CCEP Compliance and Ethics Professional Exam With Verified Answers 2024

1. These Compliance and Ethics Policies and procedures must exist: Non-Re- taliation, Record Management, Conflict of Interest, Privacy, Security, and Confiden- tiality 2. What are Compliance Officers required to do?: Maintain Compliance and Ethics polices and procedures 3. When making decisions, C.O. need to....: Consult with appropriate subject matter resources, HR, legal, finance 4. A main goal of compliance program:: Assure Alignment between organiza- tion's mission, vision, values, and the code of conduct 5. A main goal of compliance program is...: to assure alignment of the compliance and ethics strategic plan is consistent with overall business objectives. 6. A requirement for compliance program is...: to maintain a code of conduct 7. C.O. needs to ensure what?: Ensure organizational value statements reflect a committment to a culture of integrity 8. What else does a CO ensure?: The policies and procedures address regulatory and legal requirements. 9. Policies need to address what?: Interactions/relationships with third-parties, like vendors, business partners, and competitors 10. What else is required in relation to third-parties?: That contractual agree- ments include compliance and ethic standards. 11. What documentation is required of a compliance plan?: That the program is documented, like a compliance manual/outlined plan. 12. What else will a compliance program document in regards to risks?: That policies and procedures around specific identified risk area are maintained. 13. What will a compliance program document in regards to governance poli- cies?: That the governance policies for the compliance and ethics program are maintained. 14. Who does a Compliance Officer report to?: A board of directors, or audit committee 15. What does a compliance officer report and to whom?: Reports compliance and ethics activity to the internal governing body, like a board of directors/audit committee 16. Who else does a compliance officer report to?: Gives reports of compliance and ethics activity to the senior business leader, like the CEO or CFO 17. What does the CO coordinate inside the organization?: Coordinates the operational aspects of the compliance program with management, like oversight committee and senior managment. 18. Benchmarking: Collaborate with others internally and externally to institute best practices: what are others doing in their program? 19. What is the CO responsible for in regards to goals of oversight commit- tee?: To ensure the goals and objectives of the oversight committee are achieved. 20. What knowledge is needed?: Maintain knowledge of relevant laws and regu- lations 21. How is knowledge of relevant laws used?: Relevant laws and regulations are applied to the needs of the organization. 22. CO assures what about the compliance program?: That it is credible and run with integrity. 23. What must a CO recognize?: Recognize the need for outside expertise. 24. What does the governing board need to understand?: Its responsibilities related to compliance and ethics program and culture. 25. What does CO need to do in regards to Legal Counsel?: Make sure the role of counsel is defined. 26. What does the CO manage?: Manages resources for the compliance and ethics program, like finance and personnel resources. 27. What should the CO do in regards to the business?: The CO integrates the compliance and ethics program into the business. 28. Annually the CO needs to....: Develop an Annual compliance and ethics work plan. 29. To manage risks, the CO ensures the organization has processes inn place to manage identified risk areas, like conflicts of interest, privacy, anti-corruption, and anti-bribery. 30. Compliance is responsible for...: Background checks and screenings are done: new hires, substantial authority personnel, third parties, government lists. 31. The organization needs to have....: defined the authority of the compliance and ethics professional. 32. Compliance training includes: disseminate relevant information on emerging risk areas. 33. Compliance and Ethics Information should be...: communicated throughout the organization. 34. Should Compliance Training be general or targeted?: Targeted per needs; risk specific, orientation, remedial. 35. The CO needs to C&E Training: Evaluate the effectiveness of the compliance and ethics training 36. Compliance training requires that employees are aware of?: Their obligation to report misconduct. 37. Each employee needs to know....: the compliance and ethics aspects of their specific job responsibilities. 