Added Ice Cream, Sherbet and frozen snacks that are manufactured and distributed to supermarkets and food stores through Blue Bell’s direct store delivery program.

On April 20, 2015, Blue Bell voluntarily recalled all of their products from the supermarket and food store shelves and shut down all production operations after the Centers for Disease Control and Prevention (“CDC”) and the U.S. Food and Drug Administration (“FDA”) and several state health agencies found evidence that linked listeriosis (“listeria”) to Blue Bell Creameries products.  Listeria is a life-threatening infection caused by eating food contaminated with the bacterium (germ) Listeria monocytogenes.  The germ infected ten (10) people with several strains of Listeria and resulted in the reported deaths of three (3) people. As the organization’s revenues dropped precipitously, it terminated more than half of its workforce and ceased paying distributions to its limited partners. Ultimately, Blue Bell was fined by government authorities for poor safety policies and practices.

Blue Bell suffered losses because, after the operational shutdown, Blue Bell suffered a liquidity crisis that forced it to accept a dilutive private equity investment. The plaintiffs in this case brought a complaint that two key executives (President & CEO and the Vice President of Operations) and the board breached its fiduciary duties.

The complaint alleges the President and CEO and the Vice President of Operations
breached their duties of care and loyalty by knowingly disregarding contamination
risks and failing to oversee the safety of Blue Bell’s food-making operations, and
that the directors breached their duty of loyalty under Caremark.

The court was compelled to decide in the plaintiff’s favor due to evidence of the simplicity of the organization’s business model; the industry-specific risk of food safety; the lack of board oversight of food safety issues; and the absence of protocols by which the board expected to be advised of developments in this risk area.

It was concerning to the court that when “yellow and red flags about food safety were presented to management, there was no equivalent reporting to the board and the board was not presented with any material information about food safety” during the critical period leading up to the three deaths. In the court’s view, these facts created “a reasonable inference that the directors consciously failed to attempt to assure a reasonable information and reporting system exist[ed].”

The Caremark standard is burdensome for the plaintiffs’ bar to overcome. Indeed, it was stated in a footnote of the Marchand v. Barnhill ruling that “[under Delaware] law, director liability based on the duty of oversight is possibly the most difficult theory… upon which a plaintiff might hope to win a judgment.”

Law and justice concept. Judge's gavel, scales, hourglass, books.

Key Determinations

The key Delaware Supreme Court determinations, both fact-driven, were:

  • Independence. The Supreme Court held that one director, viewed by the Court of Chancery as independent, was not independent based on the allegations in the complaint. As a result, the court found that a majority of the board was not independent and disinterested for purposes of the board’s consideration of a stockholder demand to file a lawsuit against directors and officers.
  • Oversight. For purposes of denying a motion to dismiss by the organization, the facts alleged by the plaintiffs were sufficient to satisfy the high Caremark standard for establishing that a board breached its duty of loyalty by failing to make a good faith effort to oversee a material risk area, thus demonstrating bad faith.

landing on aircarft carrier

Some Guidance for Directors

Marchand is a noteworthy decision, both because it illustrates the outer bounds of directors’ oversight duties and because it represents a rare instance of prospective Caremark liability.

The specific deficiencies at Blue Bell listed by the Court serve as a helpful guide to the minimum best practices under Delaware law: a board should consider

  • Dedicating a committee to its main compliance risks;
  • Establishing protocols requiring management to keep it apprised of compliance practices, risks, and reports;
  • Setting a schedule to assess its main compliance risks on a regular basis;
  • Formulating procedures for the communication of red or yellow flags to the board and memorializing the associated discussions in board minutes; and,
  • Arranging for and documenting regular discussions of compliance risks at board meetings.

Review Your Public Filings

Given that the risk factors listed in Form 10-K generally represent the organization’s core areas of concern, directors should review their organization’s recent public filings and evaluate the organization has an adequate board-level oversight process in place to address relevant risk factors.

