Categories
31 Days to More Effective Compliance Programs

Day 25 – CCO Authority and Independence

The role of the CCO has steadily grown in stature and prestige over the years. The 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, focused on whether the CCO held senior management status and had a direct reporting line to the Board. The new requirement for CCO certification has only emphasized this reality.

This Hallmark was significantly expanded in the 2020 Update and the FCPA Corporate Enforcement Policy. And in so doing, the DOJ has increased the prestige, authority, and role of the CCO and corporate compliance function. The 2020 Update has five general areas of inquiry around the CCO and corporate compliance function. (1) How do the CCO’s salary and stature compare to other senior executives within the company? (2) What are the experience and stature of the CCO with an organization? Does the CCO have appropriate training for the role? (3) How much autonomy does the CCO have to report to the Board of Directors? How often does the CCO meet with directors? Are members of the senior management present for these meetings with the Board of Directors or the Audit Committee? (4) What is your structure? Is the compliance function run by a designated chief compliance officer or another executive within the company, and does that person have other roles? (5) Is data in your organization so siloed that the CCO does not have access to it? If so, what are you doing about it?

Once again, for the compliance professional, the FCPA Corporate Enforcement Policy and 2020 Update make the importance of a best practices compliance program even more critical. The DOJ focuses more on the role, expertise, and how the compliance function is treated within an organization. Pay your CCO considerably less than your GC. You may now better be able to justify that discrepancy. You may be starting behind the eight-ball if you have a legal department budget of $3 million and a compliance department budget of $500,000.

Three key takeaways:

  1. How can you show the CCO has a seat at the senior executive table?
  2. What are the professional qualifications of your CCO?
  3. Does your CCO have true independence to report directly to the Board of Directors?
Categories
Innovation in Compliance

Operationalizing Compliance: Part 3 – Jaycee Dempsey on Operationalizing Compliance

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 3, I am joined by Jaycee Dempsey to discuss operationalizing your compliance program through employee engagement and participation.

Highlights from this episode include:

·      Compliance is a team sport.

·      The DOJ pronouncements on clawbacks put pressure on senior management.

·      Middle managers are where the rubber meets the road.

·      Document Document Document

For more information, go to TheBroadcat.com

Categories
Great Women in Compliance

Kerry Sorvino – A Wealth of Experience

Axiom is a company that outsources legal and compliance professionals to client companies to help them with temporary cover – essentially a placements of secondments.  Kerry Sorvino works with Axiom and Mary, who has always been curious about Axiom, took the opportunity to find out what this working arrangement is like.

They journey to earlier on in Kerry’s career before Compliance as an employment law professional and how that background and skillset lends well to Compliance.  Kerry’s wheelhouse now is life sciences and she shares particular risks for Compliance Officers working in that industry.

 Listen in as well for what Kerry advises Compliance Officers should be thinking strategically about at the moment and she shares her favorite motivational quote.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

Operationalizing Compliance: Part 3-Jaycee Dempsey on Operationalizing Compliance

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 3, I am joined by Jaycee Dempsey to discuss operationalizing your compliance program through employee engagement and participation.

We began with break down what operationalizing compliance. Dempsey said it’s “making compliance training not something that is done on a one-time basis, on a routine basis like once a year, but rather something that is integrated into the day-to-day work for all your employees. It means that you are training them on what they actually are doing that creates or mitigates risk versus compliance concepts generally.”

From there she had the most interesting insight that compliance at its most basic is a “team sport.” As a compliance professional or even compliance function “you can’t be everywhere at once, nor should you be. You need to engage your employees. You have to speak the language of the business, because that’s what gets you the seat at the table.” She also believes that business executives have an important role to play as their “attitude towards compliance trickles down to the rest of the organization and that your employees are looking up to them. If your leadership is not talking about ethics and compliance regularly, it will affect the entire culture of the organization no matter what you’re trying to do in the compliance team.” This means you “need to have them on board and they also need reminding of their role in operationalizing compliance.”

As important as your senior leaders are and their role in compliance, Dempsey believes middle managers “may be even more impactful than your C-Suite.” As a compliance practitioner you must make “sure that you’re reaching out to them as well.” But once again it is giving middle managers the tools, training and communications to be effective as the first point of contact for many employees who wish to speak up and raise a concern.

