2015 scce compliance & ethics institute session highlights ... · ccos—granting them a seat...
TRANSCRIPT
2015 SCCE Compliance & Ethics Institute
Session Highlights and Key Takeaways
October 4–7, 2015ARIA, Las Vegas, NV
• Nextgen Compliance
• Compliance Office Liability
• Defining, Measuring, and Documenting Compliance
• Creating A High-Performing Compliance & Ethics Team
• Entertainment & Travel Fraud Schemes
2015 Compliance & Ethics Institute
INTRODUCTION . . . . . . . . . . . . . . . . . . 3
NEXTGEN COMPLIANCE . . . . . . . . . . . . 4
COMPLIANCE OFFICE LIABILITY . . . . . . 6
DEFINING, MEASURING, AND
DOCUMENTING COMPLIANCE . . . . . . . 8
CREATING A HIGH-PERFORMING
COMPLIANCE & ETHICS TEAM . . . . . . 10
ENTERTAINMENT & TRAVEL
FRAUD SCHEMES . . . . . . . . . . . . . . . . 12
TABLE OF CONTENTS
Written and published by
2 http://insights.ethisphere.com
2015 Compliance & Ethics Institute
INTRODUCTION
COUNTRIES
INDIVIDUALS
In October, the Society of Corporate Compliance &
Ethics (SCCE) hosted its 14th annual Compliance
& Ethics Institute at the ARIA Resort & Casino in
Las Vegas, Nevada . Over 1500 individuals from
37 different countries, including those as far-
flung as Zambia, Nigeria, Israel, Romania, and
Pakistan, gathered to network with peers and
hear industry experts speak on some of the most
important issues facing the ethics and compliance
community today . Following are highlights from
some of this year’s key sessions .
Dear Compliance and Ethics Professional,
We’re delighted to provide you with the Session Highlights
and Key Takeaways from the October 2015 Compliance &
Ethics Institute conference .
If you attended this conference, you know that it attracted
the largest audience yet for an SCCE event--(over 1,500)-
-a clear indication of both the strength and growth of the
profession and the quality of the speakers who provide
their guidance and wisdom in an ever more complex
and demanding business environment . And if you didn’t
attend, you’ll get a small taste of what was covered by
spending a few minutes with this overview .
Don’t miss out on next year . Write these dates in your
calendar now: Ethisphere’s 8th Annual Global Ethics
Summit in New York on March 9-10, 2016 and SCCE’s
15th Annual Compliance & Ethics Institute in Chicago on
September 25-28, 2016 .
Best wishes and we look forward to seeing you at an SCCE
or Ethisphere event soon .
Nicole Thomas, Editor-in-Chief, Ethisphere
Written and published by
3http://insights.ethisphere.com
2015 Compliance & Ethics Institute
NEXTGEN COMPLIANCE
Current and future compliance trends garnered
significant interest at this year’s event . In a session
entitled “NextGen Compliance,” moderated by SCCE
CEO Roy Snell, a panel of industry veterans reflected
on the compliance industry’s less visible past,
weighed in on current developments, and offered
their insights on where the compliance function is
heading going forward .
Discussion ensued around the early days of
compliance, when few companies boasted policies or
departments and compliance personnel were tasked
with creating programs from scratch with limited
or no resources . Panelists agreed that the industry
has evolved considerably since that time to where
information and support are now readily available,
noting that they have transitioned from feeling “lost”
to finding comfort in the “sense of community” that
exists today .
“We are no longer pioneers, but are now in the
‘settler’ stage,” where industry professionals are
maturing their programs, remarked Marjorie Doyle
of Marjorie Doyle & Associates, noting that today’s
CCOs are coaches, counselors, and keepers of
best practices, not just compliance officers, “We’re
defining who we are, not the board, HR,” or other
individuals, she remarked .
“As compliance professionals, we need to earn a seat at the table.”
—Debbie Troklus, Managing Director, Aegis Compliance and Ethics Center
The highly publicized Yates Memo was top of mind with
panelists and attendees alike . Many questioned if the
document, along with the recent Volkswagen (VW) scandal,
might make management and the Board more supportive
of compliance efforts going forward . One panelist noted that
“maybe the board will find time to be educated now” and that
negative events such as these can sometimes be used as a
“hook” to capture their attention about compliance issues .