Monitoring and reporting systems

A board-level compliance monitoring system directed at and overseeing the organization’s central compliance risks must be in place. The Court made clear that, where appropriate board-level oversight systems existCaremark claims generally fail.  The compliance system must be implemented in good faith, must be governed by appropriate procedures, and must be tailored to the  organization’s business and its core compliance risks.

Compliance risk is the threat posed to an organization’s financial, organizational or reputational standing resulting from violations of laws, regulations, codes of conduct, or organizational standards of practice. To understand risk exposure, many organizations should review and improve upon or implement a comprehensive risk assessment process to fully incorporate compliance risk exposure.  The assessment should be performed by subject matter experts along with appropriate business and functional personnel in order to achieve successful results

Never truncate the oversight process by merely listing risks. 

Align the board’s oversight and risk mitigation efforts with the organization’s most significant risks, given its strategy and business model. Listing the organization’s risks or documenting them in a heat map from time to time but failing to identify key risk indicators, assign ownership and implement mitigation efforts falls short of effective oversight. A well conducted risk assessment will identify and prioritize the most critical risks and enable the assignment of resources to effectively and efficiently mitigate these top risks.

Allow time on the board agenda for risk oversight, and set risk escalation and monitoring protocols. 

Executives responsible for managing risk should be positioned to succeed with policies, processes, reporting, and systems appropriate to the industry. Risk management issues should be discussed regularly. In understanding who is responsible for the key risks, the broad strokes of the risk responses in place, and the nature of arising issues, the board should ask questions to satisfy itself that mission-critical matters are escalated to their attention in a timely manner,especially those related to compliance.

Pay attention to culture. 

Organizational culture and performance incentives were highlighted as areas of concern in the case against Blue Bell because it was inexplicable to stakeholders that management did not inform the board of the matters in question. The board must have confidence that management will act promptly to inform it when mission-critical issues of any nature arise. Setting specific and clear expectations of management and risk owners who are tied to mission-critical risks, and including relevant topics at regularly scheduled meetings will help the board attain that confidence and nurture a culture of trust, openness, transparency and timely communications about emerging problems. Companies are encouraged to conduct cultural assessments to help identify risk culture, levels of transparency for reporting concerns and ability to promptly respond to complaints or concerns

Delineate full board and standing committee roles. 

The complaint against Blue Bell Creameries alleges that, despite the importance of food safety, the board had no committee overseeing it, no full board-level process to address it, and no protocol by which the board expected to be advised of developments relating to it. When delegating responsibilities to its committees, the full board should ensure the appropriate committee covers the key risks—whether it currently exists or has to be created and newly chartered—and that information flows are sufficient to apprise the full board of critical matters.

Maintain minutes concerning critical risk matters. 

According to the court, “minutes from the board’s […] meetings are bereft of reports on the listeria issues […] [and] revealed no evidence that these were disclosed to the board.” The court’s findings suggest an expectation that management will escalate mission-critical matters to the board on a timely basis, that the board will set protocols for such escalation, and that there will be evidence in the minutes that such matters were discussed by the board. It was troubling to the court that the board left the organization’s response to the listeria outbreak to management instead of holding more frequent emergency board meetings to provide ongoing updates to board members.

The Blue Bell Creameries case is based on unique facts related to food safety and compliance matters. Nonetheless, the court’s decision might be more than a metaphorical “shot across the bow” and a real warning for boards to ensure their risk oversight processes meets or exceeds fiduciary standards and takes into account the unique regulatory demands of the industry.

 

Closing

The Delaware Chancery Court’s decision in In re Caremark has greatly influenced the growing field of  Compliance as a legal subject and field of practice over the past 20 years. That being said, having active and engaged board oversight in the areas of risk and compliance is a must!

While the Delaware case sends a cautionary message to directors, the DOJ memorandum on the Evaluation of Corporate Compliance Programs provides guidance for directors as they work to fulfill their oversight responsibilities.

I welcome your thoughts and comments.

