Tag: compliance

Categories
Blog

Adam Balfour on Ethics & Compliance for Humans

I recently sat down with Adam Balfour, author of Ethics and Compliance for Humans. We had a great conversation about his book and the importance of ethics, compliance, and organizational leadership. In addition to a book aimed directly at the Chief Compliance Officer (CCO) and compliance professionals, Balfour emphasized that these principles extend beyond legal backgrounds and encompass various aspects such as sales, marketing, leadership, and culture.

I began by asking Balfour why he wrote the book. He said that it was a goal he had set for himself for some time, wanting to write this book. Further, it has been in the works for quite a few years. Towards the end of last year, Sarah Haddon, publisher of Corporate Compliance Insights, started talking, and it came to life then. Once he had more thoughts and a vision, the book seemed to come together for him. Balfour said that the writing process was a lot of fun, so I also enjoyed that part of the experience. Equally importantly, as a first-time author, Sarah and her team made the process painless and enjoyable.

One of the key takeaways was the role of leaders in promoting ethics and compliance within organizations. Balfour highlighted the need for practical guidance to help leaders effectively navigate ethical dilemmas and ensure that their responsibilities are performed. He emphasized the importance of moving past the perception that ethics and compliance are solely about laws, rules, and regulations. Instead, Balfour suggested that the focus should be on helping guide employees with good intentions to achieve positive outcomes.

We also addressed the challenge of managing negative brand perceptions and humanizing compliance programs. Balfour acknowledged that compliance can sometimes put people in awkward positions, such as when dealing with gifts and entertainment. However, he encouraged organizations to lean into the awkwardness and guide employees on navigating these situations effectively.

One exciting idea that Balfour introduced was the use of pop culture in compliance training to make it more relatable and engaging. By incorporating elements from popular culture, organizations can create a more accessible and enjoyable learning experience for employees.

Balfour also discussed the importance of considering the impact on individuals when making decisions about ethics, compliance, and leadership. He emphasized that there are real human stories and experiences behind the data and metrics. It is crucial not to lose sight of the fact that people are involved and that their experiences can significantly impact their lives and well-being. By incorporating these human stories, Balfour believes that ethics and compliance become more relatable and meaningful to employees.

Balfour highlighted the value that a practical ethics and compliance program can bring to organizations. It goes beyond avoiding fines and penalties or negative headlines. An effective program can contribute to increased return on assets, fewer material lawsuits, and lower settlement amounts. Balfour compared ethics and compliance professionals to midfielders in soccer, playing a crucial role in defense and supporting the organization’s growth.

The book’s main text ends with Balfour calling for a change from a CCO designation to a Chief Purpose Officer. He explained that the concept is something he has been thinking about for some time. There are many different areas and organizations today that he believes are too siloed. He listed ESG, which I think is going through a lot of change and transformation right now. DEI and others, but he drove home the point that “it’s really how you think about what your organization’s purpose is and bringing those functions together under a Chief Purpose Officer.” Further, this Chief Purpose Officer “should have a central place in the C-Suite, helping ensure that the organization stays true to its stated purpose.

He called out Patagonia as an example of a company that is very committed to its purpose. Using the model of Patagonia, which does not have a designated Chief Purpose Officer, leading him to believe “it may not be necessary to create a standalone position.” But “in other organizations, having this idea of a Chief Purpose Officer that supports the CEO supports the CFO in delivering their results. It helps ensure that the organization truly obsesses about its purpose and conducts business correctly and appropriately.”

After the main text ends, Balfour includes excellent resources for every compliance professional. He listed out ways you can tell stories about successful ethical victories from your organization’s history; provides ethics questions and issues inspired by Star Wars; lists some raps and the basic laws of anti-trust; lays out the Speak Up Habit loop; lists specific tactics for bringing compliance into the employee interview process; informs us how Booth’s Law #2 applies to ethics and compliance; and details how to obtain a commitment from newly minted leaders in your organization.

Adam Balfour highlighted the importance of ethics, compliance, and leadership in organizations. Balfour emphasized the need for leaders to go beyond legal thinking and consider various aspects such as sales, marketing, and culture. The episode also highlighted the challenges associated with ethics and compliance, including addressing negative brand perceptions and navigating awkward situations. Organizations can create a more meaningful and effective approach to ethics and compliance by humanizing compliance programs and considering the impact on individuals. I hope you will purchase a copy of Ethics & Compliance for Humans and incorporate its concepts into your compliance program.

