Compliance Perspectives

By Adam Turteltaub Matt Kelly (LinkedIn), Editor and CEO at Radical Compliance is a close watcher of all things compliance, and in this podcast he shares his take on both the top stories of 2023 and what he sees in the cards for 2024. FCPA On the Foreign Corrupt Practices Act front, he noted a change in enforcement. While the volume of resolutions declined on the DOJ side, the SEC has remained very active. Perhaps most notably, the Albermarle case had an interesting twist. The way the company did business was changed dramatically as a part of the settlement, he reports, with a restructuring of its overseas sales and the end of the use of third parties. He speculates this may be the start of a new trend in which monetary penalties are accompanied by required changes to the way companies do business. Also of note in FCPA was the announcement by Lisa Monaco at the SCCE Compliance & Ethics Institute of a leniency policy in mergers and acquisitions. Because of the relatively short timeline for finding and dis

By Adam Turteltaub We all want the compliance team to be approachable. It would be ideal if, when people thought of compliance, they had positive, maybe even warm and fuzzy, associations in their mind. But, how do we get there? For BroadPath, a friendly blue koala was the answer. In this podcast, Jaime Watkins, the compliance officer there, explains that she drew inspiration from the Basic Compliance & Ethics Academy and an exercise that called for creating a compliance mascot. Back at the office she created a contest among employees to create a mascot as a part of the company’s celebration of their compliance and ethics week. A winner was selected, and, with the help of the marketing team, the blue koala was born. Since then, the furry critter has been a regular part of their training, newsletter and is used everywhere that they can, even sometimes straying to the activities of other groups in the company. The impact of the koala has been enormous. People enjoy seeing variations of how it is dressed u

By Adam Turteltaub Decades ago, while at a bit of a career crossroads, I was thinking of making a dramatic change and moving halfway around the world. I was talking it through with a friend who said that one day he asked himself whether he wanted to have a successful career or an interesting one. He realized that interesting was more important to him. That decision led him from Missouri to New York to Hong Kong, Singapore and Thailand, where he ended up enjoying great success. Ricardo Weffer, Group Ethics and Compliance Head of Al Dahra, has had a similar career journey that ranged from Venezuela to Dubai with countless points in between. In this podcast he shares his almost two decades of work in compliance and anticorruption in Latin America, the Middle East, Sub-Saharan Africa, Central Europe and Asia. A lawyer by training, he has worked in energy, banking, tobacco, logistics and agriculture. Despite all this variety, both in geography and industry, he shares that there are professional commonalities w

By Adam Turteltaub Compliance professionals can face a lot of resistance in the course of their work: leaders who don’t have the time, budget limits, managerial indifference, and even outright hostility. But, sometimes the impediments are inside us. In this podcast, Kristy Grant-Hart, CEO of Spark Compliance Consulting and author of the new book Your Year as a Wildly Effective Compliance Officer, points out that sometimes we get in our own way. It’s just easier for us to see what the external blocks are than it is to see those we create for ourselves. Overcome them, she argues by trusting your own value. Ask for what you want, and don’t trust that others will see the need. And, when you do ask, be sure to make clear what value the compliance program provides. She also cautions against falling into Imposter Syndrome and feeling as if you don’t belong in the room. Sitting there quietly doesn’t help, in fact it hurts by giving others the impression that you and the compliance team are not adding value. Inste

By Adam Turteltaub We are starting a new year of Compliance Perspectives podcasts by going back to basics with an episode designed for those who are charged with starting a compliance program. While the conversation is directed to this audience, there are some good reminders even for established programs. Providing guidance are Pam Cleveland, Compliance Officer – Medicare Advantage for UCLA Health FPG and Megan Grifa, Senior Director, Compliance at Sidecar Health. So, if you are charged with launching a program, where do you begin? They advise starting by taking the time to develop a work plan that outlines your compliance program elements. Look to see what the regulatory requirements are for the business you are in and make a catalog of them. That, in turn, will help you set the objectives of your program. Next, take the time to tailor those requirements to the unique aspects of your organization. To do so, first spend time with operations to understand their level of knowledge, processes, resources and

