Compliance Perspectives

By Adam Turteltaub adam.turteltaub@corporatecompliance.org The UK Modern Slavery Act has been law for some time now, requiring companies doing substantial business in the United Kingdom to disclose what they are doing to combat modern slavery, and to post a disclosure statement on their website. As Andre Bywater of Cordery Compliance reports in the Compliance Perspectives Podcast, the UK Government’s first annual report on the Act was disappointing.  It found that modern slavery is on the increase, and compliance with the law was disappointing, with many companies not making the necessary disclosures. In response, the government issued letters to over 17,000 CEOs, Andre reports, informing them that their firms were non-compliant.  The government will also be publishing a list of non-compliant companies. Listen in as Andre explains what the Act requires, what is likely to come next legislatively, and warning signs of forced labor for your staff to look for.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Is it a few bad apples?  A whole barrel full of them?  Or is it the barrel that’s the problem, and not the apples? It’s a long-debated topic in ethics and compliance, and Jonathan Rusch, Principal of DTG Risk & Compliance LLC, argues that there is much that can be answered in a growing body of behavioral science. His interest in the topic began while serving as a federal prosecutor, where he noticed that many fraud victims were behaving in ways that were unexpected but explainable by social scientists.  Later, when he became an in-house compliance officer, he found this same research was useful at uncovering the mental shortcuts and other mistakes that led to bad behaviors.  These included: * The bystander effect, in which an individual sees something that seems wrong, but with no one else saying speaking up, the individual assumes that maybe he or she was the one who was wrong * Context confusion, a problem in which a person assumes the other side of the deal is thinking along similar lines with shared goals when, in fact, that person has very different and potentially illegal objectives * Ethical fading, in which ethics issues start being redefined as simply business concerns Listen in to the discussion, and start exploring how behavioral science might change the way you approach compliance and ethics challenges.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org It’s important for compliance to have a seat at the table when a business makes big decisions.  On a practical level, it means compliance can help the business team understand the risks and respond to them appropriately.  On a symbolic level, it’s a sign that compliance is integrated into the organization’s operations. But earning that seat, and keeping it, can be difficult.  Mike Morgan, Partner at Corsica Partners, knows this well form his years in global ethics and compliance roles. Experience has shown him that what matters isn’t just whether compliance is at the table, but what kind of influence has.  In this Compliance Perspectives podcast he identifies essential components to having influence: * Having metrics. Every other part of the organization is talking in metrics, and without them, compliance can seem less relevant. * Concern for the business. Business needs to feel that compliance cares as much about the business and how it functions as the rest of the organization, but that doesn’t mean compliance shouldn’t give up its distance. * Knowing your team, resources and self. A strong sense of your assets is essential. * Knowledge of people. That includes embracing diversity, understanding human behavior, learning the challenges groups like sales face, and leveraging personality assessments and related tools embraced by your organization. Listen in to learn more about how to get and stay at the table, and also when it’s time to push your chair back and start walking around the office, too.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Sometimes the compliance department isn’t so much of a department.  It may be just one person responsible for the program, and he or she may be wearing other hats as well.  That’s the case for Jane Brown, Chief Compliance Officer and Director of Business Operations for THD America. When stepping into a solo role, the first thing she advises doing is conducting a thorough risk assessment and assessing the current program to get an inventory of the policies and procedures you have and the gaps you need to fill. Then it’s time to start on your remediation plan. Once you get started, she points out in this podcast, be prepared for both unique challenges and some surprising assets.  In a smaller organization you’re not as likely to have as many resources, including something as fundamental as an audit function.  However, you’re likely to benefit from being on a first-name basis with every key leader, greater nimbleness, and an ability to act quickly.   You’re probably also in an environment where it is easier to ask to borrow staff from other departments for projects, but just watch out for any potential conflicts of interest that staff member may have. Listen in as she discusses how to gain management support, gain resources, manage your time, and get the feedback you need.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Robin Singh isn’t that much different from most healthcare compliance professionals.  He works for a healthy system with 12 hospitals, 20,000 employees and over 60 clinics.  What’s different, at least for most of the readers and podcasts listeners, is he does all this Abu Dhabi.  Although the healthcare system in the United Arab Emirates is far different than the one in the US, compliance officers are still needed and appreciated. They also face a number of challenges.  His advice for navigating compliance issues in the Gulf Cooperation Council region includes: * Recognize that risks are country-specific, but there are many commonalities * Be aware of the political situation: the countries are stable, but they are also young and the regulatory environment is still developing * Watch the microeconomic factors that can have a macro effect, specifically oil & gas price volatility * Accept the cultural nuances, including that the optics of how you do things: reputation and honor are very important. * Conflicts of interest are an ongoing issue because of the gift-giving culture. Listen in to learn more about navigating compliance risks in the Gulf.