Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
COMPLIANCE
CONVERGENCE:
THE NEW
NORMAL
LOUIS SAPIRMAN, CCO DUN &
BRADSTREET
TOM FOX, THE COMPLIANCE
EVANGELIST
SCCE 2017 Compliance and Ethics InstituteOctober 16, 2017Las Vegas, NV
PUBLICATIONS-PARTIAL LIST
2© 2015 Thomas R. Fox / Advanced Compliance Solutions All Rights
Reserved
2
THE COMPLIANCE PODCAST NETWORK
© Thomas R. Fox / tomfoxlaw.com PC
LEGAL DISCLAIMER
� The views stated herein are solely that of the presenters and not their employer.
� Everything in this presentation is a generalization and is subject to numerous exceptions.
3
THE BASICS For the Lawyers
Who or what is
regulated?Basis for regulation
What is
prohibited?
Foreign
Corrupt
Practices Act
people, books
& records
Listing of company’s
securities on U.S. stock
exchange,
nationality
(“domestic concern”)
bribes, inaccurate books and records
Export and
Reexport
controls
goods,
software and
technology
national origin of content
certain end uses,
end users or end
destinations
Money
Launderingpeople
nationality
(such as citizenship,
residency, physical
presence, or employing or
parent company)
transactions involving certain
persons, countries or activities
4
WHAT’S AT STAKE
WARREN BUFFET
“It takes 20 years to build a reputation and five minutes to ruin it.
If you think about that, you'll do things differently.”
5
Compliance as an Essential Element of an Organization’s Culture
Marlow, UK
Miami, FL
Short Hills, NJ (HQ)
Malibu, CA
Mexico City,MEX
Lima,PER
Buenos Aires,ARG
Sao Paulo,BRA
Dublin, IRL Rotterdam, NLD
Brussels, BELBeijing, CHN
Shanghai, CHN
Taipei, TWN
Hong Kong, CHNMumbai, IND
Ho Chi Minh City, VNM
Mississauga, CAN
Tokyo, JPN
Kuala Lumpur,MYS
Singapore,MYS
Melbourne,AUS
Milan, ITA
COMPLIANCE PROGRAMS MUST LIVE WHEREVER YOUR COMPANY OPERATES
In 2013-2015, approximately −10,000 hours on the ground2 million miles traveled
Owned Offices
Partner Offices
HOW DO WE VIEW THE EFFECTIVENESS OF OUR PROGRAMS?
• No one-size fits all program - each program must be tailored to your business
• Companies need to consider a myriad of factors when making their own determination of what is appropriate for their business needs
• Your program cannot just be policies and programs on paper. Compliance programs that employ a “check-the-box” approach may be inefficient and ineffectual
• One of the best discussions of measuring the effectiveness of a compliance program comes from the FCPA Resource Guide to the U.S. Foreign Corrupt Practices Act
• Dun & Bradstreet measures each element of its programs through the 10 “Hallmarks of Effective Compliance Programs”
6
Dun & Bradstreet’s Building Blocks of an Effective Compliance Program(**this chart for illustrative purposes only)
1. Commitment of Senior Management
2. Code of Conduct and Policies
3. Authority, Autonomy & Resources
4. Risk Assessment
5. Training and Advice
6. Disciplinary Measures
7. Third Party Due Diligence
8. Confidential Reporting and Investigation
9. Continuous Improvement
10.Acquisition Due Diligence and Integration
Dun & Bradstreet’s Compliance Program
Social Media / Communications
Compliance & Risk Programs
Compliance & Privacy Reviews
Training Library
Independent Program Reviews
Third Party Compliance
Compliance Hotline
Compliance Fact-Finding
WHO AND WHAT TO
KNOW
7
� Know Your Customer
� Know Your Vendor
� Know Your 3rd Party
� Know Your (JV) Partner
� Know Your Target
EXPORT AND RE-EXPORT CONTROLS
�Many countries have export and re-export
controls
� Export and reexport controls are generally
licensing programs.
- The relevant government may require that a company obtain a license for:
� Actual exports and re-exports
� Deemed exports and re-exports
8
EXPORT CONTROLS
� Cuba � U.S. and non-U.S. persons must not engage in or facilitate transactions
in Cuba or with its government, companies, residents or citizens
� Targeted Programs� U.S. persons must not engage in or facilitate transactions involving
specific activities, persons or governments, including:� parties on the Specially Designated Nationals List or � transactions that could support terrorism or the proliferation of weapons of mass destruction
� Imports � All imports into the United States of goods, software or technology of
Cuban, Iranian or North Korean origin
MONEY LAUNDERING
�General Principle
� U.S. economic sanctions forbid:
� Directly engaging in or
� Facilitating others engaging in
� Prohibited dealings with sanctioned countries, governments, persons or activities
� Facilitation is
� An expansive and indefinable legal term that has a meaning similar to “enable”.
9
�WHAT / WHO ARE U.S. PERSONS?Companies� Entities legally organized in the United States (Examples: Delaware corporations, Texas LLP)
Non-U.S. branches of U.S. banks
� Almost always U.S. persons
Individuals
� U.S. citizens and U.S. legal residents
� Persons physically present in the U.S.
