2015 scce compliance & ethics institute session highlights ... · ccos—granting them a seat...

2015 SCCE Compliance & Ethics Institute

Session Highlights and Key Takeaways

October 4–7, 2015ARIA, Las Vegas, NV

• Nextgen Compliance

• Compliance Office Liability

• Defining, Measuring, and Documenting Compliance

• Creating A High-Performing Compliance & Ethics Team

• Entertainment & Travel Fraud Schemes

2015 Compliance & Ethics Institute

INTRODUCTION . . . . . . . . . . . . . . . . . . 3

NEXTGEN COMPLIANCE . . . . . . . . . . . . 4

COMPLIANCE OFFICE LIABILITY . . . . . . 6

DEFINING, MEASURING, AND

DOCUMENTING COMPLIANCE . . . . . . . 8

CREATING A HIGH-PERFORMING

COMPLIANCE & ETHICS TEAM . . . . . . 10

ENTERTAINMENT & TRAVEL

FRAUD SCHEMES . . . . . . . . . . . . . . . . 12

TABLE OF CONTENTS

Written and published by

2 http://insights.ethisphere.com


INTRODUCTION

COUNTRIES

INDIVIDUALS

In October, the Society of Corporate Compliance &

Ethics (SCCE) hosted its 14th annual Compliance

& Ethics Institute at the ARIA Resort & Casino in

Las Vegas, Nevada . Over 1500 individuals from

37 different countries, including those as far-

flung as Zambia, Nigeria, Israel, Romania, and

Pakistan, gathered to network with peers and

hear industry experts speak on some of the most

important issues facing the ethics and compliance

community today . Following are highlights from

some of this year’s key sessions .

Dear Compliance and Ethics Professional,

We’re delighted to provide you with the Session Highlights

and Key Takeaways from the October 2015 Compliance &

Ethics Institute conference .

If you attended this conference, you know that it attracted

the largest audience yet for an SCCE event--(over 1,500)-

-a clear indication of both the strength and growth of the

profession and the quality of the speakers who provide

their guidance and wisdom in an ever more complex

and demanding business environment . And if you didn’t

attend, you’ll get a small taste of what was covered by

spending a few minutes with this overview .

Don’t miss out on next year . Write these dates in your

calendar now: Ethisphere’s 8th Annual Global Ethics

Summit in New York on March 9-10, 2016 and SCCE’s

15th Annual Compliance & Ethics Institute in Chicago on

September 25-28, 2016 .

Best wishes and we look forward to seeing you at an SCCE

or Ethisphere event soon .

Nicole Thomas, Editor-in-Chief, Ethisphere


3http://insights.ethisphere.com


NEXTGEN COMPLIANCE

Current and future compliance trends garnered

significant interest at this year’s event . In a session

entitled “NextGen Compliance,” moderated by SCCE

CEO Roy Snell, a panel of industry veterans reflected

on the compliance industry’s less visible past,

weighed in on current developments, and offered

their insights on where the compliance function is

heading going forward .

Discussion ensued around the early days of

compliance, when few companies boasted policies or

departments and compliance personnel were tasked

with creating programs from scratch with limited

or no resources . Panelists agreed that the industry

has evolved considerably since that time to where

information and support are now readily available,

noting that they have transitioned from feeling “lost”

to finding comfort in the “sense of community” that

exists today .

“We are no longer pioneers, but are now in the

‘settler’ stage,” where industry professionals are

maturing their programs, remarked Marjorie Doyle

of Marjorie Doyle & Associates, noting that today’s

CCOs are coaches, counselors, and keepers of

best practices, not just compliance officers, “We’re

defining who we are, not the board, HR,” or other

individuals, she remarked .

“As compliance professionals, we need to earn a seat at the table.”

—Debbie Troklus, Managing Director, Aegis Compliance and Ethics Center

The highly publicized Yates Memo was top of mind with

panelists and attendees alike . Many questioned if the

document, along with the recent Volkswagen (VW) scandal,

might make management and the Board more supportive

of compliance efforts going forward . One panelist noted that

“maybe the board will find time to be educated now” and that

negative events such as these can sometimes be used as a

“hook” to capture their attention about compliance issues .

