Compliance Perspectives

By Adam Turteltaub adam.turteltaub@corporatecompliance.org These days it is increasingly difficult for any organization to operate without a compliance program.  That’s true of non-profit institutions.  No matter how lofty your organization’s goals, there are still rules to follow, and where there are people, there are often problems. Charlotte Young is the Chief Ethics & Compliance Officer for The Nature Conservancy, and a regular participant in the conferences of The Society of Corporate Compliance and Ethics.  In this conversation at the 2017 Compliance and Ethics Institute she shares some of the unique challenges non-profit compliance faces, as well as what to look for if you’re thinking of becoming a compliance officer at a not for profit institution. Listen in as she explains: * Nonprofits focus more on reputation than a for-profit, since reputation is really what you sell * Nonprofits are lightly regulated, which is an asset in many ways, but you need to closely watch private benefit rules, lobbying, and electioneering * Conflicts of interest are a very high-risk area * Donor intent is also very important: ensuring that the funds are used in the way the donor intended * The staff is often out to save the world, and, like their counterparts in the private sector, some can see compliance as a barrier * Being a mission-based organization is an asset for the compliance program since the workforce and management takes the values very seriously * If thinking of joining a non-profit, read the organization’s 990 tax return * When interviewing, focus on risks: what is the primary risk to the organization. * Also, be sure to understand the funding source

By Adam Turteltaub adam.turteltaub@corporatecompliance.org An internal investigation isn’t really done until the final report is written, and getting the report right is essential.  When done well it can help an organization move forward.  If done badly, it can create new problems of its own. Meric Bloch is the Corporate Director for Investigations at Shriner’s Hospital for Children in Tampa.  He is also Principal at Winter Compliance LLC.  Many know him from the popular pre-conference workshop he gives with Al Gagne each year at the Compliance and Ethics Institute.  He and Al also lead the SCCE’s annual Internal Investigations Compliance Conference, a two-day program focused on the nuts and bolts of this essential element of an effective compliance program. In this podcast, Meric shares his insights into writing up the report on investigation.  Key topics discussed include: * Writing the report actually begins by having a good investigation plan that identifies the business conduct standard that you are measuring against * The importance of including a coherent statement of what happened and why it happened * The report has to do several things: * First, it has to show that the organization responded timely and reasonably to the initial incident report * Second, it has to document the procedural steps in the investigation * Third, it has to report whether the allegation is substantiated * Fourth, it has to lay the factual groundwork for any post-investigation activity. * In some organizations, the report will include recommendations, but the question is how is it best to do that? * The risks of going too far in the recommendations and saying management “must” do something * The report should never include conclusions of law, advisory decisions about contacting the police, evaluations of whether the organization may be liable for something * An investigation report can enable the organization to enhance internal controls to prevent a problem from reoccurring * The report can also be used a shield in case a termination results in a wrongful termination suit * The importance of including in the report things that had gone right

By Adam Turteltaub adam.turteltaub@corporatecompliance.org No compliance program is without challenges, but when you’re running compliance at one of the world’s highest-profile companies, the playing field is a bit different. Andy Hinton, Vice President, Ethics & Compliance at Google takes some time out to share his experiences there, and, surprisingly, how life in the spotlight may not be as difficult as some might think.  Employees, he explains, grow used to the idea that they are in a high profile company where their actions have consequences. Listen in as he discusses: * Finding that the oft-reported issues with Millenials are hype; they have high standards for their employers and are viewed as stakeholders for giving feedback * The importance of staying in front of issues * The synchronicity of compliance, ethics and the culture of the company * The value of evangelizing expectations to remote offices, making it clear what expectations Google has * The understanding within Google that getting caught up in a compliance issue can get in the way of a moonshot or any new business

