The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Scott Sullivan, the Chief Integrity and Compliance Officer at Newmont Mining.
Scott Sullivan is a versatile and innovative governance, risk, compliance, ethics and legal executive with significant experience advising C-suite leaders and Boards of Directors in a global enterprise in a wide array of sensitive, high profile subject matter areas. He has extensive leadership in designing, implementing and enhancing world-class programs and favorably resolving regulatory crises for multinationals. He has managed ethics and compliance for a $5B global Fortune 500 corporation, directing a Business Integrity & Compliance function impacting 20,000 employees in over 55 countries with over 100 legal entities.
In this Episode 2, we explore how a CCO can stay in the front of the wolf pack and not fall behind. Our discussion includes, what are the internal signs, indicia or data a CCO should be looking at? Why does a CCO need a seat at the table to stay in front? And the external information you need to have from such diverse sources as the regulators, competitors, customers, suppliers and others.
In a 2015 speech before the SIFMA Compliance and Legal Society New York Regional Seminar, former Assistant Attorney General Leslie Caldwell for the first time, laid out metrics the DOJ would consider in evaluating a corporate compliance program around third-parties. Caldwell began with the following question, “Does the institution sensitize third-parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance?” This inquiry was brought forward into the DOJ’s 2017 Evaluation and all subsequent updates.
In addition to monitoring and oversight of your third-parties, you should periodically review the health of your third-party management program. The robustness of your program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out herein, you need to fully document the steps you have taken so that any regulator can test your metrics. Caldwell’s remarks around compliance metrics portended the Evaluation and what the DOJ will be reviewing and evaluating going forward, so it is clear what will be expected from your company’s compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program.
Three key takeaways:
- It all starts with a Relationship Manager.
- Have company oversight of all third-parties.
- Audit, monitor, and remediate on an ongoing basis.
Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. In this episode, I visit Dr. Gleb Tsipursky, who is known as the Disaster Avoidance Expert. He has over 20 years of experience dramatically empowering leaders and organizations to avoid business disasters by addressing potential threats, maximizing unexpected opportunities, and resolving persistent personnel problems. Dr. Tsipursky is a bestselling author of several books, including on avoiding disasters in business.
Some of the highlights include:
- The top 3 questions Dr. Tsipursky is getting from clients now about business reopening in the era of Covid-19?
- What are some of the top challenges in the business reopening phase from a disaster avoidance perspective?
- What should business leaders be considering as we move into Q3 and Q4 of 2020?
- What is the risk profile of WFH and has it changed from a disaster avoidance perspective?
- How should a business think through the changes in its risk profile now?
For more information on Dr. Tsipursky, check out his website here.
Tom Fox welcomes Cody Rodriguez to this week’s episode of Innovation In Compliance. Cody is CEO of Iron Orchard, a small private oil and gas operator that continues to thrive even in the midst of a shutdown of the energy sector due to COVID-19. He and Tom discuss his company’s risk management approach and how it informs their corporate culture.
Determining Commercial Viability
Tom asks Cody how they determined that Iron Orchard was a commercially viable idea. Cody responds that they had about 100 meetings with CEOs and investors, seeking their advice before deciding to go ahead and launch Iron Orchard. Even then, they decided to use their own funds for the first investments. “We want to make sure, just like in everything else we’ve ever done, that we did it ourselves and risked our own dollars before we ever risk anybody else’s,” Cody explains. He describes how taking this approach led to increasing success as the company grew. People were willing to help them because of their humble approach. Cody says, “If you’re willing to tell them how you think you could be better and how you think you could improve from their advice, people are generally very willing and open.” Tom adds that humility is an incredible leadership skill.
Corporate Discipline and Culture
Tom comments that physical and financial discipline is a strategy that is embedded in Iron Orchard’s culture. “One of the biggest things that I learned was risk mitigation and capital discipline,” Cody responds. “For us, it’s never doing something that we can’t stand the risk of losing everything we just did. And if everything goes [wrong]… can we sustain ourselves?” He explains that every decision is made through collaboration and teamwork. These corporate values of discipline and collaboration are responsible for their survival and growth even in the midst of the pandemic. “If the assets can’t – even at the worst of times – support the team, then the team needs either to work a little harder, a little smarter to make sure that we can manage even through the most difficult times,” Cody says.
