Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Ethics and Compliance Programs to Mitigate the Risk of Fraud and Corruption
Gerry Zack, CFE, CCEP, CIA
CEO – Society of Corporate Compliance and Ethics
2
The Seeds of Compliance Programs Corruption
• US defense contractors found to have paid bribes to foreign government officials – 400+ companies involved
3
Compliance - Fast Growth • Increased prosecution of FCPA
– Very expensive for companies
• Series of instructions from Department of Justice to prosecutors to look at compliance programs – Settlements and plea bargains
• Liability for third party activities – Suppliers and sales agents
4
OECD Activity • December 2009 issued:
“Recommendation for Further Combating Bribery of Foreign Public Officials in International Business Transactions” – Called on member states to encourage
companies “to develop and adopt adequate internal controls, ethics and compliance programmes or measures for the purpose of preventing and detecting foreign bribery.”
5
OECD • A few months later issued its
“Good Practice Guidance on Internal Controls, Ethics and Compliance” – Very similar to U.S. Sentencing
Guidelines
• Continues to name and shame country behavior
6
Enforcement
• Heavy fines by US for FCPA • Increasing multi-lateral cooperation and
prosecutions for corruption – No place to hide – Much more complicated to defend
7
Business Demand
• Larger companies conducting due diligence on suppliers – Mitigating third party risk
• Call for larger companies to help instill compliance programs in smaller ones
8
8
Scope of Compliance Programs Price-fixing / Antitrust Fraud Anti-Corruption / Bribery Industry-specific laws (Banking, pharma, etc) Environmental Safety (worker, product, etc) Corporate (IP, corp structure, etc) Tax Laws and Accounting Government funding Multinational – other jurisdictions
9
9
A Compliance Program Provides: Education / Awareness Prevention Early Detection Collaboration Investigation / Enforcement Remediation
10
10
7 Essential Elements of a Compliance Program 1. Standards and Procedures 2. Compliance Oversight 3. Education and Training 4. Monitoring and Auditing 5. Reporting and Investigating 6. Enforcement and Discipline 7. Response and Prevention
11
11
1. Standards and Procedures Code of Conduct
Keep It Simple Tailored to the organization’s culture, ethical attitude, business, and corporate
identity Annual Attestation Address high-risk areas by providing guidance/guiding principles
Policies and Procedures
Accountability Annual Review Collaborate with other units Not repetitive/Duplicative
12
12
2. Compliance Oversight Compliance Officer Appropriate authority Reporting structure clearly defined
“to the top”, no buffers
Oversight Committee Board
13
13
3. Education and Training Communication Process General vs. Specific Training Methods Sanctions Attestations
14
14
4. Monitoring and Auditing Essential for effectiveness Audits – independent/objective Monitoring – usually not independent but can be/perceived
or real subjective Audit and Monitoring plan Leverage what is currently occurring in the organization Scalable to risks and resources
15
15
5. Reporting and Investigating Reporting System
Policies and Procedures Internal vs. External No retribution for reporting
Handling investigations Confidentiality and privacy Notifications
16
16
6. Enforcement and Discipline Sanctions for non-compliant behavior
Policy communicated Stand firm Critical to effectiveness
17
17
7. Response and Prevention Timely response Root cause analysis Remediation
18
Keys to Success • Interact with the compliance community
– SCCE: www.corporatecompliance.org
– Compliance & Ethics Blog: complianceandethics.org – SCCEnet: community.corporatecompliance.org
19
What is the SCCE? • Non-profit professional association serving the
compliance community – In-house practitioners – Outside service providers (lawyers, consultants, vendors)
• Total global membership of 7,500 • With sister association Health Care Compliance
Association - approximately 20,000 members