By Diana Trevley
Chief of Global Operations, Spark Compliance Consulting
Southern California – a sun-drenched paradise, with waves crashing onto the sand and majestic mountains in the distance. And traffic. Lots and lots of traffic. The never-ending traffic jam on southern California’s freeways makes getting together with other compliance professionals on a regular basis a challenge. Last Friday, despite the traffic, the SCCE held its first Southern California Regional Conference. Finally! A conference to call our own, with the opportunity to see people who live in my state!
The other attendees must have felt the same way; the conference room was filled with compliance professionals from Los Angeles, Orange County, and San Diego, from many different industries. Before breakfast was even over, I had made a host of new friends and caught up with old ones.
I was looking forward to the social and networking aspect of the event, but the high quality of the speakers and their presentations knocked my socks off. Below are some key insights from each presentation.
• There is still time for companies to be in substantial compliance with the General Data Protection Regulation (GDPR) by May 25, 2018. Worried about compliance with GDPR? You’re not alone. The EU’s new regulatory scheme that governs the use and transfer of personal data goes into effect on May 25, 2018. At least 28,000 Data Protection Officers (DPOs) still have work to do to meet GDPR requirements. Megan Duffy and Dominque R. Shelton provided practical steps for moving forward with GDPR compliance in their presentation “The EU’s General Data Protection Regulation – Top Line Global Privacy is Key,” emphasizing that GDPR compliance is an ongoing process.
• The DOJ’s recently released “FCPA Corporate Enforcement Policy” is a sea-change in FCPA enforcement. In the engaging and often hilarious “State of DOJ/SEC Guidance and Compliance Implications” presentation, speakers Robert Dugdale and John M. McCoy III walked the audience through the language of the DOJ’s most recent memo on FCPA enforcement. With the publication of this new policy a presumption of declination can exist under certain circumstances, but companies should still consider other factors such as SEC enforcement, international enforcement, shareholder litigation and reputational risk. Compliance officers should also be aware that the factors weighing in favor of declination are both specific and subjective and may not apply in every case.
• Onboard your Board members! Everyone knows that training your employees is essential, but few board members receive training on their specific duties as they relate to compliance and ethics. All too often, it is assumed that Board members already know their duties, when in fact it has never been explained to them. Another helpful hint from presenters Melissia Clinton and Dixie Johnson? Whenever there is a corporate scandal in the news (cough, cough, Harvey cough Weinstein, cough), someone in compliance should do a check to ensure that there has been a dialogue with the Board and that any associated risks are being mitigated by the compliance program.
• Companies should be aware of China’s stringent data protection laws when conducting investigations and responding to discovery requests. In the presentation “High Risk Markets & FCPA,” Tedra Foster and Julie Myers Wood, with Brian R. Wood moderating, discussed China, Mexico, and Brazil – all countries that have a reputation for being high risk and that are seeing increased local enforcement actions. The audience was advised to be aware that China’s data protection laws prohibit the transfer of personal data outside China, creating additional hurdles for companies that are conducting internal investigations, trying to cooperate with U.S. investigations, or facing discovery requests in litigation. Before concluding, the speakers touched on ISO 37001-Anti-Bribery Management Systems, discussing the benefits of the standard and noting that companies who choose to take a “wait-and-see” approach on certification could benefit from using the standard as a benchmarking tool.
• Document, document, document your compliance efforts! Presenting on compliance with immigration laws in the Trump era, Richard Yemm and Julie Myers Wood noted that, with workplace enforcement audits up fourfold, it was essential that companies document their compliance efforts should regulatory authorities coming knocking at the door.
• Leverage social media platforms to create a unified message on a global scale. Dr. Marsha H. Ershaghi-Hames explained how using social media platforms and tapping into user-generated content was a powerful tool in getting your compliance program message to your employees.
The conference ended at 4:30pm…right when traffic in southern California becomes a nightmare. But for myself and the other conference attendees, braving the traffic for a full day of learning and camaraderie was more than worth it!