Check out Ethics & Compliance for Humans here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 15 – Leveraging AI in Compliance Investigations

The 2023 ECCP provided clear-cut criteria regarding effective compliance investigations. Unfortunately, many compliance teams fail to promptly substantiate most of the reports they investigate, partly due to their inability to quickly and easily find the evidence they need, especially about harassment and misconduct cases. He stated, “This doesn’t just demonstrate a fundamental lack of effectiveness from the DOJ’s perspective, but a long-term organizational risk that goes well beyond any individual allegation of misconduct.” The reason is not simply legal but also operational. If substantive allegations are indeed violations, they could continue, exacerbating the problem(s) and lengthening the time of legal liability.

All of this is particularly significant in light of the industry research that shows many compliance investigations today are unsubstantiated and can take over 40 days from start to finish. The ability of AI to find and analyze data from the web and social media in this automated fashion will be able to overcome some of those challenges in terms of length of time and overall scope of the investigation. Finally, always remember data preservation. The regulators always want to know if you have the documents and data tied down. This allows a company to have confidence in its papers and, in turn, can make such representations to regulators and prosecutors that the documents are secure. In other words, Document, Document, and Document. 

Three key takeaways:

  1. AI is an appropriate tool for supplementing investigations.
  2. AI can look at large bodies of social media data.
  3. AI can help you decrease your investigation length.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Blog

The Importance of Tailored Policies for Compliance and Risk Management

In compliance and risk management, one size does not fit all. Generic policies and procedures may seem convenient but can lead to compliance risks and potential harm. This is why the Securities and Exchange Commission (SEC) stresses the need for well-designed, tailored policies and procedures in areas such as anti-money laundering (AML) and cybersecurity.

In a recent “Compliance into the Weeds episode,” Tom Fox and Matt Kelly highlighted the importance of tailored policies for compliance, and risk management was discussed in detail. They discussed the case of Deutsche Bank, where the SEC imposed sanctions due to faulty policies. The bank had taken generic policies not specific to their mutual fund obligations and declared them their AML program. This cut-and-paste approach led to compliance risks and inconsistencies that caught the attention of regulators.

The case also serves as a reminder of the potential consequences of misleading marketing practices without proper procedures. The SEC sanctioned DWS $25 million for failures around ESG disclosures and a poor AML program. In both instances, faulty policies and procedures were identified as the root cause of the compliance failures.

The key takeaway from this case is that companies should conduct risk assessments and gap analyses to identify their specific needs and design appropriate policies. A good risk assessment is the foundation for crafting effective policies and procedures. It helps organizations understand their risks, evaluate their controls, and determine the necessary steps to mitigate them.

The impact on employees when designing policies and procedures should be considered. Simply copying and pasting language from regulations without considering the organization’s unique structure, technology, and transactions can lead to confusion and compliance risks. Employees need clear guidance on their duties and responsibilities; generic policies do not provide that clarity.

Compliance officers should create policies and procedures tailored to their organization’s needs and risks to avoid compliance risks and potential harm. Considering the organization’s specific circumstances, resources, and capabilities requires a thoughtful approach. It also requires regular risk assessments, gap analyses, and monitoring of policy effectiveness.

How to do so? The 2020 FCPA Resource Guide, 2nd edition, provided guidance. It stated, “When assessing a compliance program, DOJ and SEC will review whether the company Guiding Principles of Enforcement has taken steps to ensure that the Code of Conduct remains current and effective and whether a company has periodically reviewed and updated its Code.” [emphasis supplied] Some of the questions you should consider are:

  • When was the last time your policies and procedures were released or revised?
  • Have there been changes to your company’s internal controls since the last revision?
  • Have there been changes to relevant laws relating to a topic covered in your company’s policies and procedures?
  • Are any of the policies and procedures outdated?
  • What is the budget to create/revise your policies and procedures?

After considering these issues, you should benchmark your current policies and procedures against other companies in your industry. If you decide to move forward, I suggest a process that can be fully documented to include revisions to your compliance policies and procedures.

Get buy-in from the senior leadership of your company. Your company’s highest level must mandate revising compliance policies and procedures. The CEO, GC, CCO, or all three should demand this effort. Whoever gives the order should be consulted at every step of the revision process of the policies and procedures if it involves a change in the direction of key policies.

Establish a core policies and procedures revision committee. It would be best if you had a cross-functional working group that would be ideal to advance your effort to revise your compliance policies and procedures. This group should include representatives from the following departments: legal, compliance, communications, and HR; there should also be other functions that represent the company’s domestic and international business units. Finally, there should be functions within the company described, such as finance and accounting, IT, marketing, and sales.