Best,

Jonathan Pic
Jonathan T. Marks, CPA, CFE

young technical woman working in a field of lettuces with a folder

Note

About 48 million people in the U.S. (1 in 6) get sick, 128,000 are hospitalized, and 3,000 die each year from foodborne diseases, according to recent data from the Centers for Disease Control and Prevention. This is a significant public health burden that is largely preventable.

The Food Safety & Modernization Act (FSMA) is aimed at preventing intentional adulteration from acts intended to cause wide-scale harm to public health, including acts of terrorism targeting the food supply. Such acts, while not likely to occur, could cause illness, death, economic disruption of the food supply absent mitigation strategies. Rather than targeting specific foods or hazards, this rule requires mitigation (risk-reducing) strategies for processes in certain registered food facilities.

This rule applies to both domestic and foreign companies that are required to register with the FDA as food facilities under the Federal Food, Drug, and Cosmetic (FD&C) Act.

This rule is designed to primarily cover large companies whose products reach many people, exempting smaller companies. There are 3,400 covered firms that operate 9,800 food facilities.

Contributing Author: Paul Zikmund

Attribution:

DOJ, Harvard Law School, NACD

 

Posted on 1 Comment

New DOJ Guidance Addresses ‘Effectiveness’ of Compliance Programs

Background

The DOJ issued New April 2019 Guidance  (“Guidance”, or “2019 Guidance”) detailing how prosecutors will evaluate the effectiveness of corporate programs to prevent fraud and other misconduct, a key consideration in determining the penalties imposed against companies.  This is an update from the On February 8, 2017, the DOJ published Guidance entitled, “Evaluation of Corporate Compliance Programs”.

Brian Benczkowski, the head of the Justice Department’s criminal division, said the revised guidance is intended to aid not only prosecutors but also companies, giving them deeper insight into what the government will demand of compliance programs.

The 2019 Guidance contains 12 high-level topics (below) that are grouped to track the Three Core Questions about compliance program effectiveness contained in Section 9-28.800 of the Justice Manual and candidly are the key questions the board of directors should be asking.  After all it’s expected the organization’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight” of it (See U.S.S.G. § 8B2.1(b)(2)(A)-(C)).

core image

Three Core Questions

  1. Is the Corporation’s Compliance Program Well Designed?
  2. Is the Corporation’s Compliance Program Being Implemented Effectively?
  3. Does the Corporation’s Compliance Program Work in Practice?

“Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process,” according to the Guidance. “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant federal laws that is accessible and applicable to all company employees.”

Prosecutors, according to the guidance, “should also assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.”

looking down.jpg

The High-level Topics

  1. Risk Assessment
  2. Policies and Procedures
  3. Training and Communications
  4. Confidential Reporting Structure and Investigation Process
  5. Third Party Management
  6. Mergers and Acquisitions (M&A)
  7. Commitment by Senior and Middle Management
  8. Autonomy and Resources
  9. Incentives and Disciplinary Measures
  10. Continuous Improvement, Periodic Testing, and Review
  11. Investigation of Misconduct
  12. Analysis and Remediation of Any Underlying Misconduct

The 2019 Guidance has a twelfth topic because it split the 2017 Guidance’ topic of “Confidential Reporting and Investigation” into two separate sections—”Confidential Reporting Structure and Investigation Process” (4)  and “Investigation of Misconduct (11).”

Under each of the above topics, the 2019 Guidance sets forth multiple sample questions that prosecutors are likely to ask during an investigation. A few examples are:

