SlideShare a Scribd company logo

Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx

Download as DOCX, PDF
A
aryan532920

Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine Compliance Risk Assessment: Case Studies and Third Party Risk Announcements Tuesday, November 22 is our last class and it will be a Laboratory Class in which you will participate in mock interviews. Consider it a Moot CRA. More details next week. You have turned in four assignments that have been graded; although your second graded assignment does not have to count. That grade was still recorded and I will drop your lowest of the four grades to calculate your total written assignment component (25%) of your overall grade for the course. Course evaluations are starting and you are STRONGLY urged, encouraged and begged to complete your evaluation of this course. http://law.fordham.edu/evaluate Recap of Class 1 Pfizer Case Study and Compliance Risks Legal and Regulatory Incentives/Conflicts of Interest Political Failure of Controls Reputational Recidivism Point of Sale/Distribution Definitions Compliance Risk is the risk of failing to comply with applicable legal or regulatory requirements resulting in a material loss (financial or reputational) or legal/regulatory sanction A Compliance Risk Assessment is a framework to enable the evaluation and analysis of the overall Compliance risk (both inherent risks and control effectiveness) associated with a particular business area Recap of Class 2 The Five Elements of an Effective Compliance Program Tone at the Top Enron Chronology: July 1985 Enron established through merger and by November 2006 entire senior management team has either been indicted or convicted with Enron and Arthur Andersen no longer operating Corporate Culture and Communication Codes of Conduct set the values for employees to follow and those values are based on Compliance Risk. 3. Compliance Risk Assessment 4. Testing and Monitoring 5. Chief Compliance Officer Case Study: HSBC Financing drug cartels Permitting sanctioned regimes to process dollar payments Claw back of compensation (including Compliance Officers) Criminal charges for “failure to maintain an effective AML program” Recap of Class 3 Compliance Tools/Controls Advisory Function Coverage of Front Office and Technology, Finance and Operations Conflicts of Interest -- A Deep Dive Conflicts of interest are inherent in the financial services business Historical success of the industry has been managing these conflicts by eliminating or disclosing them Top to bottom review of business operations to address conflicts of interest of every kind Risk Assessments Follow-Up Policies and Procedures Education and Training Compliance Surveillance and Business Unit Review and Testing ‹#› Recap of Class 4 A Compliance Risk Assessment is a framework to enable the evaluation and analysis of the overall Compliance risk (both inherent risks and control effect ...

