Setting a Tone at the Top & Creating a Culture of Corporate Integrity

March 11-13, 2012
Phoenix, AZ – Pointe Hilton Tapatio Cliff Resort

Join Click 4 Compliance’s CEO & Founder, Farzad Barkhordari as he leads and moderates an informative discussion on the challenges of corruption and promoting compliance in a global economy through the seminar:

Confronting Corruption and Enforcing Compliance in Emerging Markets

With tremendous post-recession pressure to expand business and increase profits, many companies have set their sights on growth through mergers and acquisitions in markets where growth has defied gravity: the emerging countries, such as Brazil, Russia, India, China, Chile, Hong Kong, Peru, and Uruguay. But the most promising opportunities often come with the highest levels of risk, and CCOs must be at the top of their game in maintaining ethical standards and ensuring compliance in a rapidly expanding, ever-complex global environment, including in regions where corruption and unclear laws and regulations are the norm.

This session will address the following topics:

• Managing local behaviors and cultural issues, and ensuring that local employees maintain the ethical standards of the parent corporation

• Educating, monitoring, and managing third parties

• Pre-acquisition due diligence and post-acquisition integration: blending Western values with local norms

• Promoting compliance and ethics expectations in locales where they are foreign concepts

• Aligning corporate imperatives for growth and profits with the need to maintain compliance

(Privacy Update)

In 2009, Massachusetts passed the first ever set of detailed regulations setting forth the type of security and privacy safeguards required to protect personal information, including mandatory contract requirements for third party vendors handling personal information on your behalf.  (201 CMR 17.00)  Full compliance was set for March 1, 2010, however, there was a grandfather clause for contracts entered into with third parties before that time allowing them to stay in place until March 1, 2012.  That clause is going to expire next month.
 
What that means for every company handling the personal information of Massachusetts residents (whether or not the company is located in MA and whether or not the data is held in MA) is that it is time to ensure that all third party vendors properly handle personal information.  The contracts must say it, and the vendors must do it.
 
This means that vendors must start using the technical protections laid out by the MA law, and maintaining a comprehensive, written information security program that includes:
 
(1) designating a person responsible for maintaining the program

(2) identifying and assessing reasonably foreseeable risk to security, and evaluating current safeguards, such as:

• ongoing employee training
• employee compliance with policies and procedures
• means for detecting and preventing system failures

(3) developing security policies relating to storage, access and transfer of records

(4) imposing disciplinary measures for violations of the security program

(5) preventing terminated employees from accessing records

(6) overseeing third party service providers

(7) restricting physical access to records

(8) regular monitoring to ensure the program is working

(9) reviewing the security measures at least annually; and

(10) documenting actions taken with any incident
 
If you handle the personal information of MA residents (whether they are your customers or your employees), it is time to ensure that your contracts with third party vendors meet these standards–and that your vendors are actually meeting these standards.
 
Click 4 Compliance can help.  Our comprehensive Privacy & Data Protection course covers the fundamentals about protecting personal information and helps employees recognize and respond to incidents.
 

But now the New Year has passed and we’re all back at work.  Now what?  How about some verification?  Did your employees follow the rules?  Were the limitations actually followed?  Were recipients and values documented as required?  Monitoring/auditing adherence to your policies is a critical part of any compliance program, whether Anti-Corruption, or any other subject.

Do an audit, a sample audit, a country-specific audit.  For example, check Gifts, Travel & Entertainment in China.  This will give you a sense of what is happening across your organization, which is always a good step toward a more robust compliance program.

Some supervisors ponder why they must “sit through” sexual harassment prevention training every two years, concluding that two hours away from important operations simply is too much. After reviewing statistics from charges filed with the Equal Employment Opportunity Commission (“EEOC”) in its 2011 fiscal year, employers should be concluding it is not enough. In a press release issued November 15, 2011, the EEOC announced that in fiscal year 2011, which runs from October 1 to September 30, the agency received 99,947 charges of discrimination. This is the highest number of charges that the agency has received in its 46 years in existence and is a sad commentary on the state of civil rights.