By Adam Turteltaub When compliance professionals discuss AI most of the conversation tends to focus on the risk.  Frank Orlowski (LinkedIn), Founder and President of Ation Advisory Group, though, is far from all gloom and doom on the topic. In fact, he believes AI can be an asset to compliance programs. AI, he explains, can be of great value for compliance any place where there are large amounts of transactions that need to be monitored and checked. Two notable examples are travel & entertainment and accounts payable/vendors. AI is very useful for identifying outlier transactions that could be a sign of trouble. In manufacturing, it can be very helpful in monitoring materials being used. AI can also be helpful, he believes, in ESG efforts. But, there are limits. AI is not ready for handling contracts, he argues. It is also chronically deficient when it comes to addressing the gray areas of ethics and fairness. There it’s important for compliance teams to work with the business unit closely to ensure decis

By Adam Turteltaub The topic of conflicts of interest (COIs), especially in healthcare, is a very broad one. It can encompass professional activities, board membership, purchasing, procurement and more. But it is the financial conflicts, especially for those that conduct research, that can be most problematic. To help unpack the topic we are joined in this podcast by Will Crawford (LinkedIn), an associate in the DC office of Hogan Lovells. He explains that, in the case of research, a COI occurs whenever the interest of the investigator, their spouse or children can affect the design, conduct, or reporting of institutional research. And, of course, there is a potential conflict when activities like consulting and speaking can affect primary employment areas. Federal regulations have expanded greatly in this area, with the Public Health Service now being joined by the US Department of Energy and even NASA with regulations of their own. Compliance teams need to monitor the changing direction from all three.

By Adam Turteltaub Record retention and information governance have grown exponentially more complex as the number of laws have proliferated and the amount of data housed has exploded. This has vastly complicated the question of what data to hold onto and for how long. Mark Diamond, CEO of Contoural, points out that sometimes there are even competing and conflicting compliance regimes. For the most part, the rules specify a minimum number of years that information must be retained. However, organizations can typically retain records longer if there is a compelling and documented business need. Still, the temptation to just hold onto the data must be resisted. In this podcast he outlines the importance of getting a good handle on what data the organization has, categorizing it appropriately, determining how long it will be retained, and how it will be destroyed. Typically, this is an exercise involving multiple disciplines, including compliance, legal, IT, security, privacy and the business unit. A committ

By Adam Turteltaub Ronnie Feldman (LinkedIn), CEO, Founder and Creative Director of Learnings & Entertainment, thinks that compliance teams play too much defense and not enough offense. What does that mean?  In this podcast he explains that offense is the proactive preventative measures designed to prevent problems. Defense is reactive and made up of investigating allegations and cleaning up issues. To his experience, the time and money are more focused on defense than offense. So what should we do? He recommends realigning efforts, starting with looking at the key influences of behavior: the social environment and the influence of leadership. That includes changing the perception of compliance and turning it into a more positive one. One specific step he advocates is making the training more relevant and enjoyable to take. On the leadership level, he advocates for making them a larger part of the ethics team by providing them with the tools they need to address ethics issues. This could include videos to

By Adam Turteltaub On February 22, 2022 the European Commission adopted a proposal for a directive on corporate sustainability due diligence.  In this podcast, George Porter, Knowledge and Training Manager at Ground Truth Intelligence reports that the directive, which is still being negotiated, is both a continuation of past measures and something new. It is designed to unify a great deal of previous regulations and create an ESG framework for both EU-based companies and those doing business in the EU. The directive covers three key areas: environmental risk, social goals such as modern slavery and child labor, and governance. The governance portion, importantly, addresses the duty of care and the need to conduct due diligence. It also significantly expands the stakes for organizations. Due diligence of the supply chain continues but organizations will now be responsible not just for how they sourced materials, but also how their products are disposed of. To back it all up there will be substantial potent

