Welcome to a special five-part blog post series on how to unlock the gold in your program. I visit with Gio Gallo and Nick Gallo, Co-CEO’s of ComplianceLine, LLC, the sponsor of this series.
One of the ongoing issues in compliance is to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick discussed demonstrating ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program. Today, in Part 4, we consider finance and investment models for the corporate compliance function.
If there is one topic that every compliance professional understands it is risk analysis, but this is not the same type of risk analysis that a financial professional would look at. Gio noted that a finance professional would have a different focus in their risk lens. It would focus on such questions as “what is the risk of your investment? What is the risk in your model and your assumptions?” It is almost as if you need a translator to get into the room.
To Illustrate, he pointed to the example of a Black Swan event. With a Black Swan event you could have a wide distribution of different outcomes. A Black Swan event is very rare and it may be so small that it almost does not show up on your radar. However, “if you land on that number, right, if the roulette wheel spins around and lands at that number, it could be a total disaster. It can be an 80% chance everything will be fine and there’s a 90% chance we’ll be 10% bigger next year. And there’s a 70% chance that we’ll be 20% smaller or more difficult next year or whatever. Well, there might be a 0.0003% chance that this bad thing happens.” Yet the outcome is just so catastrophic, similar to the once in a 1,000-year flood, you cannot simply plan for it.”
Yet the Texas Gulf Coast had a 1,000-year flooding event in 2017 (and two 500-year flooding events withing 18 months). While you might not typically plan for the 1,000-year flood, it is a known possibility and I have lived through one and indeed and several 500-year floods. This means you must take the Black Swan concept and continuously re-evaluate it to move from something that could well happen because if it does, the result could be very bad and the circumstances have changed. This means you need to change your basic risk assumptions about calling it a Black Swan event. Gio had an interesting response to this and it was basically to think about storytelling. He listed several events such as the levees breaking causing the flooding of the city of New Orleans or the Fukishima Nuclear Plant flooding. These were both events which seemed very low probability yet were certainly within the realm of the possible. Perhaps even a known unknown.
This series of events illustrate that in the financial realm, you must be ready to move quickly. As Gio noted, “simply because you do not have the whole script and talk track put together and know that something terrible might happen. This can create a damaging dynamic between a CCO and someone in the finance function or in the executive level. Their response may well be ‘what do you want me to do about that?’ What are we going to do this month as there’s budget for it? So, if you can bridge that to, hey, we all know that this terrible stuff might happen and it’s not going to take a thousand years for a 1,000 year flood to happen.”
In response to this scenario, Nick said, “I suggest you take a little bit different tack than ignoring this Black Swan event.” Start by using the power of compounding interest to demonstrate your organization does not need to completely defend against this type of event in the next two months. You can use the power of your investment in compliance to essentially “build the levees a few feet higher so that when the next biggest flood occurs, we defend against it and talk about that in the realm of this is going to take another 2% of the compliance team’s budget to get a little bit better on this.” Even at this stage the compounding of the investment can create some very robust compliance practices for your organization. The bottom line is that if you we invest this 2% each year over the next five years, your compliance program will be five times better at defending against this 500 or 1,000-year flood.
Check out the full podcast series this blog post series is based upon.
Episode 1
Episode 2
Episode 3
Episode 4
Tag: compliance
Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing issues in compliance is to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program.
Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 3, we consider how a CFO and finance department might see ESG investments differently than a CCO and compliance professional.
Some of the highlights of this episode include:
- A CFO and finance function will more likely see ESG in relations to capital markets, bank financing, index funds and even insurance costs.
- How can a CCO speak this language about not only the compliance program but in leading the company’s ESG efforts?
- How to package your data, documentation and reports regarding ESG to appeal to a CFO.
- Seek input on what investors are looking from your ESG program.
Resources
Gio Gallo on LinkedIn
Nick Gallo on LinkedIn
ComplianceLine
As with Lisa’s episode last week, Mary brings a memorable former colleague onto the Great Women in Compliance show, Alexis Wermuth. Alexis is a Compliance executive at Getinge, a medical device company.
It is an exceptional few in Compliance who are creative or artistic. Alexis is one of those people and made an invaluable contribution to the internal marketing team at Fresenius Medical Care North America’s Compliance department (see episode with Sarah Hadden for more on this initiative). After talking about some of the risks in the medical device field, Alexis talks about injecting creativity into her Compliance program and reminisces with Mary about some of their favorite projects when working together with ideas for listeners to implement in their own programs.
After finishing up at Fresenius Medical Care, Alexis moved to New Jersey and discusses the considerations she weighed up when deciding to make the move and a new job opportunity. She also shares a favorite productivity hack.
Lisa and Mary wish to extend deepest gratitude to listeners and readers who heeded the call to vote for their book “Sending the Elevator Back Down: What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). The voting closed 1 December, the launch of this episode and the GWIC team eagerly awaits the outcome of the award process.
