Companies have to embrace a holistic management approach to their internal controls. In the corporate governance world, a new approach is needed to develop a more rational and consistent method for managing your company’s internal controls. This is not a radical proposal but a rational response to the enforcement risks and the need for consistency across an organization. Let’s start with a basic set up. ...
Laws control the lesser man — right conduct controls the greater one – Mark Twain A company’s internal controls define the backbone of its operations, encompassing financial, operational and compliance functions. The FCPA defines requirements for publicly-traded companies to implement internal controls, including compliance controls. Under the internal controls requirements, issuers must devise and maintain a system of internal accounting controls sufficient to assure management’s...
Companies continue to face significant risks from their third parties. In response, companies are implementing sophisticated due diligence and third party risk management systems. FCPA enforcement risks are only one of several risks created by a company’s third parties. Companies have to screen and review their third parties for corruption, sanctions, money laundering, antitrust, human trafficking, child labor and reputational risks. In this three-part series,...
Companies do not operate in a vacuum. As we know, companies are part of our social fabric and are subject to the same influences as our communities, politics and families. To say that the MeToo movement has had an impact on corporate cultures, is to offer yet another profound grasp of the obvious. The MeToo movement’s impact is much more than raising awareness of sexual...
In the business world, answering questions is not the same as the game show Jeopardy. Nor does it require an answer in the form of a question (thank goodness, although that is not a bad strategy). CEOs are used to being put on the spot and doing the CEO-shuffle. They are good at it – they have to answer questions from key stakeholders, the media,...
If you want to learn and read about managing third-party risks, you will have no trouble finding articles, white papers, webinars and more available to you on the Internet. And for good reason. Third-parties create significant risks, and these risks are not just limited to bribery but extend into sanctions, money laundering, privacy and cybersecurity, human trafficking, child labor and reputational damage. The compliance marketplace...
The FCPA includes a specific requirement that a public company maintain an adequate set of internal controls. A company’s compliance program is one component of a company’s internal controls. Sarbanes-Oxley expended and reinforced this important requirement. The Department of Justice and the SEC have aggressively enforced the internal controls requirement. The SEC, in particular, has expansively enforced the internal controls requirement even where a failure...
Tom Fox, the Compliance Evangelist and Guru, has posted a new episode of Everything Compliance, a roundtable discussion led by Tom and including Matt Kelly, Jonathan Armstrong, Jay Rosen, and myself. . Here is a link to the episode. Thanks to Tom, Matt, Jonathan, and Jay!
Federal prosecutors and regulators have been active in tackling US banks. In the last few weeks, the Federal Reserve took the extraordinary step of blocking Wells Fargo’s ability to grow its business until it improves its corporate governance and risk and compliance management; and Rabobank and US Bank were punished with six-figure settlements for AML and Bank Secrecy Act violations. When you review the facts,...
Cybersecurity compliance, like the compliance profession, is rapidly growing. The forces pushing cyber compliance are two-fold: the ever-increasing and changing nature of cyber threats and harms, and the logical application of compliance strategies. Compliance has to work closely with in-house corporate information technology. To the extent a company outsources information technology to a cloud provider, compliance will serve an even more important function in coordinating...