By Adam Turteltaub adam.turteltaub@corporatecompliance.org How do you know your compliance program is working?  Are there no incidents because there really aren’t incidents, or just because you haven’t found them yet? Ricardo Pellafone, the founder of compliance-training company Broadcat joins us for this podcast to discuss how to measure the impact of a compliance program, and how to be a better communicator.  Listen in as to his provocative and intriguing thoughts such as: * Simply measuring that nothing happened, isn’t the best measurement; measure business process improvement instead * Have a clear definition of what the business problem is * Determine what the problem costs the organization * Resist the temptation to jump straight to solutions * If the compliance program is new, focus on whatever your biggest risk is, then build out what a proactive solution could do and would cost * When it comes to training and other communication, think about what the outcome is that you want, and then figure out which content and format can get you there * When developing training, remember that adults tend to be problem-focused and eager to apply the learning immediately * Think about company workflows and when and where it would be most effective to deliver a compliance message inside that workflow.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Even the best of compliance programs require a periodic assessment to see exactly how they are doing.  In fact, one of the signs of a best-in-class compliance program is the fact that it is being assessed regularly. Rebecca Walker, a partner in the firm Kaplan & Walker, has focused her work on helping companies ensure that their compliance program is meeting its objectives.  In this podcast, we discuss how compliance program assessments should work and some of the benefits of a well-done program review.  Listen in as we discuss: * How frequently you should assess your program * What to assess on an ongoing basis * What should be done during a periodic major assessment * The value of benchmarking against your peers * Looking to interconnected measurements within your set of metrics * Assessing the culture of the organization * The difference between a program assessment and risk assessment * Mistakes to avoid in conducting program assessments * Setting a proper scope for the assessment * The importance of ensuring employees are comfortable providing feedback * Evaluating employee feedback

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Rashmi Airan won’t be addressing health care compliance issues at the 2018 Compliance Institute.  Instead, she’ll be talking about her career as an attorney with a great deal of real estate experience, particularly in questionable transactions.  Those transactions resulted in a guilty plea and approximately six months in prison. In this podcast, she tells the story of meeting a real estate developer in 2007 who needed some help with a “creative” transaction.  She went on to do about 100 of these transactions before moving on.  Then, seven years later, she was indicted for bank fraud. Since her release she has shared her experiences and insights while simultaneously trying to better understand why she and so many others go astray. Listen in as she discusses how her focus on other things in her life – raising and supporting children, financial demands, family expectations – enabled her to rationalize the illegal behavior. Listen, too, as she shares some thoughts on how to prevent others from making her mistakes. She discusses the importance of listening to that voice within our head and giving up the idea that “I’m a good person and would only do good things.” She also suggests that many problems could be avoided by creating environments where it is safe to ask questions and to discuss right and wrong, not just during training, but as an ongoing part of business discussions. Rashmi Airan‘s mission is to share the need for ethical vigilance and to inspire you to make good ethical choices in all areas of your life. Rashmi is a keynote speaker and consultant fighting to create a culture of conversation and bring ethical issues in business to light, to promote integrity, enhance commitment to fiduciary duty, and shift the paradigm of ethics standards.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org There are few phrases that can spread fear more quickly than “There’s a reporter on the phone who wants to talk with you.” Part of the anxiety stems from the fact that few compliance professionals have much experience in talking with the press. To help better understand what you should and shouldn’t do when talking to a journalist, we spoke with Ben DiPietro, editor and reporter for the Wall Street Journal Risk & Compliance Journal, and with Grace Keith, Managing Director, Caliber Corporate Advisers. In this very illuminating, and often reassuring conversation they lay out practical tips when talking to the press including the fact that reporters are people, too.  Each one is different, working at different organizations with different rules and guidelines.  So, don’t think of the press at one monolithic body.  Other advice includes: * Do a little Google search before talking to a reporter, and even check social media to better understand what they cover * You can build relationships with a reporter and be a source, not just talk to them when there is bad news * Don’t be afraid to tell the reporter that you need to call him or her back, but find out what the reporter’s deadline is * It’s okay to tell a reporter that you don’t know an answer and will need find out; it’s far better to do that then to give the wrong information * If the reporter isn’t familiar with compliance programs, take the time to explain how they work * Don’t forget that compliance may mean different things to do different people; be sure to let the journalist know what you are focused on * Have a plan for when something goes wrong * Be clear what’s on the record, off the record and on background * Speak slowly so that the reporter can type accurately.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Recently, Terry Stechysin of the Canadian Competition Bureau shared his perspectives via a podcast on the Canadian Government’s view of the role of compliance in anti-competition.  In this podcast, another Canadian, Steven Preece, an Assistant Director with the UK Competition and Markets Authority (CMA), weighs in on the UK government’s perspective. Listen in to this podcast as Steve provides us with an overview of the CMA, which is the top anti-competition authority in the UK.  He explains: * The similarities and differences from an enforcement perspective with the US Department of Justice and Securities and Exchange Commission * The value CMA gives to compliance programs, including a potential reduction in penalties * The key elements that CMA looks for in compliance programs: * Evidence from top down to a commitment to anti-competition law compliance * Risk identification and assessment * Risk mitigation, and * Review activities * The helpfulness of integrating anti-corruption and anti-competition training * The importance of making training meaningful to the business and providing practical guidance. In this podcast he provides references to several online resources from the CMA.  To access them, just follow the links below. CMA Homepage Quick Guide to Competition Law Compliance CMA Penalties Guide, which includes a discussion of when compliance discounts of a penalty may apply.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Few issues are more complex or more open to small things turning in to very big problems than gifts and entertainment policies.  Even the seemingly smallest gift to a government official can open up a very large can of words. To bring perspective on this compliance challenges, we spoke with Meredith McMonigal U.S. Gifts & Conflicts of Interest Officer at the engineering firm WSP.  Meredith had recently been involved in a comprehensive review of the WSP gifts and entertainment policy. Listen in on this podcast as she discusses: * The importance of coordinating gifts and entertainment policies both globally and locally * Managing differences between working with the private and public sectors * The importance of starting with the global policy and ensuring consistency * Ensuring that the policy will work operationally * Viewing the policy as a work in progress so that it can evolve to meet unanticipated situations * Using employee training to both share the policy and to learn about issues that you may not have considered * Being mindful of client gift and entertainment policies, as well as for conflicts of interests * The value of having a gift registry * Using the registry to automate compliance auditing and monitoring