From this large group, the topics can be assigned for initial drafting to functions based on their relevance or necessity. These functions would also solicit feedback from their functional peers and deliver a final, proposed draft to the Drafting Committee. You must establish a timetable for the revision process and hold representatives accountable for meeting their revisions.

Conduct a thorough technology assessment. The cornerstone of the revision process is how your company captures, collaborates, and preserves all the comments, notes, edits, and decisions during the entire project. In addition to using technology to revise your compliance policies and procedures, you should determine if they will be available in hard copy, online, or both. There must be a distribution plan, mainly if the Code and compliance policies and procedures are only available in hard copy.

Determine translations and localizations. The 2020 FCPA Resource Guide clarified that your compliance policies and procedures must be translated into the local language for your non-English speaking workforce. The key is that your employees have the same understanding of the compliance policies and procedures regardless of the language.

Develop a plan to communicate the revised policies and procedures. A rollout is always critical because the revised policies and procedures must be communicated to encourage employees to review and use the policies and procedures on an ongoing basis. Your company should use the whole armor of available tools to publicize the revised compliance policies and procedures. This can include a multi-media approach or handing out a copy to all employees at a designated time. You might consider having a company-wide compliance policies and procedures meeting where the new or revised documents are rolled out across the company all in one day. But remember, with all things compliance, the three most important aspects are “Document, Document, and Document.” However, when you deliver the new or revised policies and procedures, you must document that each employee received them.

Stay on target and budget. It would be best if you worked to set realistic expectations to stay on deadline and within your budget. This is equally applicable to your policies and procedures revision. Also, remember to keep a close watch on your budget so you do not exceed it.

These points are a valuable guide to not only thinking through how to determine if your policies and procedures need updating but also practical steps on how to tackle the problem. You should begin the process now if it has been more than five years since the last updates. It is far better to review and update if appropriate than wait for a massive FCPA investigation to go through the process.

There are tradeoffs involved in balancing different factors when designing policies and procedures. Compliance officers need to consider the organization’s staffing, technology, review processes, and the need for human intervention in automated systems. Insufficient resources and inconsistent procedures can lead to compliance gaps and backlogs, increasing the organization’s exposure to compliance risks.

In conclusion, the importance of tailored policies for compliance and risk management cannot be overstated. Generic policies may seem like a quick fix, but they can lead to significant compliance risks and harm. Compliance officers should conduct risk assessments, identify specific needs, and design policies and procedures that address those needs. Employee understanding and guidance are crucial, and policies should be regularly assessed, monitored, and updated as necessary. By taking a tailored approach to compliance and risk management, organizations can minimize their exposure to compliance risks and protect themselves from potential harm.

Categories
31 Days to More Effective Compliance Programs

One Month to A More Effective Compliance Program Through Innovation: Day 14 – Creating an Inventory of Metrics

The 2023 ECCP not only continued to emphasize the importance of monitoring and testing the effectiveness of a compliance program, but it spoke more about a Chief Compliance Officer (CCO) and compliance function utilizing data to engage in continuous monitoring and continuous improvement. For some time, the DOJ has stressed the importance of leveraging data to have objective evidence around whether or not a compliance program is working effectively. Yet, as many CCOs are legally trained, they are still determining what specific areas to consider in establishing quantifiable metrics to monitor for effectiveness.

A methodical review of the 2023 ECCP to identify the different areas where a company could establish and quantify metrics to assess effectiveness is the place to start. Many companies have what Edwards called “metrics on the basics” and noted they “have in place processes whereby their employees review the Code of Conduct and confirm they comply with it either when they first onboard with the company and then periodically on an annual basis, companies are doing just fine at reporting.” But it is now the barest minimum of what compliance professionals must do. For instance, they could consider Quote To Cash (QTC) lifecycles or Procure To Pay (P2P). The key starts with a documented process that can be audited and built from there.


Three key takeaways:

  1. Create an inventory of compliance metrics.
  2. Create your metrics based on the 2023 ECCP.
  3. Use these metrics for continuous monitoring and improvement.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 13 – Consistency as a Compliance Best Practice

The 2023 ECCP emphasized the need for the corporate compliance function to ensure consistency and fairness in monitoring investigations and the resulting discipline. One of the ways the 2020 Update emphasized this was through tracking the investigations and the discipline that may come out of any investigation. Companies’ challenges are that facts and circumstances are always different in every investigation. This makes it sometimes difficult, but if companies treat employees of one country differently in terms of discipline, it does create potential gaps in a compliance program. This can give certain countries a feeling that they can do what they want without the risk of punishment from corporate headquarters. This is why the DOJ re-emphasized monitoring the investigations and ensuring consistent application of discipline as a critical factor in providing an effective compliance program.