Education
1 of 41
Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine Compliance Risk Assessment: Case Studies and Third Party Risk Announcements Tuesday, November 22 is our last class and it will be a Laboratory Class in which you will participate in mock interviews. Consider it a Moot CRA. More details next week. You have turned in four assignments that have been graded; although your second graded assignment does not have to count. That grade was still recorded and I will drop your lowest of the four grades to calculate your total written assignment component (25%) of your overall grade for the course. Course evaluations are starting and you are STRONGLY urged, encouraged and begged to complete your evaluation of this course. http://law.fordham.edu/evaluate
Recap of Class 1 Pfizer Case Study and Compliance Risks Legal and Regulatory Incentives/Conflicts of Interest Political Failure of Controls Reputational Recidivism Point of Sale/Distribution Definitions Compliance Risk is the risk of failing to comply with applicable legal or regulatory requirements resulting in a material loss (financial or reputational) or legal/regulatory sanction A Compliance Risk Assessment is a framework to enable the evaluation and analysis of the overall Compliance risk (both inherent risks and control effectiveness) associated with a particular business area
Recap of Class 2 The Five Elements of an Effective Compliance Program Tone at the Top Enron Chronology: July 1985 Enron established through merger and by November 2006 entire senior management team has either been indicted or convicted with Enron and Arthur Andersen no longer operating Corporate Culture and Communication Codes of Conduct set the values for employees to follow and those values are based on Compliance Risk. 3. Compliance Risk Assessment 4. Testing and Monitoring 5. Chief Compliance Officer Case Study: HSBC Financing drug cartels Permitting sanctioned regimes to process dollar payments Claw back of compensation (including Compliance Officers) Criminal charges for “failure to maintain an effective AML program” Recap of Class 3 Compliance Tools/Controls Advisory Function Coverage of Front Office and Technology, Finance and Operations Conflicts of Interest -- A Deep Dive
Conflicts of interest are inherent in the financial services business Historical success of the industry has been managing these conflicts by eliminating or disclosing them Top to bottom review of business operations to address conflicts of interest of every kind Risk Assessments Follow-Up Policies and Procedures Education and Training Compliance Surveillance and Business Unit Review and Testing ‹#› Recap of Class 4 A Compliance Risk Assessment is a framework to enable the evaluation and analysis of the overall Compliance risk (both inherent risks and control effectiveness) associated with a particular business area 1. Identifying Business Area(s) and Metrics 2. Mapping Applicable Rules 3. Identifying Key Compliance Risks and Themes 4. Defining a Controls Inventory 5. Rating Control Effectiveness
6. Determining Residual Risks 7. Scoring, Rating and Reporting It’s All About the Questionnaire . . . Compliance Risk Assessment Steps Identify Business Area and Metrics Map Applicable Rules Identify Key Compliance Risks & Themes Define Controls Inventory Rate Controls Effectiveness Determine Residual Risk Score, Rate and Report
Phase 2 of the Course Assignments Listen carefully in class as assignments will be based on material from the sector presented. Sector Risk Listen and assimilate the material/lecture through the lens of the types of risks each of the areas present, as well as the corresponding controls – the 3/4 central boxes of the CRA Diagram Be a proactive listener and ask questions or provide comments Make notes of questions that you have or comments to discuss later Compliance Risk Assessment Steps Identify Business Area and Metrics Map Applicable Rules Identify Key Compliance Risks & Themes Define Controls Inventory Rate Controls Effectiveness
Determine Residual Risk Score, Rate and Report Recap of Class 5 Financial Services Regulation Banking Services Deposit Taking Lending Fund Transfers, checking Securities and Investments Buying and selling stocks, bonds Participating in Capital Markets transactions Investment Advisory Activities Investment Company Activities Federal Reserve, OCC, SEC, FINRA and CFTC, plus Exchanges FINRA Regulatory Regime Supervision Self-Reporting Case Study: Prospectus Delivery
‹#› Recap of Class 6 Anti-Money Laundering and Financial Crime Risk and Controls Anti-Money Laundering Rule Mapping: Bank Secrecy Act, USA PATRIOT Act, EU Directives Proceeds of Crime Act Elements: Proceeds of crime used in banking system Inherent Risks of Clients – Client Lifecycle (Onboarding, Processing Transactions, Refreshing Information) Geographical Location Type of Client Products and Services Client Identification serves as the primary control: KYC -- Client Due Diligence and Enhanced Due Diligence Sanctions Rule Mapping: OFAC, United Nations and EU Directives Elements: Penalties imposed by one country on one or more other countries/individuals Client Screening as a control Anti-Bribery and Corruption (ABC) US Foreign Corrupt Practices Act, UK Anti-Bribery Laws Elements: Giving or receiving something of value to influence an official in the discharge of his/her public or legal duties Client Identification Suspicious Transaction Reporting Filing a report with the appropriate regulatory authority when suspicious activity is identified Strictly prohibited to disclose the filing of the report to parties involved
‹#› Recap of Class 7 Anti-Corruption Rule Mapping US Foreign Corrupt Practices Act UK Bribery Statute Travel Act, Mail/Wire Fraud and Money Laundering A Closer Look at the FCPA Anti-Bribery Books and Records Internal Controls FCPA Elements Offer, Promise or Give Anything of Value Directly or Indirectly with “Knowledge” To a Foreign Government Official To Influence the Official To Obtain or Retain Business Case Studies Glaxo Smith Kline and Nu Skin BNY Mellon, Och Ziff and Morgan Stanley ‹#› Recap of Class 7 Insider Trading Definitions Inside Information is material information that relates to the securities of an issuer that is not publicly known -- MNPI
What is Material? Insider Trading is the buying or selling of a security with the intent to deceive and in breach of a fiduciary obligation or other relationship of trust while in possess of material non- public information Rule Mapping Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 promulgated thereunder Prohibits fraud in connection with a purchase or sale of securities Rule 14e-3 Prohibits trading when you have MNPI about a tender offer, if you got that information directly or indirectly from someone involved in the tender offer Section 16 Insider liability for short-swing profits (purchase/sale within 6 months) Regulation FD Prohibits selective disclosure by companies Controls Information Barriers -- Private Side and Public Side The Control Room Watch and Restricted Lists Employee Trading Surveillance Case Studies Galleon Merck ‹#› Recap of Class 8
Pharmaceutical Regulation Prohibited Acts Adulteration Misbranding Definitions of “Drug” and “Device” Drug – Intended Use/Intended to Affect Medical Device – No Chemical Action Drug Regulatory Framework Enforcement Tools Advertising and Promotion Good Manufacturing Practice Good Clinical Practice Related Compliance Risks False Claims Act The Park Doctrine Corporate Integrity Drug Supply Chain Act ‹#› Recap of Class 9 Employment Law Compliance Rule Mapping Entitlement Laws Anti-Discrimination Laws Whistleblower Laws National Labor Relations Act and Work Place Safety (OSHA – Occupational Safety and Health Act) Immigration, Tax and common law
Pre-Employment Background Checks: Fair Credit Reporting Act; Criminal Background: Ban the Box; Credit Checks; FINRA Health: Americans with Disabilities Act; Drug Tests Right Fit for the Job: Anti-Discrimination, Equal Employment Opportunity Act; Personality Assessments Ability to Work: US Immigration Reform and Control Act (IRCA) Employment “At Will” Employment Anti-Discrimination Harassment Retaliation Entitlements Whistleblower Post-Employment Lawful Terminations Former Employee Risks: Confidential Information Intellectual Property Disparagement Unfairly competing/soliciting employees/clients Defamation ‹#› Overview of Key Employment Laws Anti-Discrimination Laws Entitlement Laws (Wage and Hour; Leave of Absence; Benefits) Whistleblower Protections National Labor Relations Act (NLRA) (Unions) Workplace Safety (OSHA) ‹#›
Overview of Key Employment Laws Immigration Tax Miscellaneous Other Statutes and Regulations Background checks Protection of private information Many more . . . . Patchwork of Overlapping State and Local Employment Laws Common Law Contract Negligence (including negligent hiring) Torts ‹#› The Three Phases of The Employment Relationship Pre-Employment/On-boarding Employment Termination/Post-employment At Each Phase: Identify the business aim Identify the legal/compliance framework Identify the risks: people risks process risks ‹#› Background Checks Generally not obligatory in private sector. Business reasons for conducting them: Properly vetting the applicant (avoiding “people risks”) Possible legal exposure for not properly vetting:
Respondeat superior liability: Employee acting within scope of job Negligent hiring: Employee acting outside scope of job ‹#› Background Checks – Process Regulations The Fair Credit Reporting Act (“FCRA”) Applies to background checks conducted by a background screening company Employers must: Disclose that it will obtain a background report Obtain written consent from the applicant Provide the applicant with the report and wait a reasonable amount of time before acting Provide written notice of adverse action ‹#› Background Checks – Substantive Regulations Restrictions on criminal background checks “Ban the Box” laws Hawaii Illinois Massachusetts Minnesota New Jersey Oregon Rhode Island New York City *Most of these laws exempt certain jobs (e.g., FINRA Reps; law enforcement) *Some of these laws (e.g., NYC) allow for inquiries later in the hiring process
‹#› 21 Background Checks – Substantive Regulations Laws that require individual assessment (no automatic bar) e.g., (NY Corrections Law 23-A) (3) Does a criminal conviction disqualification discriminate based on race? U.S. Equal Employment Opportunity Commission 2012 Enforcement Guidance recommends: eliminating disqualification based on ANY criminal conviction developing narrowly tailored policies ONLY excluding applicants with certain criminal convictions from certain jobs EEOC v. BMW (Dist. S.C.) (EEOC sued BMW for overbroad exclusion of applicants with criminal convictions) (settled Sept. 2015) ‹#› Background Checks – Substantive Regulations Credit Checks Permitted under federal law (subject to compliance with FCRA procedures) Prohibited in 11 state and many local jurisdictions (including NY) Exemptions for certain positions and if mandated by law ‹#› Background Checks – Substantive Regulations Special Rules for FINRA Registered Representatives (FINRA
Rule 3110(e) (approved by SEC effective 7/1/15) Firms must: investigate the “good character, business repute, qualifications, and experience” of an applicant. adopt written procedures that are reasonably designed to verify the accuracy and completeness of the information contained in an applicant’s Form U4 (Uniform Application for Securities Industry Registration or Transfer). conduct a national search of reasonably available public records to verify the accuracy and completeness of the information contained in an applicant’s Form U4. ‹#› Health Information Americans with Disabilities Act (ADA) Regulates pre-employment inquiries and medical examinations (3 stages): pre-conditional offer: no inquiries or medical exams post-conditional offer: permitted as along as required of everyone in job category post-hire: only if the inquiry is job related The Genetic Information Nondiscrimination Act of 2008 (GINA) Prohibits discrimination based on genetic information Prohibits employers from asking about genetic information (with narrow exceptions) A Difficult Case: United Airlines and CEO Oscar Munoz ‹#› Drug Testing Types of drug tests: pre-employment random
post-accident reasonable suspicion periodic return to duty ‹#› Drug Testing Federal Laws: ADA: a drug test is not a “medical examination” Drug Free Workplace Act of 1988 Applies to certain federal contractors and all federal grantees Does not mandate drug testing Mandated for certain types of jobs (e.g., truck drivers) State Laws: Patchwork of laws Uncertain impact of legalization of medical marijuana ‹#› Making Sure the Applicant is the Right “Fit” – the Interview All Equal Employment Laws Prohibit Discrimination in the Application Process Based on race, gender, national origin, color, religion, disability, age, citizenship (federal); and sexual orientation, marital status (many states) Applies to: hiring, job advertisements, recruitment, testing and training. Problematic Interview Questions (N.Y.S. Div. on Human Rights 1993): How old are you? Do you wish to be addressed as Miss? Mrs.? Ms.? Are you married? Inquiry into applicant’s ancestry, national origin or nationality
Inquiry into applicant’s religious affiliations or religious holidays observed Where were you born? Are you a U.S. citizen? What year did you graduate? What is your native language? ‹#› Making Sure the Applicant is the Right “Fit” – Formal Personality Assessments Personality Assessments: Tests used to assess personality, skills, cognitive abilities and other traits. Used to test the personalities of about 60% to 70% of prospective workers in the U.S. (up from 30% to 40% about five years ago). Typical scaled questions: Your mood often changes without your knowing why People say unfair things about you when you are not there You have difficulty sleeping because of your worries You often feel that certain people are trying to take advantage of you Legal Issues: Is the personality assessment an inquiry into disability in violation of the ADA? Does the personality assessment tend to disproportionately screen out applicants based on gender or race? EEOC v. Target (settled 8/24/15; $2.8 million) ‹#› Can the Applicant Take the Job? Immigration Reform and Control Act of 1986 (IRCA):
Employers can only employ workers authorized to work in the U.S. Employers must timely complete Form I-9 Employer must verify expiring or expired employment authorization documents But employers cannot discriminate based on national origin or citizenship status Is the applicant subject to an enforceable non-competition agreement with a prior employer? The applicant is at risk for breach of contract The (new) employer is at risk for tortious interference with contract ‹#› “At-Will” Employment At-will employment: Either employer or employee may terminate the employment relationship for any reason or no reason. Can be either confirmed or vitiated in a contract, employee handbook, collective bargaining agreement Even if employment is “at-will,” employer cannot terminate for a reason prohibited by law (e.g., discrimination, retaliation or for whistleblowing). What employers do in order to confirm at-will employment: recite “at will” employment in offer letter or employment contract and reinforced in employee handbook ‹#› Anti-Discrimination Laws Federal:
State and Local: marital status sexual orientation gender identityStatuteProtected CharacteristicsTitle VII of the Civil Rights Act of 1964Race, color, national origin, sex, religion Pregnancy Discrimination ActPregnancyADADisabilityAge Discrimination in Employment ActAge 40 and over IRCACitizenship status GINAGenetic disposition The Uniformed Services Employment Reemployment Rights Act of 1994 (USERRA)Military service ‹#› Anti-Discrimination Laws Types of discrimination: Failure to hire Termination Failure to promote Demotion Compensation Discriminatory employment terms and conditions (e.g., transfer, training) Harassment Failure to provide reasonable accommodation (religion and disability) Retaliation Theories of discrimination: Disparate treatment: Employee is intentionally subjected to less favorable treatment because of protected class status Disparate impact: A seemingly neutral policy or practice
unduly disadvantages individuals on the basis of their protected class (e.g., minimum height requirements may have a disparate impact on women) ‹#› The Americans with Disabilities Act – Some Unique Considerations What the law prohibits: Discrimination based on disability Discriminatory Standards Associational Discrimination What the law requires: Reasonable Accommodation for disabled employees ‹#› The Americans with Disabilities Act – Some Unique Considerations Challenges: What constitutes a protected disability? a physical or mental impairment that substantially limits a major life activity history of disability regarded as having an impairment What is a reasonable accommodation? A workplace change that enables a disabled employee to perform the essential functions of the job Not required if it constitutes an undue hardship A key compliance challenge: reasonable accommodation may require exceptions to established policies ‹#› Anti-Discrimination Laws – Harassment