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org It’s a busy time in the managed care industry, reports Carolyn Barton, the Vice President Compliance and Regional Compliance Officer for Kaiser Permanente Washington.  There are new entrants, evolving models of care and more communication with patients than ever before.  At the same time, she notes in this podcast, regulators are actively calling for more affordability, focusing on quality and service improvements and driving for more transparency and accountability. But, focusing on these issues, as important as they are, is not enough, Carolyn points out.  One other issue is as critical for managed care today as it is for many other industries:  the #MeToo movement.  Healthcare is not immune and has been dead center of some of the larger cases.  Managed care entities need to focus on building or strengthening a speak-up culture, understand how their third parties are acting, educate themselves and address this issue. At the same, they can’t lose sight of other risk areas.  HIPAA is still a significant concern and requires strong data governance.  To help stem the opioid crisis managed care compliance professionals need to both stay on top of fast-changing requirements, and help ensure that the clinical, leadership and operations teams are all working together to meet these new obligations. Tune in to hear more.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org In November 2018 Gerry Zack assumed the CEO role of the Society of Corporate Compliance and Ethics and Health Care Compliance Association.  It was the culmination of a well-choreographed and seamless transition between Gerry and long-time CEO Roy Snell. Now that Gerry fully has the reigns of the organization he sat down in the podcast to discuss what he has learned about the association, the state of the compliance profession, vision for the next few years, and what the association will be bringing our members.  He also shares what not to expect from SCCE and HCCA:  a decrease in our commitment to customer service. Listen in to learn about what he has seen and what he sees coming as we strive to meet the needs of the fast-changing and very diverse compliance and ethics community, including changes to the magazines and websites, new digital publications and more.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org In many parts of the world, the giving and receiving of gifts is a normal business practice.  The challenge is that gift giving can pose significant risk and constitute a violation of the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. There is also great risk in the paying of facilitation payments for routine services.  They may be permissible under the FCPA but not under the Bribery Act. So, what to do? Alexandra Wrage, the founder and President of TRACE International advises extreme caution, for one.  Both gift giving and paying facilitation payments are better avoided. If gifts must be given, she recommends developing simple, clear-cut guidance and to make it available online 24/7 so that employees have the policy direction they need at the time that they need it.  Pre-approved gifts can help make things even simpler and safer. When it comes to facilitation payments, simpler is better and the simplest rule of all – don’t pay them, period – is likely best.  If the company has been making payments, stopping abruptly may be problematic, she warns.  It can be better to give everyone involved advanced warning to enable a smoother transition. Listen in to her podcast to learn more about these two risky areas for global operations.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org We hear a lot these days about Artificial Intelligence (AI), machine learning and all that it can do.  But it’s hard to understand what’s real and what isn’t. Christian Focacci, Vice President, Offering Management at Steele Compliance Solutions, sat down and demystified AI for compliance professionals.  In this conversation he explains: * What AI is, and does so in easy-to-understand terms * The limits of AI: it’s more about making a lot of simple decisions quickly than a few, nuanced decisions * The challenges of gathering sufficient data to fuel an AI initiative and how to overcome them * How to use AI to detect patterns, in third-party vetting and even in reviewing your policies * What to watch out for when a vendor promises you that AI can solve your problems The podcast is full of good advice for compliance and will help you better understand the broader conversation about the role of AI. Listen in to raise your intelligence about Artificial Intelligence.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org When considering whether or not to make a disclosure to a regulator, legal considerations typically dominate.  Beth Socoski, Senior Manager at WellCare Health Plans, argues that one other key factor needs to be considered:  the impact on corporate culture. In this podcast, she argues that disclosures are an opportunity to demonstrate to employees the organization’s commitment to a culture of integrity.  It’s an opportunity to demonstrate that the company doesn’t just talk the talk; it also walks the walk. There are also enormous benefits to disclosures, she explains, when working with regulators.  Given that incidents are bound to occur in any business, regulators are likely to be skeptical if you have none to report.  By reporting issues and what you have done to resolve them, you prove to regulators your organization’s commitment to compliance. Of course, just making the disclosure is not enough.  It’s essential to conduct a root cause analysis and address the underlying issue.  It’s also essential, especially for larger issues, to think through the communications plan to the staff and the timetable for implementing any changes to policies and procedures. Spend some time listening to what she has to disclose about disclosures.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Compliance can be a lonely job, but it’s best not done alone.  Working with other departments is essential for a program to be successful. Lauren Connell, the Director, Compliance & Integrity at Nielsen, has found a few keys for making cross-functional partnerships work. First, she advises in the podcast (and for SCCE members in the December issue of Compliance & Ethics Professional magazine), identify which departments are most important for your work.  