Summary: Podcast featuring the top Compliance and Ethics thought leaders from around the globe. The Society of Corporate Compliance and Ethics and the Health Care Compliance Association will keep you up to date on enforcement trends, current events, and best practices in the compliance and ethics arena. To submit ideas and questions, please email: email@example.com
By Adam Turteltaub firstname.lastname@example.org Compliance can be a lonely job, but it’s best not done alone. Working with other departments is essential for a program to be successful. Lauren Connell, the Director, Compliance & Integrity at Nielsen, has found a few keys for making cross-functional partnerships work. First, she advises in the podcast (and for SCCE members in the December issue of Compliance & Ethics Professional magazine), identify which departments are most important for your work. HR, internal audit and finance have been crucial for her since they are very much aligned with compliance. To forge a relationship, she recommends beginning by offering to provide training on a topic that would be relevant to that function. It’s a good way to demonstrate the value compliance provides, and you can demonstrate your understanding of what’s important to them. Once the relationship has started, she counsels to keep it healthy by focusing on common goals and, not just asking for help, but providing it as well. In addition, she advises avoiding turf battles by respecting boundaries and by keeping lines of communications open all the time, not just when there is a crisis. Listen in to learn more about how to strengthen your compliance department’s partnerships with everyone from HR to sales.
By Adam Turteltaub email@example.com I admit it. I have a problem when it comes to understanding blockchain technology. I think I understand what it is and somewhat how it works, but I’m not sure why anyone needs it, or how it can be used for compliance programs. Syed Hussain, CEO of the Americas for BANKEX offered to help. As you’ll hear in this podcast he provides an overview of the technology. It’s highly secure, distributed and decentralized, he explains, which means it is relatively difficult for someone to hack or to meddle with a record. Each block of data is immutable. One key benefit of the technology, Syed argues, is that it can create trust, which can help on compliance issues such as Know Your Customer (KYC) and Anti-Money Laundering (AML). He makes some very interesting points about the technology and its potential, and I’m sure one-day compliance teams will embrace it, but I’m still not sure how. What do you think about blockchain and how we can use it?
By Adam Turteltaub firstname.lastname@example.org What should I ask when interviewing someone as a part of an investigation? Where should I conduct the interview? How do I know if the person I’m talking to is telling the truth? According to Michael Johnson, CEO of Clear Law Institute, before you ask all that, start by thinking about the report that you are going to have to write at the end. Think about the questions you will have to answer and evidence you will need. That way you can better ensure that the investigation stays on track. If you want to know who’s lying to you, don’t rely on visual clues. Research has found that behaviors people tend to associate with lies – avoiding eye contact, jitters – are actually signs of nervousness, not prevarication. Instead, he advises in this podcast, the best way to know if someone is telling the truth is to listen to what they say. When it comes to the issue of what to ask, here, too, he advises listening. While having questions ready is essential, too often investigators are more focused on getting their questions asked than in listening to what the person has to say or encouraging the witness to tell the full story. As he explains, the technique of using cognitive interviews, which encourages people to talk more freely and look at what happened from multiple sides, can be much more effective than going down a laundry list of questions. And, no matter how you conduct an interview, think carefully about where you conduct it. You don’t want it in a glass conference room with other employees walking by. Listen in to this podcast to learn more about, well, learning more during an investigative interview.
By Adam Turteltaub email@example.com It’s not always easy walking into the room as a compliance officer. Employees often tense up and wonder “what now.” It doesn’t have to be that way, and Amsterdam-based Susan Du Becker, Global Compliance Enablement for Cisco, has identified how to build a more positive relationship. Turning things around, she explains, depends on showing the business the value that compliance can bring and that we are here to help support the business. It begins, like so much else in compliance, with the corporate culture. If the culture is wrong, there is no way to effectively address the underlying issues. That makes it exceptionally difficult to affect behavior, including a willingness to come forward and speak with compliance. One way to start moving the culture, according to Susan, is to look for support from others outside of compliance. Start with the individuals who get it, and help them enlist others. One way to help make that happen: earn some quick wins. Show where compliance adds values to the business. Point out that customers want reassurance that the company is compliant. In addition, demonstrate successes such as reductions in cases or ethics issues. Listen in to learn more about how compliance can start being seen as brightening a door, instead of darkening it.
