Summary: Podcast featuring the top Compliance and Ethics thought leaders from around the globe. The Society of Corporate Compliance and Ethics and the Health Care Compliance Association will keep you up to date on enforcement trends, current events, and best practices in the compliance and ethics arena. To submit ideas and questions, please email: email@example.com
By Adam Turteltaub firstname.lastname@example.org While there is much discussion of the challenges in due diligence and third-party vetting in China, Russia and Africa, the risks and challenges don’t end there. As Milos Stopic, Compliance & Ethics Officer, Middle East and Eastern Europe for Louis Berger International explains, when doing business in Eastern Europe and the Western Balkans it is a necessity as well. Happily, he reports in this podcast, it is increasingly becoming much more common and expected. More companies are adopting due diligence standards, and even large companies are receiving more requests to give information about their compliance programs. But despite the progress, there is still resistance, mostly based on a lack of understanding as to why a company conducting due diligence is even asking questions in the first place. That problem is often exacerbated by a lack of understanding of compliance programs. Listen is as Milos explains the challenges and what can be done to overcome resistance and help improve your due diligence efforts.
By Adam Turteltaub email@example.com May 25, 2018 was the deadline for companies to comply with the new European General Data Protection Regulation (GDPR), and for many organizations, it was a very long slog just getting there. Andre Bywater of Cordery Compliance warns, though, that it’s best not to think of that date as an endpoint. Instead, it’s a starting line for a new era in data protection. Already many complaints have been brought before data protection regulators, and they have led to subsequent investigations based on allegations of violations. One organization has already been told to stop processing data. So, the consequences for violations are real and, notably, they extend beyond the EU. Even companies who have done an excellent job preparing for GDPR need to remain diligent, particularly for data breaches. Hacking is a problem and a headline grabber, but there is a significant day-to-day challenge with human error: lost laptops, phone stolen, and so forth. Under GDPR, organizations have to report these incidents promptly to the regulator and may have to tell the individuals involved. This need to report quickly makes it essential for compliance teams to have a plan in place for responding, even before the breach occurs. Another issue to prepare for: individuals have the right to ask what information the organization has collected on them. That can be a time-consuming process that includes paper records. Once again, it’s important to have plans in place before the request comes in. In sum, GDPR poses significant ongoing challenges and will be a part of compliance efforts for a long time to come. Listen in to the podcast to learn more about what you should be thinking about and doing.
By Adam Turteltaub firstname.lastname@example.org The US Foreign Corrupt Practices Act and similar anti-corruption laws around the globe get the lion’s share of attention, but as the Wall Street Journal recently reported, sanctions accounted for 56% of fines in the last ten years, totaling $26 billion worldwide. Suzanne Bullitt, who is Director, Global Trade Strategy & Compliance at the Eastman Chemical Company, is well aware of the compliance risk. She has to be. Suzanne took the time to share with us in this podcast a wealth of advice for anyone who oversees export compliance, or is wondering if the people who are supposed to be doing it are truly on the ball. Hear her advice such as: * Ensure that all of your classifications are accurate and harmonized, and watch out for manipulations from the business units * Make sure that classifications are consistent, accurate and declared properly * Take the time to understand the regulatory requirements and country-specific requirements for both export and import * Be absolutely certain who the end user of your goods are, including who owns over 50% of the company * Be especially alert with joint ventures * Don’t forget to examine all parties to the transaction, including bankers, vendors and even the ships the goods sail on If you have trade compliance risks, take advantage of Suzanne’s wisdom. It may help your organization avoid becoming a part of the next $26 billion in fines.
By Adam Turteltaub email@example.com For over two decades the Society of Corporate Compliance and Ethics and Health Care Compliance Association, along with the entire compliance profession, has benefited from the leadership of Roy Snell. With Roy’s retirement beginning on November 1, 2018 we wanted to have one last opportunity to gain his insights while he is still the CEO. In this conversation Roy discusses: * What he’s most proud of from his years of leading the association * Reasons why the HCCA and SCCE have grown so strongly and for so long * Why the compliance profession has also seen such dramatic increases both in the number of compliance professionals and compliance programs * What the future will likely hold for compliance Be sure to take advantage of this opportunity to tap into Roy’s more than twenty years of experience working as a compliance professional and supporting our community.
By Adam Turteltaub firstname.lastname@example.org In 2005 the London-based Institute of Business Ethics conducted its first Ethics at Work survey. At the time it focused solely on Great Britain. Since then, as Philippa Foster Back, the IBE’s Director explains, the survey has grown to include twelve European countries. The findings from the latest issue of this one-every-three-years survey were fascinating. They found that more than three-quarters of employees thought that their corporation is honest. The reasons for the positive feelings were codes of ethics and training for one. In addition, Philippa tells us in the podcast, the corporate responsibility movement has raised awareness in employees’ eyes about how companies are behaving in the community. On the flip side, several factors can undermine employee faith. In particular: people who see things wrong in their organization and don’t see the organization taking responsibility to stop it, particularly if someone had the courage to speak up and raise the issue. She encourages organizations, if they want employees to come forward, to write the speak-up policy from the user’s point of view. Put yourself, she advises, in the shoes of someone who has seen something and wants to raise an issue: Who is going to take the helpline call? What will they ask me? Second, if your policy calls on employees to try to take the issue to their manager or supervisor, make sure that manager or supervisor knows how to handle the issue. Listen in to gain more of Philippa Foster Back’s insights.