With the Yates Memo heavily targeting the C-Suite, the
question of whether compliance professionals should
share it with their company’s leadership was posed . All
panelists answered affirmatively, although some questioned
whether or not management and board members would
understand its true significance and long-term implications .
“It represents more than a sea change,” said one panelist .
“It outlines what they must do—be accountable for their
actions .”
With reference to the recent VW scandal and other modern-
day debacles, Snell and faculty lamented the lack of media
interest in the compliance function as a preventative and
corrective solution, with the media choosing to focus instead
on salacious tales of corporate greed and wrongdoing .
Written and published by
4 http://insights.ethisphere.com
2015 Compliance & Ethics Institute
NEXTGEN COMPLIANCE
Looking ahead, it was noted that since every company and
department is at their own stage and maturity in terms of their
compliance efforts, the future will look different for everyone .
However, regardless of their current stage, programs will need to
continue to evolve and mature .
Some common industry trends emerged, including the ongoing
international expansion of the compliance function and the trend
toward compliance personnel educating and, in some cases,
reporting to the board as a new best practice . “Management
may push back, but if you’ve got the board, they can sell
management,” noted Doyle .
Many panelists voiced a belief that compliance officers need to
position themselves to C-Suite executives as assets and supports
rather than cost centers, offering their assistance in promoting
profitability while “keeping them out of trouble .” However, some
questioned if top corporate executives would appreciate the offer
of help or view it as unnecessary interference .
Looking ahead, compliance officers have now come of age and
are increasingly earning a seat at the corporate table, panelists
acknowledged . In order to do so, the board and management
need to understand the importance of the compliance function
and have faith in their chosen staff .
“Does management trust you or do they view you
as Chicken Little, always saying ‘the sky is falling’?”
one panelist questioned in conclusion, noting that
compliance officers need to “be relevant” and
position themselves “a factor” at the upper echelons .
Now that they are on the map and building the
foundation for something else, industry professionals
need to do more than just police compliance with the
law—they need to guide behavior and challenge the
board, and this may be part of the next frontier
of compliance .
Written and published by
5http://insights.ethisphere.com
2015 Compliance & Ethics Institute
COMPLIANCE OFFICER LIABILITY
The topic of compliance officer liability, broached in the
NextGen Compliance session, was explored in greater
detail in a presentation entitled “From Paranoia to
Pollyanna: Bad News and Good News about Compliance
Officer Liability” delivered by Scott Killingsworth, Partner
at Bryan Cave LLP . Killingsworth walked attendees
through cases and headline events pertaining to
compliance officers and legal accountability, outlining
the many ways in which compliance officers can get
themselves into trouble and how they can protect
themselves . He then reviewed some major trends
related to the compliance function .
Despite sensational headlines, Killingsworth noted that
in the past 11 years, there have been only eight cases
brought by the SEC against single-hatted CCOs (i .e .,
those whose sole function within an organization was
as a compliance officer) under the Investment Advisors
Act . The remaining cases were lodged against those who
performed various other tasks and/or had various other
titles within an organization (“multi-hatted”), many of
whom held that job function in name only . Accordingly,
he pointed out that today’s CCOs have less to worry
about than might be indicated through a cursory scan of
industry headlines .
If you’re not a criminal, don’t entwine yourself with them,
and don’t serve as an accomplice to their actions, as a
competent compliance officer, your risk of being held
personally liable is reasonably low, he said . Risk is also
reduced for those who work outside the securities/
financial services, medical device, food or drug
industries .
“The compliance profession is asking companies for more power and
independence, and they’re getting it. The government is also giving compliance
officers more power… and they’re expecting performance and
accountability in return.”—Scott Killingsworth
Also on the positive side, large companies with mature
compliance programs are increasingly empowering their
CCOs—granting them a seat at the corporate table,
providing them with greater authority and status, giving them
more independence from management, offering better
access to the Board, and providing them with resources to
complete their jobs efficiently . And the SEC is supporting
and encouraging these actions .
In addition to the trend toward more empowered CCOs,
it was noted that regulators across the spectrum are
becoming increasingly invested in the idea of mandated
programs as the first line of defense against violations,
tearing a page from the financial services industry . Many
new regulatory laws are now including some kind of
mandated program, said Killingsworth, and one of the
features they require is specific high-level accountability,
which usually means a compliance officer .
