Tag: CCO

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Board – 20 Questions Directors Should Ask about the Board Compliance Committee

In an area of inquiry entitled Oversight, the 2023 ECCP asks three basic questions which we have explored throughout this chapter:

1. What compliance expertise has been available on the Board of Directors?

2. Have the Board of Directors held executive or private sessions with the compliance function?

3. What types of information has the Board of Directors examined in their exercise of oversight in the area in which the misconduct occurred?

To facilitate the answers to these questions, consider this list of 20 questions to reflect the oversight role of directors. These are questions the Board should ask of both senior management and the Board should ask itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.

Part I: Understanding the Role and Value of the Compliance Committee

1. What are the Compliance Committee’s responsibilities and what value does it bring to the Board?

2. How can the Compliance Committee help the Board enhance its relationship with management?

3. What is the role of the Compliance Committee?

Part II: Building an Effective Compliance Committee

4. What skill sets does the Compliance Committee require?

5. Who should sit on the Compliance Committee?

6. Who should chair the Compliance Committee?

Part III: Directed to the Board

7. What is the Compliance Committee’s role in building an effective compliance program within the company? How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?

8. How long should directors serve on the Compliance Committee?

9. How can the Compliance Committee assist directors in retiring from the Board?

Part IV: Enhancing the Board’s Performance Effectiveness

10. How can the Compliance Committee assist in director development?

11. How can the Compliance Committee help the Board chair sharpen the Board’s overall performance focus?

12. What is the Compliance Committee’s role in Board evaluation and feedback?

13. What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?

14. Should the Compliance Committee have a role in chair succession?

15. How can the Compliance Committee help the Board keep its mandates, policies and practices up-to-date?

Part V: Merging Roles of the Compliance Committee

16. How can the Compliance Committee enhance the Board’s relationship with institutional shareholders and other stakeholders?

17. What is the Compliance Committee role in CCO succession?

18. How can the Compliance Committee foster great technical impact for compliance function?

19. What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?

20. How can the Compliance Committee help the Board in deciding CCO pay, bonus and resources made available to the corporate compliance function?

 Three key takeaways:

1. The DOJ Evaluation requires active Board of Director engagement around compliance.

2. Board communication on compliance is a two-way street; both inbound and outbound.

3. Has the Board built an effective Compliance Committee for itself?

Categories
Compliance Into the Weeds

Compliance into the Weeds: What is Driving Compliance Engagement at the Board?

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

In this episode, co-hosts Tom Fox and Matt Kelly dissect the Navex 2023 State of Risk and Compliance Report. Tom and Matt delve into Navex’s annual benchmarking report, which surveyed 1,300 compliance professionals. The report revealed that 53% of respondents described their compliance programs as mature. Matt and Tom question whether the board is driving the conversation or if compliance officers request updates due to potential liability. The report’s findings on cybersecurity and privacy concerns, survey results on where compliance should reside in a company, and the importance of having a mature anti-bribery anti-corruption compliance program are all discussed. Tune in to hear more about how compliance officers can address pressing concerns such as cybersecurity breaches and attacks.

Key Highlights:

  • Navex’s benchmark report on compliance programs
  • Board-Compliance Officer Relationship & Cybersecurity in Compliance
  • The necessity of Dedicated Compliance Committees
  • Survey Finds Diverse Views on Compliance Placement in Companies
  • The Importance of Anti-Bribery Compliance for Cybersecurity
  • Compliance Officer Reporting to CISO Dynamics

 Resources:

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Tribute to Cormac McCarthy-Lessons for the Compliance Professional

Cormac McCarthy died last week. According to his New York Times (NYT) obituary, he was “the formidable and reclusive writer of Appalachia and the American Southwest, whose raggedly ornate early novels about misfits and grotesques gave way to the lush taciturnity of “All the Pretty Horses” and the apocalyptic minimalism of “The Road,” died on Tuesday at his home in Santa Fe, N.M. He was 89.” I came to McCarthy through his work All The Pretty Horses and it was one of the seminal books I have ever read. The only book I can compare it to is Now Let’s Us Praise Famous Men by James Agee and photographer Walker Evans. (Evan’s photos are as spectacular and as equally famous as Agee’s prose.) So today, as my tribute to McCarty, I wanted to take a deep dive into All The Pretty Horses and mine it for leadership lessons for the compliance professional. 