  • Risk Assessment: Risk Management ProcessWhat methodology has the company used to identify, analyze, and address the particular risks it faced?
  • Training and Communications: Risk Based Training What training have employees in relevant control functions received?
    • Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred?
  • Confidential Reporting Structure and Investigation Process: Effectiveness of the Reporting MechanismDoes the company have an anonymous reporting mechanism, and, if not, why not?
    • How is the reporting mechanism publicized to the company’s employees?
    • Has it been used?
    • How has the company assessed the seriousness of the allegations it received
    • Has the compliance function had full access to reporting and investigative information?
  • Mergers and Acquisitions (M&A): Process Connecting Due Diligence to Implementation What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process
    • What has been the company’s process for implementing compliance policies and procedures at new entities?
  • Commitment by Senior and Middle Management: Conduct at the Top How have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation?
    • What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts?
    • How have they modelled proper behavior to subordinates?
    • Have managers tolerated greater compliance risks in pursuit of new business or greater revenues?
    • Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?
  • Continuous Improvement, Periodic Testing, and Review: Internal AuditWhat is the process for determining where and how frequently internal audit will undertake an audit, and what is the rationale behind that process?
    • How are audits carried out?
    • What types of audits would have identified issues relevant to the misconduct
    • Did those audits occur and what were the findings?
    • What types of relevant audit findings and remediation progress have been reported to management and the board on a regular basis?
    • How have management and the board followed up?
    • How often does internal audit conduct assessments in high-risk areas?
  • Continuous Improvement, Periodic Testing, and Review: Properly Scoped Investigation by Qualified PersonnelHow has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?

Some Other Points of Focus

  • Compliance must adopt a risk-based approach (See Closing Thoughts below).
  • Compliance must have appropriate processes for the submission of complaints, and processes to protect whistleblowers.
  • The word “resource” appears twenty one (21) times in the Guidance, so I am certain that if your organization is not properly resourced that will more likely than not be a problem.
  • Compliance must have independent access to the Board and Audit Committee.
  • Compliance needs to be integrated with other functions like internal audit, and depending on structure, the legal function. See discussion on whether the compliance should be a separate function!
  • Compliance must adopt strong third-party controls.
  • Root cause was mentioned nine (9) times in the Guidance! Treating symptoms and the not the root cause could at some point result in recidivism, which will more likely than not be problematic!

Closing Thoughts

The 2019 Guidance seeks to understand how the organization approaches compliance and then what worked and what didn’t.  So, one might consider reading both the old and new Guidance to understand how the evaluation of an organization’s compliance programs has changed.

If you are going to have your organization’s compliance program evaluated and you should!

Why? Prosecutors must evaluate if the organization has engaged in meaningful efforts to review its compliance program and ensure that it is not stale.

Then you might want to first make sure your risk profile is up to date as well as your fraud or misconduct risk assessment!  Why?  The section within the Guidance on “Risk Assessment” was moved to be first of the 12 topics addressed in the 2019 Updated Guidance (Note: It was the fifth topic addressed in the 2017 Evaluation Guidance) and just maybe the DOJ is sending a subliminal message here, which some of us have already picked up and that is the risk assessment drives the compliance program!

By the way if you’re already a client don’t worry. We have been doing all of this for some time and this is not a best practice guide!  This doesn’t mean the writing should be ignored, I use it as a tool to help me think through compliance programs strategically and evaluate risk.  Boards and senior management should use the guidance for the same.

I welcome your comments.

Best!

img_7798-2

Jonathan T. Marks, CPA, CFE

Attribution
DOJ

 

Posted on

PHorensically Speaking Podcast Feed is Live!

With the help from a true friend, Tom Fox, I am entering the world of Podcasting.

I will be developing at least three Podcasts per month that will focus on pervasive governance and fraud issues impacting Boards and their organizations.  One objective is help the practitioner go from detection to prevention, if possible, so that a crisis can be thwarted.

Click here for the Podcast feed. I welcome your feedback and suggestions.

Jonathan

 

 

 

 

Jonathan T. Marks, CPA, CFE

Posted on 1 Comment

Focus on the Bad Actors! DOJ Outlines Key Policy Revisions Re-Focusing on Individual Accountability

American Conference Institute’s 35th International Conference on the Foreign Corrupt Practices Act

“Fighting white-collar crime is a top priority for the Department, and we increased prosecutions in every priority area last year. Thanks to a series of initiatives and policy enhancements, we are making white-collar enforcement more effective and more efficient.”

“Under our revised policy, pursuing individuals responsible for wrongdoing will be a top priority in every corporate investigation.”

On November 29, 2018, keynote speaker Deputy Attorney General Rod Rosenstein outlined the revisions to the DOJ’s policy regarding individual accountability in corporate cases, both civil and criminal.