With the Yates Memo heavily targeting the C-Suite, the

question of whether compliance professionals should

share it with their company’s leadership was posed . All

panelists answered affirmatively, although some questioned

whether or not management and board members would

understand its true significance and long-term implications .

“It represents more than a sea change,” said one panelist .

“It outlines what they must do—be accountable for their

actions .”

With reference to the recent VW scandal and other modern-

day debacles, Snell and faculty lamented the lack of media

interest in the compliance function as a preventative and

corrective solution, with the media choosing to focus instead

on salacious tales of corporate greed and wrongdoing .




NEXTGEN COMPLIANCE

Looking ahead, it was noted that since every company and

department is at their own stage and maturity in terms of their

compliance efforts, the future will look different for everyone .

However, regardless of their current stage, programs will need to

continue to evolve and mature .

Some common industry trends emerged, including the ongoing

international expansion of the compliance function and the trend

toward compliance personnel educating and, in some cases,

reporting to the board as a new best practice . “Management

may push back, but if you’ve got the board, they can sell

management,” noted Doyle .

Many panelists voiced a belief that compliance officers need to

position themselves to C-Suite executives as assets and supports

rather than cost centers, offering their assistance in promoting

profitability while “keeping them out of trouble .” However, some

questioned if top corporate executives would appreciate the offer

of help or view it as unnecessary interference .

Looking ahead, compliance officers have now come of age and

are increasingly earning a seat at the corporate table, panelists

acknowledged . In order to do so, the board and management

need to understand the importance of the compliance function

and have faith in their chosen staff .

“Does management trust you or do they view you

as Chicken Little, always saying ‘the sky is falling’?”

one panelist questioned in conclusion, noting that

compliance officers need to “be relevant” and

position themselves “a factor” at the upper echelons .

Now that they are on the map and building the

foundation for something else, industry professionals

need to do more than just police compliance with the

law—they need to guide behavior and challenge the

board, and this may be part of the next frontier

of compliance .




COMPLIANCE OFFICER LIABILITY

The topic of compliance officer liability, broached in the

NextGen Compliance session, was explored in greater

detail in a presentation entitled “From Paranoia to

Pollyanna: Bad News and Good News about Compliance

Officer Liability” delivered by Scott Killingsworth, Partner

at Bryan Cave LLP . Killingsworth walked attendees

through cases and headline events pertaining to

compliance officers and legal accountability, outlining

the many ways in which compliance officers can get

themselves into trouble and how they can protect

themselves . He then reviewed some major trends

related to the compliance function .

Despite sensational headlines, Killingsworth noted that

in the past 11 years, there have been only eight cases

brought by the SEC against single-hatted CCOs (i .e .,

those whose sole function within an organization was

as a compliance officer) under the Investment Advisors

Act . The remaining cases were lodged against those who

performed various other tasks and/or had various other

titles within an organization (“multi-hatted”), many of

whom held that job function in name only . Accordingly,

he pointed out that today’s CCOs have less to worry

about than might be indicated through a cursory scan of

industry headlines .

If you’re not a criminal, don’t entwine yourself with them,

and don’t serve as an accomplice to their actions, as a

competent compliance officer, your risk of being held

personally liable is reasonably low, he said . Risk is also

reduced for those who work outside the securities/

financial services, medical device, food or drug

industries .

“The compliance profession is asking companies for more power and

independence, and they’re getting it. The government is also giving compliance

officers more power… and they’re expecting performance and

accountability in return.”—Scott Killingsworth

Also on the positive side, large companies with mature

compliance programs are increasingly empowering their

CCOs—granting them a seat at the corporate table,

providing them with greater authority and status, giving them

more independence from management, offering better

access to the Board, and providing them with resources to

complete their jobs efficiently . And the SEC is supporting

and encouraging these actions .

In addition to the trend toward more empowered CCOs,

it was noted that regulators across the spectrum are

becoming increasingly invested in the idea of mandated

programs as the first line of defense against violations,

tearing a page from the financial services industry . Many

new regulatory laws are now including some kind of

mandated program, said Killingsworth, and one of the

features they require is specific high-level accountability,

which usually means a compliance officer .




