Tag: compliance

Categories
Innovation in Compliance

Operationalizing Compliance: Part 5-Overwhelmed, yet? with Taylor Edwards

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In our Part 5 conclusion, I am joined by Taylor Edwards to discuss how compliance professionals can prevent from being overwhelmed by all of ‘this’.

Highlights from this episode include:

·      Unpack your program through critical examination.

·      Know your history and understand how you got where you are.

·      Face data but do not be paralyzed by it. .

·      It’s about being real and accountable.

For more information go to TheBroadcat.com

Categories
Blog

Operationalizing Compliance: Part 5-Overwhelmed, yet?

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I have visited with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In our Part 5 conclusion, I am joined by Taylor Edwards to discuss how compliance professionals can prevent from being overwhelmed by all of ‘this’.

Compliance professionals can be overwhelmed by all the information coming out of the regulators such as the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). In 2022, this included the Monaco Memo and several major Foreign Corrupt Practices Act (FCPA) enforcement actions. Edwards suggested starting from the position of “how does that apply to me?” From there you can “get real with yourself about where things may not be perfect, but also provide insights into where you can start to work on your program.” He added that the key is “recognizing that it’s OK not to have a perfect program.” What the DOJ wants is for you to assess your own program, spot the weaknesses, rank them and then remediate your ranked list going forward. Edwards concluded; you should determine “what’s the next one thing I can work on? Sometimes it’s a matter of taking small baby steps, but just recognizing that there are needed to be taken.”

One of the key components of the Monaco Memo was the cementing of corporate culture as a factor the DOJ would evaluate in any enforcement action. This formalized the remarks made by Deputy Attorney General Monaco in October 2021. Edwards maintains that a “big aspect of this is the listening function of an organization.” He will often engage a client with the questions about listening, “Have you done any listening within the organization? Have you surveyed, have you had a focus group? Have you had some kind of forum for employees? Have you gathered or crowdsourced any of that from within the organization?”

Unfortunately, that answer is often no. Edwards believes that if you recognize the need to understand and to work within the landscape of your company culture, you must  accept the fact you will be required to do a better job of getting out into the business and understanding what the culture looks like outside of the corporate compliance office. He added, “listening plays a huge role.” Having conversations “across different parts of the business help inform not only your understanding of the culture, but then how you can go in and influence it for the better, influence it to be more ethical and compliant.”

We then turned to the DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs mandates around risk assessments, which move from biennial or even annual risk assessments to risk assessments when your risks change. This is a key area where compliance professionals often feel overwhelmed. Here Edwards suggested taking ‘bite sized or small chunks” to improve your program. Edwards pointed to training as the DOJ has moved far beyond the prior metric of completion rates.  He said, “if you are focused on a 100% completion rate and that is the outcome you’re trying to achieve, then your focus will be on a Learning Management Systems tool that allows you to easily assign modules to a 100% of your workforce. However, if the outcome you are really focused on is compliance, good behavior, making sure that laws and regulations do not get breached, then your focus should be how do I influence behavior as opposed to having a hundred percent completion rate?”

This means you need to emphasize the behavioral element. You can start to do things like “monitoring, which can seem overwhelming for a lot of groups, and it typically gets underinvested in.” But if your focus is on the prevention aspect, then you need to “go out there and see what people are doing wrong currently so you can an address it and stop it.” This can be down with a process mindset; “on a risk-by-risk basis, on a task-by-task basis or a on a process-by-process basis where you peel back the onions of the organization to see if there are any potential pitfalls in our current process.”

The bottom line is there are a variety of approaches you can take to move your program forward. The key is to identify your program weaknesses and begin the remediation process.

For more information go to TheBroadcat.com

Categories
31 Days to More Effective Compliance Programs

Day 26 – Compliance Function in an Organization

The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, the 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.” The Monaco Memo and 2023 changes to the Corporate Enforcement Policy have made this all the more critical going forward.

This Hallmark was significantly expanded in the FCPA Corporate Enforcement Policy and 2020 Update. In the FCPA Corporate Enforcement Policy, the DOJ listed the following as factors relating to a corporate compliance function that it would consider as indicia of an effective compliance and ethics program: 1) the resources the company has dedicated to compliance; 2) the quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; 3) the authority and independence of the compliance function and the availability of compliance expertise to the board; 4) the compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and 5) the reporting structure of any compliance personnel employed or contracted by the company.

The 2020 Update, Monaco Memo, and 2023 update to the Corporate Enforcement Policy all demonstrate the continued evolution in the thinking of the DOJ around the corporate compliance function. Their articulated inquiries can only strengthen a corporate compliance function specifically; and the compliance profession more generally. The more the DOJ talks about the independence of the compliance function, coupled with resources being made available and authority concomitant with the corporate compliance function, the more corporations will see it is directly in their interest to provide the resources, authority, and gravitas to compliance position in their organizations.