He emphasized holding “individuals responsible for wrongdoing,” thereby increasing the deterrent effect of prosecutions, an effect that he noted is often lost in corporate-level prosecutions, as well as creating policies that work in “the real world of limited investigative resources.”

Furthermore, Rosenstein noted that the revised policy will offer corporations cooperation credit in civil corporate investigations, stating “the ‘all or nothing’ approach to cooperation introduced a few years ago was counterproductive in civil cases.”

img_0392

Rosenstein noted that a corporation “must identify all wrongdoing by senior officials, including members of senior management or the board of directors, if it wants to earn any credit for cooperating in a civil case.” He also stated that a corporation can earn maximum cooperation credit, if it identifies “every individual person who was substantially involved in or responsible for the misconduct.

Practice Pointer – This is why it is imperative to triage allegations appropriately and when the situation warrants conduct an Independent Investigation!

Internal Investigation: Directed by management, either with company investigative resources or outside counsel  and consultants.

Independent Investigation: Directed by a committee of  the Board of Directors (e.g., audit committee or special  committee) with independent counsel and consultants.

Rosenstein revealed that prosecutors will also have permission and discretion to negotiate some amount of credit, even where maximum credit is not available to the corporation, providing the possibility for credit where a corporation meaningfully assists the government in its investigation and eliminating, in his words, a “binary choice” that could “delay the resolution of some cases while providing little or no benefit.”

For example: In a civil False Claims Act case, a company might make a voluntary disclosure and provide valuable assistance that justifies some credit even if the company is either unwilling to stipulate about which non-managerial employees are culpable, or eager to resolve the case without conducting a costly investigation to identify every individual who might face civil liability in theory, but in reality would not be sued personally.

Note that Rosenstein made clear that no credit would be available in cases where it is revealed that a corporation concealed misconduct or wrongdoing “by members of senior management or the board of directors.” In addition, he stated that prosecutors will have discretion to “negotiate civil releases for individuals who do not warrant additional investigation in corporate civil settlement agreements” and to “consider an individual’s ability to pay in deciding whether to pursue a civil judgment.”

In summary, Rosenstein’s remarks seem to be a logical and balanced approach to re-instituting the discretion that DOJ prosecutors once had in civil cases so that cases could be resolved more efficiently, while also ensuring a strong deterrent effect.

Criminal Cases

Switching gears, Rosenstein addressed individual accountability in criminal cases. Specifically, he stated that “absent extraordinary circumstances, a corporate resolution should not protect individuals from criminal liability.” As such, the revised policy instructs prosecutors that “any company seeking cooperation credit in criminal cases must identify every individual who was substantially involved in or responsible for the criminal conduct.” However, Rosenstein also emphasized that investigations should not be “delayed merely to collect information about individuals whose involvement was not substantial, and who are not likely to be prosecuted.”

The Top

Rosenstein stated that the new policy would focus on those at the top, including individuals “who play significant roles in setting a company on a course of criminal conduct” or “who authorized” such conduct. Finally, the revised policy eliminates any cooperation credit that a company would otherwise receive if the DOJ finds that a company is not operating in good faith to identify individuals who were substantially involved in or responsible for wrongdoing.

Some Key Takeaways 

  • Yates Memo The DOJ will continue to focus on individual accountability in investigations and prosecutions.  Note:  The Yates Memo puts a particular emphasis on the need to hold high-level officials responsible for misconduct.
  • Cooperation is key especially when there is alleged criminal conduct – Corporations must cooperate if they are seeking credit.
  • Investigations – Corporate investigations must be done with care.
  • Oversight The rule of law is not simply about words written on paper.  After all as Rosenstein remarked, it is the culture of a society and the character of the people who enforce the law determine whether the rule of law endures. 
  • Ignorance will not be tolerated – “Companies that self-report, cooperate, and remediate the harm they caused will be rewarded. Companies that condone or ignore misconduct will pay the price.”