The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it. You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast. Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
Welcome to a special five-part blog post series on how to unlock the gold in your program. I visit with Gio Gallo and Nick Gallo, Co-CEO’s of ComplianceLine, LLC, the sponsor of this series.
One of the ongoing issues in compliance is to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick discussed demonstrating ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program. Today, in Part 3, we look at the role of the Chief Compliance Officer (CCO) and corporate compliance function in ESG investments.
We began with the basic question of why a Chief Financial Officer (CFO), or corporate finance function look at ESG investment and how it will be different than a CCO or compliance function would do so. Gio noted that finance will most probably be “considering the outcome and it is something else for me to figure out.” Yet they may well also see it as a new opportunity and a “new conversation that we can be a part of. We may be able to get to that head of the pack because through some early investments which might be in programs or just how we talk about it.” The impact is that finance types might see more opportunities in this than the E&C professional, which you should be conscious of as you enter this conversation. Gio stated, “if we can make something out of this zeitgeist it might be seen as a unique opportunity.”
Conversely, he also noted “there’s no F in the ESG, right? This means the finance lens for this opportunity might be to get better financing for the company.” This might present a funding opportunity, either through a loan, additional capital or other funding mechanisms. It might also work to lower the cost of capital because investors might see your company is really an attractive company. That is what ESG might end up meaning from the finance perspective. The beauty of this is that the approach is equally valid to a compliance-focused approach and demonstrates there are multiple reasons for implementing an ESG program.
Nick emphasized the opportunity that ESG presents. Not simply for each commercial organization but for the compliance function as well. He stated, “irrespective of whether or not your organization is serious about it, you need to take advantage of the opportunity and the window of opportunity that we have right now, because compliance speaks to every single one of those pillars in the ESG acronym.”
From the compliance perspective, there are several reasons for this. It is top of mind for investors and in mind of the marketplace. He said, “Use what you have in place already to show your organization is committed to ESG. Moreover, you probably already have 80% of this stuff done. We already have a speak-up line. We already have a training for our business ethics and corporate culture.” The bottom line is “there are probably a bunch of ESG type things that you are doing.” You can build on all of them. It is a massive opportunity. Do some research on what is publicly available on ESG reports, “grab a handful of those and start looking at what some of your competitors or what other folks in the marketplace are putting into their report. I guarantee there’s a massive overlap with some of the data points that already exist in your organization.” As a compliance professional “it’s about shifting your mindset and using this opportunistically, to take advantage of the amorphousness that is ESG right now.” Nick even compared ESG in 2021 to where compliance was in the mid-1990s after the release of the US Federal Sentencing Guidelines and the creation of the modern compliance professional. It took some 15 to 20 years for corporations to understand that compliance was a business differentiator and business positive and not simply a legal response to a long-standing law, such as the Foreign Corrupt Practices Act (FCPA). In the age of social media, the speed of the change in ESG will be much quicker. Simply witness the change from the Trump Administration which actively fought corporate ESG initiatives to that under the Biden Administration which has fully embraced ESG from a regulatory perspective.
We concluded by considering many of the tasks that a CCO and compliance professional are already doing. Nick provided the following examples, “You can pull that out of your case management system and look at some of the following issues: How many discrimination and harassment claims did you have last year? How many did you have this year? What were the turnaround time on those? How many days did it take you to close those? What can you take credit for? That’s really what ESG is kind of about.” The same is true for your basic risk management strategies involving your third parties and other business ventures.
It is a function of getting an understanding of who your audience is. From the compliance perspective do not simply focus on an audience of one, the government. Look at in the way the Business Roundtable did with their Statement on the Purpose of an Organization. There are multiple stakeholders that you can engage with and work with to satisfy their ESG concerns.
Check out the full podcast series this blog post series is based upon.
Episode 1
Episode 2
Episode 3
Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing issues in compliance is to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program.
Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 2, we consider how compliance can be seen as extending the value of compliance across your entire organization.
Some of the highlights of this episode include:
- How might a finance professional view things differently from a compliance professional?
- Just as CCOs plan for integrated risk across an organization, CFOs do the same for financial return.
- How should a compliance professional look differently at their work, through a finance lens?
- Why is rice on the chess board so apt?
- What is the compliance professional missing about compound interest?
Resources
Gio Gallo on LinkedIn
Nick Gallo on LinkedIn
ComplianceLine
Digital Assets: Trading & Compliance for Cryptocurrency
In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?
About Our Guest Speakers:
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing issues in compliance is how to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program.
Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 1, we consider how compliance can be seen as a corporate ROI multiplier by looking at the impact of compliance across your entire organization.
Some of the highlights of this episode include:
- The financial principles in unlocking the ROI of compliance.
