Role of compliance in Pakistan
Syeda Uzma Gardazi (page 26)
» Unauthorized disclosures of patient information
by doctors within the Pakistani healthcare industry
can be greatly reduced with increased compliance
standards and stronger cyber security laws.
» Comparing US and EU data privacy laws to Pakistani
data privacy laws can identify compliance gaps.
» Comparing the US Health Insurance Portability
and Accountability Act (HIPAA) with the Pakistani
Data Protection Act Draft can reveal program
» Pakistan needs to focus on ecommerce, data
protection, data transfer, and data breach
regulations to prepare for the Brexit impact.
» Additional improvements need to be added to the
Pakistani Data Protection Act 2005 to enhance data
security compliance within Pakistan.
Strengthening workplace dignity
with anti-retaliation monitoring
Julia Tate and Dan Lopez (page 30)
» Dignity in the workplace is necessary to achieve a
fully realized work life.
» Developing a retaliation-free workplace helps to
ensure individuals are treated with dignity.
» A formal program for anti-retaliation monitoring and
reporting nurtures a speak-up culture.
» Component steps of a program are preparing
to respond to an incident, investigation and
monitoring, and creating a report of findings and
» Clear accountability from corporate leadership
helps to ensure your program is positioned to
nurture dignity in the workplace.
Cosmetic compliance and the
anti-money laundering debacle
Ibrahim Yeku (page 42)
» Organizations must adopt ethical best practices as
part and parcel of their business culture.
» The best way to establish commitment is to allow
individual units or departments to be the primary
» Using ethics and compliance to drive performance
among employees is an antidote to compliance
» The little things must matter if an ethical culture is to
be developed and sustained within an organization.
» Organizations must learn to celebrate ethical
achievements and provide special incentives for
people who achieve results within the framework of
acceptable ethical values of the organizations.
More carrots, fewer sticks:
DOJ’s revised FCPA Corporate
Teri Cotton Santos (page 46)
» The Department of Justice has announced it
will extend and codify the 2016 Foreign Corrupt
Practices Act pilot program.
» Under this new enforcement policy, there is a
“presumption” of a declination for companies that
voluntarily disclose suspected non-compliance,
cooperate with the government in the investigation,
» Even companies that do not voluntarily self-disclose
may be entitled to leniency based on cooperation
and remediation efforts.
» Remediation includes implementing an effective
compliance program, with an emphasis on root
cause analysis, culture and independence of the
» These new incentives will likely re-shape the way
companies design, implement, and measure their
To err is human: How compliance
programs affect your employees
Michael Bret Hood (page 50)
» Many compliance programs fail to take into account
the natural and automatic human behaviors that
occur in the subconscious.
» An overaggressive compliance program can lead
employees to evade compliance protocols as they
experience psychological reactance, the personal
motivation to regain a freedom after it has been
» A compliance program that aims to govern
employee behavior through monitoring, detection
systems, and the threat of punishment could lead
employees to suffer from the reverse Pygmalion
effect, which is a tendency to live down to lowered
» When organizational values and employee values
align, the brain responds by making compliance
“the right thing to do” and not just “what should
» If management commits to honesty and integrity
as well as exhibiting a willingness to listen
to employees who report policy violations,
organizational commitment and attitudes toward
the compliance program improve substantially.
UK Bribery Act 2010:
An analysis of Section 7
Venkat Pillai (page 54)
» As per Section 7 of the UK Bribery Act 2010, the
onus is on the commercial organization to prove
that there were indeed procedures to prevent
» The UK Bribery Act is principle-based.
» The relevant principles include proportionate
procedures, top-level commitment, risk assessment,
due diligence, communication and training, and
monitoring and review.
» The underlying assumption is that the act of bribery
can be prevented.
» Where there is indeed an act of bribery committed
by the associated person, then it becomes a case
of deemed probabilities as a defense for the
Practical considerations for
implementing an internal fair
market value policy
Segev Shani (page 60)
» The term fair market value (FMV) is easily
understood, but quantifying the value considered to
be “fair” in different contexts is very complicated.
» Although FMV is usually perceived as related to
a service provider’s compensation, many other
transactions such as meals, accommodation, and
other expenses should be of fair value to avoid
being considered as a bribe.
» Variance in geographic origins, a territory’s
economy, corporate culture, industry sector, etc.
can lead to different values being considered as fair
by an organization.
» It should be clear that when determining if a
payment is reasonable, there is no distinct figure
that is the accepted rate, but rather a range from
which the exact rate to be paid is selected.
» A robust FMV policy should demonstrate a
consistent and logical methodology applied
to determining allowed payments, including
the establishment of internal thresholds for
Three things are certain: death,
taxes, and cyber breaches
Megan M. Moloney (page 63)
» Cybersecurity is everyone’s responsibility.
» Compliance professionals must dial in and become
aware of and engaged in their organization’s cyber
» Things will go better for organizations that
communicate in an accurate, timely, and honest
» Although determining when to contact the
government may be challenging in certain
situations, more cooperative organizations
generally fare better in a variety of ways.
» A number of key government resources are
available to you.
July 2018 Takeaways
Tear out this page and keep for reference, or share with a colleague. Visit www.corporatecompliance.org for more information.
Compliance & Ethics