New California Privacy Law Has Implications Beyond That State’s Borders

California is implementing a law that has major implications for companies that deal in personal data as well as large to medium sized companies that have an internet presence in California. The California Consumer Privacy Act passed this summer and will take effect on January 1, 2020. Its strict compliance requirements will impact many companies outside of California. Continue Reading

Board Engagement: The Ethics and Compliance Missing Link

It’s been a year since I wrote about The Board’s Overlooked Role in Compliance. At the time, it seemed that momentum was building for more proactive board engagement in establishing and overseeing compliance programs. After all, regulators and courts have been increasingly outspoken about the importance of effective compliance programs and pointed about the essential role of boards of directors. Deputy Attorney General Rod Rosenstein recently addressed that very topic at Compliance Week’s 2018 Annual Conference for Risk Professionals in Washington, D.C. During his remarks, Mr. Rosenstein emphasized the need for companies to design, implement, and maintain effective enterprise-wide compliance programs, highlighting both the positives of success and negatives of failure.

Yet many companies still are not taking the necessary steps, and boards of directors may be partly to blame. For example, although the director panelists at Compliance Week 2018 consistently and emphatically supported the concept of effective ethics and compliance programs, they generally fell short of acknowledging the board’s affirmative duty to proactively oversee the process. The focus was instead on the now venerable (and perhaps overused) “tone from the top” concept, with some speakers seeming to take the view that proper board oversight consists of ensuring that the company hires capable personnel and then receiving periodic reports about any known compliance glitches. Continue Reading

The ICE-Man Cometh: How to Avoid Becoming the Next Immigration Raid Headline

Last October, Thomas Homan, the acting director of Immigration and Customs Enforcement (ICE), announced that 2018 would see a significant increase in worksite related investigations. He pledged a four-fold increase in worksite audits. This seems unsurprising given the Trump campaign and subsequent Trump administration’s focus on reducing or ending illegal immigration to the United States.

In January, ICE announced a new worksite enforcement strategy in conjunction with servicing notices of inspection and the arrest of at least 21 undocumented workers at nearly 100 7-Eleven stores in 17 states across the nation. In February, ICE conducted another targeted operation in Los Angeles to arrest 212 individuals for violating federal immigration laws and to serve 122 notices of inspection to businesses for various compliance violations. In April, ICE conducted a workplace raid in Tennessee pursuant to a criminal search warrant. The employer was suspected of illegally hiring undocumented workers, failure to report wages, and payroll tax violations. The warrant led to the arrest of close to 100 individuals for violations of immigration laws.

Continue Reading

U.S. Government Continues Raising the Cost of Noncompliance

The U.S. Justice Department, the Federal Trade Commission, and other federal agencies recently announced their 2018 increases for civil penalties. As the costs of violations continue rising, it is imperative that companies develop a strong compliance framework to prevent compliance failures.

The increases are a required part of the redundantly titled “Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015.” It required that heads of government agencies adjust civil penalties yearly to account for inflation, as we explained in our 2016 and 2017 breakdowns of those adjustments. Announcements must take place by July 1 of each year. Continue Reading

Hard Data on the Cost of Noncompliance

A Corporate Compliance Insights article written by Peter Merkulov recently caught my eye because of its breakdown of the hard costs of compliance – and noncompliance. The title is “The True Cost of Compliance,” and the subject is the December 2017 report issued by Globalscape and Ponemon Institute called “The True Cost of Compliance with Data Protection Regulations.” Mr. Merkulov is the chief technology officer at Globalscape, and as of this date I have not made his acquaintance, but he plucked thoughts right out of my brain with this quote:

“Unfortunately, there are organizations who elect to delay compliance efforts because of the associated costs. In so doing, they risk incurring large fines and the loss of customer trust, as well as damage to their reputation, all in an effort to avoid compliance-related expenditures.”

He then backed this statement up with hard numbers. In my effort to share my passion for building effective compliance programs, I have often described their ability to enhance corporate culture. And I do truly believe that a compliance culture is a culture of trust, accountability, and openness for which most companies at least say they are striving. But let’s go ahead and focus on the hard cost data. After all, it takes all kinds to lead on compliance – the “quals” and the “quants,” as it were.  Continue Reading

Corporate Responsibility to Migrant Workers: Preventing Exploitation in Your Supply Chain

The exploitation of migrant workers continues to be a problem across the globe as reports surface of forced labor for little to no compensation. The role multinational corporations play – or should avoid playing – in this recurring problem was the topic of many news stories over the past year. The spotlight fell on several companies that failed to prevent exploitation of migrant workers in their supply chain, while other companies were praised for making promising efforts to quash the abuse. These organizations should serve as models – and cautionary tales – to companies whose employees might be at risk. Continue Reading

Don’t Overlook the SEC’s Cybersecurity Governance Guidance

In late February, the SEC approved what it labeled “Guidance on Public Company Cybersecurity Disclosures.” And, sure enough, about three-quarters of its 24 pages focus on the various categories and locations of cybersecurity risk and incident disclosure obligations, as well as materiality determinations. Because the SEC’s much-anticipated guidance appeared right in the thick of calendar-year companies’ Form 10-K and proxy statement preparations, much attention has been paid to its disclosure aspects. But as the dust settles on Form 10-K and proxy statement filings, don’t lose sight of the SEC’s important governance guidance. Continue Reading

Rise Above ‘Why Compliance Programs Fail’ With Behavioral-Based Tips

I recently cracked open my Harvard Business Review to the article on “Why Compliance Programs Fail.” I read with great interest the authors’ theory on how weak, milque-toast metrics can result in check-the-box, paper-only compliance programs. I don’t disagree at all, but I have a few practical suggestions to add.

The authors cite, as have many, the shocking statistic from EY’s 2016 Global Fraud Survey that out of nearly 3,000 executives surveyed, 42 percent said they could justify unethical behavior to meet financial targets. Clearly, something is misaligned. The HBR authors postulate a case for better metrics aligned to strategy. It is a well-reasoned argument with which I do not quibble. But the sentence that captured my interest is this one:

“While many firms continue to see ensuring compliance as a legal exercise, it is really much more a behavioral science.” Continue Reading

In Light of the Brand Memo, Has the Way of Compliance Gone by the Wayside?

After then-U.S. Associate Attorney General Rachel Brand issued a memorandum (known as the “Brand Memo“) in January 2018, which some have interpreted as recanting all reliance on DOJ guidance documents, what’s next? Call me Pollyanna, but I contend that “the way of compliance” is here for good. Pun intended.

First, annual survey results list compliance matters as a high attention area for in-house counsel. This year the executive summary of the Association of Corporate Counsel’s 2018 Chief Legal Survey ranked ethics and compliance obligations as extremely or very important. Whether it be regulatory changes, protecting against data breaches, information privacy, GDPR, or general ethics and compliance, the focus is on keeping up with the compliance obligation. When you are the corporate point-person on all matters regulatory and legal, it is no wonder you stay up at night wondering about the unpredictable. Continue Reading

LexBlog