- Why the alignment of compliance with other disciplines in your organization is not only critical but a key to unlocking compliance gold.
- Compliance budgeting is not simply about a cost center mentality. It requires a different type of discussion.
- Frameworks for improving your thinking about compliance.
- Building a complex and transparent case to OPEN the discussion about your assumptions rather than only including unobjectionable assumptions.
Resources
Gio Gallo on LinkedIn
Nick Gallo on LinkedIn
ComplianceLine
Welcome to a special five-part blog post series on how to unlock the gold in your program. I visit with Gio Gallo and Nick Gallo, Co-CEO’s of ComplianceLine, LLC, the sponsor of this series. There is also a podcast on this topic and the link is listed below.
One of the ongoing issues in compliance is to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick discussed demonstrating ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program. We begin Part 1 by considering how compliance can be seen as a corporate ROI multiplier by looking at the impact of compliance across your entire organization.
One of the most ubiquitous issues in compliance is making a case for ROI. Every compliance professional must be able to be able to justify not only their spending but their budgeting requests. However, as Gio believes, compliance professionals are “literally leaving some money on the table because there’s a lot more to this game than meets the eye.” It is important to understand not simply the numbers but also who you are talking to about ROI or budgetary requests. Also is the zero-mindset which is usually brought to the budgetary process. Many corporate officers feel that if their department does not receive funding those dollars go to another department, and vice-versa.
Gio emphasized that budgeting “is not a zero-sum game. If you can understand that being aligned with other departments, having some positive externalities that help someone else get their job done, or take some work from someone else’s plate, these are all things that you can align with this full company view.” Moreover, this allows you to portray you are not simply competing for dollars but putting in a richer attempt to serve the overall company mission. He emphasized it really takes a “broadening of your mindset not simply thinking about risk in the full company, but also thinking about the compliance budget as part of the whole.”
Nick added that many Chief Compliance Officers (CCOs) who come from a legally trained professional backgrounds handle budgets “like they are running a nonprofit, by minimizing spending, as opposed to like an abundance or growth mentality.” A CCO really does need to use a different set of frameworks when it comes to thinking through compliance ROI and budgeting, “fundamentally different than the binary sort of risk aversion frameworks that you’ll apply to managing an ethics and compliance department or building an FCPA policy or the like.” He concluded that it is all about taking a calculated risk.
Nick acknowledged that this might require making some assumptions, but it is also about doing some of the same things a compliance professional must do each and every day. We talked through the example of hotlines. Here you begin with a mandatory requirement for US public company for a hotline in Sarbanes-Oxley (SOX) all the way through a best practices compliance program, formulated by the Department of Justice (DOJ) in its most recent Update to the Evaluation of Corporate Compliance Programs. From the installation of the hotlines, all the way through the benefits of a speak up culture, a CCO should begin to show and build a picture that can be taken to senior management or the Board to represent the benefits internally and the types of ROI.
Nick noted this is “the exact arithmetic that we want to utilize. If you have a strong culture that people are engaged with their purpose is resonant with the organizational purpose. This means people expend more discretionary effort which falls directly to the bottom line. Moreover, if you love your work and you feel like your voice matters, and you’ve worked other places where your voice doesn’t matter, then you’re going to feel a particular allegiance to that organization. You’re going to appreciate that. Turnover is going to drop a little bit. All of those benefits will go directly to directly to the bottom line.”
But the conversation does not end there. Gio said, “part of this is a persuasion path, pointing to those outcomes, based on these inputs, which are a hotline or an improved case management system. Those are in my mind, extremely credible, especially when you can start to bring the finance people who are controlling purse strings into that calculation. And that’s what the basis of a lot of our ROI coaching has been not only getting those assumptions dialed in, but also building the persuasion path around the delivery of that message so that it lands in a way that is resonant with the you want to loosen those purse strings up.”
The bottom line is that as compliance leaders, we are “great at communicating the clarity that we have standing in and CCOs are also very good at dealing with the gray areas in the domain of risk management.” If, as the compliance professional, you can demonstrate the compliance function will “move the needle, from a risk management standpoint to not simply rectify the causes of those faster” but make the company run more efficiently, you can make a good case for increased budgeting and greater resources for your compliance program.
Check out the full podcast here.
Categories
Crisis Week: Part 3 – Compliance Resiliency
Perhaps the most prescient comment I heard during the height of the pandemic came from Jed Gardner, Group Director of Transformation at Linedata, which was that we have moved from disaster recovery to business continuity to business as usual. It appears that not only was the comment correct but now we are moving in the business world from crisis to crisis to crisis. This month’s Harvard Business Review magazine dedicated its Big Idea Series to the topic of crisis. Over this short week I am exploring what this new reality means for the compliance professional. Monday we looked at compliance as a trip wire to alert businesses a crisis is on the horizon, through the article A New Crisis Playbook for an Uncertain World. Tuesday, through the article Building a Culture That Can Withstand a Crisis, we considered the role of culture in dealing with a crisis.
Today we consider how to make sure your compliance program is resilient. Our starting point for today is the article 6 Types of Resilience Companies Need Today by Paul Polman and Andrew Winston. As every compliance professional knows, resilience must be built into every compliance program. The reason is simple, in today’s volatile and uncertain world, corporate compliance programs will face many crises. It could be a Foreign Corrupt Practices Act (FCPA) violation, but it could also range from a natural disaster which destroys property and disrupts operations, to the discovery of human rights abuses in a supply chain which breaks consumer trust earned over years. It can also range from an activist shareholder who presents a hostile takeover bid which shakes a business to the core to new competitors and technologies upending the industry. As we all know, a global pandemic or a new social justice movement can emerge to change everything.
In their article, the authors looked at decisions made by the multinational Unilever PLC to create both “traditional forms of resilience (financial flexibility, portfolio diversity, and organizational agility) and less-obvious forms (driven by purpose, trust, and stakeholders) that changed the company more deeply, we aim to show how leaders can best prepare for the world ahead.” I have adapted their prescriptions for the Chief Compliance Officer (CCO) and compliance professional.
The traditional building blocks of corporate resiliency include financial flexibility, portfolio diversity and organizational agility which the authors believe are “essential preparation for sudden shocks and long-term crises.” Compliance must contribute to getting and keeping businesses moving, as “only companies with already healthy balance sheets can weather such storms.” Obviously in your compliance portfolio there must be a variety of agents on the sales side which are fully vetted and approved. The same is now true on for vendors in the Supply Chain. That is one of the key features in the five steps in the lifecycle of third-party risk management. If one step cannot be fully utilized, it does not mean you cannot use that third-party, it just puts more pressure on the other steps. In other words, greater risk management resiliency. Compliance function agility lends itself to structural changes to build organizational-wide compliance resilience, with the compliance function getting faster feedback from regions about what is working and where more compliance resources need to be delivered. Through this approach you can identify possible problems before they become crises.
The authors real insight comes from what they see as the “larger opportunity is in making a company more broadly crisis-resistant for the long term, because doing so serves multiple stakeholders — not just shareholders. We argue that the strongest organizations today and in the future will thrive by giving more than they take from the world. We call this kind of company “net positive” because it seeks to improve the well-being of everyone it touches through its operations, value chain, products, services, and influence. Organizations that have a clear purpose, build strong relationships that reinforce each other, and amass a reservoir of trust will have deeper sources of strength when they need them most.” That sounds like exactly the function of a CCO and corporate compliance program.
Purpose
A company that knows its reason for being, and consistently backs it up, is both tougher and more flexible during a crisis. If this is not a mere add-on but strategy your company will be exponentially stronger. Here compliance plays a, if not the, key role in communicating a corporate strategy of not simply doing business ethically and in compliance but also following the outline laid out in the Business Roundtable’s Statement on the Purpose of a Corporation by listening to and incorporating information from all stakeholders in an organization. Of course, building out internal controls fully as laid out in the COSO 2013 Framework for Internal Controls can build out the backbone of this effort.
Trust
Trust is an absolute key for any compliance program. You must build trust through institutional justice and institutional fairness. But now take that same concept and apply it out to all your stakeholders. It may require a level of transparency your organization has not previously engaged in but through trust you will be able to foster an entire culture of not simply speak up but also listen up. As the authors note, “Transparency is a great tool to ensure consistency and engender trust. Rather than rebelling against tough questions and pressure, business leaders should embrace them and use them to build a stronger organization.”
Engage All Stakeholders
I have mentioned the Statement on the Purpose of a Corporation several times. Most compliance functions typically do not deal directly with all stakeholders. Now imagine if they led such an effort, from a corporate culture perspective. The authors believe, “Net-positive companies build better connections with stakeholders besides employees as well.” If compliance can help to engage a wide variety of stakeholders, those same stakeholders that are engaged through the compliance function, such as through due diligence and contracting; you will likely have a wider variety of stakeholder, “bound by purpose and all trusting and working in partnership with the company, provides a diverse bank of support.” All of this can act as a “large, spread-out root system — not just one anchor but many that can take a lot of pressure.”
When the biggest crises hit, compliance or otherwise, all six forms of resilience help you move quickly and effectively. The authors conclude, “No company can prepare for every outcome, but these six forms of resilience, put together, can provide a serious buffer. They also allow organizations to work in larger coalitions on the biggest issues, such as climate change and income inequality. Net-positive businesses don’t just endure or bounce back from crises; they also anticipate and prevent them.” All of these strategies are not simply in the compliance wheelhouse, but they are part of the ever-evolving best compliance regimes. They will make you a better company in times of great change, disruption and upheaval.