The FCPA Resource Guide, 2nd edition, added a new hallmark to the previously titled 10 Hallmarks of an Effective Compliance Program (now it is simply the Hallmarks). The Hallmark added was one that has been around for some time: Root Cause Analysis (RCA). It is familiar because it was subtly considered in the original FCPA Resource Guide and explicitly discussed since at least the original formulation of the Evaluation of Corporate Compliance Programs in February 2017.

The focus on consistency is insightful and instructive as a key element of a best practices compliance program. Consistency forms the basis of both institutional justice and institutional fairness. That, in turn, facilitates a speak-up culture, which is the role of the compliance department to foster.

Three key takeaways:

  1. Consistency is a key part of any compliance program.
  2. Consistency forms the basis of both institutional justice and institutional fairness.
  3. Consistency facilitates a speak-up culture.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Data Driven Compliance

Data Driven Compliance: The Transformative Potential of AI in Compliance Investigations

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation about the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, Tom takes a solo turn to consider using AI to facilitate compliance investigations.

The advent of artificial intelligence (AI) is revolutionizing the landscape of legal and compliance investigations, enhancing substantiation rates, expediting case closure times, and preserving crucial evidence. Tom Fox, a seasoned expert in the field, firmly believes in the transformative potential of AI in this domain. He posits that AI can significantly improve regulatory compliance by enhancing substantiation rates, shortening case closure times, and preserving key evidence. Fox’s perspective is shaped by the current challenges initially posed by the COVID-19 pandemic, which made traditional methods of internal interviews and company data analysis less feasible, and those challenges coming out of the pandemic.

He advocates using AI technology to search unstructured web and social media data, leading to more efficient and conclusive investigations. Furthermore, he underscores the importance of data preservation and the ability of AI to analyze large volumes of social media data, thereby reducing investigation length and promoting fair institutional justice. Join Tom Fox in this episode as he delves deeper into this fascinating topic.

Highlights Include:

  • Leveraging AI for Efficient Compliance Investigations
  • The need for speed
  • Enhancing Compliance Investigations with AI-Based Data Preservation

 Resources: 

Tom Fox 

Connect with me on the following sites:

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Innovation in Compliance

Innovation in Compliance – Tyler Barron on Streamlining Banking Compliance

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Tyler Barron, Chief Revenue Officer at Encapture, who visits with me about innovation in banking compliance.

Encapture is a machine learning platform streamlining back-office processes for banks and lenders, particularly compliance and data reporting. Using document automation and machine learning, Encapture improves efficiency and reduces risk in the document lifecycle. The platform ensures accurate data submission to regulatory authorities and provides audit trails for regulatory purposes. Internal referrals are a powerful marketing tool that allows for an easier transition into becoming an approved supplier. The future of banking compliance lies in bringing intentional insight and value to financial institutions. Encapture aims to deliver year-over-year value and be seen as mission-critical to its client’s businesses. With increasing regulatory pressure, the need for efficient technologies like Encapture’s will continue to grow.

  • Encapture: Streamlining Document Lifecycle
  • Encapture platform: Providing audit trails for compliance
  • Internal Referrals
  • The Future of Banking Compliance
  • Simplifying Compliance for Banks

Resources

Tyler Barron on LinkedIn

EnCapture

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Promoting Corporate Ethics Through Engaging Year-Round Activities

Corporate Compliance and Ethics Week will be held from November 5-11, 2023. It is designed to celebrate the compliance function in the corporate world. While many companies celebrate Corporate Compliance and Ethics Week as an annual event to raise awareness about these important topics, the philosophy behind it should be applied throughout the year and in a recent episode of the podcast “Creativity and Compliance” hosted by Tom Fox and Ronnie Feldman, discussed not only the significance of this week but equally significant, the importance of engaging year-round activities in promoting corporate ethics.

One of the key takeaways was the recognition that compliance programs often limit themselves to being fun and interesting only during Compliance Week. Ronnie highlighted the irony of this approach. He questioned why companies would only focus on engaging activities once a year when they inherently recognize that fun and exciting initiatives can have a lasting impact on compliance efforts. Feldman emphasized that the philosophy behind Compliance Week should be applied consistently throughout the year.

Engaging in year-round activities can take various forms. One approach Ronnie discussed is using creative methods such as talk shows, game shows, and workshops. These activities can make compliance more enjoyable and memorable for employees, fostering a culture of ethics and integrity. For example, Feldman shared an example of a client, an Insulin device company, that created a talk show called “Ethically Speaking with Your Host Sugar Levels.” This show allowed the compliance team to be interviewed in a fun and witty manner, making the subject of ethics more approachable and relatable.