COMPLIANCE OFFICER LIABILITY

“Practice pointer: Don’t enact policies that you can’t administer;

you’ll be held to whatever standard you set.”—Scott Killingsworth

So the compliance profession is asking companies for greater

power and independence, and they’re getting it . Meanwhile,

the government is giving compliance officers more power,

but are expecting performance and accountability in return,

while at the same time, the SEC has been attempting to gently

reassure them that they are not being targeted .

In conclusion, Killingsworth noted that for most

conscientious CCOs in most industries, the risk of personal

liability is very low; however macro-trends and the

regulatory environment suggest that the financial services

compliance program model may be ascendant . With the

responsibility that comes with increased empowerment,

CCOs can increasingly expect to find themselves with

personal duties to the public, not just their companies .

“You’re trying to accomplish something that all the world’s major religions and governments have been attempting to

do since they came into being: solve the problem of sin.

Get used to disappointment.” —Scott Killingsworth

Various best practices were recommended to allay

risk-related issues going forward . CCOs were urged not

to settle for paper policies but, rather, to breathe life into

them through controls, monitoring, and training . A focus

on risk-based prioritization and documentation was

recommended, and it was suggested that CCOs check

their D&O insurance policies and request coverage

where lacking . Finally, Killingsworth urged CCOs to

continue to monitor headlines and pay heed to public

debate on these issues, which are surely not going to go

away anytime soon .




DEFINING, MEASURING, AND DOCUMENTING COMPLIANCE

How do you measure and document compliance? How

do you define its “effectiveness”? These were some of

the questions addressed in a session entitled “Creating

a Compliance Playbook: How to Evidence Compliance”

presented by Scott Hilsen, Managing Director at KPMG

and Jean-Paul Durand, Chief Ethics & Compliance

Officer at Tech Data .

According to the US FCPA Resource Guide, a

compliance program needs to satisfy three subjective

tests: Is it well defined? Is it applied in good faith? and

Does it work? Hilsen and Durand guided attendees

through how to maintain critical information for each

compliance element and measure their efficacy through

meaningful metrics .

“If you don’t have a record of it, it never happened.”

—Jean-Paul Durand

Best practices in documentation as a means of

demonstrating to stakeholders that you are doing what you

claim to be doing with your program were discussed, since,

as Durand pointed out, “If you don’t have a record of it, it

never happened .”

Some of the many recommendations for effective

documentation mentioned included defining what you

want to measure up front, focusing on gaps, and striving

for continuous improvement in filling in those gaps,

rather than targeting absolute perfection . Points related

to risk assessments, due diligence, reporting channels,

auditing and monitoring, investigations, enforcement and

remediation, communications, and training were also

reviewed .

“Not everything you measure matters and not everything that matters can be measured.”

—Jean-Paul Durand




DEFINING, MEASURING, AND DOCUMENTING COMPLIANCE

In terms of measurement, it was noted that in a recent

Compliance Week survey, 42 percent of CCOs reported

being “not confident” or “only somewhat confident”

that the metrics they use give an accurate sense of their

program’s effectiveness . Such uncertainty regarding

metrics and a lack of common industry standards and

protocol have contributed to an air of confusion for many

compliance professionals .

Accordingly, it was suggested that practitioners focus on

a host of meaningful and measurable metrics such as

the number of claims processed correctly, completion of

training and communications, completion of third-party

audits and reviews, and so forth .

Effective methods of measurement were also reviewed,

including risk assessments, employee surveys and

questionnaires, benchmarking against corporate peers,

and hotline disposition reports .




CREATING A HIGH-PERFORMING COMPLIANCE & ETHICS TEAM

As noted in the NexGen Compliance general session,

companies around the globe are at varying stages with

their compliance programs; some are just beginning

their efforts, while others have longstanding policies

and departments in place . Regardless of their stage of

development, however, all are tasked with establishing

an effective and competent compliance team who can

perform effectively under current circumstances while

also growing and keeping pace with emerging trends .