Written and published by
6 http://insights.ethisphere.com
2015 Compliance & Ethics Institute
COMPLIANCE OFFICER LIABILITY
“Practice pointer: Don’t enact policies that you can’t administer;
you’ll be held to whatever standard you set.”—Scott Killingsworth
So the compliance profession is asking companies for greater
power and independence, and they’re getting it . Meanwhile,
the government is giving compliance officers more power,
but are expecting performance and accountability in return,
while at the same time, the SEC has been attempting to gently
reassure them that they are not being targeted .
In conclusion, Killingsworth noted that for most
conscientious CCOs in most industries, the risk of personal
liability is very low; however macro-trends and the
regulatory environment suggest that the financial services
compliance program model may be ascendant . With the
responsibility that comes with increased empowerment,
CCOs can increasingly expect to find themselves with
personal duties to the public, not just their companies .
“You’re trying to accomplish something that all the world’s major religions and governments have been attempting to
do since they came into being: solve the problem of sin.
Get used to disappointment.” —Scott Killingsworth
Various best practices were recommended to allay
risk-related issues going forward . CCOs were urged not
to settle for paper policies but, rather, to breathe life into
them through controls, monitoring, and training . A focus
on risk-based prioritization and documentation was
recommended, and it was suggested that CCOs check
their D&O insurance policies and request coverage
where lacking . Finally, Killingsworth urged CCOs to
continue to monitor headlines and pay heed to public
debate on these issues, which are surely not going to go
away anytime soon .
Written and published by
7http://insights.ethisphere.com
2015 Compliance & Ethics Institute
DEFINING, MEASURING, AND DOCUMENTING COMPLIANCE
How do you measure and document compliance? How
do you define its “effectiveness”? These were some of
the questions addressed in a session entitled “Creating
a Compliance Playbook: How to Evidence Compliance”
presented by Scott Hilsen, Managing Director at KPMG
and Jean-Paul Durand, Chief Ethics & Compliance
Officer at Tech Data .
According to the US FCPA Resource Guide, a
compliance program needs to satisfy three subjective
tests: Is it well defined? Is it applied in good faith? and
Does it work? Hilsen and Durand guided attendees
through how to maintain critical information for each
compliance element and measure their efficacy through
meaningful metrics .
“If you don’t have a record of it, it never happened.”
—Jean-Paul Durand
Best practices in documentation as a means of
demonstrating to stakeholders that you are doing what you
claim to be doing with your program were discussed, since,
as Durand pointed out, “If you don’t have a record of it, it
never happened .”
Some of the many recommendations for effective
documentation mentioned included defining what you
want to measure up front, focusing on gaps, and striving
for continuous improvement in filling in those gaps,
rather than targeting absolute perfection . Points related
to risk assessments, due diligence, reporting channels,
auditing and monitoring, investigations, enforcement and
remediation, communications, and training were also
reviewed .
“Not everything you measure matters and not everything that matters can be measured.”
—Jean-Paul Durand
Written and published by
8 http://insights.ethisphere.com
2015 Compliance & Ethics Institute
DEFINING, MEASURING, AND DOCUMENTING COMPLIANCE
In terms of measurement, it was noted that in a recent
Compliance Week survey, 42 percent of CCOs reported
being “not confident” or “only somewhat confident”
that the metrics they use give an accurate sense of their
program’s effectiveness . Such uncertainty regarding
metrics and a lack of common industry standards and
protocol have contributed to an air of confusion for many
compliance professionals .
Accordingly, it was suggested that practitioners focus on
a host of meaningful and measurable metrics such as
the number of claims processed correctly, completion of
training and communications, completion of third-party
audits and reviews, and so forth .
Effective methods of measurement were also reviewed,
including risk assessments, employee surveys and
questionnaires, benchmarking against corporate peers,
and hotline disposition reports .
Written and published by
9http://insights.ethisphere.com
2015 Compliance & Ethics Institute
CREATING A HIGH-PERFORMING COMPLIANCE & ETHICS TEAM
As noted in the NexGen Compliance general session,
companies around the globe are at varying stages with
their compliance programs; some are just beginning
their efforts, while others have longstanding policies
and departments in place . Regardless of their stage of
development, however, all are tasked with establishing
an effective and competent compliance team who can
perform effectively under current circumstances while
also growing and keeping pace with emerging trends .