Art exhibits were also discussed as a unique way to explore and discuss ethics and integrity. Progressive Insurance, for instance, organized an art exhibit where each piece of art had a tie-in to ethics and integrity. This approach allowed employees to engage with the subject matter more nuanced and thought-provokingly. Bringing art and ethics sparked meaningful conversations, promoting a deeper understanding of ethical principles.

Another exciting suggestion made in the episode was assigning compliance projects to millennials. This approach brings a fresh perspective and better engages a younger audience with different expectations and preferences regarding compliance efforts. By involving millennials in compliance initiatives, companies can tap into their creativity and innovative thinking, making compliance activities more relevant and impactful.

However, it is essential to consider the tradeoffs and challenges associated with engaging in year-round activities for promoting corporate ethics. Budget constraints, time limitations, and the need for continuous innovation can pose challenges for compliance professionals. They are finding the right balance between engaging activities and the practicalities of running a compliance program.

Ultimately, the impact of engaging year-round activities on promoting corporate ethics cannot be underestimated. Compliance programs can have a cultural impact on the entire organization if they are fun, engaging, thoughtful, empathetic, and do not waste people’s time. By investing time and effort into creative and exciting initiatives, companies can create a positive compliance culture that resonates with employees at all levels.

In conclusion, promoting corporate ethics through engaging year-round activities is a powerful approach to fostering a culture of integrity and compliance. Compliance programs should not limit themselves to being fun and exciting only during Compliance Week but should embrace the philosophy behind it throughout the year. Companies can make compliance more enjoyable, memorable, and relevant by using creative methods, such as talk shows, game shows, workshops, and art exhibits. Assigning compliance projects to millennials can bring a fresh perspective and engage a younger audience better. While challenges and tradeoffs may be involved, the long-term benefits of hiring year-round activities in promoting corporate ethics are worth the investment.

Check out the full Corporate Compliance Week 2023 episode with Tom Fox and Ronnie Feldman on Creativity and Compliance here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 12 – A Seat at the Table

Going into the 2020s and beyond, a corporate compliance function must be integral to your business strategy. One of the key reasons is that the ever-important debate of compliance as a cost center will become more critical in the future in this decade. If compliance programs are ineffective, enforcement actions will continue to be highly costly. Over the last 10 years, there has been an increasing impact on the business where you must have compliance resources focused on remediation and business resources. This has only grown greater with reputational risks amplified by social media.

This is because as significant (and costly) as these regulatory fines and penalties have been, it is the intangible reputational damage that, in the long run, maybe even more expensive. Multiple stakeholders who might not desire to play out on the risk curve might be at higher risk, located in higher jurisdictions, or operating in higher-risk industries. Further, there are other consequential impacts if compliance does not have a seat at the table. Suppose compliance has a seat at the table. In that case, there can be some leeway for compliance officers and firms to figure out how best to roll out a compliance program that is commensurate with the organization’s risk and compliant with the regulations. If compliance is relegated to the back of the (corporate) bus, there will be little chance to do so.

Three key takeaways:

  1. It will be even more important for compliance to sit at the table in the future.
  2. Look for synergies with other types of compliance.
  3. Such synergies can be a big cost savings.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 11 – Compliance Innovation Through KPIs

Measuring your compliance program’s effectiveness will be a critical criterion going forward. One of the mechanisms to do so is through Key Performance Indicators (KPIs). If you have been working towards your stated goals and reporting success, KPIs are critical in showing compliance program success or failure. And while specific requirements for this kind of reporting have been hotly debated in the industry for some time, KPIs are a regulatory requirement. Your KPIs will be specific and unique to your company and its business. Couple this with what goals you are trying to achieve as a whole as a compliance program, and you will see there is no set list of these metrics.

KPIs provide yet another mechanism for you to monitor and update your compliance program almost continuously. KPIs can be extremely low in cost and, therefore, something you can put in place without much approval from higher-ups in your organization that you might have to go to for budget approval. Finally, innovation can come in many ways. ComTech can be a huge jump forward. But sometimes innovation can occur at much less cost and a much more granular level. KPIs can be such a mechanism for you.

Three key takeaways:

  1. KPIs will be critical to assess a compliance program going forward.
  2. Set your KPIs.
  3. Decide on how to use KPIs and the blueprint for going forward.

For more information, check out The Compliance Handbook, 4th edition, here.