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Third party due diligence has become a staple for conducting business these days.  Whether they are concerned about complying with the FCPA or safeguarding your data, organizations are increasingly taking a longer look at their vendors and suppliers to better understand who is running them and how they operate. In this podcast, John Arvanitis, Associate Managing Director, Compliance at Kroll shares his perspective on due diligence.  Listen in as she shares his insights including: * In determining where to begin there is a need to balance who your third parties are, where are they located and what levels of risks exists * The need to consider who is managing the relationship in the organization and whether they are on top of the risks * Many organizations do not expend sufficient resources on due diligence * Bad actors are getting more sophisticated, but strong due diligence should help unmask them * The need for multi-dimensional screening * The importance of not just collecting supplier responses to due diligence questionnaires but also validating them * The ongoing importance of looking at the jurisdiction to determine the risk * Scrutinizing the third party to determine not just that they signed off on your code of conduct but that they also have policies and procedures to follow it * The importance of having a consistent and structured risk management program

By Adam Turteltaub adam.turteltaub@corporatecompliance.org In 2007 the Federal Bureau of Investigation embarked on the formation of its compliance program.  It was a first for the FBI and, at the time, one of the few compliance programs in the entire Federal Government. Patrick W. Kelley was selected to serve as Chief Compliance Officer in the brand new Office of Integrity and Compliance, and it fell to him to turn the vision into a reality.  Over the last decade the program has matured and grown very sophisticated.  Members of the FBI compliance team have now become regular attendees and speakers at SCCE events, sharing their considerable expertise. In this podcast Pat shares what he learned from the program’s launch and the lessons for compliance professionals in both government and the private sector.  Listen in to discover: * How the challenges of starting a compliance program at a governmental entity are often similar to those at a private sector company: where are you going to get staff, what’s the infrastructure look like, what the org chart look like, for example * There is added complexity in the Federal government since, depending on how the compliance office is set up, Congress may need to be notified * In governmental entities even a new program already likely has some elements already in place such as a written code of individual conduct * While this is an asset, part of the challenge for a new program is determining how to integrate existing elements into a true compliance program * The importance of top management support * The need to get the general counsel’s office on board given that in government entities often they control the standards of conduct and ethics program * Getting the infrastructure offices on board, especially finance, facilities and HR * The important role played by the executives who manage the “business lines” of the agency * Where the compliance office is put physically in the office can speak volumes and allows for greater informal interactions with leadership * The difference in the roles of the Inspector General and the Compliance team * How the FBI rolled out its program * The importance of patience and the need to expect things to go slower than you might like * Not being too wedded to a plan and being willing to revise when absolutely necessary

By Adam Turteltaub adam.turteltaub@corporatecompliance.org On October 16, 2017 at the Compliance & Ethics Institute, Roy Snell, the CEO of the SCCE & HCCA, announced that the association’s Board of Directors had selected Gerry Zack as the incoming CEO.  He will take command of the association upon Roy’s retirement in 2019. Gerry was selected after an extensive selection process that began with a 60-day period soliciting applications through the SCCE and HCCA websites.  Multiple rounds of interviews by members of the board’s succession committee then followed, ultimately leading to his selection as the next CEO. Gerry has been Managing Director – Global Forensics at BDO for 3 years and CEO of Zack P.C. for 24 years.  He has over 30 years of experience in the prevention, detection, investigation and remediation of fraud, corruption, and noncompliance. He has served on multiple non-profit and for-profit boards. His Association background includes 11 years as Academy Faculty for and serving as a Board of Regents member at the Association of Certified Fraud Examiners.  He has also held positions as the Chief Operating and the Compliance Officer at the Optical Society, a global organization that is more than 100 years old. Gerry has been a loyal SCCE member since 2009 and even attended an SCCE Basic Compliance & Ethics Academy. In this podcast, Gerry shares his experiences with SCCE, what led him to apply for the position as well as his extensive background in compliance and with professional associations.  He also shares how the transition process will proceed over the next year and a half, and his eagerness to further the work of the SCCE and HCCA.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Why do employees go outside the company to blow the whistle?  Are they in it for the money?  Out for revenge?  Or, did someone just not listen to them? Eric Havian, partner in the San Francisco office of Constantine Cannon, offers his perspective based on years of qui tam cases.  In this podcast he discusses: * The impact of the SEC program on the number of whistleblowers * Why the SEC whistleblower program is leading more people to come forward * The increased belief by whistleblowers that their identity will be protected and they will not be retaliated against * Money is rarely the motivating factor for blowing the whistle * Frustration is much more of a factor: the employee has seen and reported something wrong, but no one has acted, they believe * Thinking of whistleblowers as people who can’t do the wrong thing or walk away when they see something wrong * Whistleblowers typically exhaust internal mechanisms before going to outside counsel * Staying inside the company is largely driven by which compliance programs are trusted and which aren’t * Why people are resistant to being told that they are doing something wrong or illegal * The criticality of protecting employees from retaliation.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Take a look at the Molson Coors compliance program, and you quickly notice that there is something special about it:  from start to finish it is integrated with the way and language of how the company does business. The company, as part of business conversations, talks about its brew, which is not surprising given that it’s in the beer business.  But it may be surprising to see that the compliance and ethics program is about “living our brew.”  Listen in as Caroline McMichen, Vice President of Global Ethics and Compliance at Molson Coors, discuss how the compliance team worked to integrate corporate values and compliance with a broader corporate strategic approach. You’ll hear how the compliance team used common values to join together behind the overall vision for the company.  This included keeping common language and graphics front and center throughout, as well as tying into the corporate branding for compliance, instead of having their own. She also discusses the role of compliance in the company’s performance process, and the importance of making compliance messages a part of how employees work together as one company, not just a set of internally imposed requirements. The net result is a workforce that is much more likely to see being compliant as possessing a skill that helps them in their work. It’s worth a listen, with or without a beer.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Internal investigations are always a hot topic, and this year they were the subject of a two-day, dedicated SCCE conference.  Al Gagne, the former Director of Ethics and Compliance of Textron Systems Corporation formed half of the pair of presenters that led the program. In this podcast, Al shares his insights into how to handle the initial report of potential wrongdoing.   Handle it well, and the investigation begins on the right foot.  Handle it poorly, and the risks of missing something are significant. Listen to Al as he shares advice on: * How to handle the initial report in general * Obtaining in the reporter’s own words and as descriptively as possible their concern about the alleged misconduct they report * The importance of finding out whether the reporter was a witness or heard about the alleged incident second hand * Assessing the credibility of the report * The importance of knowing how recently the action occurred * Determining if there were there other witnesses * The desirability of having the reporter give his or her name * What you should and shouldn’t promise the person making the report * Understanding what the reporter wants, which is typically to have the misconduct stop * How to discuss possible retaliation * Keeping the reporter in the loop, and the advantage of being able to ask more questions of the reporter later * The importance of advising the reporter not to share that they reported the incident with others * Keeping control of the investigation * The value of bringing in other internal experts and teams (internal audit and HR) judiciously * Letting management know that an investigation is pending * The risk of over-communicating the extent of an investigation * Avoiding unnecessary harm