38. Compliance Dept and CO promotes...: a culture of compliance and ethics throughout the organization. 39. Compliance Dept encourages....: Encourages employees to seek guidance and clarification. 40. Compliance dept tracks what education?: participation in ongoing compli- ance and ethics training programs. 41. All compliance personnel are required to have what education?: Continuing education to maintain professional competence. 42. Compliance dept provides what training for all board members, employees, vendors, and other vendors?: Compliance and ethics training 43. What training do those who respond to questions/concerns from employ- ees need?: How to identify potential compliance and ethics issues. 44. The Compliance Officer manages what?: Manages a compliance and ethics education program. 45. The compliance training delivery needs to be...: appropriate for the audience. 46. What duty is there for internal reporting?: To protect anonymity and confiden- tiality within legal and practical limits for those reporting. 47. The reporting system must be...: publicized to all employees, vendors, and third parties. 48. What monitoring duties are there?: Monitor for organizational misconduct, like violations of applicable laws, regulations, policies, and procedures. 49. What is a Compliance Officer obligated to set up for reporting?: Ensure that systems exist to enable employees, vendors, and third parties to report any noncompliance and seek advice, like a hotline. 50. What is required to enable followup on reported issues?: Assure that processes exist to respond to compliance and ethics concerns expressed through internal reporting system. 51. A Compliance Officer is required to monitor what?: Monitor Compliance and ethics related activities, like hotline calls, training, and investigations. 52. What is Compliance required to do with the results of audits?: Analyze (track, trend, evaluate, benchmark) 53. Audits from External Entities should be...: Addressed 54. Compliance and Ethics related risks must be....: Audited and Monitored 55. Compliance officers are required to on an ongoing basis: Eval- uate the effectiveness of the compliance and ethics program 56. Exit Interviews should have....: Compliance and Ethics questions 57. What type of audit plan is needed?: A risk-based periodic compliance and ethics plan 58. One of the first things a new compliance officer needs to do is:: Assess the existing risk-based audit compliance plan to address dynamic changes in risk priorities 59. Discipline must be: proportionate to violation and consistent across the orga- nization 60. Discipline also needs to be...: fair and consistent with the organization's disci- plinary policies and procedures 61. CO's responsibility for discipline:: Assure the recommended disciplinary ac- tion is documented 62. How to encourage compliant and ethical behavior?: Use appropriate incen- tives 63. Recommend what is part of performance evaluations?: Compliance and ethical metrics 64. What must the organization have?: Non-Retaliation policy 65. What duty does the CO have in regards to retaliation?: Assure compliance with the organization's non-retaliation policy. 66. CO must respond to: Compliance and Ethics Escalations 67. CO must report....: validated instances of noncompliance through appropriate channels within the organization 68. CO does what in regards to noncompliance?: Assure management develops corrective action plans 69. CO does what in regards to corrective action plans?: Monitors effectiveness of corrective action plans 70. What can a CO do to address investigation needs?: Engage qualified re- sources 71. What should a CO do about identified problems or weaknesses in the program?: Initiate program enhancements 72. Compliance is responsible for internal: Conducting Internal Investigations 73. Compliance is responsible for government: Responding to government in- quiries and investigations 74. Compliance is responsible for records: Maintain records on compliance in- vestigations 75. Compliance coordinates what?: Assures there is coordination of voluntary disclosures to regulatory agencies. 