Cyber threats cannot be ignored
In the modern world, the threat of cyber theft is as real as any other crime. Speaking on the topic was the FBI’s James Comey.
Comey used the metaphor that if you are walking across a car park late at night, you become more conscious of the dangers. You walk quickly and with confidence to avoid becoming a target for muggers. The same level of caution should be applied when you are online. You should understand that you are at risk and take the appropriate action to avoid being ‘mugged’.
Compliance officers should make sure their company’s data-protection technology is up to date and is constantly monitored. If officers are not already viewing cybercrime as a significant risk, they should start before it is too late.
Combatting social media risks
Companies must have social media policies that define the appropriate use of social media, both at work and at home. Such a policy should clarify what employees can and cannot discuss publicly, reference appropriate employee behaviour and explain the consequences of policy violations.
The SCCE’s Vice President of Membership Development Adam Turteltaub urged companies to better understand the evolving risk of social media and provided delegates with pointers on devising a suitable social media strategy.
Social media is changing the way businesses operate, with many positive outcomes. Even from a compliance perspective, embracing social media encourages openness and transparency, and assists with increasing internal and external communication and awareness.
Through persistent training and awareness programmes your organisation can help staff determine when and where they should be using social media, as well as refining the manner of how it should be used. The programmes should set the boundaries and help people believe that a key purpose of social media is to add value.
Antitrust compliance programmes needed to combat risk
Increasing antitrust risks, such as dawn raids and extraditions, as well as the huge fines that can be imposed on companies, now warrant the creation of an effective antitrust compliance programme.
Tom Bridgeford, Senior Compliance Counsel for FCPA, Antitrust and Investigations at Tyco International, urged delegates to ensure that their company had an effective antitrust compliance programme in place to comply with the law, build the company’s reputation (therefore building stakeholders’ confidence) and prevent violations occurring. He also stressed that the costs of failures heavily outweigh the cost of compliance.
Companies must educate themselves on their third parties
Although third parties represent the greatest risk for companies when conducting business in new jurisdictions, most companies are not aware of how many third parties they’re using, or which third parties present the greatest risk, said Nathaniel Edmond, former FCPA Unit Assistant Chief at the United States Department of Justice and now Partner at Paul Hastings.
Companies should be conducting compliance training for all third parties and due diligence on higher-risk third parties (for example, third parties that deal with government officials, such as immigration providers or customs brokers, might be considered higher risk).
Demonstrating programme effectiveness is key to securing compliance budget increases
The most effective way that a compliance professional can secure additional funding for their company’s ethics and compliance programme is to demonstrate the effectiveness of the current programme.
Julie K Moriarty, General Manager of Training and Communications Strategy at The Network, described the various ways delegates could show a return on investment and obtain executive buy-in for a better-funded programme. These included various critical compliance metrics that might be required to prove the effectiveness of a company’s current programme, such as survey and assessment results, entry and exit interview data, performance evaluations and examples of ethical leadership.
See no evil, hear no evil
When interviewing people, recent research has shown that listening to what they are saying is a better indicator of truthfulness or deceit than body language.
When interviewing people, compliance officers need to be aware that people that guess if someone is lying by analysing their body language are only right 50 percent of the time. By listening, however, officers allow interviewees to commit to details that can be used later as evidence of innocence or guilt.
Compliance officers can provoke the truth by opening conversations with, ‘Can you tell me about the day/incident/time …’, and letting the interviewee talk without interruption. The more they talk, the more details are gained – details that may be disproved later. Another useful technique is to ask unanticipated questions about time and space (for example, ‘Where were you sitting in the restaurant?’). If the interviewee has formulated the story with someone else they are unlikely to have discussed details such as this, so their story cannot be corroborated.
Attitudes to compliance shaped by generational differences
In the modern office, four generations might work together. Each generation has experienced different events during their respective lifespan that have shaped the way they approach ethical issues in the workplace. With that comes a varied approach to compliance.
Professor Paul Fiorelli and Gretchen Winter spoke about the varied generations and the trends within each.
The veterans, born before 1940, will respect a well-implemented ethics programme, but won’t respect a programme that falls short of their expectations. They look for tone from the top more than other generations do.
Baby boomers, born between 1940 and 1970, are likely to take matters into their own hands to ensure ethical behaviour is happening if there isn’t a strong tone of compliance at the top.
Generation X, born between 1970 and 1980, are likely to consult unconventional sources (e.g. their peers) before going to the compliance committee to report unethical behaviour.
The millennials, born between 1980 and 2000, are tarred with the stereotype of being unreliable, disloyal and lacking in empathy because they are likely to move company if a better offer comes their way. However, they are from the first generation to experience a culture of ethics, and a result are more likely to take ethics into account when considering whether or not to take a job.
Compliance profession: only halfway to maturity
As the Society of Corporate Compliance and Ethics (SCCE) celebrated its tenth anniversary in style in Chicago, CEO Roy Snell spoke exclusively with Compliance Insider® about his hopes for the conference and the challenges facing the compliance profession.
CI: What are your hopes for the 13th Annual Compliance and Ethics Institute?
RS: We are successful because we are not esoteric, just very focused. Too many associations become insular and say ‘We only want zebras with our kind of stripes’, so they only find ways to exclude people. In contrast, we want everybody – for example, HR people, risk people, vendors, exhibitors – because they’re the ones that go back to their respective companies better understanding the value of compliance.
Because the profession is expanding, we have some people who have been members for ten years as well as a huge percentage of people who have been members for a very short period of time.
Many people don’t remember what it’s like to turn up at this event for the first time. We welcome anybody interested in the various elements of a compliance programme, and our hope is that we can help to educate new people interested in our profession.
As a profession we are 20 years old, which is only halfway to maturity. We have a bit of a problem that every profession has when it first starts out in that many people suddenly claim to be experts and try to define the profession.
Compliance is about the coordination of up to ten areas of expertise. It can’t just be about audit or legal, for example; it has to be about all of the elements.
There is perhaps more crossover between audit and compliance than legal and compliance, in terms of processes and procedures to ensure you follow the rule of law. So experts in compliance have to have been exposed to the profession in the sense that they must have held a job in compliance.
Among the speakers at the 13th Annual Compliance and Ethics Institute are individuals from the enforcement community. To what extent do you feel that you have achieved your pre-event aim of securing a diverse group of speakers?
We’ve had a 20 percent growth in attendees and speakers at this year’s conference. As the profession matures, we will see an evolution in thinking, from compliance as a cost centre to compliance as a competitive advantage. By that I mean that people who work for companies that they believe are ethical and follow the rules are much more likely to be more productive and innovative. People operate better when they work for trusted companies.
Regarding the enforcement community, we want them to understand us. Part of our work is to help the enforcement community approach and recognise those companies that are committed to compliance and ethics. And compliance people are among the most generous I’ve ever met when it comes to sharing best practices.
How will this year’s conference be utilising technology, and how does this differ from previous years?
The iPad wall is new this year, and I think this is the first compliance conference in the United States to introduce this. We’re also becoming more effective with things like speed networking, for example.
How important are the networking opportunities for delegates?
Our top-three areas of focus are certification, education, and facilitating networking opportunities.
Chief compliance officers have incredibly stressful jobs and not a lot of opportunity to engage with peers. In April 2015, for example, we will host our third European Compliance and Ethics Institute in London. At the last one we saw what we’ve seen at the United States conferences: after attending the first day of the conference, compliance professionals tell us ‘I’ve found my professional home’.
Delegates told us that they had not actually been to an event in Europe before that was quite like our European conference. They had been to similar conferences, but not to ones actually run by people who know about compliance. This was the first chance they had had to experience a European conference with their peers.
Meanwhile in Asia-Pacific, there is great interest in certification and we will therefore be hosting an academy in Singapore and one in Australia too.
This year the SCCE is celebrating ten years of supporting and developing the compliance and ethics profession. What do you put its success down to?
I put it down to the contribution of the volunteers.
The strategy is to build the framework for the profession to affect change, to innovate and to grow. We want to stay focused on elements such as networking, certification, effective compliance programmes and the role of the compliance officers, and work hard within these parameters.
We want to find more international experts, and we want to continue to communicate with the regulators so that everybody better understands the profession.
The SCCE is particularly well known for its extensive training and certification programmes. How does the organisation keep such programmes relevant for its members?
Chicago-based Scharf Banks Marmor partner Ted Banks, a veteran antitrust and compliance lawyer, says that the only way to stay relevant is to take risks. So we have sessions on everything from whistleblowing 101 to esoteric data mining theory.
Roy Snell biography
Roy Snell is a former consultant and compliance officer at the University of Wisconsin. Roy has dedicated more than ten years to the compliance profession and to the development of compliance programmes on an international basis. He has overseen the development of compliance and ethics books, manuals, videos, conferences and audio conferences, and has been a regular speaker in the compliance profession, including speaking internationally for the United Nations on compliance and ethics.