Compliance into the Weeds

In this episode Matt Kelly and I take a deep dive into the question of whether a company has a duty to disclose ransomware attacks. We consider it from the regulatory, legal, ethical, law enforcement, business, PR and some other angles. What may seem to be a straight-forward answer to a regulatory obligations turns out to be anything but. For additional research, see Matt Kelly's blogpost, "Ransomware: To Disclose or Not". Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Matt Kelly and I take a deep dive into the cutting edge topic of artificial intelligence in many areas, including compliance. We discuss the uses of Artificial Intelligence in compliance. We consider how AI has progressed and what it means now for the compliance practitioner and what it will mean in the future.For Matt's blog post on the topic go to  Don't Outsmart Yourself: AI and ComplianceFor Tom's blog post on the topic go to AI for Risk Management: A New Business Advantage  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Matt Kelly and I take a deep dive into the weeds of the soon-to-be-released the House Financial Services Committee, the Financial Choice 2.0 Act. We consider some of the ideas in the legislation which Matt thinks are bad including:1. Repeal of the Chevron deference repealed. 2. Attempts to clip the SEC rule making authority.3. Exempting more companies which desire to go public from SOX 404(b) requirements and reporting. 4. (Matt's most particular bad idea) The exemption of more filers exempted from XBRL reporting.We also discuss some of the potential benefits from the legislation and where it may all go in the Senate.For more see Matt's blog post House GOP Regulatory Reform Axe, on his site Radical Compliance.    Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Matt Kelly and I take a very deep dive into two recent speeches by Department of Justice (DOJ) Acting Principal Assistant Attorney General Trevor McFadden in which he addressed multiple topics and issues around the Foreign Corrupt Practices Act (FCPA). The  first set of remarks were made in Washington DC at the Anti-Corruption, Export Controls & Sanctions (ACES) 10th Compliance Summit (the “DC speech”). The  second set of remarks were made at the American Conference Institute (ACI) 19th Conference on the FCPA in New York City (the “NYC speech”). We consider the evolving rationale for FCPA enforcement which has changed in the 40 years since it was enacted, the mandatory corporate response to FCPA compliance requirements, and how McFadden sees Justice Department enforcement of the FCPA going forward in the Trump administration. For Matt Kelly blog post on McFadden's remarks, click  here. For Tom Fox's segments of a three part series, click here for  Part I, Part II and Part III.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Matt Kelly and I take a deep dive into the recently released, Public Company Accounting Oversight Board (PCAOB) semi-annual  white paper. The white paper providing general information about certain characteristics of emerging growth companies (EGCs). Matt and I discuss some of the PCAOB's key findings:There were 1,951 companies that identified themselves as EGCs in at least one SEC filing since 2012 and have filed audited financial statements with the SEC in the 18 months preceding the measurement date (“EGC filers”). The PCAOB staff observe that the number of EGC filers has grown since the enactment of the Jumpstart Our Business Startups (JOBS) Act, but has stabilized recently.There were 742 EGC filers (or 38 percent) that have common equity securities listed on a U.S. national securities exchange (“exchange-listed”). The five most common industries for EGC filers as of November 16, 2016, are pharmaceutical preparations, blank check companies, real estate investment trusts, prepackaged software, and surgical/medical instruments and apparatus.Many EGC filers that were not exchange-listed had limited operations. Approximately 50 percent of the non-listed EGC filers reported zero revenue in their most recent filing with audited financial statements and 23 percent of non-listed EGCs that filed periodic reports disclosed that they were shell companies.Approximately 51 percent of EGC filers, including 74 percent of those that were not exchange-listed, received an explanatory paragraph in their most recent auditor’s report expressing substantial doubt about the company’s ability to continue as a going concern.Among the 1,951 EGC filers, 1,262 provided a management report on internal control over financial reporting in their most recent annual filing. Of those 1,262 companies, approximately 47 percent reported material weaknesses.Approximately 96 percent of EGC filers were audited by accounting firms that also audited issuers that are not EGC filers, including 39 percent of EGC filers that were audited by firms that provided audit reports for more than 100 issuers and were required to be inspected on an annual basis by the PCAOB. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Matt Kelly and I take a deep dive into the recent kerfuffle involving United Airlines and its policy which prevented to teenaged girls from boarding a flight wearing leggings. Was United within its rights to exclude the passengers for inappropriate dress? Is the policy valid? Did the gate agent receive appropriate training to make their decision? In the world of today, social media accelerates the ability to judge, without improving the ability to judge. For ethics & compliance officers, that means every compliance risk is now magnified into a reputation risk. Finally, we consider Matt's closing sentence, "Training, values, culture, judgment. Funny how those four things keep cropping up, isn’t it?" and what it means for compliance. For more insight, read Matt's blog post, "United's Policy Management Lessons" Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, we take a look at a recent speech given by NY Fed Chairman William Dudley in London where he addressed improving corporate culture. Dudley provided three recommended steps. First, a bank must decide on its purpose and core values—or, as Dudley put it, “What are you for?” Second, after this identification of purposes and values, you can measure how well the workforce is striving to achieve that purpose. Third a bank can set its incentives so employees work harder to achieve those goals. As usual, Matt and I take a deep dive into the issue of enhancing corporate culture. For more on the speech, see Matt's blog post on Radical Compliance entitled, "Great Speech About Improving Corporate Culture". Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Matt Kelly and I take a deep dive into a dramatic 48 hours in the life of the FCPA last week, which portends the trend of continued FCPA enforcement. It included the announcement by Kevin Blanco, acting assistant attorney general for the Criminal Division, who speaking at the American Bar Association’s annual white collar crime conference of the extension of the FCPA Pilot Program; the retort by Secretary of State Rex Tillerson to President Trump on the power of the FCPA for US companies doing business overseas, the Justice Department brief and oral argument in the Hoskins appeal where the DOJ continued to press for an expansive view of FCPA jurisdiction as originally preferred by the Obama DOJ; and finally we discuss the summary of all US attorneys by the Trump administration and Matt's proffers an interesting theory on why Preet Bharara was fired.For more reading, see Matt's piece on Radicalcomplinance.com entitled, "FCPA: Pilot Program Extended, and Much More". Learn more about your ad choices. Visit megaphone.fm/adchoices

The Justice Department Fraud Section recently revamped its website and it is quite an upgrade. I do not know when the Fraud Section did this update but as with the Evaluation of Corporate Compliance Programs document, it certainly was a soft launch. It appears the new site compiles several disparate sources of Fraud Section and Justice Department information into one website. Also, there looks to my eye to be some information posted on the Fraud Section website for the first time. In short, it is an excellent and most welcomed resource.A quick review of the site has a slide show of recent Justice Department resolutions scrolling across the screen. Go down to the bottom of the screen and you will see two very interesting documents, a 2015 and 2016 Fraud Section Year in Review. The FCPA Unit section includes such information as prior enforcement actions, Opinion Releases, other anti-corruption treaties and resources. There is also a list of Fraud Section leadership.However, the Fraud Section is made up of more than simply the FCPA unit and there are tabs for the following Health Care Fraud and Securities and Financial Fraud. Most interesting to me was the tab for the Strategy, Policy and Training Unit, which I have to admit, did not know was a part of the Fraud Section. The opening page for this Unit provides a description of its work. It is as wide ranging as international coordination and interaction with foreign prosecutors and investigators. This new website revamp is a most welcomed resource for the compliance community. While it may be viewed as simply a compilation of other sites and locations within the greater Justice Department website by some; I believe the vast majority of compliance practitioners will find it a most welcomed compilation and resource. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode Matt Kelly and myself take a deep dive into SOX 404(b), what it requires and how companies comply with the reporting requirements set out in this statute. We consider the recent announcements from Congressman Jeb Hensarling to amend this section to exempt companies under the $500MM who wish to go public from its reporting requirements. We consider the corporate and audit response currently in place for 404(b) and how this response is now well embedded in not only corporate controls but also in reporting. We discuss the importance of internal controls over the time frame since the enactment of SOX and how any change may not be well received by institutional investors and private equity funders.For a more detailed discussion, see Matt’s blog post entitled, “Tale of Sound & Fury: The 404(b) Debate”. Learn more about your ad choices. Visit megaphone.fm/adchoices