76. Compliance and Legal duty:: Coordinate investigations to preserve applicable privileges, attorney client privilege 77. Compliance and Internal Controls: Participate in the development of internal controls aimed at preventing misconduct, like requiring dual sign-offs on certain conduct 78. Risk Assessment needs to be: Scalable and Timely for the Organization 79. Risk Assessment: CO required to....: assure periodic compliance and ethics risk assessments are conducted across the organization 80. Risk Assessment: CO must facilitate...: the integration of compliance and ethics risk assessments across all parts of the business: processes and business units 81. Risk Assessment: CO needs to prioritize...: The organizational compliance risks 82. Risk Assessment Findings Assurance?: Assure management action plans are developed and executed based on risk assessment findings 83. Risk Assessment Implementation & Management: CO required to...: Assure management implements changes to reduce risk 84. Risk Assessment Findings Reporting?: CO communicates the results of risk assessment findings to the board and management 85. Risk Assessment and Third Parties?: CO must assure Due Diligence is per- formed on third parties 86. Risk Assessment Involvement & Management?: CO must assure manage- ment is involved in the risk assessment process 87. Two parts of the SCCE Code of Ethics for CEPs: Principles and Rules of Conduct 88. Three Principles in CEP Code of Ethics: Principle I: Obligations to the Public; Principle II: Obligations to the Employing Organization: Principle III: Obligations to the Profession 89. Elements of Code of Ethics CEP: Principle I: Obligations to the Public: - Abide by and Promote spirit of compliance and exemplify highest ethical standards 90. Principle I: Rules of Conduct include: R1.1 CEPS shall not: aid, abet, or participate in misconduct 91. Rules of Conduct: R1.2 CEPS shall take steps...: CEPs shall take such steps as are necessary to prevent misconduct by their employing organizations: must be legal and ethical 92. Rules of Conduct: R1.3 CEPS shall exercise: CEPS shall exercise sound judgment in responding to and cooperating with all official and legitimate government investigations/inquiries: Never obstruct or lie 93. Rules of Conduct: R1.4 if CEP becomes aware of any decision by their em- ploying organization that if implemented would constitute misconduct...: CEP will a. refuse to consent to the decision, b. escalate the matter to highest governing body as appropriate, c. if serious issues remain unresolved after a and b, consider resignation, and d. report the decision to public officials when required by law. 94. Elements of CEP Code of Conduct: Principle II: Obligations to Employing Organizations: CEPs should serve their employing organizations with the highest sense of integrity, exercise unprejudiced and unbiased judgment on their behalf, and promote effective compliance and ethics programs. 95. Rules of Conduct: R2.1 CEPs shall serve their employing organizations in a....: timely, competent, and professional manner. 96. Rules of Conduct R2.1 Commentary: CEPS are not expected to...: CEPs are not expected to be experts in every field of knowledge. CEPs will gather additional information as needed by additional education, training, or by working with others. 97. Rules of Conduct: R2.1 Commentary: CEPS will have knowledge: - CEPS will have current and general knowledge expected of a compliance profes- sional, and will take steps to remain current 98. Rules of Conduct: R2.2: CEPs will ensure that their organizations. Com- ply with all relevant laws and regulations. While CEPs should exercise a leadership role, all employees have the responsibility to ensure compliance. 99. Rules of Conduct: R2.3: CEPs shall investigate CEPs shall investigate with appropriate due diligence all issues, information, reports and/or conduct that related to actual or suspected misconduct, whether past, current or prospective. 100. Rules of Conduct: R2.3 Commentary: When other departments are also responsible for investigating suspected misconduct,: CEPs report suspected misconduct to such professionals in accordance with established reporting proce- dures, ie: Legal Dept 101. Rules of Conduct: R2.4 CEPs shall keep...: Senior Management and the highest governing body informed of the status of the compliance and ethics program, both as the implementation of the program and about areas of compliance risk. 102. Rules of Conduct: R2.4 Commentary:: Reporting to Sr Mgmt. complements the duty of senior management to assure themselves that information and reporting systems exist to provide management with timely, accurate information to allow them to make informed judgements. Caremark International Inc 1996 103. Rules of Conduct: R2.5: CEPs shall not...: CEPs shall not aid or abet retali- ation against any employee who reports actual, potential, or suspected misconduct, and shall strive to implement procedures that ensure the protection from retaliation of any employee who reports actual, potential, or suspected misconduct. 104. Rules of Conduct: R2.5 Commentary:: CEPs shall preserve to the best of their ability, consistent with other duties, the anonymity or reporting employees, if requested. Further, they shall conduct the investigation of any actual, potential, or suspected misconduct with utmost discretion, being careful to protect the reputa- tions and identities of those being investigated. 105. Rule of Conduct: R2.6: CEPs shall carefully gaurd....: against disclosure of confidential information obtained in the course of their professional activities, recognizing that under certain circumstances confidentiality must yield to other values or concerns 106. Rule of Conduct: R2.6: When would confidentiality yield?: To stop an act that creates appreciable risk to health and safety, or when necessary to comply with a subpoena or other legal process 107. Rule of Conduct: R2.6 Commentary: When is it legal to not reveal confi- dential information?: If the communications/information is protected by a legally recognized privilege, like attorney client privilege 108. Rule of Conduct: R2.7: Conflict of Interests: CEPs shall take care to avoid any actual, potential, or perceived conflicts between the interests of employing organization and either the CEPs own interests or the interests of individuals or organizations outside the employing organization with whom the CEP has a relationship. 109. Rule of Conduct: R2.7 Conflicts of Interest require CEPs take what ac- tions?: Disclose and ethically handle or remove any conflicts of interest, not allow loyalty to an individual supersede or interfere with duty to employing organization, or the superior responsibility of upholding law, ethical behavior and this code of Ethics 110. Rules of Conduct: R2.7 Commentary: Business/Direct/Indirect/Financial Interest?: If CEP have any business/direct/indirect/financial interest that could in- fluence judgment as a professional, CEP shall fully disclose the nature of the association to the employing organization. 111. Rules of Conduct: R2.7 Commentary: In the event of a report/investiga- tion/inquiry into misconduct related directly/indirectly to any activity the CEP was involved in any manner, CEP must do what?: CEP must disclose in writing the precise nature of that involvement to the Senior management of the employing organization before responding to a report or beginning an investigation/inquiry, and recuse themselves from the inquiry if possible. 112. Rules of Conduct: R2.7 Commentary: Being directly/indirectly involved in an activity connected to an inquiry into misconduct?.....: Will not necessarily prejudice the CEPs ability to fulfill responsiblity 113. Rules of Conduct: R2.8: Unreasonable expectations?: CEPs shall not mis- lead employing organizations about the results that can be achieved through use of their services 114. Elements of CEP Code of Ethics: Principle III: Obligations to the Profes- sion: CEPs should strive, through their actions, to uphold the integrity and dignity of the profession, to advance the effectiveness of compliance and ethics programs and to promote professionalism in compliance and ethics. 115. Rules of Conduct: R3.1: CEPs shall pursue their professional activities...- : Including investigation of misconduct, with honesty, fairness, and diligence. 116. Rules of Conduct: R3.1 Commentary: What are Reasonable limits on CEPs?: Reasonable limits include those imposed by employing organizations re- sources. CEPs shall not agree to Unreasonable Limits: If mgmt. of employing organizations request an investigation but restricts access to relevant information, CEP shall decline the request, and provide an explanation to the highest governing authority of the employing organization. 117. Rules of Conduct: R3.2: In relation to R2.6, CEPs shall not disclose...: - CEPs shall not disclose without consent or compulsory legal process confidential information about business affairs or technical processes of any present or former employing organization. 118. Rules of Conduct: R3.2 Commentary: CEPS need...: free access to informa- tion and need the ability to communicate openly. Misuse and abuse of work product poses a serious threat to compliance/ethics. 119. Rules of Conduct: R3.2 Commentary on Using Confidential Information:- : CEPs shall not use confidential information in any way that violates the law or legal duties 120. Rules of Conduct: R3.2 Commentary: Working with Legal:: CEPs are en- couraged to work with legal counsel to protect confidentiality and to minimize litigation risks. 121. Rules of Conduct: R3.3: CEPs shall not make...: misleading, deceptive, or false statements or claims about their professional qualifications, experience or performance. 