� Employees or other representatives of other U.S. persons
ANTI-TRUST-SECTION 1 VIOLATIONS
� Collusion among competitors
� Price-fixing
� Territory Allocations
� Bid-Rigging
� Customer Allocations
10
ANTI-TRUST HIGH RISK
� Sales-agents and employees. Trade meetings, industrial associations and interactions.
� JVs with competitors.
� Concentrated market-cartel activity risk increases.
© Thomas R. Fox / tomfoxlaw.com PC
Foreign Corrupt
Practices Act
11
© Thomas R. Fox / tomfoxlaw.com PC
10 HALLMARKS1. Commitment from Senior Management and a
Clearly Articulated Policy Against Corruption
2. Code of Conduct, Written Policies and Procedures
3. Oversight, Autonomy, and Resources
4. Risk Assessment
5. CCO Autonomy, Resources & Oversight
6. Training and Continuous Advice
7. 3rd Party DD and Payments
8. Confidential Reporting and Internal Investigation
9. Continuous Improvement
10. Mergers and Acquisitions: Pre-Acquisition Due
Diligence and Post-Acquisition Integration
EXPORT CONTROL COMPLIANCE PROGRAM
� 1. Top and Middle Management Committee.
� 2. Continuous Risk Assessment.
� 3. A written policy back up by a procedures manual.
� 4. Ongoing training of employees.
� 5. Ongoing screening of employees, contractors, customers, products and
transactions.
� 6. Record Keeping.
� 7. Period Audits.
� 8. An internal program for the reporting of violations and appropriate mechanism
for escalation of any export violations.
� 9. Appropriate corrective actions to hold employees accountable under a
progressive disciplinary program and voluntary self-disclosure.
© Thomas R. Fox / tomfoxlaw.com PC
12
AML PROGRAM
� 1. Communications and Training – specific communications and training for the high-risk
market should be designed and implemented with a country-specific approach which
identifies the risks and the compliance response to the risk.
� 2. Enhanced Controls and Review – additional controls for each policy should be
implemented with greater scrutiny of auditing of expenditures.
� 3. Due Diligence – the hiring of third parties should be subject to even greater scrutiny than
typical in the high-risk country. A conservative compliance response to any red flags is
imperative.
� 4. Monitoring and Auditing – the monitoring of activities in a high-risk country is a key aspect
of any high-risk program. Auditing of every aspect of the operation should be conducted on
a regular basis.
© Thomas R. Fox / tomfoxlaw.com PC
ANTI-TRUST COMPLIANCE
� Who are my competitors?
� Where are they located?
� What is respective market share?
� Are they any significant potential entrants to the market?
� Involved in JV(s) with competitors?
13
CYBERSECURITY PER DFS� Controls relating to the governance framework for a robust
cybersecurity program including requirements for a program
that is adequately funded and staffed, overseen by qualified
management, and reported on periodically to the most senior
governing body of the organization;
� Risk-based minimum standards for technology systems
including access controls, data protection including
encryption, and penetration testing;
� Required minimum standards to help address any cyber
breaches including an incident response plan, preservation of
data to respond to such breaches, and notice to DFS of
material events; and
� Accountability by requiring identification and documentation
of material deficiencies, remediation plans and annual
certifications of regulatory compliance.
© Thomas R. Fox / tomfoxlaw.com PC
COMMON RED FLAGS� Named as a Designated Party, SDN or on any similar list.
� Connections to countries identified as non-cooperative with
international efforts against money laundering.
� Providing false or misleading information.
� Refusal to disclose the nature and source of assets.
� Refusal to identify a beneficial owner.
� Acting as the agent for an undisclosed principal.
� Company address is not a physical site but a PO box.
� Use of a shell company.
� Lack of concern regarding risks or transaction costs.
� Structuring transactions to avoid reporting requirements.
� Offering to engage in transaction with no or little business justification.
� A request that funds be transferred to an undisclosed third party or in
another jurisdiction.
� Any transaction designed to evade taxes.
© Thomas R. Fox / tomfoxlaw.com PC
14
THIRD PARTY RELATIONSHIP CHECK UP� Do you have a list or database of all your third parties and their information?
� Have you done a risk assessment of your third parties and prioritized them by level of
risk?
� Do you have a due diligence process for the selection of third parties, based on the
risk assessment?
� Once the risk categories have been determined, create a written due diligence
process.
� One the third party has been selected based on the due diligence process, do you
have a contract with the third party stating all the expectations?
� Is there someone in your organization who is responsible for the management of
each of your third parties?
� What are “red flags” regarding a third party?
© Thomas R. Fox / tomfoxlaw.com PC
HALLIBURTON SEC FCPA SETTLEMENT
15
INTERSECTION OF COMPLIANCE AND SUPPLY CHAIN
1. Third Party Agent or Local Content Provider?
2. Commercial agent or vendor in the Supply Chain?
3. High risk location require greater scrutiny?
4. Friend of government minister or former Hal employee as key indicia?
SEXUAL HARASSMENT IS NOW A COMPLIANCE ISSUE
16
STRATEGIC AND TACTICAL
1. Did ‘everyone’ know?
2. Who is responsible for raising their hand?
3. I am responsible?
4. Did reporting just change forever?
© Thomas R. Fox / tomfoxlaw.com PC
QUESTIONS?