By Adam Turteltaub While the pandemic seems, at least for now, to be receding into our past, many of the changes from it have not, including a large percentage of the workforce that works remotely. While in some ways we have gotten used to this new normal, Lori Tansey Martens (LinkedIn), President, International Business Ethics Institute warns that there remains cause for concern. Specifically, the prevalence of high number of remote works has been and continues to negatively impact corporate culture. Culture is made up of the shared values and beliefs, norms, values, mission and purpose, and in many ways it differentiates one organization from another. Recent research shows that the common fabric binding people together into one culture is fraying. Survey data she shares shows that employee feelings of alignment has decreased substantially, and while those declines have leveled off among in-office and hybrid employees, they have not among remote workers. Remote workers also have the highest turnover rate

By Adam Turteltaub While most eyes have focused on the US Department of Justice’s document Evaluation of Corporate Compliance Programs when looking for guidance, it’s not the only DOJ source out there. Josh Drew (LinkedIn), Member, Miller & Chevalier explains that it would be wise to also look to Attachment C. What is it? It’s a document typically attached to Foreign Corrupt Practices Act (FCPA) resolutions. It specifies what the defendant company will need to do to establish and maintain an effective corporate compliance program. As a result, it, like the Evaluation document, provides very clear guidance as to what the DOJ’s thinking is when it comes to compliance. In August and September 2023 there were several changes to Attachment C. For one, it expanded the call for support from senior management down to include midlevel management as well. It specifically points to the importance of their tone and conduct:  “The Company will ensure that mid-level management throughout its organization reinforce leade

By Adam Turteltaub At this point anyone in healthcare who doesn’t have a plan for managing HIPAA compliance risks is behind the eight ball and times. But, for those who do have a program in place, the question is: does it currently reflect your risk profile? Nancy Roht (LinkedIn), Managing Principal at Compliance Pro Consulting points out in this podcast that just because the HIPAA regulations don’t specify how often a HIPAA risk assessment should be done it’s best to do so annually, and perhaps even more frequently if something significant happens. Changes in leadership, organizational structure, goals, quality and major vendors can all call for a fundamental reexamination of your strategy. When conducting the assessment, don’t mistake it for a gap analysis. Make it a true assessment of risk and put together a work plan to address any deficiencies. When conducting the assessment, she recommends interviewing both leadership and staff to get a comprehensive picture. Take an inventory of the PHI you have, p

By Adam Turteltaub Steve Forman (LinkedIn), Senior Vice President at Strategic Management Services, had an eye-opening experience years ago when interviewing for the job of Vice President of Audit and Compliance for New York Presbyterian Hospital. The chair of the board’s audit and compliance committee told him that his main role was not to find problems or weaknesses but to validate through the discipline of the audit processes what management suspected were problematic areas in terms of audit and coverage of risk areas. That insight had several implications. First, it underscored that operational managers will always know more about their risk areas than auditors will, which means they are in the best position to identify problems and weaknesses. Second, it was a good reminder that there are never going to be enough auditors to even address the high risk areas. Once again, we are dependent on managers. So what does that mean? It means that monitoring should help drive the audit plan and strategy. In addi

By Adam Turteltaub Economic espionage sounds more like the stuff of a spy thriller than a day-to-day concern for business. Not so, as it turns out. To learn more we sat down with the FBI’s Counterintelligence Division Unit Chief Matthew Charles and Cyber Division Supervisory Special Agent Michelle Liu. Economic espionage generally refers to stealing trade secrets for the benefit of an overseas competitor, often one aligned with a foreign government. An employee at your organization working on a sensitive project may be leveraged, frequently with the lure of cash and other payments. Typical targets include technology with potential military use and, of late, pharmaceuticals. To counter this threat, the FBI Cyber Division maintains partnerships with many private sector companies to identify nefarious conduct on their networks. Meantime the Counterintelligence Division looks upstream for actors coming into the US seeking access to US technology. So what should companies do? First, protect yourself. Encrypti