Two forms: Quid pro quo harassment: “this for that” Hostile work environment: A workplace characterized by harassment that is: Unwelcome Because of protected class status Attributable to the employer Severe or pervasive ‹#› 36 Anti-Discrimination Laws – Harassment Liability of employer: If harassment is by co-worker: negligence standard If harassment is by supervisor: quid pro quo or tangible employment action strict liability hostile work environment, employer can avoid liability if: The employer exercised reasonable care to prevent and promptly correct the harassing behavior The employee unreasonably failed to take advantage of preventative or corrective opportunities provided by the employer The Faragher/Ellerth affirmative defense policies complaint procedure ‹#› Anti-Discrimination Laws – Retaliation Elements of a retaliation claim: Employee engaged in protected activity
complained of discrimination or harassment internally filed a complaint with an agency or in court participated in an investigation Adverse employment action following protected activity (e.g., fired, demoted) Causal connection between (1) and (2) ‹#› Employee Entitlements The Family and Medical Leave Act 12 weeks of unpaid leave in a 1 year period Reasons for leave: Employee’s serious health condition Care for family members with serious health conditions Leave related to pregnancy, birth, adoption Written policy required Workers Compensation – injury and work loss compensation system (state law) Unemployment Benefits – state law Disability Benefits – state law Affordable Care Act Minimum essential coverage for full-time employees and their dependents Coverage that is affordable and provides minimum values USERRA: unpaid leave (up to 5 years) for military service; reinstatement obligations Fair Labor Standards Act (FLSA) ‹#› FLSA – Special Considerations FLSA Basics: Establishes minimum wage Requires that blue-collar (“non-exempt”) employees be paid
overtime (1.5x regular rate) after working 40 hours in a single work week Recordkeeping obligations FLSA Challenges: employee or independent contractor? Employee or intern? overtime eligible or “exempt” from OT (white collar exemptions): Administrative employees Executive employees Professional employees Computer professionals Outside sales employees Most pharmaceutical sales reps (Christopher v. SmithKline Beecham Corp., S. Ct. 2012) ‹#› 40 Whistleblower Protections – Public Companies and Financial Services Sarbanes-Oxley Act (SOX) Dodd-Frank Two types of protected conduct: Reporting Corporate Wrongdoing Participating in Proceedings Employee reports conduct that she “reasonably believes” is a violation of a “covered law” mail fraud wire fraud bank fraud securities fraud violation of SEC rules or regulations
fraud against shareholders Dodd-Frank includes protection of employees involved in selling consumer financial products or services Open issue: does internal reporting qualify as protected activity? ‹#› Whistleblower Protections – Public Companies and Financial Services Examples of violations that can be the basis of a whistleblower claim: Market manipulation Insider trading Misstatements or omissions in disclosures Corporate mismanagement resulting in breach of fiduciary duty to shareholders Fraudulent accounting practices Fraud by an employer’s customer: J.P Morgan money laundering case FedEx mail fraud case ‹#› Whistleblower Protections – Pharma Violations that can be subject to whistleblowing: Failure to Comply with Current Good Manufacturing Practices (“cGMPs”): Regulations to ensure proper design, monitoring, and control of pharma manufacturing processes and facilities Off-label Marketing: Marketing or promoting a drug for a use that the FDA has not approved Kickbacks: Paying physicians or others to order or recommend drugs that may be paid for by a federal healthcare program False Claims Act: Qui Tam “Relator” Complaints
Retaliation Against Relators ‹#› Lawful Termination of Employment Defense of the legitimate business decision: Documented performance problems? Progressive discipline? warnings? Compliance with disciplinary processes? Temporal proximity to protected activity? (the retaliation concern) Exposure to a potential discrimination claim? comparison to “similarly situated” employees outside of protected class “stray remarks” consider the demographics of the department Identify and maintain relevant documents, including policies and performance reviews, warnings ‹#› Lawful Termination of Employment Enforceable separation agreement and release of claims? Consideration ($ not otherwise entitled to) Plainly worded Reasonable time to consider Special rules for release of ADEA claims Not all claims can be releases (e.g., FLSA, workers compensation, whistleblower) Overbroad confidentiality provisions may be challenged by EEOC, NLRB, SEC ‹#›
45 Risks Posed by Former Employees Disclosure or unauthorized use of confidential information and trade secrets Have the employee execute a confidentiality agreement at hire Employee claims ownership of intellectual property she developed while employed Have the employee execute a “work-for-hire” agreement Disparagement of company, products, employees Have the employee execute a non-disparagement agreement (in employment or separation agreement) ‹#› Risks Posed by Former Employees Working for a competitor or unfairly competing Have the employee execute a non-competition agreement not enforceable in certain states (e.g., CA) generally disfavored by courts most courts require a “protectable interest” beyond desire to limit competition restrictions must be narrowly tailored in terms of geographic scope and time period Soliciting business’s employees or customers Have the employee execute a non-solicit agreement in addition to or in lieu of a non-competition agreement courts are more likely to enforce, but still generally impose a reasonableness requirement ‹#›
Wells Fargo Update Part 4 FINRA Form U-5 Filings Form U-5s are required to be fired when a FINRA registered employee leaves a FINRA registered organization. Form U-5s must give provide information about the employee’s departure. Was it Voluntary or Involuntary? If involuntary, did it relate to a violation of law, rules or internal policy? The U-5 also asks for a description. Senators are now asking how many of the approximate 5000 terminated Wells Fargo employees in the Cross-Selling matter were registered and would have required the filing of a Form U- 5. Answer is about 600 but the problem is that 400 of the U-5s did not accurately disclose what happened. The next question was whether someone at Wells Fargo reviewed the U-5s for trends and patterns – particularly the 200 that were accurate Isn’t what the Senators are suggesting is that the Form U-5 filings are helpful metrics? Discussion of Assignment 8 Develop a background checklist for an entry level employee at your company and then draft a table of contents for an employee
handbook based on the employment law topics discussed in class. Background Checklist should be 2-3 pages and include the information you would like to know about a potential employee that is also legally permissible. Table of Contents for the Employee Handbook should cover the appropriate areas of Employment Law discussed in the employee law risk lecture. Glaxo Smith Kline -- Sex, Bribes and Videotape November 2, 2016 news story in The New York Times outlines bribery allegations from a whistleblower that the Board failed to act on and a smear campaign on the supposed whistleblower Allegations gain credibility when a videotape surfaces involving the Head of GSK China having sex with a partner allegedly procured by a travel agency GSK was using to facilitate the bribery . . . But there’s more . . . look back to GSK’s $3 billion settlement in 2012 . . . GSK Case Study
Also, review the GSK story in the New York Times and then research GSK’s 2012 $3 Billion settlement relating to Paxil, Wellbutrin and Avandia GSK Settlements: Come to class prepared to present the issues raised in both the 2012 and 2016 Settlements focusing your presentation on indentifying the compliance risks in each of the settlements and the Compliance Program elements that could have prevented them. Also, you should be prepared to discuss how a Compliance Risk Assessment would or could have pre- identified these risks. In class on November 9, I will select a group of three to discuss the 2012 settlement and another group of three to discuss the 2016 settlement. Selection will be random. Those not selected to present will be expected to contribute and participate in the discussion. ‹#› Third Party Risks Overview Who are third parties? What are the risks that are associated with third parties? What are the controls for third party risks?
‹#› Third Party Risks Who are third parties? Clients? Employees? Those parties with whom the company has an association or relationship that is neither a client/customer or an employee. Suppliers Vendors Distributors Agents Consultants Joint Venture Partners ‹#› Third Party Risks What are the risks of doing business with third parties? Association Risks Solvency Risks Competency Risks Compliance Risks These four risks lead to the following broader risks: Financial Risks Regulatory Risks Reputational Risks Variable Factors to Consider Extent and level of relationship Special characteristics/considerations of third party (e.g.,
jurisdiction, regulated, etc.) ‹#› Third Party Risks JP Morgan Chase/Madoff Case Study Background -- Exhibit B; Page 3 Paragraphs 7-8 Madoff as Third Party -- Exhibit C; Page 8 Paragraphs 33-36 Understanding the JPMC Madoff Linked Structured Product (linked to the performance of Madoff Hedge Fund) Madoff as Client Exhibit C; Page 2 Paragraphs 7 – 12 and 22-28 Understanding the account balance inflation arrangement Suspicions Begin Exhibit C Page 9 Paragraphs 37-53 And the third party risks for JPMC become real ‹#› Third Party Risks JP Morgan Chase/Madoff Case Study Understanding the JPMC Structured Product (linked to the performance of Madoff Hedge Fund)
Client buys a 3 year fixed income note in the principal amount of $500,000 (bond that is issued by JPMC) that pays 2% interest Client and JPMC agree that interest payments will be treated as if the 2% interest payment is invested in the Madoff Hedge Fund JPMC Note matures in 3 years and client receives the principal amount of note plus any money that might be due from being linked to the Madoff Fund Client buys $500,000 note With $10,000 in Interest JPMC treats $10,000 interest payment as if it were invested in Madoff Note matures and client receives principal back plus returns of Madoff This is a derivative instrument ‹#› Third Party Risks JP Morgan Chase/Madoff Case Study What are the risks posed by Madoff as a Third Party to JP Morgan Chase?
What are the controls to mitigate/manage that risk? ‹#› JP Morgan Chase Madoff Hedge Fund linked to JPMC Structured Products Madoff Securities as JPMC Client Third Party Risks Examples of Other Third Party Relationships Controls for Third Party Risk Management Policies and Procedures Due Diligence (perhaps modified from regular client due diligence or perhaps not depending on the complexity and level of association) Written Agreement On-going monitoring Periodic Review of Relationship and Controls Laboratory: Design the components of a policy to manage third party risk at Merck.
‹#› Third Party Risks Back to the JPMC/Madoff Case Study The Rest of the Story Deferred Prosecution Agreement with JPMC over its AML Program and failure to file SARs $1.7 billion in penalties Our class comes full circle . . . Compliance Program Exhibit C Paragraphs 13-21 KYC: Exhibit C Paragraphs 22-28 The Check Scheme Due Diligence of Clients and Third Parties (Exhibit C and Paragraph 32 and then Paragraphs 37-53) Client and Provider information sharing Penalty of JPMC Who accepted the Deferred Prosecution Agreement? ‹#› Third Party Risk: A Risk Topic or Risk Driver? Third Party Risk resembles Client Risk Think back to AML and Client ID The type of client (high risk, low risk) tends to drive inherent risk PEPs Clients from sensitive countries Third Party Risk is similar to AML/Client ID The type of third party relationship tend to drive inherent risk Geographic jurisdiction of third parties
Regulated Status Public or private company ‹#› Third Party Risk: A Risk Area or Risk Driver? Third Party Risk resembles Client Risk Think back to AML and Client ID The type of client tends to drive inherent risk PEPs Clients from sensitive countries Third Party Risk is similar to AML/Client ID The type of third party relationship tends to drive inherent risk Geographic jurisdiction of third parties Regulated status Public or private company ‹#› Intellectual Property Overview What is “Intellectual Property?” Black’s Law Dictionary: Category of intangible rights protecting commercially valuable products of the human intellect Inventions Creative Expressions Trademark For which there is a public interest in conferring property right s on the creators
What are the primary legal protections associated with intellectual property? Patent Copyright Trademark Also includes trade secrets, trade dress and publicity rights, ‹#› Intellectual Property Overview Rule Mapping for IP US Patent Laws US Trademark Act of 1946 Patent Cooperation Treaty 1978 World Intellectual Property Organization (UN) US Copyright Act of 1976 Digital Millennium Copyright Act of 1998 Berne Convention for Copyrights Protections Patents for 14 years from the date of filing EXCEPT for food and drugs which is 7 years from the date of filing or 5 years from the date of patent whichever is earlier Copyright is generally 70 years after date of creation in a fixed, tangible form Questions abound about what is patentable/protectable ‹#› Intellectual Property and Pharmaceuticals Hatch – Waxman Act of 1984 (the Drug Price Competition and Patent Term Restoration Act)
Designed to speed up generic drugs to compete with patented pharmaceuticals Established the Abbreviated New Drug Application (“ANDA”) Abbreviated Process for Generics Generic manufacturer files an “Abbreviated New Drug Application” that must demonstrate: The generic is “bioequivalent” to the protected drug AND The patent is invalid or will not be infringed If the original patent holder decides to challenge the ANDA, the ANDA is then given a 30 month stay while patent owner can challenge the bio-equivalency and patent claims in court ANDA Filer receives a 180 day exclusivity ‹#› Intellectual Property and Pharmaceuticals What are the IP Risks? Loss of money and market share if intellectual property is not properly protected Subject to penalties and litigation when a company infringes another company’s properly protected intellectual property Special considerations for generic drug applications Downstream consequential risk: Off-label marketing Controls Policies and procedures Training for Research and Development Employees Monitoring of R&D activities Market surveillance for infringement by others ‹#› Third Party and Intellectual Property Risks
Third Party Risk Controls Policies and Procedures Written Agreement Due Diligence (perhaps modified from regular client due diligence or perhaps not depending on the complexity and level of association) On-going monitoring Periodic Review of Relationship and Controls IP Risk Controls Policies and procedures Training for Research and Development Employees Monitoring of R&D activities for infringement Market surveillance for infringement by others ‹#› Classes 11 and 12 Class 11 A Closer Look at Metrics and Inherent Risk Rating and Reporting the Risk Assessment Putting It Together: CRA from Start to Finish and Preparing for the Laboratory Exam Discussion Class 12 CRA Laboratory Employee Interviews for Inherent Risk and Control Effectiveness Determining Residual Risk
‹#› Assignment 9 (final scored assignment) Draft notes and questions for an interview with a senior executive in charge of manufacturing in your pharmaceutical company about the use of third party suppliers. Be prepared to hand in this assignment at the beginning of class on November 23. Drafting questions for an interview with a senior executive. Start with questions about the basics of the business unit that the senior executive is in charge of Move next to questions about the risks presented by the use of third party providers Remember to have questions that seek to determine the variable factors of complexity and extent of the third party relationship Move to questions about the controls in place for third party providers – remember the critical piece is assessing the effectiveness of the controls Try to have your questions logically follow each other and avoid jumping around Use topic headers to signal a change in subject area of your questions Use notes to explain additional information/potential answers/analysis behind questions/decision behind not asking ‹#›
Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx

Recommended

Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docxaryan532920
 
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docxaryan532920
 
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docxaryan532920
 
Warning how background checks can get your staffing agency in big trouble
Warning how background checks can get your staffing agency in big troubleWarning how background checks can get your staffing agency in big trouble
Warning how background checks can get your staffing agency in big troubleMike McCarty
 
Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...
Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...
Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...SHAUN HASSETT
 
Outcomes focused regulation
Outcomes focused regulationOutcomes focused regulation
Outcomes focused regulationRichard Nelson LLP
 
Final parkin orendac background screening
Final parkin orendac background screeningFinal parkin orendac background screening
Final parkin orendac background screeningStephenZiemkowski
 
FACTA Red Flags 2010
FACTA Red Flags 2010FACTA Red Flags 2010
FACTA Red Flags 2010Credit Management Association
 

Recommended

Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docxaryan532920
 
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docxaryan532920
 
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docxaryan532920
 
Warning how background checks can get your staffing agency in big trouble
Warning how background checks can get your staffing agency in big troubleWarning how background checks can get your staffing agency in big trouble
Warning how background checks can get your staffing agency in big troubleMike McCarty
 
Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...
Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...
Customer Due Diligence: Improving Screening Processes for OFAC Entities and O...SHAUN HASSETT
 
Outcomes focused regulation
Outcomes focused regulationOutcomes focused regulation
Outcomes focused regulationRichard Nelson LLP
 
Final parkin orendac background screening
Final parkin orendac background screeningFinal parkin orendac background screening
Final parkin orendac background screeningStephenZiemkowski
 
FACTA Red Flags 2010
FACTA Red Flags 2010FACTA Red Flags 2010
FACTA Red Flags 2010Credit Management Association
 
Creating Your Red Flags Rule Playbook
Creating Your Red Flags Rule PlaybookCreating Your Red Flags Rule Playbook
Creating Your Red Flags Rule PlaybookLumension
 
IE Corporate Risk Assessment 1-6 - Hernan huwyler
IE Corporate Risk Assessment 1-6 - Hernan huwyler IE Corporate Risk Assessment 1-6 - Hernan huwyler
IE Corporate Risk Assessment 1-6 - Hernan huwyler Hernan Huwyler, MBA CPA
 
Warning! How Background Checks Can Get You in Big Trouble
Warning! How Background Checks Can Get You in Big TroubleWarning! How Background Checks Can Get You in Big Trouble
Warning! How Background Checks Can Get You in Big TroubleMike McCarty
 
SunGard 2010 Compliance Summit: Keynote Speech
SunGard 2010 Compliance Summit: Keynote SpeechSunGard 2010 Compliance Summit: Keynote Speech
SunGard 2010 Compliance Summit: Keynote Speechguestf1dd184
 
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)Pw Carey
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler, MBA CPA
 
Brazil's Clean Company Act
Brazil's Clean Company ActBrazil's Clean Company Act
Brazil's Clean Company ActEthisphere
 
Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Case IQ
 
Discus the development of the fraud examinerforensic accounting pro.pdf
Discus the development of the fraud examinerforensic accounting pro.pdfDiscus the development of the fraud examinerforensic accounting pro.pdf
Discus the development of the fraud examinerforensic accounting pro.pdfMALASADHNANI
 
Middle East Summit on Anti-Corruption
Middle East Summit on Anti-CorruptionMiddle East Summit on Anti-Corruption
Middle East Summit on Anti-CorruptionRachel Hamilton
 
Tips for Recognizing Fraud
Tips for Recognizing FraudTips for Recognizing Fraud
Tips for Recognizing FraudDennis L. Thompson, CPA, CFE
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationBrent Hillyer
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Legal Ethics for a Changing Profession
Legal Ethics for a Changing ProfessionLegal Ethics for a Changing Profession
Legal Ethics for a Changing ProfessionDowney Law Group LLC
 
2016 RIA Survey Report
2016 RIA Survey Report2016 RIA Survey Report
2016 RIA Survey ReportKen Golsan
 
Ethics for Lawyers, Accountants, and CTFAs - May 2018
Ethics for Lawyers, Accountants, and CTFAs - May 2018Ethics for Lawyers, Accountants, and CTFAs - May 2018
Ethics for Lawyers, Accountants, and CTFAs - May 2018Downey Law Group LLC
 
AML Sanctions Presentation
AML Sanctions PresentationAML Sanctions Presentation
AML Sanctions Presentationwilliamsmcguire
 
David Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryDavid Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryJ. David Morris
 
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor ManagementBrent Siegel
 
The 'Second-Chance' Workforce
The 'Second-Chance' WorkforceThe 'Second-Chance' Workforce
The 'Second-Chance' WorkforceProforma Screening Solutions
 
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxAccording to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxaryan532920
 
According to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxAccording to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxaryan532920
 

More Related Content

Similar to Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx

Creating Your Red Flags Rule Playbook
Creating Your Red Flags Rule PlaybookCreating Your Red Flags Rule Playbook
Creating Your Red Flags Rule PlaybookLumension
 
IE Corporate Risk Assessment 1-6 - Hernan huwyler
IE Corporate Risk Assessment 1-6 - Hernan huwyler IE Corporate Risk Assessment 1-6 - Hernan huwyler
IE Corporate Risk Assessment 1-6 - Hernan huwyler Hernan Huwyler, MBA CPA
 
Warning! How Background Checks Can Get You in Big Trouble
Warning! How Background Checks Can Get You in Big TroubleWarning! How Background Checks Can Get You in Big Trouble
Warning! How Background Checks Can Get You in Big TroubleMike McCarty
 
SunGard 2010 Compliance Summit: Keynote Speech
SunGard 2010 Compliance Summit: Keynote SpeechSunGard 2010 Compliance Summit: Keynote Speech
SunGard 2010 Compliance Summit: Keynote Speechguestf1dd184
 
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)Pw Carey
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler, MBA CPA
 
