The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Gwen Hassan, Managing Counsel and Director of Compliance at CNH Industrial.
In this fourth and final episode, Gwen talks about one of her great passions—the fight against human trafficking. Gwen has led the compliance field in education on this international scourge and sees the corporate compliance function as having the key role in every corporation to fight this global problem.
Day: January 26, 2021
The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, simply noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
This Hallmark was significantly expanded in both the FCPA Corporate Enforcement Policy and 2020 Update. In the FCPA Corporate Enforcement Policy, the DOJ listed the following as factors relating to a corporate compliance function, that it would consider as indicia of an effective compliance and ethics program: 1) the resources the company has dedicated to compliance; 2) the quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; 3) the authority and independence of the compliance function and the availability of compliance expertise to the board; 4) the compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and 5) the reporting structure of any compliance personnel employed or contracted by the company.
The 2020 Update and FCPA Corporate Enforcement Policy both demonstrate the continued evolution in the thinking of the DOJ around the corporate compliance function. Their articulated inquiries can only strengthen a corporate compliance function specifically; and the compliance profession more generally. The more the DOJ talks about the independence of the compliance function, coupled with resources being made available and authority concomitant with the corporate compliance function, the more corporations will see it is directly in their interest to provide the resources, authority and gravitas to compliance position in their organizations.
Three key takeaways:
- How is compliance treated in the budget process?
- Has your compliance function had any decisions over-ridden by senior management?
- Beware outsourcing of compliance as any such contractor must have access to company documents and personnel.
Welcome to this special podcast series, Integrity Matters: Assessing the Corporate Compliance Climate in 2021, sponsored by K2 Integrity. This week I visit with Bob Brenner, Co-Managing Partner and Chief Legal Officer; Snežana Gebauer, Executive Managing Director and head of U.S. Investigations and Risk Advisory, Americas. Over the week, we will consider various regulatory and enforcement issues with the incoming Biden Administration. Topics include assessing the regulatory landscape resulting from the pandemic, what companies can expect from new administration priorities, anti-bribery/anti-corruption issues and enforcement in 2021. In this Part 2, I am joined by Bob Brenner who discusses what companies can expect as priorities from new administration.
Join us tomorrow as we examine anti-bribery and anti-corruption priorities from the incoming Biden Administration.
For more information go to the K2 Integrity website.
Gary Chan is the President of Pragmatic Security at Alfizo and specializes in data protection and security. Tom Fox welcomes him onto this week’s show as they discuss the ways to help businesses leverage IT departments, enable sales, and meet compliance.
Why Information Security
When people buy information security, Gary explains, they’re not looking for someone to go in and solve every problem. Clients want to look at information security from a business perspective: how will it help them generate revenue and protect only the things the business wants to protect while saving money? Gary calls this ‘pragmatic information security’ because it delves into the why. It is an approach that helps businesses understand what the highest risks are, and how to manage those risks.
Security Within Executive Branches
Gary finds that even the most sophisticated Board of Directors lack a proper understanding of data protection. They are more concerned with meeting compliance and avoiding fines. “They don’t really understand what security can do for them outside of keeping them from getting hacked,” he says. Tom comments that boards consider their reputation surrounding compliance more. Gary suggests tying data protection to the issues boards are more concerned about to get them to do something about it.
The Impact of COVID-19 on Security
From a business perspective, Covid-19 had a large impact. Security arms of firms were shut down as security isn’t seen as something that brings in revenue, Gary remarks. He adds that people’s behavior changed and that having the majority of your employees working from home increases your business risk. COVID-19 has been a golden age for hackers because stealing is easier, and they’re less likely to get caught. However, when businesses started reopening and companies realized that turning off security tools was dangerous, they have ramped up security. This time loss increased companies’ security expenses and boosted the demand for security and data protection from more people.
Resources
Alfizo
Start-Training.Alfizo.com
Gary Chan | LinkedIn