By Adam Turteltaub How do you understand “neurodiversity” or “neurodivergence”? It starts with the recognition that no two human are exactly alike and not two brains function exactly the same way. It then goes on to recognize that for people with ADHD, autisms, dyslexia, sensory integration and executive function issues, those differences can be substantial. Estimates are that about 20% of the workforce has some sort of neurodivergence. In this podcast, Jason Meyer (LinkedIn), President of LeadGood Education, explains that compliance teams need to recognize neurodivergence when communicating with the workforce. This means looking for more structured communications that make it easy for learners to see things step by step. Another technique to pursue is reducing cognitive loads and demands on working memory. A test at the end of a two-hour course may be too much for many people to be able to manage successfully. Some other tips include having visual cues to accompany text and offering an audio option. Tha

By Adam Turteltaub Currently there is a patchwork of anticorruption laws across the EU. What has been lacking, though, is a EU-wide approach. That is likely to change soon, reports Vera Cherepanova, founding partner of Studio Etica. Change is afoot.  In May 2023 the EU issued a new proposal to combat corruption, including a new Directive of the European Parliament and the Council on combatting corruption by criminal law. The new directive, she explains, makes it clear that actions by senior executives can have significant consequences both for the individuals involved and their organizations. Companies could face fines of no less than 5% of worldwide turnover. Notably, like the US Foreign Corrupt Practices Act, the new EU directive has extraterritorial reach, which raises the prospect of more enforcement actions. The directive also includes incentives for compliance programs consistent with what is found in law elsewhere: “…where legal persons have implemented effective internal controls, ethics, and com

By Adam Turteltaub Kristine Coy-Foster (LinkedIn), Senior Manager, Compliance & Employee Engagement at Vulcan, had a challenge many in compliance face: tracking all her to-dos, and then, once a to-do turned to done, tracking the accomplishment. It was important for her to be able to capture the challenges she faced, new ideas tested and processes developed. Trying to keep it all straight in Outlook or Excel spreadsheets wasn’t enough. To solve the problem she invested the time to learn Smartsheet, a platform that primarily is for managing projects and automating processes. In it, she created workstreams, alerts, dashboards and more. She also created categories for each of the functional areas she oversees and organized her to-dos accordingly. The solution has worked well for her, but, she cautions, it does take a strong commitment to keeping everything up to date. Listen in to learn more about how to put this tool to work for you, or, maybe, customize the tool you are already using to track your own comp

By Adam Turteltaub Since the 1930s the United State has had import bans on forced and convict labor. But, the rules were tightened, explains Evelyn Suarez, Principal, The Suarez Firm and Thad McBride, Partner, Bass, Berry & Sims PLC, in 2021. That is when Congress passed the Uyghur Forced Labor Prevention Act (UFLPA). The act has a rebuttable presumption that goods made in whole or part with labor from the Xinjian region in China is made with forced labor. If US customs suspects that goods are made in this region, they can stop them until the importer can provide the necessary assurances. In addition, goods made in other regions are also being stopped because their supply chain includes labor from Xinjian. So, what should compliance teams do to help the business unit navigate the issue? For one, it’s key to go beyond the first line supplier, as is typical, and start looking deeply into the supply chain and start researching your supplier’s suppliers. Suppliers should be asked what connections they have to

By Adam Turteltaub We spend a lot of time in compliance discussing how to encourage employees to come forward and report any wrongdoing they see around them. Considerably less time, though, is spent on how to handle employees who report their own wrongdoing. In this podcast, Stefani Sonzzini Navarro, LATAM Compliance Officer for Corteva Agrisciences balances the scales. Encouraging employees to come forward with their own questionable acts, she explains, begins with having the right culture. People need to be comfortable and feel safe to report. Getting there takes time and repetition, she explains, along with a strong anti-retaliation policy that covers self-report wrongdoing as well. When an employee first brings the potential issue to your attention, she advises letting them know that if they report something you are obligated to act on it, and that you have to do what is in the best interest of the company. Let them know you will protect their confidentiality as much as possible, but that you also wi