I did not expect to return to this issue. This was an “old” issue that was resolved many moons ago. The issue was a professional debate over the reporting relationship between the chief compliance officer (CCO) and the chief legal officer (CLO)/general counsel. After 20 years of debate, CCOs managed to sway the professional community: CCOs have to operate independently, without improper interference by the...
Compliance lessons are life lessons. Compliance professionals are, by their nature, optimistic people. They see challenges as new opportunities to strive closer to an ideal. Compliance professionals live in the shadow of the ideal — some may call it the compliance curse. Like the famous artist curse, compliance professionals suffer from an internal struggle — the obsession with perfection, an effective compliance program, and the...
The U.S. Securities and Exchange Commission has a message for publicly-traded companies that suffer a data breach: own up. On Monday, the SEC sued Texas-based SolarWinds––and its Chief Information Security Officer (“CISO”)––for defrauding investors by allegedly failing to disclose known security risks in public filings. This marks the SEC’s first ever enforcement action against an individual corporate officer over their mishandling of a data breach––but...
Mary Shirley, a leading voice in the legal and compliance field, has just released her new book — Living Your Best Compliance Life: 65 Hacks & Cheat Codes to Level Up Your Ethics & Compliance Program. Order Mary’s New Book Here. Mary is a well-known advocate, speaker and compliance professional. She regularly speaks at Compliance events. She is mentor to the Compliance Profession. In this Episode,...
If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy. The rapid elevation of this risk is reflected in weekly headlines announcing ransomware, cyber-attacks and data breaches. Companies that have experienced a cyber-attack are forever changed. The board and senior executive team quickly...
If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy. The rapid elevation of this risk is reflected in weekly headlines announcing ransomware, cyber-attacks and data breaches. In NAVEX’s recent State of Compliance Survey, one in three respondents indicated their company had experienced...
CCOs, by definition, are careful and deliberate. It comes with the profession. As risk managers, CCOs are skilled in identifying, assessing and acting in a risk environment. The impact of the new CCO certification requirement, however, presents serious risks that cannot be brushed off or ignored in the face of assurances that prosecutorial discretion will protect CCOs from misguided prosecutions. Frankly, CCOs recognize that there...
The new DOJ Certification requirements certainly raise a number of new issues and risks for senior management and chief compliance officers. In Part I of this series, I outlined the specific language and the Plea Agreement standards imposed on companies that enter into a Plea Agreement with DOJ for FCPA violations. DOJ has reiterated its support for this new Certification requirement. Indeed, a DOJ official...
To start the New Year, it is a good idea to review the trends in the role and status of Chief Compliance Officers. As we witness the continuing growth in stature of the CCO, we need to exercise caution. Some troubling concerns are becoming apparent. With a new Attorney General and Biden Administration, CCOs have to be mindful of their ever increasing responsibilities and concomitant...
Perhaps the most positive and important aspect of the FCPA Pilot Program was the announcement of forward-looking and innovative remediation requirements for corporate compliance programs. As an aside, DOJ’s FCPA Pilot Program was a disappointment and failed to deliver meaningful incentives for companies to self-disclose FCPA violations to the Justice Department. The difference between 25, 50 and 75 percent from the bottom of the sentencing...