Brazil's Clean Company Act
Brazil's Clean Company ActBrazil's Clean Company Act
Brazil's Clean Company ActEthisphere
 
Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Case IQ
 
Discus the development of the fraud examinerforensic accounting pro.pdf
Discus the development of the fraud examinerforensic accounting pro.pdfDiscus the development of the fraud examinerforensic accounting pro.pdf
Discus the development of the fraud examinerforensic accounting pro.pdfMALASADHNANI
 
Middle East Summit on Anti-Corruption
Middle East Summit on Anti-CorruptionMiddle East Summit on Anti-Corruption
Middle East Summit on Anti-CorruptionRachel Hamilton
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationBrent Hillyer
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Legal Ethics for a Changing Profession
Legal Ethics for a Changing ProfessionLegal Ethics for a Changing Profession
Legal Ethics for a Changing ProfessionDowney Law Group LLC
 
2016 RIA Survey Report
2016 RIA Survey Report2016 RIA Survey Report
2016 RIA Survey ReportKen Golsan
 
Ethics for Lawyers, Accountants, and CTFAs - May 2018
Ethics for Lawyers, Accountants, and CTFAs - May 2018Ethics for Lawyers, Accountants, and CTFAs - May 2018
Ethics for Lawyers, Accountants, and CTFAs - May 2018Downey Law Group LLC
 
AML Sanctions Presentation
AML Sanctions PresentationAML Sanctions Presentation
AML Sanctions Presentationwilliamsmcguire
 
David Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryDavid Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryJ. David Morris
 
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor ManagementBrent Siegel
 

Similar to Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx (20)

Creating Your Red Flags Rule Playbook
Creating Your Red Flags Rule PlaybookCreating Your Red Flags Rule Playbook
Creating Your Red Flags Rule Playbook
 
IE Corporate Risk Assessment 1-6 - Hernan huwyler
IE Corporate Risk Assessment 1-6 - Hernan huwyler IE Corporate Risk Assessment 1-6 - Hernan huwyler
IE Corporate Risk Assessment 1-6 - Hernan huwyler
 
Warning! How Background Checks Can Get You in Big Trouble
Warning! How Background Checks Can Get You in Big TroubleWarning! How Background Checks Can Get You in Big Trouble
Warning! How Background Checks Can Get You in Big Trouble
 
SunGard 2010 Compliance Summit: Keynote Speech
SunGard 2010 Compliance Summit: Keynote SpeechSunGard 2010 Compliance Summit: Keynote Speech
SunGard 2010 Compliance Summit: Keynote Speech
 
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
ISACA 2010 Fall Security Conference - C24 Fraud In The Workplace Ver 3 0 (1)
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
 
Brazil's Clean Company Act
Brazil's Clean Company ActBrazil's Clean Company Act
Brazil's Clean Company Act
 
Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...Handling whistleblower complaints a global perspective for north american c...
Handling whistleblower complaints a global perspective for north american c...
 
Discus the development of the fraud examinerforensic accounting pro.pdf
Discus the development of the fraud examinerforensic accounting pro.pdfDiscus the development of the fraud examinerforensic accounting pro.pdf
Discus the development of the fraud examinerforensic accounting pro.pdf
 
Middle East Summit on Anti-Corruption
Middle East Summit on Anti-CorruptionMiddle East Summit on Anti-Corruption
Middle East Summit on Anti-Corruption
 
Tips for Recognizing Fraud
Tips for Recognizing FraudTips for Recognizing Fraud
Tips for Recognizing Fraud
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Legal Ethics for a Changing Profession
Legal Ethics for a Changing ProfessionLegal Ethics for a Changing Profession
Legal Ethics for a Changing Profession
 
2016 RIA Survey Report
2016 RIA Survey Report2016 RIA Survey Report
2016 RIA Survey Report
 
Ethics for Lawyers, Accountants, and CTFAs - May 2018
Ethics for Lawyers, Accountants, and CTFAs - May 2018Ethics for Lawyers, Accountants, and CTFAs - May 2018
Ethics for Lawyers, Accountants, and CTFAs - May 2018
 
AML Sanctions Presentation
AML Sanctions PresentationAML Sanctions Presentation
AML Sanctions Presentation
 
David Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryDavid Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscovery
 
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
 
The 'Second-Chance' Workforce
The 'Second-Chance' WorkforceThe 'Second-Chance' Workforce
The 'Second-Chance' Workforce
 

More from aryan532920

According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxAccording to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxaryan532920
 
According to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxAccording to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxaryan532920
 
According to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docxAccording to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docxaryan532920
 
According to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docxAccording to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docxaryan532920
 
According to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docxAccording to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docxaryan532920
 
According to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docxAccording to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docxaryan532920
 
According to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docxAccording to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docxaryan532920
 
According to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docxAccording to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docxaryan532920
 
According to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docxAccording to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docxaryan532920
 
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docxAccording to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docxaryan532920
 
According to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docxAccording to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docxaryan532920
 
According to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docxAccording to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docxaryan532920
 
According to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docxAccording to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docxaryan532920
 
According to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docxAccording to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docxaryan532920
 
According to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docxAccording to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docxaryan532920
 
According to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docxAccording to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docxaryan532920
 
According to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docxAccording to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docxaryan532920
 
According to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docxAccording to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docxaryan532920
 
According to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docxAccording to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docxaryan532920
 
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docxAccording to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docxaryan532920
 

More from aryan532920 (20)

According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docxAccording to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
 
According to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docxAccording to the text, crime has been part of the human condition si.docx
According to the text, crime has been part of the human condition si.docx
 
According to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docxAccording to Ronald Story and Bruce Laurie, The dozen years between.docx
According to Ronald Story and Bruce Laurie, The dozen years between.docx
 
According to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docxAccording to Kirk (2016), most of your time will be spent work with .docx
According to Kirk (2016), most of your time will be spent work with .docx
 
According to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docxAccording to the Council on Social Work Education, Competency 5 Eng.docx
According to the Council on Social Work Education, Competency 5 Eng.docx
 
According to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docxAccording to Kirk (2016), most of our time will be spent working.docx
According to Kirk (2016), most of our time will be spent working.docx
 
According to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docxAccording to Kirk (2016), most of your time will be spent working wi.docx
According to Kirk (2016), most of your time will be spent working wi.docx
 
According to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docxAccording to Davenport (2014) the organizational value of healthcare.docx
According to Davenport (2014) the organizational value of healthcare.docx
 
According to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docxAccording to the authors, privacy and security go hand in hand; .docx
According to the authors, privacy and security go hand in hand; .docx
 
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docxAccording to Gilbert and Troitzsch (2005), Foundations of Simula.docx
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
 
According to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docxAccording to Klein (2016), using ethical absolutism and ethical .docx
According to Klein (2016), using ethical absolutism and ethical .docx
 
According to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docxAccording to Franks and Smallwood (2013), information has become.docx
According to Franks and Smallwood (2013), information has become.docx
 
According to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docxAccording to the Council on Social Work Education, Competency 5.docx
According to the Council on Social Work Education, Competency 5.docx
 
According to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docxAccording to the authors, privacy and security go hand in hand; and .docx
According to the authors, privacy and security go hand in hand; and .docx
 
According to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docxAccording to recent surveys, China, India, and the Philippines are t.docx
According to recent surveys, China, India, and the Philippines are t.docx
 
According to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docxAccording to the authors, countries that lag behind the rest of the .docx
According to the authors, countries that lag behind the rest of the .docx
 
According to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docxAccording to Peskin et al. (2013) in our course reader, Studies on .docx
According to Peskin et al. (2013) in our course reader, Studies on .docx
 
According to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docxAccording to Franks and Smallwood (2013), information has become the.docx
According to Franks and Smallwood (2013), information has become the.docx
 
According to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docxAccording to Ang (2011), how is Social Media management differen.docx
According to Ang (2011), how is Social Media management differen.docx
 
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docxAccording to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx

  • 1. Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine Compliance Risk Assessment: Case Studies and Third Party Risk Announcements Tuesday, November 22 is our last class and it will be a Laboratory Class in which you will participate in mock interviews. Consider it a Moot CRA. More details next week. You have turned in four assignments that have been graded; although your second graded assignment does not have to count. That grade was still recorded and I will drop your lowest of the four grades to calculate your total written assignment component (25%) of your overall grade for the course. Course evaluations are starting and you are STRONGLY urged, encouraged and begged to complete your evaluation of this course. http://law.fordham.edu/evaluate
  • 2. Recap of Class 1 Pfizer Case Study and Compliance Risks Legal and Regulatory Incentives/Conflicts of Interest Political Failure of Controls Reputational Recidivism Point of Sale/Distribution Definitions Compliance Risk is the risk of failing to comply with applicable legal or regulatory requirements resulting in a material loss (financial or reputational) or legal/regulatory sanction A Compliance Risk Assessment is a framework to enable the evaluation and analysis of the overall Compliance risk (both inherent risks and control effectiveness) associated with a particular business area
  • 3. Recap of Class 2 The Five Elements of an Effective Compliance Program Tone at the Top Enron Chronology: July 1985 Enron established through merger and by November 2006 entire senior management team has either been indicted or convicted with Enron and Arthur Andersen no longer operating Corporate Culture and Communication Codes of Conduct set the values for employees to follow and those values are based on Compliance Risk. 3. Compliance Risk Assessment 4. Testing and Monitoring 5. Chief Compliance Officer Case Study: HSBC Financing drug cartels Permitting sanctioned regimes to process dollar payments Claw back of compensation (including Compliance Officers) Criminal charges for “failure to maintain an effective AML program” Recap of Class 3 Compliance Tools/Controls Advisory Function Coverage of Front Office and Technology, Finance and Operations Conflicts of Interest -- A Deep Dive
  • 4. Conflicts of interest are inherent in the financial services business Historical success of the industry has been managing these conflicts by eliminating or disclosing them Top to bottom review of business operations to address conflicts of interest of every kind Risk Assessments Follow-Up Policies and Procedures Education and Training Compliance Surveillance and Business Unit Review and Testing ‹#› Recap of Class 4 A Compliance Risk Assessment is a framework to enable the evaluation and analysis of the overall Compliance risk (both inherent risks and control effectiveness) associated with a particular business area 1. Identifying Business Area(s) and Metrics 2. Mapping Applicable Rules 3. Identifying Key Compliance Risks and Themes 4. Defining a Controls Inventory 5. Rating Control Effectiveness
  • 5. 6. Determining Residual Risks 7. Scoring, Rating and Reporting It’s All About the Questionnaire . . . Compliance Risk Assessment Steps Identify Business Area and Metrics Map Applicable Rules Identify Key Compliance Risks & Themes Define Controls Inventory Rate Controls Effectiveness Determine Residual Risk Score, Rate and Report
  • 6. Phase 2 of the Course Assignments Listen carefully in class as assignments will be based on material from the sector presented. Sector Risk Listen and assimilate the material/lecture through the lens of the types of risks each of the areas present, as well as the corresponding controls – the 3/4 central boxes of the CRA Diagram Be a proactive listener and ask questions or provide comments Make notes of questions that you have or comments to discuss later Compliance Risk Assessment Steps Identify Business Area and Metrics Map Applicable Rules Identify Key Compliance Risks & Themes Define Controls Inventory Rate Controls Effectiveness
  • 7. Determine Residual Risk Score, Rate and Report Recap of Class 5 Financial Services Regulation Banking Services Deposit Taking Lending Fund Transfers, checking Securities and Investments Buying and selling stocks, bonds Participating in Capital Markets transactions Investment Advisory Activities Investment Company Activities Federal Reserve, OCC, SEC, FINRA and CFTC, plus Exchanges FINRA Regulatory Regime Supervision Self-Reporting Case Study: Prospectus Delivery
  • 8. ‹#› Recap of Class 6 Anti-Money Laundering and Financial Crime Risk and Controls Anti-Money Laundering Rule Mapping: Bank Secrecy Act, USA PATRIOT Act, EU Directives Proceeds of Crime Act Elements: Proceeds of crime used in banking system Inherent Risks of Clients – Client Lifecycle (Onboarding, Processing Transactions, Refreshing Information) Geographical Location Type of Client Products and Services Client Identification serves as the primary control: KYC -- Client Due Diligence and Enhanced Due Diligence Sanctions Rule Mapping: OFAC, United Nations and EU Directives Elements: Penalties imposed by one country on one or more other countries/individuals Client Screening as a control Anti-Bribery and Corruption (ABC) US Foreign Corrupt Practices Act, UK Anti-Bribery Laws Elements: Giving or receiving something of value to influence an official in the discharge of his/her public or legal duties Client Identification Suspicious Transaction Reporting Filing a report with the appropriate regulatory authority when suspicious activity is identified Strictly prohibited to disclose the filing of the report to parties involved
  • 9. ‹#› Recap of Class 7 Anti-Corruption Rule Mapping US Foreign Corrupt Practices Act UK Bribery Statute Travel Act, Mail/Wire Fraud and Money Laundering A Closer Look at the FCPA Anti-Bribery Books and Records Internal Controls FCPA Elements Offer, Promise or Give Anything of Value Directly or Indirectly with “Knowledge” To a Foreign Government Official To Influence the Official To Obtain or Retain Business Case Studies Glaxo Smith Kline and Nu Skin BNY Mellon, Och Ziff and Morgan Stanley ‹#› Recap of Class 7 Insider Trading Definitions Inside Information is material information that relates to the securities of an issuer that is not publicly known -- MNPI
  • 10. What is Material? Insider Trading is the buying or selling of a security with the intent to deceive and in breach of a fiduciary obligation or other relationship of trust while in possess of material non- public information Rule Mapping Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 promulgated thereunder Prohibits fraud in connection with a purchase or sale of securities Rule 14e-3 Prohibits trading when you have MNPI about a tender offer, if you got that information directly or indirectly from someone involved in the tender offer Section 16 Insider liability for short-swing profits (purchase/sale within 6 months) Regulation FD Prohibits selective disclosure by companies Controls Information Barriers -- Private Side and Public Side The Control Room Watch and Restricted Lists Employee Trading Surveillance Case Studies Galleon Merck ‹#› Recap of Class 8
  • 11. Pharmaceutical Regulation Prohibited Acts Adulteration Misbranding Definitions of “Drug” and “Device” Drug – Intended Use/Intended to Affect Medical Device – No Chemical Action Drug Regulatory Framework Enforcement Tools Advertising and Promotion Good Manufacturing Practice Good Clinical Practice Related Compliance Risks False Claims Act The Park Doctrine Corporate Integrity Drug Supply Chain Act ‹#› Recap of Class 9 Employment Law Compliance Rule Mapping Entitlement Laws Anti-Discrimination Laws Whistleblower Laws National Labor Relations Act and Work Place Safety (OSHA – Occupational Safety and Health Act) Immigration, Tax and common law
  • 12. Pre-Employment Background Checks: Fair Credit Reporting Act; Criminal Background: Ban the Box; Credit Checks; FINRA Health: Americans with Disabilities Act; Drug Tests Right Fit for the Job: Anti-Discrimination, Equal Employment Opportunity Act; Personality Assessments Ability to Work: US Immigration Reform and Control Act (IRCA) Employment “At Will” Employment Anti-Discrimination Harassment Retaliation Entitlements Whistleblower Post-Employment Lawful Terminations Former Employee Risks: Confidential Information Intellectual Property Disparagement Unfairly competing/soliciting employees/clients Defamation ‹#› Overview of Key Employment Laws Anti-Discrimination Laws Entitlement Laws (Wage and Hour; Leave of Absence; Benefits) Whistleblower Protections National Labor Relations Act (NLRA) (Unions) Workplace Safety (OSHA) ‹#›
  • 13. Overview of Key Employment Laws Immigration Tax Miscellaneous Other Statutes and Regulations Background checks Protection of private information Many more . . . . Patchwork of Overlapping State and Local Employment Laws Common Law Contract Negligence (including negligent hiring) Torts ‹#› The Three Phases of The Employment Relationship Pre-Employment/On-boarding Employment Termination/Post-employment At Each Phase: Identify the business aim Identify the legal/compliance framework Identify the risks: people risks process risks ‹#› Background Checks Generally not obligatory in private sector. Business reasons for conducting them: Properly vetting the applicant (avoiding “people risks”) Possible legal exposure for not properly vetting:
  • 14. Respondeat superior liability: Employee acting within scope of job Negligent hiring: Employee acting outside scope of job ‹#› Background Checks – Process Regulations The Fair Credit Reporting Act (“FCRA”) Applies to background checks conducted by a background screening company Employers must: Disclose that it will obtain a background report Obtain written consent from the applicant Provide the applicant with the report and wait a reasonable amount of time before acting Provide written notice of adverse action ‹#› Background Checks – Substantive Regulations Restrictions on criminal background checks “Ban the Box” laws Hawaii Illinois Massachusetts Minnesota New Jersey Oregon Rhode Island New York City *Most of these laws exempt certain jobs (e.g., FINRA Reps; law enforcement) *Some of these laws (e.g., NYC) allow for inquiries later in the hiring process
  • 15. ‹#› 21 Background Checks – Substantive Regulations Laws that require individual assessment (no automatic bar) e.g., (NY Corrections Law 23-A) (3) Does a criminal conviction disqualification discriminate based on race? U.S. Equal Employment Opportunity Commission 2012 Enforcement Guidance recommends: eliminating disqualification based on ANY criminal conviction developing narrowly tailored policies ONLY excluding applicants with certain criminal convictions from certain jobs EEOC v. BMW (Dist. S.C.) (EEOC sued BMW for overbroad exclusion of applicants with criminal convictions) (settled Sept. 2015) ‹#› Background Checks – Substantive Regulations Credit Checks Permitted under federal law (subject to compliance with FCRA procedures) Prohibited in 11 state and many local jurisdictions (including NY) Exemptions for certain positions and if mandated by law ‹#› Background Checks – Substantive Regulations Special Rules for FINRA Registered Representatives (FINRA