By Adam Turteltaub email@example.com Richard Powers, the Acting Deputy Assistant Attorney General for Criminal Enforcement in the US Department of Justice’s Antitrust Division was good enough to sit down for a podcast and share where the DOJ’s priorities are in this significant risk area. His key message: The DOJ is focused on antitrust compliance and companies should be, too. At the same time, compliance has never been more important. As he explains, the Antitrust Division is looking more closely at compliance efforts and is willing to reward companies at sentencing if they have made extraordinary efforts to change their corporate culture after an antitrust violation occurs. Also, the Antitrust Division is considering ways it could encourage companies to have more robust antitrust compliance all the time, not just after an incident. So what makes for a good compliance program? From his vantage point * It is embedded in the company, not just good on paper * The right incentives are in place to make sure that the employees understand the rules and are abiding by them * Senior management is involved, as well as the rest of management Listen in to gain further insights into the Antitrust Division’s expectations.
By Adam Turteltaub firstname.lastname@example.org Insider trading is illegal trading in securities based on material, non-public information in breach of a fiduciary or any other trust relationship. That’s a lot of legal terms, and the issue is an ongoing headache for compliance professionals at publicly-traded organizations. Beth Haddock, who has spent over 20 years in compliance and leads Warburton Advisers, explains that to help prevent insider trading violations, it’s essential for compliance officers to be present day to day and with an open door. Employees have to feel comfortable coming forward with questions and concerns. To get them in the door and head off risks? Frequent training is critical, she says, and it works best when it is example-based and models proper behavior. In this podcast she also advises having written policies and asking employees to certify adherence at least annually. But don’t stop at the factory gate. In this interconnected business world it’s important to remember that lawyers, bankers, customers, and vendors all carry insider trading risk. Finally don’t forget one more risk area: cyberbreaches. It’s not just the hackers. Employees and vendors who respond to the breach before it becomes publicly known have information about what may be a material event They need to be trained not to trade on that information. Listen in to get the inside scoop on insider trading.
By Adam Turteltaub email@example.com Tone at the top is essential, but it’s also important to ensure that middle and front-line managers are echoing the same tone when it comes to compliance and ethics. If employees hear great-sounding values from up on high, but see or hear something less laudable from their immediate boss, a lot of good compliance work can quickly become undone. Marsha Ershaghi Hames, Managing Director Strategy of LRN, Inc. explains that compliance teams need to remember that leaders are employees, too. Like all employees they need to understand what’s in it for them when it comes to compliance and ethics in general, and setting the right tone in particular. She shares in this podcast techniques to help make managers more willing and frequent voices for compliance and the organization’s values. One key, she observes, is to connect the manager’s compliance responsibilities to the business and its goals, including the importance of ensuring that the manager is accessible when employees have concerns. Listen in as she discusses how to build in metrics and the value of providing managers with a toolkit for communicating with their direct reports.
By Adam Turteltaub firstname.lastname@example.org An incident occurs. Everyone wants to know what happened and what the company is doing about it. To truly understand the problem, however, it’s not enough to look at what happened. You need to get to the roots to understand why things happened. Was there something in the training, culture, tone, incentive program that was the root cause of the incident? Ethisphere’s Erica Salmon Byrne has spent a great deal of time examining and researching the issue. Compliance teams, she reports, have grown much more interested in finding the root causes to truly solve the problem. The US Department of Justice is also encouraging companies to dig to the roots of compliance issues. In this podcast Erica shares insights into what makes for an effective root cause analysis including: * Knowing how deep to dig * The importance of a good taxonomy * What data to have and how to look at trends * Training investigators, and * Having the right case management system Listen in to learn more and get to the roots of what makes for good root cause analysis.
By Adam Turteltaub email@example.com Congratulations: they’ve given you a new laptop or phone. Condolences: you better know what they plan on doing with your old device. It’s not enough to simply put them in the trash or send them off to any ewaste recycler, explains David Brent of ERI, an electronic waste recycler. There are a variety of laws that affect how technology is disposed of from both a privacy and ewaste perspective. GLBA, HIPAA Hitech, GDPR, FACTA and the FTC Final Disposal Rule provide a reasonableness standard for disposal of protected information. In addition, 32 states have data disposal laws of their own. These laws typically require destruction or erasure so that the data cannot be practically read or reconstructed. And don’t forget that phones and laptops aren’t the only devices to worry about. Printers, copiers, and even projectors may hold data on them as well. Adding to the risk: Electronic waste contains toxic metals. Eighteen states plus the District of Columbia have landfill bans on electronic equipment. For these reasons companies often turn to electronic recycling firms. They can help manage the environmental and data risks. However, due diligence is critical, Brent explains. Having the right certifications can be a good sign, when assessing a vendor, but it’s important to do your own due diligence to ensure that they are doing what they are supposed to and that your devices and data don’t end up in the wrong place or hands. Listen in to the podcast to learn more.
