No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Have Compassion for Today’s Compliance Officer

Diligence is Harder Now, but it’s Never Been More Important

by Jordan Strauss, Mariellen Davies-DeMarco and Alyssa Heim
September 21, 2020
in Compliance, Featured
illustration of businessman pulling heavy load uphill

Kroll’s Jordan Strauss, Mariellen Davies-DeMarco and Alyssa Heim discuss what they view as the most significant threats to good governance and offer suggestions on how best to mitigate these risks.

The worst pandemic in over 100 years. A frail global supply chain. The temporary reduction in global government investigations and enforcement. For most firms, the current environment poses the greatest revenue challenges in a generation. And millions of people are out of work, desperate to make ends meet. Together, these ingredients paint a grim picture for the next year of compliance.

Though temporarily restrained by the same realities the rest of us face, regulators show no signs that they will look with compassion at firms that do not address compliance challenges proactively. On March 23, 2020, the U.S. Securities and Exchange Commission’s (SEC) Division of Enforcement specifically warned the industry about the potential increase in insider trading cases. The statement noted, “corporate insiders are regularly learning new material nonpublic information that may hold an even greater value than under normal circumstances.” Certain nonpublic information may be particularly meaningful given the current environment and could have a substantial impact on the price of a security. Although insider trading has always been an area of focus, the Division of Enforcement also made it clear that they intend to prioritize insider trading amidst COVID-19. Meanwhile, grand juries are starting to resume their work across the U.S., and global enforcement agencies are learning to do their work remotely. While the temporary lull in enforcement may have created a more treacherous marketplace – particularly for firms dealing with foreign counterparts – make no mistake: Enforcement will return vigorously.

The SEC guidance – and the fervor with which the U.S. Department of Justice (DOJ) is pursuing price-gouging personal protective equipment vendors – should serve as a reminder to all that while we may be working and living in extraordinary times, the expectations the law imposes on us have not changed. As with other compliance requirements, firms must continue to review their insider trading policies and procedures, remind and train employees on the policies and monitor for both employee and firm trading activities. Working remotely may make it more challenging to supervise employees, run oversight programs and monitor corporate compliance. But regulators expect the same level of oversight and diligence with a remote working environment, and the consequences for failure will be high. Although diligence has become harder, it has never been more important. What should a compliance officer be messaging up, down and over at a time like this?

(Re)Assess Risk

First, a good compliance program is guided not only by regulatory requirements but also a comprehensive understanding of the risks a firm may face. As these risks may have changed due to the pandemic, now is a good time to complete a comprehensive risk assessment of your operations and business. Recognize that the risks you face with a remote workforce are different than they were last year, but also that remote work may mitigate some traditional risk. Refreshing your view of risk and threats is important, because remote work will change them.

Re-Evaluate Oversight

Second, revisit your training, hotline and awareness programs. A few questions you should ask:

  • Have the programs changed to accommodate new risks, and should they?
  • Will what you had before still work, given the realities your people are living now?
  • Do you have a regulatory or other requirement to prominently display whistleblower hotline phone numbers?
  • Have you thought about how to fulfill this requirement while people are at home?
  • Have you scrupulously analyzed how you are keeping confidential information safe and off of non-company-registered devices?
  • Have you reminded your people that they should not use their personal devices, even in an emergency, to handle this sort of information?

Supervising employees can be challenging when you are not working in the same office space. However, frequent employee communication is key for monitoring their behavior and maintaining employee morale and loyalty. Staying connected can help to identify whether an employee may go rogue and if heightened supervision should be applied. Are you conducting regular anti-phishing campaigns and instituting positive controls for treasury, wire and redemption operations? If not, you may have difficulty defending yourself in the event of a future incident.

Review Investments

Third, make sure you are thinking about the pandemic’s tertiary effects. For many industries, COVID-19 will have a material impact on the valuation of certain investments, like commercial real estate, airplane leases and leisure investments. By not revaluing investments on an ongoing basis or neglecting to account for certain impairments, firms may be over valuing assets and receiving higher fees than appropriate. Additionally, some firms may be less likely to allocate expenses to the firm (or management company), but rather have the client foot the bill to assist with cash flow or preservation. As such, advisers should continue to ensure multiple layers of review for valuing assets, calculating fees and determining proper expense allocations to be consistent with the terms of the client agreement or offering documents.