Story Synopsis

All the Pretty Horses was published in 1992. It’s the first book in McCarthy’s Border Trilogy. The story begins in 1949 and is centered around the life of John Grady Cole, a 16-year-old who grew up on his grandfather’s ranch in San Angelo, Texas. After his grandfather’s death, his mother decides to sell the ranch, leaving John Grady, a born and bred cowboy, deeply affected.

Instead of giving in to the changing times, John Grady and his best friend, Lacey Rawlins, decide to head south to Mexico, looking for work as ranch hands. On their way, they encounter a volatile and troubled teenager, Jimmy Blevins, who despite their reservations, joins them. In Mexico, they find work on a vast ranch owned by Don Héctor Rocha y Villareal. John Grady becomes an accomplished horse breaker and falls in love with Don Hector’s daughter, Alejandra, which is forbidden given their different social classes.

However, their peaceful existence is disrupted when Blevins’ past catches up with them. Blevins is accused of horse theft and murder, and John Grady and Rawlins are arrested as his accomplices. Blevins is executed without a trial, while John Grady and Rawlins spend time in a harsh Mexican prison. After enduring the brutal prison conditions, they are released due to the efforts of Alejandra’s great aunt. However, Alejandra, under pressure from her family, ends her relationship with John Grady, which leaves him heartbroken.

John Grady returns to Texas and finds that the world he once knew has changed irreversibly. The novel ends with him setting off into the sunset, uncertain about his future, but with an unbroken spirit and love for the cowboy way of life.

The novel is a coming-of-age story that explores themes of loss, love, and the tension between the old world and the new. McCarthy’s unique narrative style, characterized by minimal punctuation and lyrical prose, underscores the raw beauty and harsh realities of life in the American Southwest and northern Mexico.

Leadership Lessons

All the Pretty Horses presents leadership lessons for the compliance professional through its protagonist John Grady Cole and his experiences. Here are some key leadership lessons we can glean for the compliance professional include:

Decision-Making: John Grady often must make tough decisions, like when he decides to leave his hometown to find a life that suits him better. His choice to help Blevins, despite the risk, also shows a lot about his character. Compliance leadership lesson– compliance professionals must understand that leadership often involves making difficult decisions, with both immediate and long-term consequences.

Responsibility: John Grady takes responsibility for his actions and their consequences. He faces up to his punishments and doesn’t shy away from difficult tasks. Compliance leadership lesson-every compliance professional must accept responsibility for their decisions, good or bad.

Courage: Throughout his journey, John Grady consistently shows courage, whether it’s dealing with the harsh conditions in the Mexican prison or standing up for his values. Compliance leadership lesson– every compliance professional needs to have courage to face adversity, take risks, and stand up for what they believe in. Sometimes you must speak truth to power and be willing to accept the consequences.

Perseverance: John Grady’s determination to survive and maintain his dignity, even in the harshest circumstances, reflects a crucial quality of a leader. Compliance leadership lesson-every compliance professional needs to show determination and the ability to bounce back from setbacks.

Respect and Empathy: John Grady respects the individuals he interacts with, from his fellow cowboys to the horses he works with. Compliance leadership lesson-every compliance professional must respect your colleagues and demonstrate empathy for their challenges in doing business going forward, which are qualities that are critical for a leader to have when dealing with their team.

Integrity: John Grady has a strong sense of moral integrity, sticking to his principles even when faced with challenging situations. Compliance leadership lesson-every compliance professional must always demonstrate integrity in all aspects of your professional life. This is a key trait for leaders, who must maintain integrity and honesty.

Adaptability: Even though John Grady faces a world that is changing around him, he learns to adapt while staying true to his values. Compliance leadership lesson-every compliance professional must adapt to new risks your business meets; whether through new business initiatives or a global pandemic. In short, compliance leaders must demonstrate the ability to adapt to changing circumstances while maintaining core values is crucial.