The laws prohibiting discrimination, which includes harassment and retaliation, have not changed significantly in a number of years. Cases published about these topics tend to highlight how factually intensive claims of discrimination are rather than highlight significant changes in the legal landscape. That being said, the EEOC statistics confirm that continued efforts to educate the workforce, particularly at the management level, are needed. However, for any discrimination prevention training to be effective, there needs to be a shift in perception from the top – supervisors’ concerns about “sitting through” another training session must be recast as an opportunity to create a sustainable work place. Training needs to be more than simply “checking the box” on whether the company has met this legal obligation, and that paradigm shift has to come from the culture created by the company.

Toward that end, smart employers educate their managers not only on the laws prohibiting discrimination, harassment, and retaliation, but on the importance of that education. What does the training mean to individual managers and what do those managers personally gain from such trainings are just as important to address as how to:

1. Identify the obvious and subtle every day behaviors that can give rise to discrimination claims;

2. Avoid and eliminate conduct that can create claims of discrimination;

3. Develop the understanding and skills necessary for responding to discrimination and harassment and protecting the company from claims;

A sustainable workplace with high productivity, reduced turnover, and reduced risk of liability, among other attributes, depends upon the creation of clear and shared expectations to which all employees and employers are held accountable. Educating managers to protect employees and the workplace from discrimination claims is one piece of that sustainability.

Companies and individuals subject to the U.S. Foreign Corrupt Practices Act (FCPA) often misunderstand the scope of subject activity. They assume that bribes are illegal only if they relate to a company’s core business.

As a result, they might focus anti-corruption compliance efforts in areas like public procurement (see an earlier post on the FCPAméricas Blog about corruption in procurements). But they might not think it necessary to do so in other areas of their business, like managing tax liabilities or setting up business registrations in new markets. By ignoring these areas, they expose themselves to important risk.

Broad Interpretation. The “business purpose” element of the FCPA is interpreted broadly. Any payment that benefits the operations of the payor’s business could satisfy this element. Payments to reduce tax liabilities in Indonesia (KPMG-SSH and Harsono), gain beneficial transfer pricing tax formulas in South Korea (Diageo), avoid customs-related costs in Argentina and Venezuela (Helmerich & Payne), and collect a debt legally owned to the payor by the government in the Dominican Republic (Vitusa) have all been sufficient to create FCPA liability for companies and individuals operating abroad.

Court Review. A challenge to this broad scope was rejected by the Fifth Circuit in United States v. Kay, 359 F.3d 738 (5th Cir. 2004) (reversing and remanding 200 F. Supp. 2d 681 (S.D. Tex. 2002)), a case where the payments at issue were for tax and customs audit and levy benefits. The court held that the FCPA does not merely cover payments to obtain or renew business contracts.

Implications. What does this mean for companies operating abroad? Your compliance programs must reach every segment of your company where you, or your third party intermediaries, interact with government officials. In addition, it is essential to conduct risk assessments to understand your company’s risk profile.

Latin America. What does this mean for companies operating in Latin America? In the region, businesses or their agents might be required to interact with government officials in ways they might not initially expect. In Brazil, a company will likely need to rely on a despachante at some point, a professional who navigates the confusing set of business registrations, permits, and licenses (see more details here).  In Argentina, your non-Argentine employees might be required to obtain work permits from a complicated immigration regime, a process that can easily be held up if not handled by experienced professionals. Realities like these make it essential to match compliance efforts to risk. They also make it essential to use experts who are intimately familiar with the region.

Armed with these facts, in-house counsel should take the following steps to avert the snowball effect of related market investigations:

Know the Business:  Invest time to understand how, where, and with whom your company participates in the marketplace.  Diversified companies may need to divide this task among several members of the legal department who routinely communicate. 