Rosenstein summed up his remarks by stating that corporate enforcement policies should encourage companies to implement improved compliance programs, to cooperate with DOJ investigations, in an effort to resolve cases expeditiously, and to assist in identifying culpable individuals so that they also can be held accountable when appropriate.

Closing Thoughts

I personally think this is another step in the right direction; however, I would like to see more emphasis and incentive placed on the board of directors to do right, after all they are part of “the top“, but I am pleased they were called out twice.  After all, the starting point for setting the tone begins with the corporation’s governing authority; generally, this means the board of directors. 

Having an investigative team that understands governance, risk management, and compliance is more important than ever!

I welcome your thoughts, comments, and opinions.

Best!

Jonathan T. Marks

Attribution
DOJ
Harvard Law
Greg Paw
RG 
Posted on 1 Comment

Fraud and Related Party Transactions

Related party transactions could be a “red flag“, and must be evaluated with the proper skepticism!
Perceived opportunities to commit management fraud include the ability of the fraudster to obfuscate the misbehavior behind complex transactions or related-party structures, which are usually not disclosed.  Remember, as I say, “fraud is not about obstruction – it’s a game of deception, deflection, and distraction!”

Failure to disclosure should lead to further inquiries!

Due to their nature, related parties should be part of the fraud risk assessment process and considered during an investigation, but are often overlooked!Related party relationships are frequently linked to sham transactions and could occur as follows:

  • Sales activity between two parties, often related by law or industry, where insufficient consideration is given for the sales transaction.
  • Seller provides total financing to transfer consideration.
  • Below FMV transactions.
  • Borrowing or lending on an interest-free basis or at a rate of interest significantly above or below market rates.
  • Exchanging property for similar property in a non-monetary transaction.
  • Loans with no scheduled terms for when or how the funds will be repaid.
  • Loans with interest accruing differently from market rates.
  • Loans to parties lacking the capacity to repay.
  • Loans advanced for valid business purposes and later written off as uncollectible.
  • Non-recourse loans to shareholders.
  • Agreements requiring one party to pay the expenses on the other’s behalf.
  • Business arrangements where the entity pays or receives payments of amounts at other than market .
  • Consulting arrangements with directors, officers, or other members of management.
  • Goods purchased or sent to another party at less than cost.
  • Material receivables or payables from/to related parties such as officers, directors, and other employees.

Here is a research paper for some additional color.

board meeting

Boards

Related-party transactions create the potential for a conflict of interest. Conflicts of interest fraud schemes include:

  • Purchase schemes, which involve the over-billing of a company for goods or services by a vendor in which an employee has an undisclosed ownership or financial interest
  • Sales schemes, which involve the underselling of company goods by an employee to a company in which the employee maintains a hidden interest

Some questions to ask management

  • Are periodic comparisons of vendor information with employee information, such as addresses and telephone numbers performed on a regular basis?
  • Are vendors who employ former company employees under increased scrutiny?
  • Does the organization have a reporting procedure for personnel to report their concerns about vendors receiving favored treatment?
  • Are employees required to complete an annual disclosure document that includes business ownership, income, and investment information?
  • Does the organization require vendors to sign an agreement allowing vendor audits?
  • Are vendor audits conducted by someone independent of the purchase, sales, billing, and receiving departments?
  • Are hospitality expenses being appropriately monitored?

Those subject to the 1934 Act

Regulation S-K requires disclosure of any transaction exceeding $120,000 “in which any related person had or will have a direct or indirect or material interest.” A related person is defined as a director or executive officer, a director nominee, a beneficial owner of more than five percent of the company’s voting stock, or an immediate family member or household member (other than a tenant or employee) of any of the aforementioned persons.

Transactions to be disclosed include, but are not limited to, any “financial transaction, arrangement or relationship (including any indebtedness or guarantee of indebtedness) or any series of similar transactions, arrangements or relationships.” The SEC released sample scenarios for such transactions, along with clarifications of terms, in Compliance and Disclosure Interpretations about Item 404 of Regulation S-K after adopting amendments to the rule in 2007.