Three key takeaways:

  1. How is compliance treated in the budget process?
  2. Has your compliance function had any decisions overridden by senior management?
  3. Beware of compliance outsourcing, as any such contractor must have access to company documents and personnel.
Categories
31 Days to More Effective Compliance Programs

Day 25 – CCO Authority and Independence

The role of the CCO has steadily grown in stature and prestige over the years. The 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, focused on whether the CCO held senior management status and had a direct reporting line to the Board. The new requirement for CCO certification has only emphasized this reality.

This Hallmark was significantly expanded in the 2020 Update and the FCPA Corporate Enforcement Policy. And in so doing, the DOJ has increased the prestige, authority, and role of the CCO and corporate compliance function. The 2020 Update has five general areas of inquiry around the CCO and corporate compliance function. (1) How do the CCO’s salary and stature compare to other senior executives within the company? (2) What are the experience and stature of the CCO with an organization? Does the CCO have appropriate training for the role? (3) How much autonomy does the CCO have to report to the Board of Directors? How often does the CCO meet with directors? Are members of the senior management present for these meetings with the Board of Directors or the Audit Committee? (4) What is your structure? Is the compliance function run by a designated chief compliance officer or another executive within the company, and does that person have other roles? (5) Is data in your organization so siloed that the CCO does not have access to it? If so, what are you doing about it?

Once again, for the compliance professional, the FCPA Corporate Enforcement Policy and 2020 Update make the importance of a best practices compliance program even more critical. The DOJ focuses more on the role, expertise, and how the compliance function is treated within an organization. Pay your CCO considerably less than your GC. You may now better be able to justify that discrepancy. You may be starting behind the eight-ball if you have a legal department budget of $3 million and a compliance department budget of $500,000.

Three key takeaways:

  1. How can you show the CCO has a seat at the senior executive table?
  2. What are the professional qualifications of your CCO?
  3. Does your CCO have true independence to report directly to the Board of Directors?
Categories
Innovation in Compliance

Operationalizing Compliance: Part 3 – Jaycee Dempsey on Operationalizing Compliance

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 3, I am joined by Jaycee Dempsey to discuss operationalizing your compliance program through employee engagement and participation.

Highlights from this episode include:

·      Compliance is a team sport.

·      The DOJ pronouncements on clawbacks put pressure on senior management.

·      Middle managers are where the rubber meets the road.

·      Document Document Document

For more information, go to TheBroadcat.com

Categories
Great Women in Compliance

Kerry Sorvino – A Wealth of Experience

Axiom is a company that outsources legal and compliance professionals to client companies to help them with temporary cover – essentially a placements of secondments.  Kerry Sorvino works with Axiom and Mary, who has always been curious about Axiom, took the opportunity to find out what this working arrangement is like.

They journey to earlier on in Kerry’s career before Compliance as an employment law professional and how that background and skillset lends well to Compliance.  Kerry’s wheelhouse now is life sciences and she shares particular risks for Compliance Officers working in that industry.

 Listen in as well for what Kerry advises Compliance Officers should be thinking strategically about at the moment and she shares her favorite motivational quote.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

Operationalizing Compliance: Part 3-Jaycee Dempsey on Operationalizing Compliance

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 3, I am joined by Jaycee Dempsey to discuss operationalizing your compliance program through employee engagement and participation.

We began with break down what operationalizing compliance. Dempsey said it’s “making compliance training not something that is done on a one-time basis, on a routine basis like once a year, but rather something that is integrated into the day-to-day work for all your employees. It means that you are training them on what they actually are doing that creates or mitigates risk versus compliance concepts generally.”

From there she had the most interesting insight that compliance at its most basic is a “team sport.” As a compliance professional or even compliance function “you can’t be everywhere at once, nor should you be. You need to engage your employees. You have to speak the language of the business, because that’s what gets you the seat at the table.” She also believes that business executives have an important role to play as their “attitude towards compliance trickles down to the rest of the organization and that your employees are looking up to them. If your leadership is not talking about ethics and compliance regularly, it will affect the entire culture of the organization no matter what you’re trying to do in the compliance team.” This means you “need to have them on board and they also need reminding of their role in operationalizing compliance.”

As important as your senior leaders are and their role in compliance, Dempsey believes middle managers “may be even more impactful than your C-Suite.” As a compliance practitioner you must make “sure that you’re reaching out to them as well.” But once again it is giving middle managers the tools, training and communications to be effective as the first point of contact for many employees who wish to speak up and raise a concern.

But in addition to being an initial point of contact for employees who want to speak up, middle managers are the folks that are engaging day-to-day with their teams. Middle managers make decisions on raises, promotions, what projects their people are on. A middle manager is often the position that is the next step in an employee’s career ladder. This means that employees are “paying very close attention to the way that their manager acts, the things that they say and the way that they think up.” Dempsey had the insight that “middle managers are a living, breathing, real life example of what the organization promotes, no matter what’s said on paper.” This means that in many ways “they’re also key to operationalizing compliance.”