By Adam Turteltaub firstname.lastname@example.org Dan Roach is Chief Compliance Officer for Optum360 and one of the co-founders of the Society of Corporate Compliance and Ethics. He has directed the development and implementation of compliance programs for more than 25 years. Throughout this time he has staffed boards and compliance/audit committees, as well as served on the board or compliance/audit committee of the board for multiple organizations. In this Compliance Perspectives podcast, Dan shares his expertise on five key questions. Are there specific legal requirements for board members when it comes to overseeing compliance? What should board members be asking of the compliance team? What should boards be asking management when it comes to their interactions with compliance? What should compliance officers be telling the board on an ongoing basis to help boards exercise their oversight authority? What should a compliance officer not be sharing with the board? Listen in as he shares his insights including: * Take the time to understand what training in compliance, legal and regulatory risks that individual board members may need * Don’t measure your interaction with the board based on minutes spent with them, but instead on the quality of the interaction * Provide key metrics to the board on the effectiveness of the program and how its elements are functioning * The need for the board to ask management if the compliance program is being executed consistently, and whether there are sufficient resources
By Adam Turteltaub email@example.com These days compliance typically stands alone and reports directly to the board. But that’s not true for every organization. At Freddie Mac, compliance is a part of Enterprise Risk Management (ERM), albeit with a reporting line to the audit committee of the board. To get a better sense of how this relationship with risk works I spoke with Michael Levin, the Senior Director of Compliance there. He explained that, like so many other large financial institutions, Freddie Mac operates with a three-lines-of-defense system. Since both compliance and ERM served on the second line of defense, the company decided to combine the two under one executive leader. For Michael, there have been significant benefits to this relationship. It has helped the compliance team to better understand risk, build bridges to the business unit, gain greater exposure to the board and become a part of business decisions much earlier. At the same time, there have been challenges, including helping the ERM team better understand the challenges of managing culture. Listen in to better understand the benefits and risks and being a part of risk management.
By Adam Turteltaub firstname.lastname@example.org Delivering bad news is never easy, especially when that news is an allegation of serious wrongdoing. Fortunately for the rest of us, Odell Guyton, Managing Director at Klink & Co. and a co-founder of the SCCE, is willing to share his expertise in this thorny area. As he explains in his podcast, it’s essential to have protocols in place before you have to deliver bad news. These rules of the road should cover what will be brought to the attention of management or the board, and how the investigation will be managed. One thing that must be delivered: information they may need to share with the public, shareholders or the board. Once the investigation is in process updates should be handled judiciously, and it’s important to avoid delving into the more salacious areas. Finally, he explains how to handle – or more accurately have others handle — any discipline that may be warranted. Spend some time listening to his thoughts. It could make bad news a bit easier to deliver.
By Adam Turteltaub email@example.com If you work in a large, global company these days, odds are very good that there is an extensive ethics and compliance programs. Yet, many wonder why would a domestic company that’s small or medium-sized need one? Art Weiss, Chief Compliance & Ethics Officer at TAMKO Building Products has a great, short answer: If you have people you need a compliance and ethics program. Working for a privately-held company in the US with a strong ethics and compliance program he has seen why every organization can benefit from compliance. As he explains in the podcast, issues will always come up and having a code of conduct, policies and procedures is essential. He also points out that, regardless of size and geography, every company has certain risk areas that will require training: conflicts of interest, harassment, gifts and more. To those who object, arguing that they lack the resources, he explains that small can actually be an asset. It’s easier to do face-to-face training, and key stakeholders are easier to get to. Listen in to learn more about why every organization can benefit from a compliance program, and how to get the most out of your small-company program.