Resources
Iron-Orchard.com
info@iron-orchard.com
In today’s edition of Daily Compliance News:
- Is exec comp obscene?(Houston Chronicle)
- A roadmap for Google? (NYT)
- Two former Unaoil execs convicted in UK. (WSJ)
- Corruption crisis puts Bulgarian leader on the ropes. (Politico)
For the times, they are a changing in the internal audit profession.
You can choose to stick your head in the ground and ignore what’s going on, but you may end up like some CAEs who just got let go from their positions for sticking with a traditional internal audit mindset.
In this week’s podcast I share why Traditional Internal Audit is dying. We’ve been seeing this for years, but I share with you some recent events and evidence that prove again that this is the trend we are seeing.
If you are still spending most of our time auditing lower level process controls and focusing on historical events and internal controls, you are probably stuck in the traditional rut and need to start working your way out by transitioning to a true risk-based internal audit methodology.
Value-based auditing, objective-based auditing vs. risk-based internal auditing I also discuss in this episode.
Listen in at: http://www.jasonmefford.com/jammingwithjason/
#jammingwithjason #internalauditpodcast #internalaudit
Eric Mayer from GSK Stockmann shares three key areas #compliance officers must focus, adherence of International Laws; Training and Tone at the top. Listen to the full interaction with Sundaraparipurnan Narayanan https://lnkd.in/d3fSK-a #NexdigmOnABAC #NexdigmABAC
The CONVERGE community launches this week! If you’ve attended our twice-a-year CONVERGE conferences in Denver and Europe, you know they’re special. There’s a community feeling at CONVERGE, and a sense that we’re all on the same journey to push ethics to the center of business—and in the process, build a better world.
With 2020 unfolding in ways that no one could have predicted, that mission—and the feeling of togetherness in that mission—is more important than ever. The cornerstone CONVERGE conference will happen this fall as scheduled (though online)—and now it’s supported by an entire CONVERGE ecosystem, including an online community, resource center, and a full schedule of year-round virtual events. Philip and Tom break down why the community is different than anything else out there for our profession, why they’re so excited to be a part of it, and give a preview of the CONVERGE20 conference coming up in October.
What is satisfactory due diligence under the FCPA? That question seems to be more important after the story on Unaoil S.A.M. and the subsequent release of the Panama and Paradise Papers. However, both events largely focused on the “who” part of due diligence and the need to know with whom you are doing business with going forward. However, there is another important question which does not come up as often in due diligence, which is how?
How does a third-party perform its services with or for your company? If it is on the sales side of things, howcan a third-party help you make sales? If a third-party comes through the supply chain, how do their products or services meet the needs of your company? If the third-party has a closer business relationship, such as a JV, teaming agreement or other similar arrangement, you may well need a much deeper understand of how this third-party does business because the relationship may well become so close you will be intertwined with the party. It may mean more than simply how does their product work but how does this third-party conduct themselves and their business?
Under the FCPA, most companies understand the need to know with whom they contract for sales or vendor services. They also understand the need to know why they should do business with a proposed third-party (i.e., a business justification). However, the need to perform an investigation into how the third-party can actually deliver the contracted services is equally important.
Three key takeaways:
- The how question can be as critical as the who question.
- The more integrated a third-party is into your operations the more important this question becomes.
- Incorporate a how question into not only your due diligence but also your ongoing monitoring and auditing, after the contract is signed.
In the Episode, I am joined by Eric Young. Eric has been in the compliance field longer than anyone I know and long before it was called Compliance. Eric graduated from Columbia University at the age of 20, with a degree in Economics and has securities licenses with FINRA and is ACAMS-certified. He started with the Fed in 1980 and has 40 years’ regulatory and Chief Compliance Officer experience with the Fed, JP Morgan Chase, General Electric, S&P Global Ratings, and four foreign banks including UBS and most recently, as CCO of BNP Paribas.
Some of the highlights include:
Young has been in compliance longer than anyone I know. He gives us a rundown of his professional career starting with the Fed.
Penn Square. At the time it was the largest bank failure since the Great Depression. What was the significance of Penn Square for the US banking industry and the regulators?
What are the three things Young is most proud of accomplishing in his career?
What are 3 pieces of advice Young would give a new CCO today?
Young tells us about the book he is writing.