But in addition to being an initial point of contact for employees who want to speak up, middle managers are the folks that are engaging day-to-day with their teams. Middle managers make decisions on raises, promotions, what projects their people are on. A middle manager is often the position that is the next step in an employee’s career ladder. This means that employees are “paying very close attention to the way that their manager acts, the things that they say and the way that they think up.” Dempsey had the insight that “middle managers are a living, breathing, real life example of what the organization promotes, no matter what’s said on paper.” This means that in many ways “they’re also key to operationalizing compliance.”

Many compliance professional do not think of our employees as customers. Dempsey believes a compliance function should do so “because essentially your role is like an internal marketing agency. You’re trying to influence behavior.” It is also about “making actual meaningful change in the way that people do their jobs, while making sure that you are reducing risk.” This means a compliance function should be focused on “delivering guidance at that moment when they need it with very concrete steps, be in a position you can provide them with information on what you need to do to be successful in your position.”

Another insight Dempsey had from marketing is the term “seven different ways, seven different times.” This is not simply “copying and pasting the same message over and over.” It is “thinking through the different ways that you can message your employees what is available to you.” It can be a variety of strategies and tactics. It can be internal social media, “utilizing those flat panels that are in break rooms, in front of elevators or near the cafeteria or simply pushing out screensavers on everyone’s computer, with those quick reminders or a desktop shortcut to your reporting hotline.” It can also be more old school such as “emails from the compliance team from leaders and your middle managers.” Finally, “embedding checklists and decision trees and into your processes and making sure that you’re providing toolkits to your managers and leaders for discussion-based training is a key for documentation.”

Join us in Part 4 where we look at effectiveness, redux.

For more information go to TheBroadcat.com

Categories
31 Days to More Effective Compliance Programs

Day 24 – Updates and Feedback

One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report, or any other manner, to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to address issues. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage.

These ongoing efforts demonstrate that your company is serious about compliance.

It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following the intentions set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement by using the following:

  • Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
  • Design an execution plan. The KISS method (Keep it Simple, Sir) is the best to move forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
  • Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
  • Schedule the next review of the plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.

Continuous monitoring is a key step, but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program.

Three key takeaways:

  1. Innovation can come through a new way of thinking about and using data.
  2. Have the plan to use the information garnered in your monitoring incorporated into your compliance program.
  3. Always remember that Document Document Document is critical if the regulators come knocking.
Categories
Innovation in Compliance

Operationalizing Compliance: Part 2 – Compliance Program Design Jennifer May and Xinia Pirkey

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 2, I am joined by Jennifer May and Xinia Pirkey to consider your compliance program design.

Highlights from this episode include:

·      Your communications should resonate with your employees.

·      Aesthetic draws an employee in, but content grabs their attention.

·      Clarity and relevance are key elements.

·      Document Document Document

For more information, go to TheBroadcat.com

Categories
Blog

Operationalizing Compliance: Part 2-Compliance Program Design

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 2, I am joined by Jennifer May and Xinia Pirkey to consider your compliance program design.

May began that the key is relevance and clarity. If your training or communication is not relevant, it really does not “matter how perfect the design is or even how perfect the message is, if it is being shared with someone that’s the wrong person, it will fall flat”. In other words, your compliance team is “just wasting time blanketing the entire workplace with some piece of information that does not apply to most of them.” Regarding clarity, she said, “If you are not clear about what it is you want them to do, what the behavior is that you are trying to achieve, you will lose their attention there as well.” All of this can lead to wasted time for your employees and wasted effort for your compliance team, “potentially even starting to lose some credibility.”

Pirkey is a design professional so comes at these issues from a different perspective from May or myself. Pirkey said, “we use design, from my point of view, to leverage the content to be on point to the audience that will receive it.” As a design professional, you must always consider the user experience so “we have to think about the users and who we are trying to target.” She added,  “As a designer, I come in and I try to interpret the content and I try to interpret as much as I can and ask the questions, such as “Who is this for? What am I trying to say? How do I want them to read this step by step?” You must always be cognizant not only about the audience, but also how we are projecting to them.”

Next, we considered how effective content can create credibility for your compliance function or conversely, ineffective content can demean your compliance function credibility. Pirkey began by noting that it is all about content, intoning, “we start with content.” Interestingly, she said that “a lot of times this means that we’ve come up with a format, whether it is a decision tree, an infographic, a written piece of content or other; and it is in a manner we can project it as job aid to our audience.” She also noted that conversely, there are times “we have to go back to the drawing board and decide, OK, this does not work as a decision tree. We need to think about a different format, a contrast example, or another approach.”