By Adam Turteltaub firstname.lastname@example.org Marjorie Doyle, in addition to her years leading compliance and ethics programs, has long taught organizational ethics at SCCE’s domestic and international Basic Compliance and Ethics Academy. In this podcast, she provides a primer on the topic. As she explains, organizational ethics is a focus on the organization’s values and how the organization wants to be seen. It’s how you define your brand. Making the organization’s values come to life begins with incorporating it in the code of conduct, ideally with scenarios demonstrating real-life situations where they apply. As Marjorie explains, the key is to incorporate the values wherever you can. One good place to start is with HR and work to include in every job description a statement of the values and how particular values relate to the job. And while there, it’s worth discussing how values, ethics and compliance will be included in annual evaluations. In addition to HR, the board can be a strong ally, if the values are taken from nice puffy clouds in the sky to practical applications. She recommends providing boards with specific questions they can ask management, such as, “Can we do this project and live up to our values?” Listen in to learn more about organizational values and how they can enhance your enterprise.
By Adam Turteltaub email@example.com There are a number of challenges to managing compliance programs in Asia: With dozens of countries and thousands of languages, one size does not fit all. There is tremendous diversity in cultures. Some countries are common law and others are civil law societies. Governments have different priorities for enforcement. But compliance officers can’t just throw up their hands, nor do they need to, says Jimmy Chatsuthiphan, who spent several years working in compliance in Asia before returning to the US. He is currently serving as Director of Global Compliance Investigations for Panasonic Avionics Corporation. The risks are substantial and can be managed, he tells us. Plus, several countries in the Asia-Pacific region are known for having very clean business environments. As importantly, there are a large number of managers in the business units who are already familiar with compliance concepts. As a result, it is not always an uphill battle. Success, he tells us in the podcast, does, though, require having someone on the ground in the region. It is too large an area, with too great a time zone difference, to be managed remotely. What else works well in Asia? Speaking to themes like karma and the importance of doing things right, even when no one is watching. Likewise speaking about not disappointing your family, either your family at home or your “work family.” Try also, he advises, citing incidents that have affected the company or competitors. And, of course, having strong financial controls and third-party vetting. Listen in to learn more about these issues, the changing regulatory environment – compliance programs are being recognized more – and tips for conducting internal investigations.
By Adam Turteltaub firstname.lastname@example.org Both HIPAA and the HITECH Act have been around forever in compliance years, but that doesn’t mean that the challenges they pose have all been met. In fact, Adam Greene, a partner at Davis Wright Tremaine in Washington, DC explains that the risks keep changing because technology keeps evolving. Big data, Artificial Intelligence and machine learning are all changing the playing field, not to mention ransomware, information sharing and interoperability. In our talk together on this podcast he speaks to the dynamic environment as well as some of the issues compliance teams are facing when dealing with the regulators. It’s a topic he knows well, having seen it from both sides. Before his current tenure in the law firm, he served at HHS in the Office for Civil Rights (OCR). Some of the other topics he discusses include: * The disconnect between how information security professionals look at security vs. what OCR wants to see in compliance documentation * Ongoing difficulties in enabling patients to access and share their health data * Vendor management after the business associate agreement is in place * The European General Data Protection Regulation (GDPR), and not over or under-reacting * How best to approach regulators after a breach occurs Listen in. He provides a good guide to changing times for this substantial compliance risk area.