Keep Current on Antitrust Enforcement:  Use the WSJ and agency websites to assess whether your company is a participant in a related market at risk for antitrust investigation.  If you don’t have time to keep current, task outside counsel with keeping you up to date.

A Related Market Is Under Investigation.  Now What?  In-house counsel should:

• IDENTIFY high risk relationships with parties under investigation (competitor, supplier, channel, common trade association members, development partner, etc.);
• AUDIT bids, contracts, and planning documents between your company and these parties;
• REVIEW company policies and procedures for similarities to those under investigation; 
• EDUCATE your employees about the problematic conduct in the related industry; and
• DIRECT them to identify similar red flag behavior in your company.

It’s a Race To DOJ’s Doorstep:  If you discover suspicious conduct or documents, gather your decision-makers ASAP to analyze your options based on the scope of your company’s business, evidence of the alleged conduct, impact of disclosure in other countries, etc.  With $100s of millions or more in fines at stake, it’s also probably a good time to let the business know that other company executives, even friends, will stab them in the back to get to the door first.

Train Your Employees To Issue Spot and Prevent Violations Before They Arise:  Hopefully, your compliance program and antitrust training is strong enough that you won’t need to worry about racing to DOJ’s doorbell.  The goal of antitrust training is not to make your company’s employees experts in antitrust.  The goal is to make them expert issue spotters!   All of Click 4 Compliance‘s courses, including the Antitrust & Fair Competition course, are built with this goal in mind.  The course uses dozens of scenarios and business “trigger” language to coach your employees how to identify and avoid the situations and conversations that trigger the creation of a cartel.  

Don’t Avoid Compliance.  Click 4 Compliance.

Always leading the pack when it comes to privacy legislation, California has updated its original (and first ever) data breach notification law.

Starting in 2012, privacy notices will have to be in clear, plain language–kind of like our privacy training! If data that can lead to fraud, such as driver’s license or Social Security number information, has been stolen, the notice will need to explain how to contact credit reporting agencies, so individuals can put a “fraud alert” on their files. In addition, the revised law requires that companies notify the Office of the Attorney General of security breaches when more than 500 CA residents are notified, and individuals will be able to check the validity of any breach notice by going to Attorney General’s web site where copies of notices will be posted.

If you would like to lessen the risk that your company will ever need to follow these new notification requirements, contact Click 4 Compliance about our online Privacy & Data Protection or HIPAA Basics compliance training today!

Additional resources:

If you would like to better understand the notification requirements in CA and the new law effective January 1, the California Office of Privacy Protection has posted an updated version of Recommended Practices on Notice of Security Breach. See http://www.privacy.ca.gov/business.html.

Instructions for notifying the Attorney General can be found at: https://oag.ca.gov/ecrime/databreach/report-a-breach.

Join Click 4 Compliance’s CEO & Founder, Farzad Barkhordari as he debunks the mysteries of the UK Bribery Act and leverages your FCPA and other compliance efforts through his seminar:

KnowledgeBridgeTM:  Simple & Effective Compliance Steps – FCPA & UK Bribery Act Compliance.
It’s not as difficult as everyone is making it seem.

By breaking down the elements of a compliance program the same way prosecutors do, any business can take simple, cost-effective steps that go a long way to reducing compliance risks, including Anti-Corruption/Bribery risks such as the FCPA and UK Bribery Act.
A simple tool and some practical steps can yield tremendous results in many jurisdictions, including the UK.  As more and more corruption stories are making front-page news, it is clear that companies need to take steps toward compliance.  These are not just “buzzwords” but steps that really help:

• Risk Assessment
• Clear Policies / Procedures
• Tone at the Top
• Effective Training 
• Certifications (Reps & Warranties)
• Hotline / Reporting
• Discipline / Enforcement
• Due Diligence
• Contract Language
• Testing & Audit

Click 4 Compliance‘s online training courses will help keep your employees up-to-date on the rules in a practical, non-legalese way.