By Adam Turteltaub firstname.lastname@example.org As long as there have been compliance programs there has been compliance training. Despite that constancy, how that training is delivered has changed dramatically. It has evolved from lawyers standing in front of the room with acetates, to online training, phone-based training, and even compliance games. What’s driven the evolution? Part of it is certainly technology, but as Kirsten Liston, Founder and Principal of Rethink Compliance, argues, much of it has been driven by compliance people asking, “What does it take to be effective?” Training, after all, isn’t an objective. It’s a strategy for helping to prevent compliance breaches. That invites a constant reexamination of how the training is offered. At first, PowerPoints delivered online seemed like a great leap forward, which, in many ways, they were. But since then, Kirsten argues, the digital landscape has changed. People have grown used to seamless digital environments where the content seems to flow effortlessly. Compliance and ethics training that doesn’t do so can be jarring. In addition, with more of online life being led on mobile devices, we have all gotten used to shorter messages. That, too, calls for rethinking of training, both mobile and on the desktop. Listen in as she discusses these issues and how to succeed in your compliance training efforts.
By Adam Turteltaub email@example.com Conflicts of interests make up a large part of any compliance job, and few spend more time pondering them than Jeff Kaplan, a partner in the law firm of Kaplan & Walker and the editor of the Conflict of Interest blog. The most common conflicts, Jeff explains in this podcast, are economic: ownership or employment with customers, competitors and suppliers. But that’s just a part of the challenge. Money borrowed or owed to someone can create a conflict, as well as other personal ties. So how do you manage this tricky risk area that any organization faces? Jeff offers several pieces of advice including: * Think broadly * Conduct a risk assessment * Look to organizational conflicts of interest * Develop clear policies, and think about creating FAQs, as well * Plan on regular audits * Be sure to train your workforce to identify conflicts, and don’t forget the board’s potential conflicts * Understand that disclosures carry risks of their own * Centralize as much as you possibly can Listen in to learn more (but recognize that I have a conflict of interest when I suggest that you do).
By Adam Turteltaub firstname.lastname@example.org Openness is both important and a challenge for compliance departments and their leaders. On the one hand, you have to create an environment where people want to speak up, where trust is high, and transparency is embraced. On the other hand, some things just can’t be shared publicly. Barney Rosenberg, a long-time compliance industry veteran and former global vice president of ethics and business conduct in the aerospace industry, has invested a lot of thought on the topic. As he explains in this podcast, openness can be thought of as creating a climate where people can express their dreams and frustrations without fear of retaliation of any form. Openness can be encouraged with behaviors such as asking people what they know about you, what they would like to know, and what they would like you to know about them. But for that to work, the leader has to be truly open and honest. Open your ears to some interesting thoughts about openness in the compliance context.
By Adam Turteltaub email@example.com Kasey Ingram, the General Counsel and Chief Compliance Officer of ISK Americas, learned compliance and ethics from the bottom up, quite literally. He served for several years at the bottom of the ocean as an officer aboard a nuclear ballistic submarine. While taking care of nuclear reactors and missiles may seem fairly removed from compliance, Kasey explains in the podcast that there is much in common, starting with the training. During orientation at the U.S. Naval Academy a commander told him and the other new Midshipmen “Just because you’re a high performer doesn’t mean you have high character.” It was an admonition he never forgot that in many ways shaped his time at the Academy and his career since. It was not the only lesson he learned. While at the Academy he served on the honor committee, where he had the opportunity to conduct investigations both from the accusation and defense side. Later, as an officer on a submarine, he, like every other officer, was authorized to be an investigator. His job was not only to find out what went wrong, but to fix the problem. He also learned the value of communicating quickly and effectively with management – captains are very busy – a skill that would prove valuable in his compliance role. Listen in as he shares his experiences, including the value the nuclear Navy puts on creating a speak-up culture.
By Adam Turteltaub firstname.lastname@example.org When many people think about networking, they think of a bunch of people sharing business cards. That’s a start, but successful networking is much more than that. Samantha Kelen, Lead Ethics Analyst at Duke Energy, knows that getting a business card is only a first step. As she explains in this Compliance Perspectives podcast, you have to follow up with the person, preferably on a regular basis, and not just for a job. Ongoing interaction is what turns a contact into a relationship. But how do you make that first contact, especially at a conference? She recommends going in with a plan. Identify which presenters you want to meet, attend their sessions, and then stay afterward to talk. Most will be more than happy to meet you. Also, plan on connecting with people you know online through LinkedIn. Just make sure your picture is current. She once changed her hair color and it no longer matched her LinkedIn photo, making it harder for people to recognize her. At the same time, don’t be afraid to talk to strangers. For people you don’t know, have a networking “pick up line” ready to start the conversation. Listen in to learn more, and then start planning on how you’ll expand your network.