By Adam Turteltaub email@example.com As CEO of Klink & Co., Jeff Klink has a unique and broad perspective on the challenges of global compliance programs, especially those operating in Asia. Lately, he reports in this podcast, he has seen a rise of troubling kickback schemes plaguing large global manufacturers. Employees are finding creative ways to get kickbacks, even setting up fictitious shell companies that appear independent. It’s a problem that, while not exactly a compliance issue, that should send up red flags for the compliance department because it points to weaknesses in third-party due diligence efforts that rely on database searches. It often takes a site visit – one that exposes that the “company” address is actually just a studio apartment – to reveal the problem. What else should compliance teams do? First, he advises, use a risk-based approach which invests more resources into higher risk areas. In addition, focus on high-dollar vendors. Then don’t stop with the initial due diligence. Ongoing auditing and monitoring are essential. He notes that many companies do comprehensive due diligence of existing vendors every few years, especially those that interact with government officials. Listen in, and maybe share the podcast with your fraud team
By Adam Turteltaub firstname.lastname@example.org These days it seems that most helplines are handled by external providers. But, not ever company goes down that route. For Brendan LeMoult, Fiscal Affairs and Anti-Illicit Trade Vice President at JTI, having an internal whistleblower line has distinct advantages. As he explains via this podcast, the company takes allegations itself and uses an internal investigations group for all its investigations. Employees are first encouraged to raise issues with line managers or persons they have concerns about. If that doesn’t work, they have three ways to report anonymously or confidentially. First, they can log on to an online portal. Second, the company has about 250 contact persons throughout the company who have been trained to address concerns. The third option is to come directly to corporate compliance and raise their issue. Once a concern is raised, the compliance team will examine if the concern is in scope — addresses code of conduct, policies or procedures or violation of law, rather than a routine personnel issue. If it is in scope the allegation goes to the Business Ethics Committee which decides whether to refer the matter for a full-blown investigation. The goal of the process is to make sure that the person who raises the concern has the confidentiality/anonymity that they want, and the investigation process has sufficient independence. Listen in to learn more about the process, including the ongoing reviews of active investigations.
By Adam Turteltaub email@example.com When it comes to compliance due diligence during a merger or acquisition, the number one thing to know, says Kasey Ingram of ISK Americas, is that regulators expect it as a part of an effective compliance program. Even if the regulators didn’t have these expectations, it’s just plain prudent, he argues. And, it helps the compliance department demonstrate the value it provides. So how can and should compliance be involved? According to Kasey, it begins with having a seat at the table. Introduce yourself to the M&A team even before a deal is in the works. Deals happen fast; if you’re not there at the start you may be left out. Once the deal begins, create a questionnaire for the business team to use to identify issues. Do a quick risk assessment even before you begin the questionnaire, looking at the industry and the company’s history. The answers to your questionnaire can help identify potential issues which should be discussed with the M&A team. They can then decide if the risks are worth taking or even price them into the deal. Also, recognize that when the deal closes the real work begins. Compliance needs to do additional due diligence, and the company may need to self-report if violations are found – there are strong incentives to do so. In many ways, after the deal closes is the trickiest time for compliance. It’s essential to have a checklist of things you will need to do, and be prepared for culture clashes: no two businesses have the exact same culture. Handle it all correctly and you could help both stem legal problems, and reduce internal friction. Listen in to learn more. And for still more insights, consult the Complete Compliance and Ethics Manual.
By Adam Turteltaub firstname.lastname@example.org Sometimes you have to move on, whether it’s because your current compliance and ethics position isn’t working out, or because opportunity comes knocking. Steve Harrison of Conselium works with compliance professionals looking for new job opportunities and for companies looking to hire them. He took time at the 2018 Compliance and Ethics Institute to record this podcast and to offer advice, starting with resume writing. He warns against resumes that are too internally focused, using, for example, abbreviations that only relate to the company and business that a candidate is working in. For obvious reasons, resumes like this don’t translate externally. Instead, he advises trying to portray yourself as generally capable, not just really good at what you do at your company. It’s also important, he advises, to get into the mindset of the person reading the resume. Include information such as how many people report to you, the structure of your organization and projects that you led. What about at the interview? He advises doing your due diligence before walking in the door. Find out what the compliance reporting line is to see if there is appropriate independence. Be sure to also go online to determine if the company has been in the news lately and for what. To stand out in an interview, bring ideas with confidence and talk about how you would approach the role and the program. Also show a genuine interest in the business. Ask the person interviewing you about their past work and what they like about working at the company. Listen in to his podcast to learn what can make you a more attractive candidate.