Category: Compliance Programs

The 2010 OCEG GRC Achievement Awards Presentation

The Open Compliance and Ethics Group will recognize the great strides that many organizations have made in improving and integrating their approaches to governance, risk management, and compliance.

The winners were:

  • Best Buy – Ethics blog for employees
  • Capital One – GRC implementation
  • Carnival Corporation – Integrated approach to GRC Management
  • Direct TV- Embedding spreadsheet governance into everyday business
  • Tawuniya – Performance management through GRC
  • Visa – Global ERM Program & Roadmap

Carole Switzer announced the Peer Choice award winner, chosen by the Compliance Week attendees.

And the winner is . . . .

Visa!

UPDATE:

Cash, Ash or Crash – Nobody Rides for Free

Iceland has been a sources of trouble.

In October of 2008 their banking system crashed after ill-advised over-expansion. Proportionally, Iceland’s financial meltdown made the US failure look quaint. The three biggest banks in Iceland, a country of only 310,000, made loans totaling over 850% of Iceland’s Gross Domestic Product.

In April, Iceland’s Eyjafjallajökull volcano erupted from its glacial hibernation. The result was the biggest shutdown in the history of aviation. (This included the flight for my planned vacation.)

Last week Iceland’s Glitnir Bank announced that it has commenced legal action in the Supreme Court of the State of New York against Jon Asgeir Johannesson, formerly its principal shareholder, Larus Welding, previously Glitnir’s Chief Executive, Thorsteinn Jonsson, its former Chairman, and other former directors, shareholders and third parties associated with Johannesson, for fraudulently and unlawfully draining more than $2 billion out of the Bank.

They are also suing the bank’s auditors PricewaterhouseCoopers for malpractice and negligence. The bank claims that PwC helped conceal the fraudulent transactions that lead to Glitnir’s collapse. “The Individual Defendants could not have succeeded in their conspiracy to loot Glitnir without the complicity of Glitnir’s outside auditors at PricewaterhouseCoopers hf.”

It’s curious that the action was filed in New York state court. I assume there will be a big battle over jurisdiction. After all, it’s an Icelandic bank, Icelandic defendants, and even claims under Icelandic statutory law.

The bank is claiming jurisdiction in New York because Glitnir sold $1 billion in medium term notes to US investors in September 2007. Plus Johannesson and his wife reside in New York (I don’t think that helps much with the other defendants.) The complaint also points out that many of the contracts involved in the fraud had New York choice of law provisions.

The question will be whether Icelend’s volcanic will prevent the defendants from traveling to New York.

The title of this post comes from Jim Peterson as his update of the 1970s hitchhiker bumper sticker.

Sources:

Trust and Compliance

To some extent, compliance programs are about the opposite of trust. A compliance professional wants to check on the status of a person’s actions to make sure rules are not being broken. Theoretically, you wouldn’t need to check on the status if you trusted that the person would not break the rules.

There are two big reasons that you can’t rely on trust and should have a compliance program.

The rules can be complex

Depending on the industry, a company can be subject to hundreds, thousands or even millions of separate rules affecting its internal and external behavior. Some rules are clear and simple to understand. Other rules are very complex and require the organization to interpret how it wants to act in relation to the rule.

I think the vast majority of non-compliance comes from misunderstanding the rules.

An important part of compliance is educating the people in your organization about the rules. They are less likely to inadvertently break a rule if they know the rule exists and what it requires. Also, there are some studies that show intentional non-compliance can be reduced by regular exposure to education about the rules.

There are bad actors

There may be people in your organization who are bad actors. You hope that everyone you’ve hired will act in the best interests of the organization. They were probably trust-worthy when you hired them. But behavior changes.

A role of compliance is to find the bad actors and either change their behavior or get them out of your organization.

Compliance is Pixie Dust

As Peter Pan said: “What’s the matter with you. All it takes is faith and trust. …  And something I forgot, dust. Just a little bit of pixie dust.” A good compliance program is the pixie dust.

Sources:

Image is by m-c: Trust

You know you’ve failed as a CCO when you get barred by FINRA

finra

The Financial Industry Regulatory Authority permanently barred Tod Bretton, former chief compliance officer and head trader for Prestige Financial Center, Inc.

“FINRA found that, from at least September 2006 through June 2009, Bretton, working from the firm’s New York office, engaged in a fraudulent trading scheme in which he took advantage of customers placing large orders (generally 1,000 shares or more) to buy or sell stocks. Rather than effecting the trades in the customers’ accounts, FINRA found, Bretton first placed the orders in a firm proprietary account. He would then increase the price per share for securities purchased by approximately $.02 to $.05 above the market price before allocating the shares to the customers’ accounts. Similarly, he would decrease the price per share for securities sold by approximately $.02 to $.05 below the market price before allocating the proceeds to the customers’ accounts. This improper price change was not disclosed to or authorized by the customers.”

In settling this matter, Bretton neither admitted nor denied the charges, but consented to the entry of FINRA’s findings. Regardless of whether he admits the charges, he is barred from associating with any FINRA member in any capacity.

It seems that Mr. Bretton was a bad choice for CCO at his former firm.

I was also disappointed to see that the BrokerCheck did not throw up a bigger red flag for this type of discipline. After all, this is a permanent bar. The BrokerCheck webpage for Tod Bretton just states that there are events disclosed in the Detailed Report. You have to get to the ninth page to find out that he is under a permanent bar.

I understand the difficult issues with disclosing disciplinary actions, since some may be unfounded or of little merit. Bretton got the nuclear discipline, ending his career with securities. Such a definitive and absolute result should be made more obvious.