  • 16. Rule 3110(e) (approved by SEC effective 7/1/15) Firms must: investigate the “good character, business repute, qualifications, and experience” of an applicant. adopt written procedures that are reasonably designed to verify the accuracy and completeness of the information contained in an applicant’s Form U4 (Uniform Application for Securities Industry Registration or Transfer). conduct a national search of reasonably available public records to verify the accuracy and completeness of the information contained in an applicant’s Form U4. ‹#› Health Information Americans with Disabilities Act (ADA) Regulates pre-employment inquiries and medical examinations (3 stages): pre-conditional offer: no inquiries or medical exams post-conditional offer: permitted as along as required of everyone in job category post-hire: only if the inquiry is job related The Genetic Information Nondiscrimination Act of 2008 (GINA) Prohibits discrimination based on genetic information Prohibits employers from asking about genetic information (with narrow exceptions) A Difficult Case: United Airlines and CEO Oscar Munoz ‹#› Drug Testing Types of drug tests: pre-employment random
  • 17. post-accident reasonable suspicion periodic return to duty ‹#› Drug Testing Federal Laws: ADA: a drug test is not a “medical examination” Drug Free Workplace Act of 1988 Applies to certain federal contractors and all federal grantees Does not mandate drug testing Mandated for certain types of jobs (e.g., truck drivers) State Laws: Patchwork of laws Uncertain impact of legalization of medical marijuana ‹#› Making Sure the Applicant is the Right “Fit” – the Interview All Equal Employment Laws Prohibit Discrimination in the Application Process Based on race, gender, national origin, color, religion, disability, age, citizenship (federal); and sexual orientation, marital status (many states) Applies to: hiring, job advertisements, recruitment, testing and training. Problematic Interview Questions (N.Y.S. Div. on Human Rights 1993): How old are you? Do you wish to be addressed as Miss? Mrs.? Ms.? Are you married? Inquiry into applicant’s ancestry, national origin or nationality
  • 18. Inquiry into applicant’s religious affiliations or religious holidays observed Where were you born? Are you a U.S. citizen? What year did you graduate? What is your native language? ‹#› Making Sure the Applicant is the Right “Fit” – Formal Personality Assessments Personality Assessments: Tests used to assess personality, skills, cognitive abilities and other traits. Used to test the personalities of about 60% to 70% of prospective workers in the U.S. (up from 30% to 40% about five years ago). Typical scaled questions: Your mood often changes without your knowing why People say unfair things about you when you are not there You have difficulty sleeping because of your worries You often feel that certain people are trying to take advantage of you Legal Issues: Is the personality assessment an inquiry into disability in violation of the ADA? Does the personality assessment tend to disproportionately screen out applicants based on gender or race? EEOC v. Target (settled 8/24/15; $2.8 million) ‹#› Can the Applicant Take the Job? Immigration Reform and Control Act of 1986 (IRCA):
  • 19. Employers can only employ workers authorized to work in the U.S. Employers must timely complete Form I-9 Employer must verify expiring or expired employment authorization documents But employers cannot discriminate based on national origin or citizenship status Is the applicant subject to an enforceable non-competition agreement with a prior employer? The applicant is at risk for breach of contract The (new) employer is at risk for tortious interference with contract ‹#› “At-Will” Employment At-will employment: Either employer or employee may terminate the employment relationship for any reason or no reason. Can be either confirmed or vitiated in a contract, employee handbook, collective bargaining agreement Even if employment is “at-will,” employer cannot terminate for a reason prohibited by law (e.g., discrimination, retaliation or for whistleblowing). What employers do in order to confirm at-will employment: recite “at will” employment in offer letter or employment contract and reinforced in employee handbook ‹#› Anti-Discrimination Laws Federal:
  • 20. State and Local: marital status sexual orientation gender identityStatuteProtected CharacteristicsTitle VII of the Civil Rights Act of 1964Race, color, national origin, sex, religion Pregnancy Discrimination ActPregnancyADADisabilityAge Discrimination in Employment ActAge 40 and over IRCACitizenship status GINAGenetic disposition The Uniformed Services Employment Reemployment Rights Act of 1994 (USERRA)Military service ‹#› Anti-Discrimination Laws Types of discrimination: Failure to hire Termination Failure to promote Demotion Compensation Discriminatory employment terms and conditions (e.g., transfer, training) Harassment Failure to provide reasonable accommodation (religion and disability) Retaliation Theories of discrimination: Disparate treatment: Employee is intentionally subjected to less favorable treatment because of protected class status Disparate impact: A seemingly neutral policy or practice
  • 21. unduly disadvantages individuals on the basis of their protected class (e.g., minimum height requirements may have a disparate impact on women) ‹#› The Americans with Disabilities Act – Some Unique Considerations What the law prohibits: Discrimination based on disability Discriminatory Standards Associational Discrimination What the law requires: Reasonable Accommodation for disabled employees ‹#› The Americans with Disabilities Act – Some Unique Considerations Challenges: What constitutes a protected disability? a physical or mental impairment that substantially limits a major life activity history of disability regarded as having an impairment What is a reasonable accommodation? A workplace change that enables a disabled employee to perform the essential functions of the job Not required if it constitutes an undue hardship A key compliance challenge: reasonable accommodation may require exceptions to established policies ‹#› Anti-Discrimination Laws – Harassment
  • 22. Two forms: Quid pro quo harassment: “this for that” Hostile work environment: A workplace characterized by harassment that is: Unwelcome Because of protected class status Attributable to the employer Severe or pervasive ‹#› 36 Anti-Discrimination Laws – Harassment Liability of employer: If harassment is by co-worker: negligence standard If harassment is by supervisor: quid pro quo or tangible employment action strict liability hostile work environment, employer can avoid liability if: The employer exercised reasonable care to prevent and promptly correct the harassing behavior The employee unreasonably failed to take advantage of preventative or corrective opportunities provided by the employer The Faragher/Ellerth affirmative defense policies complaint procedure ‹#› Anti-Discrimination Laws – Retaliation Elements of a retaliation claim: Employee engaged in protected activity
  • 23. complained of discrimination or harassment internally filed a complaint with an agency or in court participated in an investigation Adverse employment action following protected activity (e.g., fired, demoted) Causal connection between (1) and (2) ‹#› Employee Entitlements The Family and Medical Leave Act 12 weeks of unpaid leave in a 1 year period Reasons for leave: Employee’s serious health condition Care for family members with serious health conditions Leave related to pregnancy, birth, adoption Written policy required Workers Compensation – injury and work loss compensation system (state law) Unemployment Benefits – state law Disability Benefits – state law Affordable Care Act Minimum essential coverage for full-time employees and their dependents Coverage that is affordable and provides minimum values USERRA: unpaid leave (up to 5 years) for military service; reinstatement obligations Fair Labor Standards Act (FLSA) ‹#› FLSA – Special Considerations FLSA Basics: Establishes minimum wage Requires that blue-collar (“non-exempt”) employees be paid
  • 24. overtime (1.5x regular rate) after working 40 hours in a single work week Recordkeeping obligations FLSA Challenges: employee or independent contractor? Employee or intern? overtime eligible or “exempt” from OT (white collar exemptions): Administrative employees Executive employees Professional employees Computer professionals Outside sales employees Most pharmaceutical sales reps (Christopher v. SmithKline Beecham Corp., S. Ct. 2012) ‹#› 40 Whistleblower Protections – Public Companies and Financial Services Sarbanes-Oxley Act (SOX) Dodd-Frank Two types of protected conduct: Reporting Corporate Wrongdoing Participating in Proceedings Employee reports conduct that she “reasonably believes” is a violation of a “covered law” mail fraud wire fraud bank fraud securities fraud violation of SEC rules or regulations
  • 25. fraud against shareholders Dodd-Frank includes protection of employees involved in selling consumer financial products or services Open issue: does internal reporting qualify as protected activity? ‹#› Whistleblower Protections – Public Companies and Financial Services Examples of violations that can be the basis of a whistleblower claim: Market manipulation Insider trading Misstatements or omissions in disclosures Corporate mismanagement resulting in breach of fiduciary duty to shareholders Fraudulent accounting practices Fraud by an employer’s customer: J.P Morgan money laundering case FedEx mail fraud case ‹#› Whistleblower Protections – Pharma Violations that can be subject to whistleblowing: Failure to Comply with Current Good Manufacturing Practices (“cGMPs”): Regulations to ensure proper design, monitoring, and control of pharma manufacturing processes and facilities Off-label Marketing: Marketing or promoting a drug for a use that the FDA has not approved Kickbacks: Paying physicians or others to order or recommend drugs that may be paid for by a federal healthcare program False Claims Act: Qui Tam “Relator” Complaints
  • 26. Retaliation Against Relators ‹#› Lawful Termination of Employment Defense of the legitimate business decision: Documented performance problems? Progressive discipline? warnings? Compliance with disciplinary processes? Temporal proximity to protected activity? (the retaliation concern) Exposure to a potential discrimination claim? comparison to “similarly situated” employees outside of protected class “stray remarks” consider the demographics of the department Identify and maintain relevant documents, including policies and performance reviews, warnings ‹#› Lawful Termination of Employment Enforceable separation agreement and release of claims? Consideration ($ not otherwise entitled to) Plainly worded Reasonable time to consider Special rules for release of ADEA claims Not all claims can be releases (e.g., FLSA, workers compensation, whistleblower) Overbroad confidentiality provisions may be challenged by EEOC, NLRB, SEC ‹#›
  • 27. 45 Risks Posed by Former Employees Disclosure or unauthorized use of confidential information and trade secrets Have the employee execute a confidentiality agreement at hire Employee claims ownership of intellectual property she developed while employed Have the employee execute a “work-for-hire” agreement Disparagement of company, products, employees Have the employee execute a non-disparagement agreement (in employment or separation agreement) ‹#› Risks Posed by Former Employees Working for a competitor or unfairly competing Have the employee execute a non-competition agreement not enforceable in certain states (e.g., CA) generally disfavored by courts most courts require a “protectable interest” beyond desire to limit competition restrictions must be narrowly tailored in terms of geographic scope and time period Soliciting business’s employees or customers Have the employee execute a non-solicit agreement in addition to or in lieu of a non-competition agreement courts are more likely to enforce, but still generally impose a reasonableness requirement ‹#›