122. Rules of Conduct: R3.4: CEPs shall not attempt to....: falsely damage the professional reputation of other compliance and ethics professionals, shall not make any statements concerning other CEPs that are defamatory in nature. 123. Rules of Conduct: R3.5: CEPs shall maintain...: their competence with re- spect to developments within the profession, including knowledge of and familiarity with current theories, industry practices, and laws. 124. Rules of Conduct: R3.5 Commentary: CEUs?: CEPS shall pursue reason- able and appropriate course of continuing education, 125. Rules of Conduct: R3.5 Commentary: What is included in CEUs?: Relevant professional and industry journals/publications, communication with professional colleagues, participation in open professional dialogues, attendance at conferences, and membership in professional associations 126. 7 Elements of a Compliance Program: Standards of Conduct, Policies and Procedures, Compliance Officer and Compliance Committee, Education/Training, Monitoring and Auditing, Reporting and Investigating, Enforcement and Discipline, Response and Prevention 127. When report of fraud/misconduct is received, what is FIRST to do?: Inves- tigate and verify the accusations for accuracy 128. What is the MOST effective way to evaluate audit findings?: Conduct a trend analysis on identified risk areas and benchmark results against industry standards 129. Which describes BEST the primary role of a CO?: Promotes a culture of compliance and ethics throughout the organization 130. US Based retail company, 250 stores in 30 states, silo-based iwth minimal oversight with CEO acting as Compliance Officer. Policy and procedures reviewed 5 years ago. What actions would a new Compliance Officer take FIRST?: Conduct a baseline risk assessment of the operations from a compliance perspective. 131. Verbally abusive supervisor: Disclosed by a staff member. Investigation shows same supervisor has been sexually harassing several employees in the dept. Compliance program requires findings of harassment be documented and forwarded to CEO with recommendation for discipline. Legal counsel advises that no report be written due to possible litigation. What is the CO's BEST course of action?: Ask Counsel to prepare a written report 132. What is the BEST outcome for compliance program?: Mitigating Risk 133. Anonymous compliant that an employee is receiving gifts from a vendor. Investigation shows employee is not in violation of the vendor/gift policy but the policy has not been reviewed in five years. What is the MOST appropriate action?: Benchmark for vendor relation best practices 134. Problem was found, corrective action taken and policies/procedures were updated. What is the NEXT STEP?: Review the process after a period of time to determine if the problem is resolved 135. What is the 5 steps to the Audit Process?: 1. Identify a problem 2. Take Corrective Action 3. Update Policies and Procedures 4. Communicate changes to affected parties 5. Review process and documentation after a period of time to ensure success. 136. Sarbances-Oxley Act: passed by congress to make certain that publicly trad- ed companies follow accounting controls that could reduce the likelihood of illegal and unethical behaviors 137. Sarbanes-Oxley Act of 2002: requires that the CEO and CFO of large com- panies that have publicly traded stock personally certify that financial reports made to the SEC comply with SEC rules and that info in the reports are accurate. 138. Sarbanes-Oxley Act (SOX): Requires companies to review internal control and take responsibility for the accuracy and completeness of their financial reports. 139. Sarbanes-Oxley Act = 3 Compliance Elements: 1. Conflict of Interest Pro- tections 2. Whistleblower Protections 3. Independence of Audits 140. Dodd-Frank Wall Street Reform and Consumer Protection Act: Whistle- Blower Protection 141. Foreign Corrupt Practices Act: A U.S. law that seeks to ban the payment of bribes to foreign officials in order to obtain business 142. FCPA (Foreign Corrupt Practices Act): Forbids bribery 143. Anti-Bribery Laws: Makes Bribery illegal 144. Anti-Corruption Laws: Foreign Corrupt Practices Act 145. Data Privacy and Security: Protects data from compromise by external at- tackers and malicious insiders and governs how data is collected, shared and used. 146. GDPR (General Data Protection Regulation): New European Union law on data protection and privacy for individuals. 147. HIPPA (Health Insurance Portability and Accountability Act): Protects in- dividual health information 148. FERPA (Family Educational Rights and Privacy Act): A federal law that protects the privacy of student education records 149. PCI: Payment Card Industry Data Security Standard 150. Anti-Money Laundering (AML): A set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. 