Many compliance professional do not think of our employees as customers. Dempsey believes a compliance function should do so “because essentially your role is like an internal marketing agency. You’re trying to influence behavior.” It is also about “making actual meaningful change in the way that people do their jobs, while making sure that you are reducing risk.” This means a compliance function should be focused on “delivering guidance at that moment when they need it with very concrete steps, be in a position you can provide them with information on what you need to do to be successful in your position.”

Another insight Dempsey had from marketing is the term “seven different ways, seven different times.” This is not simply “copying and pasting the same message over and over.” It is “thinking through the different ways that you can message your employees what is available to you.” It can be a variety of strategies and tactics. It can be internal social media, “utilizing those flat panels that are in break rooms, in front of elevators or near the cafeteria or simply pushing out screensavers on everyone’s computer, with those quick reminders or a desktop shortcut to your reporting hotline.” It can also be more old school such as “emails from the compliance team from leaders and your middle managers.” Finally, “embedding checklists and decision trees and into your processes and making sure that you’re providing toolkits to your managers and leaders for discussion-based training is a key for documentation.”

Join us in Part 4 where we look at effectiveness, redux.

For more information go to TheBroadcat.com

Categories
31 Days to More Effective Compliance Programs

Day 24 – Updates and Feedback

One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report, or any other manner, to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to address issues. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage.

These ongoing efforts demonstrate that your company is serious about compliance.

It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following the intentions set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement by using the following:

  • Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
  • Design an execution plan. The KISS method (Keep it Simple, Sir) is the best to move forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
  • Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
  • Schedule the next review of the plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.

Continuous monitoring is a key step, but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program.

Three key takeaways:

  1. Innovation can come through a new way of thinking about and using data.
  2. Have the plan to use the information garnered in your monitoring incorporated into your compliance program.
  3. Always remember that Document Document Document is critical if the regulators come knocking.
Categories
Innovation in Compliance

Operationalizing Compliance: Part 2 – Compliance Program Design Jennifer May and Xinia Pirkey

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 2, I am joined by Jennifer May and Xinia Pirkey to consider your compliance program design.

Highlights from this episode include:

·      Your communications should resonate with your employees.

·      Aesthetic draws an employee in, but content grabs their attention.

·      Clarity and relevance are key elements.

·      Document Document Document

For more information, go to TheBroadcat.com

Categories
Blog

Operationalizing Compliance: Part 2-Compliance Program Design

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 2, I am joined by Jennifer May and Xinia Pirkey to consider your compliance program design.

May began that the key is relevance and clarity. If your training or communication is not relevant, it really does not “matter how perfect the design is or even how perfect the message is, if it is being shared with someone that’s the wrong person, it will fall flat”. In other words, your compliance team is “just wasting time blanketing the entire workplace with some piece of information that does not apply to most of them.” Regarding clarity, she said, “If you are not clear about what it is you want them to do, what the behavior is that you are trying to achieve, you will lose their attention there as well.” All of this can lead to wasted time for your employees and wasted effort for your compliance team, “potentially even starting to lose some credibility.”

Pirkey is a design professional so comes at these issues from a different perspective from May or myself. Pirkey said, “we use design, from my point of view, to leverage the content to be on point to the audience that will receive it.” As a design professional, you must always consider the user experience so “we have to think about the users and who we are trying to target.” She added,  “As a designer, I come in and I try to interpret the content and I try to interpret as much as I can and ask the questions, such as “Who is this for? What am I trying to say? How do I want them to read this step by step?” You must always be cognizant not only about the audience, but also how we are projecting to them.”

Next, we considered how effective content can create credibility for your compliance function or conversely, ineffective content can demean your compliance function credibility. Pirkey began by noting that it is all about content, intoning, “we start with content.” Interestingly, she said that “a lot of times this means that we’ve come up with a format, whether it is a decision tree, an infographic, a written piece of content or other; and it is in a manner we can project it as job aid to our audience.” She also noted that conversely, there are times “we have to go back to the drawing board and decide, OK, this does not work as a decision tree. We need to think about a different format, a contrast example, or another approach.”

We closed with a discussion of the ‘secret sauce’ to creating great compliance communications tools. May believes it “is that back and forth and the community of diverse voices that we have, because we all have such unique experiences in our professional backgrounds.” When you couple this with the intent and “focus on trying to help organizations make these communications as simple, easy, straightforward” you can begin to achieve great compliance messaging. “Blending these approaches, the design method, thinking in that way, being collaborative with each other, being open with each other, and then doing that same thing on the backside with our clients too; that is the secret sauce. That’s the thing that makes Broadcat successful and a really awesome place to work with and work for.”

Join us in Part 3 where we look at operationalization.

For more information go to TheBroadcast.com