Item 404 of Regulation S-K also requires disclosure of company policy concerning the “review, approval or ratification” of related-party transactions, including the types of transactions that are covered in the policy, the standards applied, who is responsible for applying the policy, and whether the policy is in writing.Directors should recuse themselves from any discussions or decision-making in regard to a transaction with a related party – this goes for public, private, and not-for-profit concerns.

Closing

Related party transactions need to be carefully evaluated. Corruption really cannot exist without a conflict of interest. Each and every corrupt act is driven by an underlying conflict.

Remember, just because someone discloses a related party or a conflict of interest doesn’t necessarily mean its legitimate!  In fact, it could be a way of earning your trust and reducing your level of skepticism!

I welcome your comments, thoughts, and suggestions. A site where no topic is undiscussable!

 

img_7798-2

Jonathan T. Marks, CPA, CFE

Attribution:
Steve Albrecht
Joe Vona
NACD
ACFE
Posted on

Registration is Now Open – Class Size is Limited! Doing Compliance Master Class Training with Tom Fox will be held in New York City on November 12-13 (Two Days), 2018.

img_0332

I am pleased to announce the next offering of my Doing Compliance Master Class. I am partnering with Baker Tilly Virchow Krause, LLP, to put on a two-day class that is unlike any other currently being offered. It will be held in New York City on November 12 & 13, 2018. The class is not just theory or analytical underpinnings of the Foreign Corrupt Practices Act (FCPA) but focuses on the operationalizing of compliance. For it is only in the doing of compliance that companies have a real chance of avoiding FCPA liability. Jonathan T. Marks, a Partner at Baker Tilly and well-known for his knowledge on governance, conducting global (cross-border) investigations, designing and enhancing internal controls, evaluating compliance/internal programs, and conducting root cause analysis , will also join me.

The Master Class provides a unique opportunity for any level of FCPA compliance practitioner, from the seasoned Chief Compliance Officer (CCO) and Chief Audit Executive (CAE), Chief Legal Counsel (CLO), to the practitioner who is new to the compliance profession.

If you are looking for a training class to turbocharge your knowledge on the nuts and bolts of a best practices compliance program going forward, this is the class for you to attend. Moreover, as I limit the class to 20 attendees, you will have an intensive focus group of like-minded compliance practitioners with which you can share best practices. It allows us to tailor the discussion to your needs. Mary Shirley, an attendee at the recent Boston Master Class said, “This is a great two day course for getting new folks up to speed on what matters in Compliance programs.”

As one of the leading commentators in the compliance space for several years, I will bring a unique insight of what many companies have done right and many have done not so well over the years. This professional experience has enabled me to put together a unique educational opportunity for any person interested in anti-corruption compliance. Simply stated, there is no other compliance training on the market quite like it. Armed with this information, at the conclusion of the Doing Compliance Master Class, you will be able to implement or enhance your compliance program, with many ideas at little or no cost.

The Doing Compliance Master Class will move from the theory of the FCPA into the doing of compliance and how you must document this work to create a best practices compliance program. Building from the Ten Hallmarks of an Effective Compliance, using the questions posed from the Evaluation of Corporate Compliance Programs and the FCPA Corporate Enforcement Policy as a guide, you will learn the intricacies of risk assessments; what should be included in your policies and procedures; the five-step life cycle of third party risk evaluation and management; tone throughout your organization; training and using other corporate functions to facilitate cost-effective compliance programs.

Highlights of the training include:

  • Understanding the underlying legal basis for the law, what is required for a violation and how that information should be baked into your compliance program;
  • What are the best practices of an effective compliance program;
  • Why internal controls are the compliance practitioners best friend;
  • How you can use transaction monitoring to not only make your compliance program more robust but as a self-funding mechanism;
  • Your ethical requirements as a compliance practitioner;
  • How to document what you have accomplished;
  • Risk assessments – what they are and how you can perform one each year.