In a session entitled “Building the Ship While Sailing:

Winning Strategies for Developing, Educating, and

Empowering a High-Performing Compliance & Ethics

Team,” panel moderator Donna Boehme, Principal

at Compliance Solutions LLC, launched into a review

and discussion of some of the major internal and

external challenges of building a compliance and ethics

team and program, which ranged from creating a

common context and vision to getting others to “own”

compliance .

Internal and external strategies and solutions to each

challenge were proposed, with an eye to such actions

as clarifying mandate and job descriptions, identifying

and leveraging education and training opportunities,

and establishing strategic metrics .

Boehme urged compliance officers to broaden their

perceptions of their role . “You are not just a Chief

Ethics & Compliance Officer,” she said . “Think of your

role as a subject matter expert—you are the dean of

the organization for the board . If you don’t bring it into

the organization, it doesn’t enter .”

“Think of your role as a subject matter expert—you are the dean of the

organization for the board. If you don’t bring it into the organization, it

doesn’t enter.”—Donna Boehme

Stephen Naughton, Chief Ethics and Compliance

Officer at Kimberly-Clark, shared his insights on

structuring and designing a team, drawing upon his

long experience in the industry . Preventing, detecting,

and mitigating problems should be the main focus

of any compliance effort, he said, with industry

practitioners actively seeking to identify then fix

whatever problems arise . Obviously, he noted, “from

a compliance point of view, an enterprise cannot be in

violation of the law .”

Naughton offered attendees guidance on how to define

the compliance function at their own organization,

clarify roles and responsibilities, and build strong

networks . Optimal positioning and structure of a team

was discussed, as were current trends in the line

of reporting . For instance, he noted, an increasing

number of compliance officers are reporting to the

CEO—34 percent in 2014, up from 27 percent in 2013 .




CREATING A HIGH-PERFORMING COMPLIANCE & ETHICS TEAM

“Compliance is about the people.”—Janice Innis-Thompson

Janice Innis-Thompson, Senior Managing Director and

Chief Ethics & Compliance Officer at TIAA-CREF, who

leads a team of more than 100 individuals, advanced

her view of compliance as a “we” rather than a “me”

experience . She reviewed three of the key elements

that make up any sound compliance program—people,

process, and customer service—and offered some best

practices and helpful tips for optimal team performance .

Compliance teams can be complex, she remarked,

covering multiple regulatory frameworks and a variety of

business models . Effective teams should boast a well-

balanced combination of industry experience, regulatory

knowledge, and institutional knowledge, and team

members need some key competencies and soft skills to

help their organizations execute their goals effectively . The

team at TIAA-CREF, for instance, boasts over 30 different

specialties, 15 legal entity CCOs, 12 former CCOs and 17

former regulators, she said, as well as a strong tenured

staff with deep institutional knowledge .

Compliance personnel need to be viewed as trusted

advisors with credibility, remarked Innis-Thompson, and

outlined some of the essential competencies of an effective

compliance professional, including communication,

problem solving, and influence and negotiation . A key and

often overlooked part of communication is listening, she

noted, and team leaders and members should take special

effort to listen effectively and undergo training to enhance

listening skills where necessary .

Judi Nocito, former Director of Global Compliance at Alcoa,

reviewed her experiences at that company and offered

insights and best practices that today’s CCOs can easily

adapt to their current circumstances .




ENTERTAINMENT & TRAVEL FRAUD SCHEMES

The increasingly sticky world of hospitality fraud

was explored in-depth during a session entitled,

“Entertainment and Travel Fraud Schemes .” Lisa

Beth Lentini, VP of Global Compliance at Carlson

Wagonlit Travel, and Kathleen Edmond, Partner at

Robins Kaplan, reviewed current trends pertaining

to gift, travel, and expense scams and highlighted

recent cases involving major companies such as Avon,

GlaxoSmithKline, and Weatherford, illustrating some

of the policy pitfalls and loopholes that exist in many

organizations today .