In a session entitled “Building the Ship While Sailing:
Winning Strategies for Developing, Educating, and
Empowering a High-Performing Compliance & Ethics
Team,” panel moderator Donna Boehme, Principal
at Compliance Solutions LLC, launched into a review
and discussion of some of the major internal and
external challenges of building a compliance and ethics
team and program, which ranged from creating a
common context and vision to getting others to “own”
compliance .
Internal and external strategies and solutions to each
challenge were proposed, with an eye to such actions
as clarifying mandate and job descriptions, identifying
and leveraging education and training opportunities,
and establishing strategic metrics .
Boehme urged compliance officers to broaden their
perceptions of their role . “You are not just a Chief
Ethics & Compliance Officer,” she said . “Think of your
role as a subject matter expert—you are the dean of
the organization for the board . If you don’t bring it into
the organization, it doesn’t enter .”
“Think of your role as a subject matter expert—you are the dean of the
organization for the board. If you don’t bring it into the organization, it
doesn’t enter.”—Donna Boehme
Stephen Naughton, Chief Ethics and Compliance
Officer at Kimberly-Clark, shared his insights on
structuring and designing a team, drawing upon his
long experience in the industry . Preventing, detecting,
and mitigating problems should be the main focus
of any compliance effort, he said, with industry
practitioners actively seeking to identify then fix
whatever problems arise . Obviously, he noted, “from
a compliance point of view, an enterprise cannot be in
violation of the law .”
Naughton offered attendees guidance on how to define
the compliance function at their own organization,
clarify roles and responsibilities, and build strong
networks . Optimal positioning and structure of a team
was discussed, as were current trends in the line
of reporting . For instance, he noted, an increasing
number of compliance officers are reporting to the
CEO—34 percent in 2014, up from 27 percent in 2013 .
Written and published by
10 http://insights.ethisphere.com
2015 Compliance & Ethics Institute
CREATING A HIGH-PERFORMING COMPLIANCE & ETHICS TEAM
“Compliance is about the people.”—Janice Innis-Thompson
Janice Innis-Thompson, Senior Managing Director and
Chief Ethics & Compliance Officer at TIAA-CREF, who
leads a team of more than 100 individuals, advanced
her view of compliance as a “we” rather than a “me”
experience . She reviewed three of the key elements
that make up any sound compliance program—people,
process, and customer service—and offered some best
practices and helpful tips for optimal team performance .
Compliance teams can be complex, she remarked,
covering multiple regulatory frameworks and a variety of
business models . Effective teams should boast a well-
balanced combination of industry experience, regulatory
knowledge, and institutional knowledge, and team
members need some key competencies and soft skills to
help their organizations execute their goals effectively . The
team at TIAA-CREF, for instance, boasts over 30 different
specialties, 15 legal entity CCOs, 12 former CCOs and 17
former regulators, she said, as well as a strong tenured
staff with deep institutional knowledge .
Compliance personnel need to be viewed as trusted
advisors with credibility, remarked Innis-Thompson, and
outlined some of the essential competencies of an effective
compliance professional, including communication,
problem solving, and influence and negotiation . A key and
often overlooked part of communication is listening, she
noted, and team leaders and members should take special
effort to listen effectively and undergo training to enhance
listening skills where necessary .
Judi Nocito, former Director of Global Compliance at Alcoa,
reviewed her experiences at that company and offered
insights and best practices that today’s CCOs can easily
adapt to their current circumstances .
Written and published by
11http://insights.ethisphere.com
2015 Compliance & Ethics Institute
ENTERTAINMENT & TRAVEL FRAUD SCHEMES
The increasingly sticky world of hospitality fraud
was explored in-depth during a session entitled,
“Entertainment and Travel Fraud Schemes .” Lisa
Beth Lentini, VP of Global Compliance at Carlson
Wagonlit Travel, and Kathleen Edmond, Partner at
Robins Kaplan, reviewed current trends pertaining
to gift, travel, and expense scams and highlighted
recent cases involving major companies such as Avon,
GlaxoSmithKline, and Weatherford, illustrating some
of the policy pitfalls and loopholes that exist in many
organizations today .