HR, internal audit and finance have been crucial for her since they are very much aligned with compliance. To forge a relationship, she recommends beginning by offering to provide training on a topic that would be relevant to that function.  It’s a good way to demonstrate the value compliance provides, and you can demonstrate your understanding of what’s important to them. Once the relationship has started, she counsels to keep it healthy by focusing on common goals and, not just asking for help, but providing it as well.  In addition, she advises avoiding turf battles by respecting boundaries and by keeping lines of communications open all the time, not just when there is a crisis. Listen in to learn more about how to strengthen your compliance department’s partnerships with everyone from HR to sales.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org I admit it.  I have a problem when it comes to understanding blockchain technology.  I think I understand what it is and somewhat how it works, but I’m not sure why anyone needs it, or how it can be used for compliance programs. Syed Hussain, CEO of the Americas for BANKEX offered to help.  As you’ll hear in this podcast he provides an overview of the technology.  It’s highly secure, distributed and decentralized, he explains, which means it is relatively difficult for someone to hack or to meddle with a record.  Each block of data is immutable. One key benefit of the technology, Syed argues, is that it can create trust, which can help on compliance issues such as Know Your Customer (KYC) and Anti-Money Laundering (AML). He makes some very interesting points about the technology and its potential, and I’m sure one-day compliance teams will embrace it, but I’m still not sure how.  What do you think about blockchain and how we can use it?

By Adam Turteltaub adam.turteltaub@corporatecompliance.org What should I ask when interviewing someone as a part of an investigation?  Where should I conduct the interview?  How do I know if the person I’m talking to is telling the truth? According to Michael Johnson, CEO of Clear Law Institute, before you ask all that, start by thinking about the report that you are going to have to write at the end.  Think about the questions you will have to answer and evidence you will need.  That way you can better ensure that the investigation stays on track. If you want to know who’s lying to you, don’t rely on visual clues.  Research has found that behaviors people tend to associate with lies – avoiding eye contact, jitters – are actually signs of nervousness, not prevarication.  Instead, he advises in this podcast, the best way to know if someone is telling the truth is to listen to what they say. When it comes to the issue of what to ask, here, too, he advises listening.  While having questions ready is essential, too often investigators are more focused on getting their questions asked than in listening to what the person has to say or encouraging the witness to tell the full story.  As he explains, the technique of using cognitive interviews, which encourages people to talk more freely and look at what happened from multiple sides, can be much more effective than going down a laundry list of questions. And, no matter how you conduct an interview, think carefully about where you conduct it.  You don’t want it in a glass conference room with other employees walking by. Listen in to this podcast to learn more about, well, learning more during an investigative interview.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org It’s not always easy walking into the room as a compliance officer.  Employees often tense up and wonder “what now.” It doesn’t have to be that way, and Amsterdam-based Susan Du Becker, Global Compliance Enablement for Cisco, has identified how to build a more positive relationship.  Turning things around, she explains, depends on showing the business the value that compliance can bring and that we are here to help support the business. It begins, like so much else in compliance, with the corporate culture.  If the culture is wrong, there is no way to effectively address the underlying issues.  That makes it exceptionally difficult to affect behavior, including a willingness to come forward and speak with compliance. One way to start moving the culture, according to Susan, is to look for support from others outside of compliance.  Start with the individuals who get it, and help them enlist others. One way to help make that happen:  earn some quick wins.  Show where compliance adds values to the business.  Point out that customers want reassurance that the company is compliant.  In addition, demonstrate successes such as reductions in cases or ethics issues. Listen in to learn more about how compliance can start being seen as brightening a door, instead of darkening it.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Dan Roach is Chief Compliance Officer for Optum360 and one of the co-founders of the Society of Corporate Compliance and Ethics.  He has directed the development and implementation of compliance programs for more than 25 years.  Throughout this time he has staffed boards and compliance/audit committees, as well as served on the board or compliance/audit committee of the board for multiple organizations. In this Compliance Perspectives podcast, Dan shares his expertise on five key questions.  Are there specific legal requirements for board members when it comes to overseeing compliance?  What should board members be asking of the compliance team?  What should boards be asking management when it comes to their interactions with compliance?  What should compliance officers be telling the board on an ongoing basis to help boards exercise their oversight authority? What should a compliance officer not be sharing with the board? Listen in as he shares his insights including: * Take the time to understand what training in compliance, legal and regulatory risks that individual board members may need * Don’t measure your interaction with the board based on minutes spent with them, but instead on the quality of the interaction * Provide key metrics to the board on the effectiveness of the program and how its elements are functioning * The need for the board to ask management if the compliance program is being executed consistently, and whether there are sufficient resources