  • 28. Wells Fargo Update Part 4 FINRA Form U-5 Filings Form U-5s are required to be fired when a FINRA registered employee leaves a FINRA registered organization. Form U-5s must give provide information about the employee’s departure. Was it Voluntary or Involuntary? If involuntary, did it relate to a violation of law, rules or internal policy? The U-5 also asks for a description. Senators are now asking how many of the approximate 5000 terminated Wells Fargo employees in the Cross-Selling matter were registered and would have required the filing of a Form U- 5. Answer is about 600 but the problem is that 400 of the U-5s did not accurately disclose what happened. The next question was whether someone at Wells Fargo reviewed the U-5s for trends and patterns – particularly the 200 that were accurate Isn’t what the Senators are suggesting is that the Form U-5 filings are helpful metrics? Discussion of Assignment 8 Develop a background checklist for an entry level employee at your company and then draft a table of contents for an employee
  • 29. handbook based on the employment law topics discussed in class. Background Checklist should be 2-3 pages and include the information you would like to know about a potential employee that is also legally permissible. Table of Contents for the Employee Handbook should cover the appropriate areas of Employment Law discussed in the employee law risk lecture. Glaxo Smith Kline -- Sex, Bribes and Videotape November 2, 2016 news story in The New York Times outlines bribery allegations from a whistleblower that the Board failed to act on and a smear campaign on the supposed whistleblower Allegations gain credibility when a videotape surfaces involving the Head of GSK China having sex with a partner allegedly procured by a travel agency GSK was using to facilitate the bribery . . . But there’s more . . . look back to GSK’s $3 billion settlement in 2012 . . . GSK Case Study
  • 30. Also, review the GSK story in the New York Times and then research GSK’s 2012 $3 Billion settlement relating to Paxil, Wellbutrin and Avandia GSK Settlements: Come to class prepared to present the issues raised in both the 2012 and 2016 Settlements focusing your presentation on indentifying the compliance risks in each of the settlements and the Compliance Program elements that could have prevented them. Also, you should be prepared to discuss how a Compliance Risk Assessment would or could have pre- identified these risks. In class on November 9, I will select a group of three to discuss the 2012 settlement and another group of three to discuss the 2016 settlement. Selection will be random. Those not selected to present will be expected to contribute and participate in the discussion. ‹#› Third Party Risks Overview Who are third parties? What are the risks that are associated with third parties? What are the controls for third party risks?
  • 31. ‹#› Third Party Risks Who are third parties? Clients? Employees? Those parties with whom the company has an association or relationship that is neither a client/customer or an employee. Suppliers Vendors Distributors Agents Consultants Joint Venture Partners ‹#› Third Party Risks What are the risks of doing business with third parties? Association Risks Solvency Risks Competency Risks Compliance Risks These four risks lead to the following broader risks: Financial Risks Regulatory Risks Reputational Risks Variable Factors to Consider Extent and level of relationship Special characteristics/considerations of third party (e.g.,
  • 32. jurisdiction, regulated, etc.) ‹#› Third Party Risks JP Morgan Chase/Madoff Case Study Background -- Exhibit B; Page 3 Paragraphs 7-8 Madoff as Third Party -- Exhibit C; Page 8 Paragraphs 33-36 Understanding the JPMC Madoff Linked Structured Product (linked to the performance of Madoff Hedge Fund) Madoff as Client Exhibit C; Page 2 Paragraphs 7 – 12 and 22-28 Understanding the account balance inflation arrangement Suspicions Begin Exhibit C Page 9 Paragraphs 37-53 And the third party risks for JPMC become real ‹#› Third Party Risks JP Morgan Chase/Madoff Case Study Understanding the JPMC Structured Product (linked to the performance of Madoff Hedge Fund)
  • 33. Client buys a 3 year fixed income note in the principal amount of $500,000 (bond that is issued by JPMC) that pays 2% interest Client and JPMC agree that interest payments will be treated as if the 2% interest payment is invested in the Madoff Hedge Fund JPMC Note matures in 3 years and client receives the principal amount of note plus any money that might be due from being linked to the Madoff Fund Client buys $500,000 note With $10,000 in Interest JPMC treats $10,000 interest payment as if it were invested in Madoff Note matures and client receives principal back plus returns of Madoff This is a derivative instrument ‹#› Third Party Risks JP Morgan Chase/Madoff Case Study What are the risks posed by Madoff as a Third Party to JP Morgan Chase?
  • 34. What are the controls to mitigate/manage that risk? ‹#› JP Morgan Chase Madoff Hedge Fund linked to JPMC Structured Products Madoff Securities as JPMC Client Third Party Risks Examples of Other Third Party Relationships Controls for Third Party Risk Management Policies and Procedures Due Diligence (perhaps modified from regular client due diligence or perhaps not depending on the complexity and level of association) Written Agreement On-going monitoring Periodic Review of Relationship and Controls Laboratory: Design the components of a policy to manage third party risk at Merck.
  • 35. ‹#› Third Party Risks Back to the JPMC/Madoff Case Study The Rest of the Story Deferred Prosecution Agreement with JPMC over its AML Program and failure to file SARs $1.7 billion in penalties Our class comes full circle . . . Compliance Program Exhibit C Paragraphs 13-21 KYC: Exhibit C Paragraphs 22-28 The Check Scheme Due Diligence of Clients and Third Parties (Exhibit C and Paragraph 32 and then Paragraphs 37-53) Client and Provider information sharing Penalty of JPMC Who accepted the Deferred Prosecution Agreement? ‹#› Third Party Risk: A Risk Topic or Risk Driver? Third Party Risk resembles Client Risk Think back to AML and Client ID The type of client (high risk, low risk) tends to drive inherent risk PEPs Clients from sensitive countries Third Party Risk is similar to AML/Client ID The type of third party relationship tend to drive inherent risk Geographic jurisdiction of third parties
  • 36. Regulated Status Public or private company ‹#› Third Party Risk: A Risk Area or Risk Driver? Third Party Risk resembles Client Risk Think back to AML and Client ID The type of client tends to drive inherent risk PEPs Clients from sensitive countries Third Party Risk is similar to AML/Client ID The type of third party relationship tends to drive inherent risk Geographic jurisdiction of third parties Regulated status Public or private company ‹#› Intellectual Property Overview What is “Intellectual Property?” Black’s Law Dictionary: Category of intangible rights protecting commercially valuable products of the human intellect Inventions Creative Expressions Trademark For which there is a public interest in conferring property right s on the creators
  • 37. What are the primary legal protections associated with intellectual property? Patent Copyright Trademark Also includes trade secrets, trade dress and publicity rights, ‹#› Intellectual Property Overview Rule Mapping for IP US Patent Laws US Trademark Act of 1946 Patent Cooperation Treaty 1978 World Intellectual Property Organization (UN) US Copyright Act of 1976 Digital Millennium Copyright Act of 1998 Berne Convention for Copyrights Protections Patents for 14 years from the date of filing EXCEPT for food and drugs which is 7 years from the date of filing or 5 years from the date of patent whichever is earlier Copyright is generally 70 years after date of creation in a fixed, tangible form Questions abound about what is patentable/protectable ‹#› Intellectual Property and Pharmaceuticals Hatch – Waxman Act of 1984 (the Drug Price Competition and Patent Term Restoration Act)
  • 38. Designed to speed up generic drugs to compete with patented pharmaceuticals Established the Abbreviated New Drug Application (“ANDA”) Abbreviated Process for Generics Generic manufacturer files an “Abbreviated New Drug Application” that must demonstrate: The generic is “bioequivalent” to the protected drug AND The patent is invalid or will not be infringed If the original patent holder decides to challenge the ANDA, the ANDA is then given a 30 month stay while patent owner can challenge the bio-equivalency and patent claims in court ANDA Filer receives a 180 day exclusivity ‹#› Intellectual Property and Pharmaceuticals What are the IP Risks? Loss of money and market share if intellectual property is not properly protected Subject to penalties and litigation when a company infringes another company’s properly protected intellectual property Special considerations for generic drug applications Downstream consequential risk: Off-label marketing Controls Policies and procedures Training for Research and Development Employees Monitoring of R&D activities Market surveillance for infringement by others ‹#› Third Party and Intellectual Property Risks
  • 39. Third Party Risk Controls Policies and Procedures Written Agreement Due Diligence (perhaps modified from regular client due diligence or perhaps not depending on the complexity and level of association) On-going monitoring Periodic Review of Relationship and Controls IP Risk Controls Policies and procedures Training for Research and Development Employees Monitoring of R&D activities for infringement Market surveillance for infringement by others ‹#› Classes 11 and 12 Class 11 A Closer Look at Metrics and Inherent Risk Rating and Reporting the Risk Assessment Putting It Together: CRA from Start to Finish and Preparing for the Laboratory Exam Discussion Class 12 CRA Laboratory Employee Interviews for Inherent Risk and Control Effectiveness Determining Residual Risk
  • 40. ‹#› Assignment 9 (final scored assignment) Draft notes and questions for an interview with a senior executive in charge of manufacturing in your pharmaceutical company about the use of third party suppliers. Be prepared to hand in this assignment at the beginning of class on November 23. Drafting questions for an interview with a senior executive. Start with questions about the basics of the business unit that the senior executive is in charge of Move next to questions about the risks presented by the use of third party providers Remember to have questions that seek to determine the variable factors of complexity and extent of the third party relationship Move to questions about the controls in place for third party providers – remember the critical piece is assessing the effectiveness of the controls Try to have your questions logically follow each other and avoid jumping around Use topic headers to signal a change in subject area of your questions Use notes to explain additional information/potential answers/analysis behind questions/decision behind not asking ‹#›