The high-profile BHP Billiton/Beijing Olympics case
was discussed with an eye to improper hospitality
procedures . The case highlighted some major flaws
in the company’s handling of the event, including the
lack of an independent legal or compliance review
of hospitality applications by someone outside the
business unit, a failure to provide special training
related to the event, and incomplete and/or inaccurate
applications .
Presenters provided a general list of red flags signaling
fraudulent activity—such practices as providing
excessive gifts for birthdays, weddings, and holidays
or paying for “side trips” to visit tourist attractions—
along with guidance on internal controls that can be
implemented to help prevent fraudulent incidents from
occurring . Best practices cited included requesting
written confirmation that activities don’t violate local
laws, verifying that meetings and events actually took
place, and never making conditional payments .
“There has been a lot of fraudulent activity around meetings and events.”
—Lisa Beth Lentini
Written and published by
12 http://insights.ethisphere.com
2015 Compliance & Ethics Institute
ENTERTAINMENT & TRAVEL FRAUD SCHEMES
There was also discussion around what to do in the
aftermath of a transgression, and dialogue around what
constitutes “the way business is done” versus activities that
genuinely cross the line . Simple actions such as travel and
expense audits, training, and external (rather than self-)
reviews were suggested as helpful measures and controls
to have in place .
In terms of trends, the presenters noted an uptick of
fraudulent activity related to meetings and events,
including incidents where individuals submit receipts
for events that were smaller than claimed or didn’t take
place at all .
Despite media scandals, Lentini and Edmond dispelled
the myth that providing entertainment, hospitality, and/
or travel is inherently high-risk and should be prohibited .
Rather, with the right guidance on how to mitigate risks,
reasonable gifting, hospitality, travel, and entertainment
can be undertaken in most cases, they advised, and
specific excerpts from the UK Bribery Act and FCPA
Resource Guide were cited in support .
Written and published by
13http://insights.ethisphere.com
2015 Compliance & Ethics Institute Written and published by
14 http://insights.ethisphere.com
Why measurement and evaluation is so valuable
• Regardless of program maturity, an independent, third-party evaluation against companies in your peer group helps guide internal conversation, resource planning, and practical decision-making.
• Insights about leading companies and best practices shine a light on program gaps and stimulates collaborative thinking and action across the organization.
• Your credibility with senior leaders is enhanced with Ethisphere’s “Peer Benchmarking Presentation” that highlights key findings and recommendations in comparison to organizations like yours.
• By interacting with Ethisphere analysts in a “findings consultation” you’re able to ask questions specific to your situation and gain a more robust view into your responses vs. those of others.
Benchmark Against the World’s Most Ethical Companies®
An Independent, Third-party Review of Your Program, Policies and Procedures
Contact us to learn more about the review process, peer benchmarking presentation, and findings consultation.
Begin the process by requesting a link to your Custom Ethics Quotient Survey
To learn more visit:
http://ethisphere.com/what-we-do/benchmarking
Submit your request at: http://web.ethisphere.com/worlds-most-ethical/2016-process
Obtain practical and actionable information that compares your organization to both your peers and to the world’s leading companies using Ethisphere’s proven methodology and in-house analysts.
ABOUT ETHISPHEREThe Ethisphere® Institute is the global leader in defining and
advancing the standards of ethical business practices that
fuel corporate character, marketplace trust and business
success . Ethisphere has deep expertise in measuring
and defining core ethics standards using data-driven
insights that help companies enhance corporate character .
Ethisphere honors superior achievement through its World’s
Most Ethical Companies® recognition program, provides
a community of industry experts with the Business Ethics
Leadership Alliance (BELA) and showcases trends and best
practices in ethics with the Ethisphere Magazine . Ethisphere
is also the leading provider of independent verification of
corporate ethics and compliance programs that include:
Ethics Inside® Certification, Compliance Leader Verification™
and Anti-Corruption Program Verification™ . More information
about Ethisphere can be found at:
http://www .ethisphere .com
TO LEARN MORE:Visit the 2015 Compliance & Ethics Institute website for more
information: http://www .complianceethicsinstitute .org
www .ethisphere .com
p: 480 .397 .2654
6263 N . Scottsdale Road, Suite 205
Scottsdale, AZ 85250