You will be able to walk away from the class with a clear understanding of what anti-corruption compliance is and what it requires; an overview of international corruption initiatives and how they all relate to FCPA compliance; how to deal with third parties, from initial introduction through contracting and managing the relationship, what should be included in your gifts, travel, entertainment (GTE) and hospitality policies; the conundrum of facilitation payments; charitable donations and political contributions, and trends in compliance. You will also learn about the importance of internal controls and how to meet the strict liability burden present around this requirement of FCPA compliance.

The Doing Compliance Master Class will be based around my latest book, The Compliance Handbookpublished in May 2018. It was No. 1 in Amazon’s Business Ethic’s category when released and it focuses on the creation, implementation and enhancement of a best practices compliance program.

The Doing Compliance Master Class will be held on November 12 and 13, 2018 at the offices of Baker Tilly, One Penn Plaza, Suite 3000, New York, NY 10119. A Certificate of Completion will be provided to all who attend in addition to the continuing education credits that each state approves. The cost to attend is $1,495 per person. Breakfast, lunch and refreshments will be provided both days. For registration information, click here.

CPE Credits – 16 hours

NASBA – Baker Tilly is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org. 

Refund Policy

Our refund policy is that you have five (5) business days from the completion of the course to request a refund. All refund requests must be in writing and directed to tfox@tfoxlaw.com.

Posted on

News Release: Baker Tilly Strengthens Growing Forensic Litigation Valuation Services Practice with Addition of Industry Leader Jonathan T. Marks

Contacts:

Kendra Klossner

Baker Tilly Media Relations

kendra.klossner@bakertilly.compress@bakertilly.com

(703) 923-8627

Marks brings over 30 years of forensic accounting, investigations, governance, risk management and compliance experience to one of the nation’s leading forensic litigation and valuation consulting practices.

PHILADELPHIA (October 2, 2018) –Jonathan T. Marks joined leading accounting and advisory firm Baker Tilly Virchow Krause, LLP (Baker Tilly) as a partner in the firm’s specialized forensic litigation valuation services consulting practice.

Marks specializes in internal and regulatory investigations; governance matters; assessment, design and implementation of compliance programs; global fraud risk management; and compliance coordination and monitoring services for the private, public and not-for-profit sectors. He has led high-profile financial, accounting, compliance and due diligence investigations around the world relating to allegations of accounting irregularities, improper financial disclosures, fraud, non-compliance, corruption, bribery and data breaches. Marks has provided expert testimony on accounting, financial and internal control issues in commercial litigation matters and has appeared before the United States Securities and Exchange Commission (SEC), Financial Industry Regulation Authority (FINRA), and the United States Department of Justice (DOJ) to present his findings.

“We are thrilled that Jonathan has joined our team,” Baker Tilly’s Forensic Valuation Services Team Lead Jack Williams said. “His depth of expertise in forensic investigations and anti-fraud matters as well as his diverse experience helping clients and their boards improve their governance structure will add tremendous value for our clients as we continue to grow our practice.”

As a partner at Baker Tilly, Marks will continue to conduct investigations, internal audits, governance reviews, global fraud risk assessments and build compliance and third party risk management programs for his clients, aligning also with the firm’s risk and internal audit services.

“The regulatory environment has changed,” Marks said. “The SEC, DOJ, other and enforcement agencies are demanding more and we must answer the call. Investigating is only part of what is expected. Today, we need to be able to assess risk, conduct root cause analysis, design and enhance internal controls, evaluate the effectiveness of internal audit and compliance and appraise the governance framework. I’m excited to be part of a team that has global depth and breadth so that we can help our clients address the risks facing their businesses.”

Visit bakertilly.com/forensiclitigation to learn more.

# # #

About Baker Tilly Virchow Krause, LLP (bakertilly.com)

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a nationally recognized, full-service accounting and advisory firm whose specialized professionals connect with clients and their businesses through refreshing candor and clear industry insight. With approximately 2,800 employees across the United States, Baker Tilly is ranked as one of the 15 largest accounting and advisory firms in the country. Headquartered in Chicago, Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 territories, with 33,600 professionals. The combined worldwide revenue of independent member firms is $3.4 billion.

©Baker Tilly Virchow Krause, LLP