We closed with a discussion of the ‘secret sauce’ to creating great compliance communications tools. May believes it “is that back and forth and the community of diverse voices that we have, because we all have such unique experiences in our professional backgrounds.” When you couple this with the intent and “focus on trying to help organizations make these communications as simple, easy, straightforward” you can begin to achieve great compliance messaging. “Blending these approaches, the design method, thinking in that way, being collaborative with each other, being open with each other, and then doing that same thing on the backside with our clients too; that is the secret sauce. That’s the thing that makes Broadcat successful and a really awesome place to work with and work for.”

Join us in Part 3 where we look at operationalization.

For more information go to TheBroadcast.com

Categories
Innovation in Compliance

Operationalizing Compliance: Part 1 – Compliance Program Effectiveness Jennifer May

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. We consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 1, I am joined by Jennifer May to consider compliance program effectiveness.

Highlights from this episode include:

·      What is and is not effective?

·      Identify silos and work through them.

·      Compliance is not a closed-book test.

·      Document Document Document

For more information, go to TheBroadcat.com

Categories
FCPA Compliance Report

Tom Fox and Mike Volkov with the 2022 Year in Review for the FCPA, Part 2

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Mike Volkov, founder of the Volkov Law Group. We conclude with Part 2, looking back on the year 2022 in FCPA and Compliance. We consider the Monaco Memo, the key cases, and some of the important issues which arose in 2022 and how they might impact compliance in 2023.

In this episode, we consider the following:

·      Building trust and credibility in the investigative process

·      The ABB FCPA enforcement action

·      The Honeywell FCPA enforcement action

·      Why the heat is on compliance after the Monaco Memo

·      Corporate incentives and discipline, including clawbacks

·      The Glencore FCPA enforcement action and CCO Certification

Resources

Mike Volkov on LinkedIn

The Volkov Law Group

Categories
Blog

Operationalizing Compliance: Part 1 – Compliance Program Effectiveness

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 1, I am joined by Jennifer May to consider what is compliance program effectiveness.

We began with one of the most well-worn words in compliance that still challenges compliance professionals, that being ‘effectiveness’. May said that it is not about getting a hundred percent completion on some sort of training module, which unfortunately in many ways has become the benchmark or the metric used. Instead, it is about getting information to individuals so you can get the right outcomes. Effectiveness is not represented by clicks but rather it is about outcomes.

You should start by identifying your highest risk activities. Begin by asking questions, which might include “Are you having good (or bad) outcomes when it comes to those risky activities? And if you’re not, why are you not? Do your employees understand what it is that they are supposed to be doing and when they are supposed to be doing it? What are those behaviors and the outcomes that we want to change or need to change to get to the appropriate outcomes?”

By asking such questions and delivering training and communications on those topics and areas, you begin to see a shift in people. It is not about a click; the result is compliant behavior. Shifting the focus and conversation to what those outcomes are allows you to start thinking about training in a different way and you can start to see how effectiveness can begin to be impacted by solid training that focuses on outcomes.

May analogized it to a closed-book or open-book test. She does not believe employees should think of compliance as a “closed-book test.” Compliant behavior is not something that you should keep behind a curtain. Your information should be out there and available to any employee who needs it in the moment that they need it. If there is a risk to manage; that is when they will need it. But if your employees need such information “the next time and the next time, and every time subsequent to that, then that’s okay too. There’s no reason why keeping that compliance information hidden or keeping it locked away and making them remember it is going to make them more effective or, more appropriately, compliant in their behaviors. Providing that information upfront and always when they need it, is really the key.”

Obviously, compliance folks cannot be everywhere all at once. Your compliance function may be a single person or a small team. Further, they cannot morph themselves into covering every single risk and every single moment of the organization every time. That is why the closed-book test does not do them any good as they cannot “be standing over someone’s shoulder every time talking about why then need to do something, what they need to do and how they need to do it.” Keep an open book approach and make compliance information openly available whenever employees need it.

We concluded with a few thoughts on credibility for your compliance program, which May believes is a very important concept for compliance. and had an interesting take on that issue. She said that credibility “honors employees as professionals in the work that they are doing.” This ties into “being open about the resources that are available, encouraging them to use them, encouraging them to find them, and perhaps, most importantly, encouraging them to reach out when they have a question.” May sees all this as a part of that credibility. This leads to engagement on a level which is about what they do and demonstrating that you, as the compliance professional, are there to support them.

Join us in Part 2 where we look at program design.

Resources

For more information, check out Broadcat here.