The high-profile BHP Billiton/Beijing Olympics case

was discussed with an eye to improper hospitality

procedures . The case highlighted some major flaws

in the company’s handling of the event, including the

lack of an independent legal or compliance review

of hospitality applications by someone outside the

business unit, a failure to provide special training

related to the event, and incomplete and/or inaccurate

applications .

Presenters provided a general list of red flags signaling

fraudulent activity—such practices as providing

excessive gifts for birthdays, weddings, and holidays

or paying for “side trips” to visit tourist attractions—

along with guidance on internal controls that can be

implemented to help prevent fraudulent incidents from

occurring . Best practices cited included requesting

written confirmation that activities don’t violate local

laws, verifying that meetings and events actually took

place, and never making conditional payments .

“There has been a lot of fraudulent activity around meetings and events.”

—Lisa Beth Lentini




ENTERTAINMENT & TRAVEL FRAUD SCHEMES

There was also discussion around what to do in the

aftermath of a transgression, and dialogue around what

constitutes “the way business is done” versus activities that

genuinely cross the line . Simple actions such as travel and

expense audits, training, and external (rather than self-)

reviews were suggested as helpful measures and controls

to have in place .

In terms of trends, the presenters noted an uptick of

fraudulent activity related to meetings and events,

including incidents where individuals submit receipts

for events that were smaller than claimed or didn’t take

place at all .

Despite media scandals, Lentini and Edmond dispelled

the myth that providing entertainment, hospitality, and/

or travel is inherently high-risk and should be prohibited .

Rather, with the right guidance on how to mitigate risks,

reasonable gifting, hospitality, travel, and entertainment

can be undertaken in most cases, they advised, and

specific excerpts from the UK Bribery Act and FCPA

Resource Guide were cited in support .



2015 Compliance & Ethics Institute Written and published by


Why measurement and evaluation is so valuable

• Regardless of program maturity, an independent, third-party evaluation against companies in your peer group helps guide internal conversation, resource planning, and practical decision-making.

• Insights about leading companies and best practices shine a light on program gaps and stimulates collaborative thinking and action across the organization.

• Your credibility with senior leaders is enhanced with Ethisphere’s “Peer Benchmarking Presentation” that highlights key findings and recommendations in comparison to organizations like yours.

• By interacting with Ethisphere analysts in a “findings consultation” you’re able to ask questions specific to your situation and gain a more robust view into your responses vs. those of others.

Benchmark Against the World’s Most Ethical Companies®

An Independent, Third-party Review of Your Program, Policies and Procedures

Contact us to learn more about the review process, peer benchmarking presentation, and findings consultation.

Begin the process by requesting a link to your Custom Ethics Quotient Survey

To learn more visit:

http://ethisphere.com/what-we-do/benchmarking

Submit your request at: http://web.ethisphere.com/worlds-most-ethical/2016-process

Obtain practical and actionable information that compares your organization to both your peers and to the world’s leading companies using Ethisphere’s proven methodology and in-house analysts.

ABOUT ETHISPHEREThe Ethisphere® Institute is the global leader in defining and

advancing the standards of ethical business practices that

fuel corporate character, marketplace trust and business

success . Ethisphere has deep expertise in measuring

and defining core ethics standards using data-driven

insights that help companies enhance corporate character .

Ethisphere honors superior achievement through its World’s

Most Ethical Companies® recognition program, provides

a community of industry experts with the Business Ethics

Leadership Alliance (BELA) and showcases trends and best

practices in ethics with the Ethisphere Magazine . Ethisphere

is also the leading provider of independent verification of

corporate ethics and compliance programs that include:

Ethics Inside® Certification, Compliance Leader Verification™

and Anti-Corruption Program Verification™ . More information

about Ethisphere can be found at:

http://www .ethisphere .com

TO LEARN MORE:Visit the 2015 Compliance & Ethics Institute website for more

information: http://www .complianceethicsinstitute .org

www .ethisphere .com

p: 480 .397 .2654

6263 N . Scottsdale Road, Suite 205

Scottsdale, AZ 85250

2015 scce compliance & ethics institute session highlights ... · ccos—granting them a seat...

Documents