Rethink Due Diligence

Fourth, think carefully about your current diligence processes. Along with training and monitoring, effective due diligence forms the backbone of a healthy compliance program. Due diligence is a particular challenge (and particularly important) in these times. Global supply chains are weak and require redundancy like never before, new vendors are being onboarded quickly to facilitate shifts in business focus and time pressures are skyrocketing. Meanwhile, while many jurisdictions maintain limited online records that can be accessed remotely, many do not. Those jurisdictions that still require in-person checks of on-site records are operating with reduced staff, if they are open. And this sort of records access may not be deemed essential during periods of flare-up.

How can you conduct effective diligence when something as simple as travel to a target company site might be impossible? Due diligence is most effective when baked into the overall investment process, but its success relies largely on the interaction and exchange of information between all involved parties. That interaction has been complicated by lack of physical access to information, dispersed remote working locations and the reliance on external communication systems. Fortunately, source interviews and other sorts of background research have been conducted virtually for many years – so deep investigation is still possible. However, compliance officers should be aware of the likelihood of delays in diligence, and the absence of certain information during the pandemic.

It is not possible to completely mitigate this risk, but careful documentation and consideration of the challenge will help reduce the risk of enforcement agency misunderstanding in the future. Compliance officers should ensure that deal teams and senior leaders understand these challenges, begin conducting diligence earlier and seek additional contractual protections to provide remedies if problematic information is discovered later. Normal operating procedures will need to be tailored to adhere to post-COVID-19 SEC standards, Foreign Corrupt Practices Act requirements and Anti-Money Laundering/Combating the Financing of Terrorism guidelines issued by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and other financial regulators. Any modifications to internal controls will need to be documented, as legal and regulatory bodies will need to know what new processes have been implemented to ensure a company has met its legal and compliance obligations.

Re-Examine Support Services

Finally, in addition to the obvious concerns with global supply chain networks, pay constant attention to other needed support services. The increased exposure of global supply chains and third-party risk during COVID-19 and the challenges in mitigating these risks are well-documented. Companies will face some of the same difficulties when onboarding new vendors and service providers, which must be done to build redundancies and ensure resiliency against the effects of the pandemic. There may be temptation to circumvent certain internal due diligence requirements in order to expedite the onboarding of new vendors and providers; this temptation must be resisted, especially because those same vendors may have also cut corners, in response to the same financial stresses. To ameliorate this risk, a company should independently obtain and review corporate registry and ownership information, in addition to checks of government watchlists and in-depth media research in multiple languages; all of these measures can be done remotely.

In short, the post-COVID-19 world presents us with challenges that militate against a check-the-box approach to onboarding vendors and service providers. It demands creativity, a willingness to adapt and a focus on reconfiguring practices to address an inherently riskier, less convenient compliance landscape.

Remember, in all cases, it is important not just to have effective, well-thought-out, risk-driven compliance programs, but also to be able to prove that you had them. The DOJ, for example, will evaluate the effectiveness of your compliance programs at the time they were in place, when deciding the appropriate outcome for a serious problem. Document carefully and often, and make sure that you have a process in place to continually improve.

How do you prepare now? As discussed above, watch that your internal audit and oversight functions are not caught up in the budget crossfire. Given the temporary lull in enforcement, it has never been more important to not only have strong internal controls, but to be able to demonstrate to others later that these controls exist and are effective. As the global enforcement environment continues to be in a COVID-induced lull, this is particularly true for dealings with new vendors and overseas entities. In fact, a recent Association of Certified Fraud Examiners member survey shows that 72 percent of respondents to expect bribery and corruption issues to increase in the next year. Senior leadership must understand that they will encounter an unforgiving enforcement environment when this is over and that any suggestion of an alleged act of corruption (or of supporting a corrupt enterprise) will be met with skepticism.

Documenting what is being done now may help later. This includes due diligence efforts, justifications for any higher-than-usual risk transactions and any variations in the way you handle taxation, reserves and fiscal reporting.

Failure to anticipate and properly address the risks discussed here is nothing less than existential. And those who believe that the laissez-faire approach that the pandemic has forced on enforcement authorities will continue will find themselves sorely disappointed (or worse) in the near future. Compliance leads must strenuously message this reality to leadership.