Failure: Through his relationship with Alejandra, John Grady learns about love, loss, and sacrifice. These experiences, though painful, help him grow and mature as a leader. Compliance leadership lesson-every compliance professional will have failures. How you learn from them will be a key to your development. Compliance professionals need to understand that personal growth often comes through fighting through difficulty.

If you have never done so, I would urge you to read All The Pretty Horses and I hope you find it as moving as I did.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Governance and Risk Oversight

One of the ongoing questions from members of the Board of Directors is how to resolve the tension between oversight and management. I recently had the opportunity to visit with Joe Howell, former Executive Vice President (EVP) of Workiva, Inc., on this subject. Howell has worked on and with Boards of Directors at various companies, and I wanted to garner his understanding of the role of a Board, senior management, and a Chief Compliance Officer (CCO). Howell’s short response was an excellent starting point for understanding the role; put sand in management’s shoes.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong,” can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer is putting a little bit of sand in the shoe to make sure you’re thinking about things carefully can cause you to step back and focus your resources where they’re needed.”

Howell noted that the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “One perfect example is the reputation of those stakeholders involved in the company, and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell stated, “It’s essential as we go through some ways the Board can help management in that role. I think the things that make a difference to management is when the Board can be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their underlying assumptions and biases.”

A Board is more than just there to be a rubber stamp for senior management. It must exercise independent judgment, action, and oversight. Further, it is the Board’s role to ask hard, difficult, and probing questions to ensure management is doing its job and has considered other risk possibilities.

Three Key Takeaways:

  1. Boards should force management to open up the company to itself.
  2. Boards should be a grain of sand in the shoe of management.
  3. Boards should ensure senior management is aware of and planning for known and unknown risks.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board as an Internal Control

James Doty, former Commissioner of the Public Company Accounting Oversight Board (PCAOB) was once asked if the Board or its sub-committee which handles audits was a part of a company’s internal financial controls. He answered that yes, he believed that was one of the roles of an Audit Committee or full Board. I had never thought of the Board as an internal control but the more I thought about it, the more I realized it was an important insight for any Chief Compliance Officer or compliance practitioner as it also applies to compliance internal control.
In the FCPA Resource Guide, 2nd edition, in the Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is in Hallmark No. 1, which states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Doty’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.

A Board’s oversight is part of effective compliance controls, then the failure to do so may result in something far worse than bad governance. Such inattention could directly lead to a FCPA violation and could even form the basis of an independent SOX violation as to the Board.
Three Key Takeaways

  1. A Board must engage in active oversight.
  2. A Board should review the design of internal controls on a regular basis.
  3. Failure to do so could form the basis for an independent legal violation under SOX.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Boards Inquiring Up and Down

Where does “tone at the top” start? It is with public and most private U.S. companies at the Board of Directors. But what is the role of a company’s Board in compliance? First, a Board should not engage in management but oversee a CEO and senior management. The Board asks hard questions, risk assessment, and identification.

These factors can be easily adapted to compliance and ethics risk management oversight. Initially, it must be necessary that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive regular reports on the company’s compliance program’s structure, actions, and self-evaluations. From this information, the Board can oversee any modifications to managing FCPA risk that should be implemented.

Three key takeaways:

  1. A Board Compliance Committee should provide oversight, not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and profitable.
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Once A Con, Always A Con

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in their podcast, 2 Gurus Talk Compliance, as they dive into hot compliance topics. In this episode, they cover the Elizabeth Holmes goes to prison, the current office imbroglios, a record whistleblower award, the perils of using ChatGPT, cyber breach reporting, Gartner and trust and lightening and compliance. With their unique insights and engaging storytelling, this podcast is a must-listen for anyone in the compliance field. Don’t miss the latest episode of 2 Gurus Talk Compliance and stay ahead of the curve!