151. USA Patriot Act (2001): expands the definition of terrorism to include domestic terrorism authorized searches of a home or business without the owner's or the occupant's permission or knowledge increases the ability of law enforcement agencies to search telephone, e-mail communications, medical, financial, and other records 152. False Claims Act: Protects the government from being overcharged for ser- vices provided or sold, or substandard goods or services. 153. Sherman Antitrust Act (1890): Outlawed monopolies and practices that re- strained trade, such as price fixing 154. Federal Sentencing Guidelines for Organizations: passed as an incentive for organizations to develop and implement programs for ethical and legal compli- ance 155. Federal Sentencing Guidelines: Created by the US Sentencing Commission, these guiding principles assign specific fines and prison terms for different crimes like fraud, tax offenses, antitrust violations, bribery, and money laundering. 156. Federal Sentencing Guidelines for Organizations: Passed by congress in 1991 focused on guidelines for organizations; Exempts organizations from extreme penalties based the unethical actions of individual employees. 157. Yates Memo: Hospital leadership to be held accountable for wrong doings of the company that they were aware of. Individuals are filed against before corpora- tions. 158. Benczkowski Memo: Establishes policies and standards on monitors and when used. 159. Monaco Memo: Determine if compliance program is effective, well designed, adequately resourced, empowered to function effectively, and working in practice 160. First action?: Stop the Bleeding 161. Next first action for CO?: Think/gather/then act 162. Federal Sentencing Guidelines: Items needed in Compliance:: 1. Over- sight by High Level Personnel, 2. Due care in delegating substantial discretionary authority, 3. Effective Communication to all levels of Employees, 4. Reasonable steps to achieve compliance, which include systems for monitoring, auditing, and reporting suspected wrongdoing without fear of reprisal, 5. Consistent enforcement of compliance standards including disciplinary mechanisms, 6. Reasonable steps to respond to and prevent further similar offenses upon detection of a violation. 163. Culpability Score?: Four Factors INCREASE punishment: 1. involvement in or tolerance of criminal activity, 2. the prior history of the organization, 3. the violation of an order, 4. the obstruction of justice. 164. What mitigates punishment for a Culpability Score?: 1. Existence of an effective compliance and ethics program, 2. Self-Reporting, 3. Co-operation, 4. Acceptance of Responsibility. 165. Federal Sentencing Guidelines Chapter 8: Applies to sentencing of all orga- nizations for FELONY and Class A Misdemeanor Offenses 166. Fed sentencing guidelines defines "High Level personnel" as: Individuals who have substantial control over the organization or have a substantial role in making policy for the organization 167. Fed sentencing guidelines defines "Substantial Authority Personnel" as- : Individuals who within the scope of their authority exercise a substantial measure of discretion in acting on behalf of an organization. Determined on case-by-case basis. 168. Fed sentencing guidelines defines "condone" as: If an individual knew of the offense and did not take reasonable steps to prevent or terminate the offense 169. Fed sentencing guidelines defines "willfully ignorant of the offense" as: if the individual did not investigate the possible occurrence of unlawful conduct despite knowledge of circumstances that would lead a reasonable person to investigate whether unlawful conduct had occurred. 170. Fed sentencing guidelines Remedies:: Restitution, Remedial Orders, Com- munity Service, 171. Fed sentencing guidelines determine a fine based on:: Seriousness of offense, Organization's role in the offense, Collateral consequences, any nonpe- cuniary loss caused/threatened by the offense, involved a vulnerable victim, any prior civil or criminal misconduct, if high level personnel participated in, condoned, or was willfully ignorant of the criminal conduct, Culpability Score +10, No effective compliance program, anything in 18 USC 3572a, 172. Fed sentencing guidelines INCREASES fines when:: Death results, if there is any gain that is not paid back in the restitution, Threat of/Foreseeable Threat of Bodily Harm, Threat to National Security, Threat to Environment, Threat to a Market, Official Corruption, If the Organization is/was a Public Entity,