recruitment

now browsing by tag

 
 

DOJ Emphasizes Adequate Funding in Updated Compliance Guidance | Health Care Compliance Association (HCCA) | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | #

Source: National Cyber Security – Produced By Gregory Evans

Report on Medicare Compliance 29, no. 21 (June 8, 2020)

Whether an organization shows its commitment to compliance with dollars is a new focus of the second update to guidance on evaluating compliance programs from the Department of Justice (DOJ). In its updated Evaluation of Corporate Compliance Programs,[1] released June 1, DOJ indicates that adequate funding of the program and its people helps distinguish between a paper and an active program.

The guidance is used by white-collar prosecutors who evaluate compliance programs when deciding whether to file fraud charges and what the charges should be. Compliance officers also use the guidance to benchmark their organization’s compliance program. DOJ published the first version in 2017 and revised it in April 2019. The Evaluation of Corporate Compliance Programs modifies the Principles of Federal Prosecution of Business Organizations in the Justice Manual.[2]

There are detailed questions about compliance programs in the guidance, which is organized around three “fundamental questions” that prosecutors try to answer when evaluating effectiveness. The 2020 version modified the second question to refocus on resources:

  1. “Is the corporation’s compliance program well designed?“

  2. “Is the program being applied earnestly and in good faith?” In other words, is the program adequately resourced and empowered to function effectively?

  3. “Does the corporation’s compliance program work” in practice?

In elaborating on resources, DOJ explained that “prosecutors are instructed to probe specifically whether a compliance program is a ‘paper program’ or one ‘implemented, reviewed, and revised, as appropriate, in an effective manner.’ [Justice Manual § 9-28.800]. In addition, prosecutors should determine ‘whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation’s compliance efforts.’ [Justice Manual § 9-28.800].”

The emphasis on funding doesn’t come as a shock. “You would have to have adequate resources before you get to adequate or better effectiveness,” said attorney Gabriel Imperato, with Nelson Mullins Broad and Cassel in Fort Lauderdale, Florida.

Prosecutors have always factored in the funding of compliance programs, although it’s significant to see this in writing, said Kirk Ogrosky, former deputy chief of DOJ’s fraud section. “You can have compliance officers who are making a fraction of what other senior executives are making,” he said.

The guidance also encourages organizations to advance compliance at all times, even during an investigation, said former federal prosecutor Robert Trusiak, an attorney in Buffalo, New York. As DOJ states, “In answering each of these three ‘fundamental questions,’ prosecutors may evaluate the company’s performance on various topics that the Criminal Division has frequently found relevant in evaluating a corporate compliance program both at the time of the offense and at the time of the charging decision and resolution.” DOJ reinforces this point when it talks about the risk assessment. “Prosecutors should endeavor to understand why the company has chosen to set up the compliance program the way that it has, and why and how the company’s compliance program has evolved over time.”

In other words, Trusiak said, “effective compliance is not set it and forget it. Compliance is an iterative process.”

DOJ Revises Other Questions

DOJ’s revisions ripple through the rest of the document, which is loaded with specific questions about commitment by senior and middle management, risk assessments, due diligence, communication with employees, oversight of third parties and other hot topics.

For example, the 2019 guidance asked whether the organization’s risk assessment was “current and subject to periodic review? Have there been any updates to policies and procedures in light of lessons learned? Do these updates account for risks discovered through misconduct or other problems with the compliance program?”

The 2020 guidance drills down. “Is the periodic review limited to a ‘snapshot’ in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls?”

There are also more questions about how organizations ensure that policies get in the hands of employees and vendors. For example, “have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?” The stakes also are raised on employee awareness of the hotline. “Does the company take measures to test whether employees are aware of the hotline and feel comfortable using it?”

Imperato noted that DOJ “dwells a fair amount on third-party due diligence” and whether it continues after the deal is done. For example, DOJ asks, “What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post acquisition audits, at newly acquired entities?”

Questions on learning from mistakes were also tweaked. “Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?” There are other changes to questions, including, for example, about training and “monitoring investigations and resulting discipline.”

Imperato said he will attach the updated guidance to his board training, along with other documents. “This automatically becomes the benchmark…for setting up a compliance program and determining its effectiveness.”

Ogrosky noted, however, that even well-funded, effective compliance programs may fail to detect bad actors. “Fraud is a non-self-revealing offense,” he said. “The people who commit fraud at large corporations are doing it to avoid the compliance folks.” He’s referring to flat-out fraud, not a debate about whether an arrangement fits within a safe harbor, for example.

Whether fraudsters inside corporations are unmasked depends more on whether executives ask the right questions vs. looking the other way, Ogrosky said. For example, if a salesperson outperforms his or her peers 50 times over, managers should dig into it. “If a contractor is able to do what no one has been able to do, ask why, because the fraud is not self-revealing.” DOJ will expect the corporation to accept some responsibility for bad actors, even when they have good compliance programs, he said.

1 U.S. Dep’t of Justice, Criminal Div., Evaluation of Corporate Compliance Programs (Updated June 2020), http://bit.ly/2Z2Dp8R.
2 U.S. Dep’t of Justice, Justice Manual, Principles of Federal Prosecution of Business Organizations, § 9-28.000 (2020), http://bit.ly/2GtxXFt.

[View source.]

Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post DOJ Emphasizes Adequate Funding in Updated Compliance Guidance | Health Care Compliance Association (HCCA) | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | # appeared first on National Cyber Security.

View full post on National Cyber Security

Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak

shock

Source: National Cyber Security – Produced By Gregory Evans

Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak

Exclusive Global recruitment giant PageGroup says a hacker infiltrated its network and accessed job applicants’ personal information.
The miscreant broke into a development system run by IT outsourcer Capgemini for PageGroup, and was able to look up job hunters’ names,

The post Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

AP police recruitment website compromised by ‘hacking class’

AP1

Source: National Cyber Security – Produced By Gregory Evans

AP police recruitment website compromised by ‘hacking class’

HYDERABAD: The Andhra Pradesh State-Level Police Recruitment Board (APSLPRB), whose tag line is “transparency through technology”, has fallen prey to hackers. The portal is managed in Hyderabad. Three days ahead of accepting online applications (August 3) for filling Stipendiary Cadet Trainee (SCT) constable posts in various wings of AP police department through the newly launched […]

The post AP police recruitment website compromised by ‘hacking class’ appeared first on National Cyber Security.

View full post on National Cyber Security

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan. IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year.

Source: National Cyber Security – Produced By Gregory Evans

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers.   “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.”   The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director )   “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said.   As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them.   The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan.  IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year.

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan. IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year. appeared first on National Cyber Security.

View full post on National Cyber Security