Highlights Include

·      Racial Justice at the Board

·      Gartner FCPA enforcement action

·      Cyber Incident Reporting

·      AI and Corporate Governance

·      Once a con, always a con

·      Record whistleblower award

·      WFH, RTW and Hybrid-Work

·      CCO Comp

·      Using ChatGPT

·      Penalties low, benefits high

 Resources 

  1. Racial Justice Initiative
  2. Gartner FCPA enforcement action
  3. FSB Report on Cyber Incident Reporting
  4. AI and Corporate Governance
  5. What the Hell Happened Here?.
  6. Record $279 Million Whistleblower Award
  7. Thank Goodness We Didn’t Get Struck by Lightening
  8. 3 Tips for Adapting to the Post-Pandemic Culture Shock at Work
  9. CCO Compensation Up 8%
  10. Here’s What Happens when Your Lawyer Uses ChatGPT

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Compliance Expertise on the Board

Every Board of Directors needs a true compliance expert sitting at the table. Almost every Board has a former CFO, former head of Internal Audit, or persons with a similar background, and often these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training, and SME that can help all companies with their financial reporting and other finance-based issues. So why is there, not such compliance SME at the Board level?

This requirement was set out in 2017 in the FCPA Corporate Enforcement Policy, where one of the criteria to be evaluated in a compliance program is “the availability of compliance expertise to the board.” Finally, the 2020 Update to the Evaluation of Corporate Compliance Programs, under the section entitled Oversight, posed the following questions What compliance expertise has been available on the Board of Directors?

The DOJ and Securities and Exchange Commission introduced this concept to the FCPA Resource Guide, 2nd edition. It means that when your company is evaluated by the DOJ, under the factors set out in the 2020 Update and the FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board-level Compliance Committee but also the specific SME on the Board and on that committee.

Three key takeaways:

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise on the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and Compliance Department.

For more information check out The Compliance Handbook, 3rd edition, available from LexisNexis here.

Categories
Great Women in Compliance

Great Women in Compliance – Carolyn Renzin on Compliance at FanDuel

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine.

Over the past few years, it seems like fantasy sports and online gaming have a higher profile than ever, and they are part of a rapidly growing industry. Today’s guest, Carolyn Renzin, is the Chief Legal and Compliance Officer at FanDuel, which is one of the leaders in that space. In a wide-ranging discussion, Carolyn and Lisa discuss building a compliance function at the same time an industry framework is being built, and how she has grown her team. She also talks about FanDuel’s commitment to integrity – both as an organization and for professional sports in general.

Her analogy between sports and her role is one we can all keep in mind – “you play offense, we play defense, and we need each other.”

You can find the Great Women in Compliance Podcast on the Compliance Podcast Network where you can find several other resources and podcasts to keep you up to date in the Ethics and Compliance world. You can also find the GWIC podcast on Corporate Compliance Insights where you can learn more about the podcast, stream prior episodes and catch up on Mary’s monthly column “Living Your Best Compliance Life.”

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Compliance and Middle Managers

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

Join Tom and Matt as they delve into middle managers’ crucial role in fostering a culture of ethics and compliance within organizations. In this episode, the hosts discuss compliance officers’ challenges in working with middle managers and share some practical tips on building alliances, teaching soft skills, and developing personal relationships. They also examine the use of incentives and consequence management in promoting compliance and highlight the need for positive incentives for middle managers. Take advantage of this insightful and thought-provoking discussion on enforcing internal controls in a compliance program and learn more about the different ways to ensure compliance in gift travel and entertainment expenses. Tune in now to stay ahead in the world of compliance!

Key Highlights:

  • The Role of Middle Managers in Compliance
  • Training Middle Managers on Ethical Leadership
  • Investing in middle managers for ethical conduct
  • Compliance: Incentives and Consequence Management

 Notable Quotes:

“Compliance officers need to think about because you live and die in the success of your corporate culture, and the middle managers are the custodians of that culture.”

“Compliance officers should think about how do I help middle managers. How do I coach them on how to be good leaders?”

“Nothing is as significant as that personal touch point.”

“If the middle manager either turned a blind eye to the unethical practice or should have known about it but was just so aimless about it and didn’t care, should that middle manager suffer consequences along with the frontline employees who committed the offense? And the answer was generally yes.”

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn