Category: General

Watch Exiger Webinar Replay “How AI is Transforming Third Party Risk Management”

Watch Exiger Webinar Replay “How AI is Transforming Third Party Risk Management”

I was pleased to participate in a live webinar with Exiger on artificial intelligence and third party risk management.  Watch the 60 minute webinar replay — here. The growing complexity of third party relationships and the immediate regulatory and reputational risks of those third parties has procurement teams, compliance officers and legal departments wondering what to do. When and how should they do due diligence?...

Five Essential Steps to Improve Corporate Board Oversight and Support of Compliance

Five Essential Steps to Improve Corporate Board Oversight and Support of Compliance

Corporate boards need to devote more energy to oversight and improvement of corporate culture and compliance. Over the last ten years, we have witnessed corporate scandals and misconduct that could have been prevented or, at least, mitigated by a corporate board’s proper oversight, and management of a company’s culture and compliance program. All too often, corporate boards fail to identify potential red flags of serious...

ISO 37001: Training, Employee Concerns, and Internal Investigations (Part V of V)

ISO 37001: Training, Employee Concerns, and Internal Investigations (Part V of V)

In my final posting on ISO 37001, I review requirements for training, raising concerns and internal investigations as part of a company’s anti-bribery risk management system. I could certainly write more on ISO 37001 because there are other issues that I have not addressed, including audits, assessments and reviews of the anti-bribery risk management system. In this posting, it is important to identify and tailor...

ISO 37001: Risk Assessments, Employees, and Due Diligence Requirements (Part IV of V)

ISO 37001: Risk Assessments, Employees, and Due Diligence Requirements (Part IV of V)

In Part IV of my series on ISO 37001, I examine requirements relating to risk assessments, design of policies and procedures, and due diligence requirements. Section 4.5 sets out requirements for conducting risk assessments. ISO 37001 requires companies to conduct regular risk assessments in order to identify the bribery risks the company might reasonably anticipate; analyze, assess and prioritize the identified bribery risks; and evaluate...

ISO 37001: Board, Top Management and Anti-Bribery Compliance Responsibilities (Part III of V)

In Part III of my continuing series on ISO 37001, today I examine the board and top management’s respective responsibilities in the implementation and oversight of an anti-bribery management system. ISO 37001 defines a “governing body” to include a supervisory board or board committee as having the ultimate responsibility for company activities, governance and policies of its anti-bribery management system. “Top management” is responsible for...

ISO 37001: The Good, The Bad and the Ugly (Part II of V)

ISO 37001: The Good, The Bad and the Ugly (Part II of V)

In Part II of my continuing series, I identify in broad strokes some of the more significant positive and negative aspects of ISO 37001. While it is easy to second-guess the ISO 37001 authors, there are some interesting issues that are addressed and some missed opportunities to advance ethics and compliance systems. On the positive side, ISO 37001 is keyed to a valuable concept of...

A Closer Look at ISO37001 – Something Old or Something New? (Part I of V)

A Closer Look at ISO37001 – Something Old or Something New? (Part I of V)

The release of ISO 37001 has triggered an important discussion among legal and compliance professionals. In a five-part series, I plan to address the value of ISO 37001, provide a substantive analysis, and to evaluate the contribution ISO 37001 has made (or will make) in the compliance field. First, I recommend that everyone spend time studying ISO 37001. It is a mistake to write off...

Lawyers Can Be A Positive Force for Compliance

Lawyers Can Be A Positive Force for Compliance

Lawyers get a bad rap, and I am not just referring to all the lawyer jokes we have heard numerous times. Lawyers get a bad rap when it comes to compliance. Much of it is not deserved – but candidly, some of it is deserved. For some reason, Chief Legal Officers have difficult accepting the empowered role of a Chief Compliance Officer. This is not...

In Defense of Compliance Checklists

In Defense of Compliance Checklists

Compliance officers have to avoid complicating a compliance program. As in many areas in life, there is a value in simplicity. Take for example a compliance training presentation. If a compliance officer overwhelms his/her audience with legal mumbo jumbo, you can rest assured that no one will retain anything and the training program will not be very successful. On the other hand, if a compliance...

The Importance of A Robust Conflicts of Interest Program

The Importance of A Robust Conflicts of Interest Program

It is always interesting to learn how companies handle specific compliance issues. Years ago, I could always tell when a compliance department was lacking in stature and independence in a company. Typically, I observed three important indicators – a compliance department that was stuck in the legal department reporting to the general counsel; mired in detailed gifts, meals and entertainment reviews and approvals; and devoted...