Should it stay or should it go? That is the question corporate attorneys must confront when approached with questions about holiday gift-giving and receiving. Of course, your job will be easier if your company:

1) Establishes a written Gifts and Entertainment Policy with clear monetary and category limitations; 

2) Trains all company employees regarding what that policy is, where it can be found, and why it is necessary.

Click here for a demo on Click 4 Compliance‘s Global Anti-Corruption Course, and click here for a demo on our Doing Business With the U.S. Government Course. Employees are less likely to call you a Grinch if they are trained to understand why gift-giving may create a compliance problem.

But what happens when your employees are on the run? Do you think employees will remember your company’s Gifts policy when that $500 watch from their favorite supplier is delivered to their home? Not sure? Well, it’s time to remind them where the company draws the line on giving and receiving corporate gifts.

If your company has a Gift Policy in place, it is always wise to remind employees about the Policy and its limitations every year during the holidays. You might consider reminding employees by e-mail or through a Tweet to review the company policy. But will that really get the job done? Will it mitigate the corruption and conflicts risks that holiday gifts present? Probably not. The last thing employees want to do at the end of a busy quarter is review a legal policy and you probably have no way of tracking which employees have reviewed it.

So how can you follow your employees to be there and remind them on-the-spot when confronted with a gift? Click 4 Compliance‘s Mobile Compliance Officer  goes where your employees go – it is an easy-to-use mobile app that includes your company’s specific gift limitations. Your employees can pull it up on their phones at the office, at home, or at the mall. They will know what to do with that holiday fruit basket, that invitation to dinner, or that Rolex they receive from a vendor or partner.

Contact Click 4 Compliance for online compliance training made simple.

Whether you are a California company required to provide Sexual Harassment training to all Supervisors OR any business focused on minimizing risks and maximizing workplace productivity, Click 4 Compliance’s courses will ensure that your employees are effectively trained with a conversational, comprehensive, easy-to-learn training course — without "legalese".

“Sexual harassment, discrimination and retaliation present significant risks that should be addressed with your employees”, said Farzad Barkhordari, founder and CEO of Click 4 Compliance.  “We were very thoughtful in the way we approached this training to make sure that employees at every level of an organization are prepared to properly handle these tricky situations.”

Click 4 Compliance trains your workforce with practical examples and real-life scenarios that help employees promote the essential principles of respect, fairness, and tolerance in the workplace.  Both interactive courses encourage a safe and harmonious workplace, built on mutual respect. 

The new courses complement Click 4 Compliance’s existing online compliance training library that includes Global Anti-Corruption (FCPA & UK Bribery), Code of Conduct, U.S. Export Compliance, HIPAA Basics, Privacy & Data Protection, Antitrust & Fair Competition, and Doing Business With the U.S. Government, among others. 

The narrated, self-paced courses include:

• Overview of Harassment & Discrimination
• What is Harassment?
• Hostile Work Environment
• Physical Harassment
• Verbal Harassment
• Non-Verbal Harassment
• Protected Groups
• Conduct to Avoid
• Intent vs. Perception
• What is Discrimination?
• National Origin Discrimination
• Social Media Risks
• Adverse Employment Actions
• The Basics of Retaliation
• Protected Activities
• Company Obligations
• Supervisor Obligations
• When Things Go Wrong

About Click for Compliance 

Reston, Virginia-based Click 4 Compliance provides best-in-class online training for companies seeking to reduce their compliance risks.  Courses are written by experts in the field with experience in both leading global law firms and Global 500 companies. Learn more at www.click4compliance.com and on our blog: http://blog.click4compliance.com/.

We are Compliance made simple.  Complexity made simple.

Contact: 

Chris Farris

Click 4 Compliance 

+1 (703) 787-9492 

info@click4compliance.com 

www.click4compliance.com