Tags: DOJFCPA Enforcement ActionsSEC
Previous Post

New ICA Program Looks at the Initiatives Leading Compliance Into the Future

Next Post

The Makeup of a Great Woman in Compliance

Jordan Strauss, Mariellen Davies-DeMarco and Alyssa Heim

Jordan Strauss, Mariellen Davies-DeMarco and Alyssa Heim

Jordan Strauss is a managing director with the Business Intelligence and Investigations practice of Kroll, a division of Duff & Phelps and a Duff & Phelps Institute Fellow. Jordan has served as Director at the White House National Security Council specializing in incident management, the Deputy Justice Attaché and Senior Legal Advisor to the U.S. Justice Department in Kabul, Afghanistan, and as a federal prosecutor and trial attorney with the U.S. Department of Justice. An experienced trial attorney, he was also the most senior crisis and emergency lawyer in the Department of Justice. A published author and accomplished speaker, Jordan brings a unique perspective on many matters of concern to Kroll clients around the world and focuses his practice on helping his clients understand, resolve and learn from issues that threaten their competitiveness, security and prosperity. Jordan often works with clients experiencing existential threats and is accustomed to investigating and advising on the most sensitive issues that organizations may face. His clients include large financial institutions, large and small non-profit organizations, educational institutions, law firms and defense and technology firms. He has managed the holistic response to data breaches and data leaks, helped clients navigate alleged employee and senior executive misconduct, advised on internal security issues and helped advise on pre-transactional risks. Jordan is often asked to conduct climate reviews for organizations that are concerned about diversity, safety and compliance matters. He has also conducted dozens of sexual misconduct investigations at educational institutions and is certified to do so. He has provided sworn testimony and led and participated in countless table-top and full-scale exercises relating to disaster preparedness and cyber attacks. Jordan’s clients value his ability to fact-find while treating interviewees and subjects with sensitivity and compassion. He is an expert at combining traditional investigative techniques with novel cyber and data analytics-enabled methods.
Mariellen Davies-DeMarco is a managing director in the Compliance Risk and Diligence practice of Kroll based in the Reston, VA office. Mariellen focuses on optimizing business operations and leading Kroll’s due diligence research and analysis process. Prior to this, she specialized in process excellence by developing and executing business efficiencies and quality initiatives. Mariellen started her career with Kroll by establishing and managing Kroll’s intern program in Washington, D.C. Over the course of her tenure in this role, she was responsible for the recruiting, training, and mentoring of nearly 200 interns in what has become an immensely successful program. These interns focus on multi-language research and produce work supporting Kroll offices with global due diligence, business intelligence, and compliance research. Prior to joining Kroll, Mariellen worked for FTI Consulting following the firm’s appointment as lead investigator in the Bernard L. Madoff/BLMIS fraud case. Before this, she provided Spanish-language investigative research for boutique investigations firm Nardello & Co. Mariellen previously worked for The Mintz Group in both its Washington, D.C., and New York offices, where she conducted and supervised domestic and international investigations ranging from fraud, money laundering, and trafficking cases to due diligence, third party vendor screens, and compliance remediation. During her time with Mintz, she launched and managed the firm’s London office. Upon her return to the U.S., she supervised the firm’s due diligence department.
Alyssa Heim is director in the Compliance and Regulatory Consulting practice at Duff & Phelps. With over 10 years of regulatory experience, Alyssa has worked extensively with private fund managers and traditional registered investment advisers through all phases of their business cycle. Alyssa has assisted numerous clients to register with the SEC and NFA, establish customized compliance infrastructures, assist with the ongoing implementation of compliance programs as well as conduct mock examinations. Alyssa also has significant experience assisting clients through regulatory examinations including SEC and NFA audits. Alyssa joined Duff & Phelps as a result of Duff & Phelps’ acquisition of Kinetic Partners. Prior to joining Kinetic Partners, Alyssa was a compliance consultant with RIA in a Box, a New York compliance consulting firm, specializing in SEC and state registrations. Alyssa managed the registration team, corresponded with state securities divisions and the SEC throughout the registration process. Alyssa assisted with registering hundreds of clients impacted by Dodd-Frank. She received her B.A. in economics from New York University.

Related Posts

emblem on sec building

Deloitte Survey: 26% of Orgs Have Yet to Begin Preparing for SEC Cybersecurity Rules

by Staff and Wire Reports
October 3, 2023

Nearly 2 in 3 execs say companies will beef up programs to comply with regulations

megaphone digital art collage

Building or Enhancing Your Whistleblower Program? Do These 5 Things.

by Susan Divers
October 2, 2023

In the wake of SEC-record award, now’s the time to beef up your reporting channels

sec headquarters in washington dc

SEC Adopts Sweeping New Private Fund Adviser Rules

by Eversheds Sutherland
October 2, 2023

Some requirements take effect immediately, and if they hold up in court, compliance will require extensive planning

department of justice building

Keeping Track of US Efforts to Stem Corruption at Home & Abroad

by Susana Sierra
September 25, 2023

Susana Sierra of BH Compliance explores why shifted priorities should cause all U.S. companies with Latin American connections to take...

Next Post
illustration of five racially diverse women standing together

The Makeup of a Great Woman in Compliance

Available SQ
New call-to-action

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT