Compliance Perspectives

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Richard Powers, the Acting Deputy Assistant Attorney General for Criminal Enforcement in the US Department of Justice’s Antitrust Division was good enough to sit down for a podcast and share where the DOJ’s priorities are in this significant risk area. His key message:  The DOJ is focused on antitrust compliance and companies should be, too. At the same time, compliance has never been more important.  As he explains, the Antitrust Division is looking more closely at compliance efforts and is willing to reward companies at sentencing if they have made extraordinary efforts to change their corporate culture after an antitrust violation occurs.  Also, the Antitrust Division is considering ways it could encourage companies to have more robust antitrust compliance all the time, not just after an incident. So what makes for a good compliance program?  From his vantage point * It is embedded in the company, not just good on paper * The right incentives are in place to make sure that the employees understand the rules and are abiding by them * Senior management is involved, as well as the rest of management Listen in to gain further insights into the Antitrust Division’s expectations.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Insider trading is illegal trading in securities based on material, non-public information in breach of a fiduciary or any other trust relationship. That’s a lot of legal terms, and the issue is an ongoing headache for compliance professionals at publicly-traded organizations. Beth Haddock, who has spent over 20 years in compliance and leads Warburton Advisers, explains that to help prevent insider trading violations, it’s essential for compliance officers to be present day to day and with an open door.  Employees have to feel comfortable coming forward with questions and concerns. To get them in the door and head off risks?  Frequent training is critical, she says, and it works best when it is example-based and models proper behavior.  In this podcast she also advises having written policies and asking employees to certify adherence at least annually. But don’t stop at the factory gate.  In this interconnected business world it’s important to remember that lawyers, bankers, customers, and vendors all carry insider trading risk. Finally don’t forget one more risk area: cyberbreaches.  It’s not just the hackers.  Employees and vendors who respond to the breach before it becomes publicly known have information about what may be a material event  They need to be trained not to trade on that information. Listen in to get the inside scoop on insider trading.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Tone at the top is essential, but it’s also important to ensure that middle and front-line managers are echoing the same tone when it comes to compliance and ethics.  If employees hear great-sounding values from up on high, but see or hear something less laudable from their immediate boss, a lot of good compliance work can quickly become undone. Marsha Ershaghi Hames, Managing Director Strategy of LRN, Inc. explains that compliance teams need to remember that leaders are employees, too.  Like all employees they need to understand what’s in it for them when it comes to compliance and ethics in general, and setting the right tone in particular. She shares in this podcast techniques to help make managers more willing and frequent voices for compliance and the organization’s values.  One key, she observes, is to connect the manager’s compliance responsibilities to the business and its goals, including the importance of ensuring that the manager is accessible when employees have concerns. Listen in as she discusses how to build in metrics and the value of providing managers with a toolkit for communicating with their direct reports.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org An incident occurs.  Everyone wants to know what happened and what the company is doing about it. To truly understand the problem, however, it’s not enough to look at what happened.  You need to get to the roots to understand why things happened.  Was there something in the training, culture, tone, incentive program that was the root cause of the incident? Ethisphere’s Erica Salmon Byrne has spent a great deal of time examining and researching the issue.  Compliance teams, she reports, have grown much more interested in finding the root causes to truly solve the problem.  The US Department of Justice is also encouraging companies to dig to the roots of compliance issues. In this podcast Erica shares insights into what makes for an effective root cause analysis including: * Knowing how deep to dig * The importance of a good taxonomy * What data to have and how to look at trends * Training investigators, and * Having the right case management system Listen in to learn more and get to the roots of what makes for good root cause analysis.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Congratulations:  they’ve given you a new laptop or phone.  Condolences:  you better know what they plan on doing with your old device. It’s not enough to simply put them in the trash or send them off to any ewaste recycler, explains David Brent of ERI, an electronic waste recycler.  There are a variety of laws that affect how technology is disposed of from both a privacy and ewaste perspective.  GLBA, HIPAA Hitech, GDPR, FACTA and the FTC Final Disposal Rule provide a reasonableness standard for disposal of protected information.  In addition, 32 states have data disposal laws of their own.  These laws typically require destruction or erasure so that the data cannot be practically read or reconstructed.  And don’t forget that phones and laptops aren’t the only devices to worry about.  Printers, copiers, and even projectors may hold data on them as well. Adding to the risk:  Electronic waste contains toxic metals.  Eighteen states plus the District of Columbia have landfill bans on electronic equipment. For these reasons companies often turn to electronic recycling firms.  They can help manage the environmental and data risks.  However, due diligence is critical, Brent explains.  Having the right certifications can be a good sign, when assessing a vendor, but it’s important to do your own due diligence to ensure that they are doing what they are supposed to and that your devices and data don’t end up in the wrong place or hands. Listen in to the podcast to learn more.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org As long as there have been compliance programs there has been compliance training.  Despite that constancy, how that training is delivered has changed dramatically.  It has evolved from lawyers standing in front of the room with acetates, to online training, phone-based training, and even compliance games. What’s driven the evolution?  Part of it is certainly technology, but as Kirsten Liston, Founder and Principal of Rethink Compliance, argues, much of it has been driven by compliance people asking, “What does it take to be effective?”  Training, after all, isn’t an objective.  It’s a strategy for helping to prevent compliance breaches. That invites a constant reexamination of how the training is offered.  At first, PowerPoints delivered online seemed like a great leap forward, which, in many ways, they were.  But since then, Kirsten argues, the digital landscape has changed.  People have grown used to seamless digital environments where the content seems to flow effortlessly.  Compliance and ethics training that doesn’t do so can be jarring. In addition, with more of online life being led on mobile devices, we have all gotten used to shorter messages.  That, too, calls for rethinking of training, both mobile and on the desktop. Listen in as she discusses these issues and how to succeed in your compliance training efforts.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Conflicts of interests make up a large part of any compliance job, and few spend more time pondering them than Jeff Kaplan, a partner in the law firm of Kaplan & Walker and the editor of the Conflict of Interest blog. The most common conflicts, Jeff explains in this podcast, are economic:  ownership or employment with customers, competitors and suppliers.  But that’s just a part of the challenge.  Money borrowed or owed to someone can create a conflict, as well as other personal ties. So how do you manage this tricky risk area that any organization faces?  Jeff offers several pieces of advice including: * Think broadly * Conduct a risk assessment * Look to organizational conflicts of interest * Develop clear policies, and think about creating FAQs, as well * Plan on regular audits * Be sure to train your workforce to identify conflicts, and don’t forget the board’s potential conflicts * Understand that disclosures carry risks of their own * Centralize as much as you possibly can Listen in to learn more (but recognize that I have a conflict of interest when I suggest that you do).

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Openness is both important and a challenge for compliance departments and their leaders.  On the one hand, you have to create an environment where people want to speak up, where trust is high, and transparency is embraced.  On the other hand, some things just can’t be shared publicly. Barney Rosenberg, a long-time compliance industry veteran and former global vice president of ethics and business conduct in the aerospace industry, has invested a lot of thought on the topic.  As he explains in this podcast, openness can be thought of as creating a climate where people can express their dreams and frustrations without fear of retaliation of any form. Openness can be encouraged with behaviors such as asking people what they know about you, what they would like to know, and what they would like you to know about them.  But for that to work, the leader has to be truly open and honest. Open your ears to some interesting thoughts about openness in the compliance context.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Kasey Ingram, the General Counsel and Chief Compliance Officer of ISK Americas, learned compliance and ethics from the bottom up, quite literally.  He served for several years at the bottom of the ocean as an officer aboard a nuclear ballistic submarine. While taking care of nuclear reactors and missiles may seem fairly removed from compliance, Kasey explains in the podcast that there is much in common, starting with the training. During orientation at the U.S. Naval Academy a commander told him and the other new Midshipmen “Just because you’re a high performer doesn’t mean you have high character.”  It was an admonition he never forgot that in many ways shaped his time at the Academy and his career since. It was not the only lesson he learned.  While at the Academy he served on the honor committee, where he had the opportunity to conduct investigations both from the accusation and defense side. Later, as an officer on a submarine, he, like every other officer, was authorized to be an investigator.  His job was not only to find out what went wrong, but to fix the problem.  He also learned the value of communicating quickly and effectively with management – captains are very busy – a skill that would prove valuable in his compliance role. Listen in as he shares his experiences, including the value the nuclear Navy puts on creating a speak-up culture.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org When many people think about networking, they think of a bunch of people sharing business cards.  That’s a start, but successful networking is much more than that. Samantha Kelen, Lead Ethics Analyst at Duke Energy, knows that getting a business card is only a first step.  As she explains in this Compliance Perspectives podcast, you have to follow up with the person, preferably on a regular basis, and not just for a job.  Ongoing interaction is what turns a contact into a relationship. But how do you make that first contact, especially at a conference?  She recommends going in with a plan.  Identify which presenters you want to meet, attend their sessions, and then stay afterward to talk.  Most will be more than happy to meet you. Also, plan on connecting with people you know online through LinkedIn.  Just make sure your picture is current.  She once changed her hair color and it no longer matched her LinkedIn photo, making it harder for people to recognize her. At the same time, don’t be afraid to talk to strangers. For people you don’t know, have a networking “pick up line” ready to start the conversation. Listen in to learn more, and then start planning on how you’ll expand your network.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Each year the SCCE/HCCA encourages companies to participate in Corporate Compliance and Ethics Week.  For 2018 it will take place from November 4-10. Even if you don’t pick those dates, a week dedicated to compliance and ethics can have an enormous impact on your organization, and as Mike Henry, Senior US Counsel of Emera Energy points out, you don’t have to be a large organization to put a weeklong celebration together. Going into planning for the event, the goals were to contribute to a compliance culture at the company, increase understanding of compliance issues and create an environment of psychological safety where employees could ask important questions without fear. With four weeks to put together the program for the organization’s 200 employees, Mike and his colleagues focused on low-cost ways to generate interest such as building mystery and suspense. The week itself was timed to coincide with the annual compliance training, which helped put the training in context.  Seeing an opportunity to leverage a board meeting, an executive at the company invited a board member to speak on a culture of compliance panel that was a part of the weeklong activities. Listen in to learn more about how Emera made its compliance event a success, and, hopefully, pick up a few tips for your program.  Then, to learn more, come here Mike speak about it at the 2018 Compliance and Ethics Institute.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org While compliance and ethics professionals spend most of their time looking outward at the ethical considerations of others, there are definitely times to pause, and to look at their own ethical obligations. According to Ted Banks, a veteran compliance officer and partner at the firm Scharf Banks Marmor, that begins with recognizing that the compliance officer has to be an example and demonstrate ethical conduct all the time, and firmness about what is appropriate.  And, at the same time, there is a strong need not to be a jerk about it.  Much like SCCE/HCCA CEO Roy Snell recently wrote, a lack of political and communication skills, can lead to failure as a compliance officer. As importantly, the compliance officer needs to know that there are obligations to the company as well as to the public at large and to the compliance profession.  These are captured in the SCCE Code of Professional Ethics for Compliance Professionals. But how do you navigate these issues?  In this podcast Ted provides several pieces of practical advice: * Never consent to wrongdoing, but escalate the issue as high as necessary * Never abet or aid retaliation * Avoid personal conflicts of interest * Be honest in the results you and the compliance program can achieve * Understand technology, both its risks and opportunities * And, if you’re a lawyer, recognize you have legal code of professional responsibilities as well Listen in to learn more.  And to gain still more insights, be sure to attend his session at the 2018 Compliance and Ethics Institute.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Getting a good sense of the corporate culture is often a challenging task.  Surveys, focus groups and just walking the hall can be instructive, but finding out what’s really going on may take a combination of all three. According to Brian Lee of Gartner (formerly CEB), you need first to have a sense of which makes the most sense for your organization.  Then, whatever option you choose, you need to ensure that you have created an environment where employees feel they can speak up honestly, you have a large enough sample to be valid, and the questions you ask deliver data that you can act on. From his experience, there are several factors that have an enormous effect on an employee’s view of the organization.  First is organization justice.  Second is comfort to speak up:  are they able to raise issues without fear of retaliation. Also of great importance is the climate around them:  not just tone at the top, but what is going on with the people in the areas they work, and if those mirror what the CEO has advocated.  Put another way, it’s a reminder that tone at the top is only important if it is mirrored by middle management and in day-to-day operations. Listen in to his podcast to learn more about these issues and what Gartner’s research has found when it comes to assessing and improving culture.  And, to hear more, be sure to attend his session “Advancing a Culture of Integrity by Building Strong Climates” at the 2018 Compliance and Ethics Institute.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org While at the 2018 SCCE Basic Compliance and Ethics Academy in Singapore I had the good fortune to meet Sabine Fercher, the Group Head of Compliance for Avaloq, a provider of IT solutions for the banking industry.  She was attending the Academy with several of her colleagues from around the world. Sabine is an advocate for ISO 19600, which is a standard for compliance programs.  Unlike the better known and oft-discussed ISO Standard 36001 for anti-corruption programs, 19600 is not a standard companies are certified against.  Instead it “provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an effective and responsive compliance management system within an organization.” As Sabine explains in the podcast, work on this standard goes back many years.  It was designed to be used by companies and organizations from a wide range of industries. Listen in as she explains what it covers, what it emphasizes, how it should be used, and how it shouldn’t.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org As Inspector General at the US Department of Justice Michael Horowitz has been at the center of internal investigations the scope of which few in compliance will ever see.  But, while it’s unlike a compliance officer will face the over 1.2 million documents Michael’s team waded through as part of the review of the FBI’s handling of the Clinton email investigation, there is more in common than one would think. In Part 2 of this two-part podcast Michael addresses issues that would look familiar to any compliance officer who is familiar with investigations: * Determining who should be included in the investigations * Maintaining confidentiality * The importance of process * Keeping at bay individuals who want to know what the investigation is finding before the investigation has concluded * When information should be disclosed before the investigation is concluded * Writing the investigation report, including keeping things mundane (and shared an anecdote that came from a Bob Woodward speech) * Sharing the findings with leadership * Learning from the process Listen in to gain some of his wisdom.  One warning, though, before you do.  If you are listening to these podcasts hoping for fresh insights into the Clinton email investigation or any other of the IG ’s investigations, you will be disappointed.  Our goal is to take a look at the investigations he has led from the perspective of a compliance officer and to benefit from his very deep experience conducting large scale, high profile investigations. You can listen to Part 1 here: http://media.blubrry.com/compliance/content.blubrry.com/compliance/Michael_Horowitz_Podcast_Part_1.mp3