Sources:

Taxonomy and Compliance

Compliance often has to deal with a great big piles of data. When tackling a big pile of data, it helps to organize the data into a taxonomy. The taxonomy helps with analysis.

Of course, just by choosing the nodes in the taxonomy you are influencing the view of the data.

I was struck by how hard it is to work with a taxonomy in a recent article in the Economist: In Quite a State. The article looked at the many different lists of countries in the world and the many different ways of defining a country.

The US Department of Homeland Security offers 251 choices when you apply online for a visa-free entry. That list includes Bouvet Island, uninhabited Antarctic volcanic island belonging to Norway in the South Atlantic.

Hotmail offers a menu 242 countries/regions when you register an e-mail account. The United Nations has 192 member states.

One of the most interesting examples is Taiwan or Chinese Taipei. During the days of the Cold War many countries recognized Taiwan as a separate country because it was the non-communist regime exiled from China. Now that mainland China has become an economic titan, only 23 countries have formal diplomatic ties with Taiwan.

I am always struck by the treatment of Taiwan during Olympics, when their athletes walk behind a generic Olympic flag instead of the traditional Taiwan flag.

Adding an item or deleting an item to a taxonomy affects your view of the underlying data and affects the prominence of that item. It’s hard to “flag” a problem if it is not properly identified.

Revisions to U.S. Sentencing Guidelines for Compliance Programs

At their April meeting, the U.S. Sentencing Commission voted to adopt changes to Chapter 8 of the Sentencing Guidelines Manual. That chapter defines an effective compliance and ethics program and has been one of the sacred texts of the compliance profession.

Here is my summary of the changes:

Changes to §8B2.1

In defining an Effective Compliance and Ethics Program, they are inserting a new Note 6 that focuses on the steps to take after the detection of criminal conduct.

First, the organization must respond appropriately to the criminal conduct, including restitution to the victims, self-reporting and cooperation with authorities.

Second, the organization must assess its program and modify it to make the program more effective. They seem to encourage the use of an independent monitor to ensure implementation of the changes.

Changes to §8C2.5(f)

In calculating the culpability score for having an effective compliance and ethics program, they have removed the near automatic disqualification if the bad actor was  a high level executive. You can get credit, provided you meet the new criteria:

  • the head of the compliance program must report directly to the governing authority or appropriate subgroup (for example, the audit committee of the board of directors),
  • the compliance program must discover the problem before discovery outside the organization was reasonably likely,
  • the organization must promptly report the problem to the government, and
  • no person with operational responsibility in the compliance program participated in, condoned or was willfully ignorant of the offense.

Changes to §8D1.4

The amendment simplifies §8D1.4 (Recommended Conditions of Probation – Organizations) (Policy Statement) on the recommended conditions of probation for organizations. The new section consolidates the list of conditions that are appropriate conditions for probation.

Status of Changes

The changes have to be submitted to Congress and won’t take effect until November 1, 2010. (Unless Congress votes to reject the changes.)

Publication of Changes

You would think that the Sentencing Commission would publish this change on their website or publish a press release. No information about the amendment, the submitted comments or meeting minutes have yet made their way to the website for the United States Sentencing Commission.

Fortunately Susan Hackett of the Association for Corporate Counsel and Melissa Klein Aguilar of Compliance Week were able to alert us and publish a copy of the changes.

Sources:

Incentives, Productivity and NUMMI

I recently listened to a great show from This American Life. They covered the story of New United Motor Manufacturing Inc. (NUMMI). General Motors and Toyota opened NUMMI in 1984 as a joint venture so Toyota could start building cars in the US. Toyota showed GM the secrets of its production system and how Toyota made cars of much higher quality and much lower cost than GM.

There are some great lessons in the story for compliance professionals. In part because the story can be seen through the lens of incentives and corporate culture. Two topics that are important to compliance.

For GM plant managers, their pay was based on productivity. They needed to get lots of cars out the door at the end of the assembly line. It didn’t matter whether the car could drive off the line or had to be towed. Workers told the story of cars coming off the line with a Monte Carlo having the front end of a Regal. They would just let them run down the line and out into the yard. Then they were fixed out there (with overtime). The emphasis was on quantity. At GM, the production line could never stop.

The Toyota system empowered the line workers to stop the line if there was a problem they couldn’t fix. The emphasis was to fix the problem at its source and not defer it for later. The emphasis was on quality. (Some of the recent problems at Toyota can be blamed on changing their focus to quantity. They wanted to be the biggest car company in the world.)

In spreading the Toyota system, there was resistance from both the company and the union. The union was opposed because the system was more efficient and would reduce the workers at a plant by 25%. The NUMMI plant was the re-opening of a shut down GM plant. The union was out of work and was more open to change. It was either change the way you work or don’t work at all.

GM had trouble empowering its worker and changing the corporate culture that comes along with the Toyota production line. They thought workers would just stop the line to play cards and get coffee.

Its worth an hour of your time to listen to the story.

Sources:

Making the Case for Compliance at Private Companies

More focus has been aimed at the need for compliance programs at public companies. Of course, that focus has been largely drive by the requirements of Sarbanes-Oxley. The other focus comes from highly regulated industries like financial services that require compliance programs.

That doesn’t mean that private companies can ignore compliance. There are many more private companies than public companies.

An article by Corpedia caught my eye: Making the Case for Compliance Programs at Privately Held Companies. (Since I work at a private-held company.)

As the article points out, the Federal Sentencing Guidelines do not change based on the ownership structure of the company. Private companies would need to take the same steps as private companies if they want to get credit for having an effective compliance program.

Another big reason for a compliance program is not discussed in the article. Under the Stone v Ritter and Midland Grange decisions, company officers and directors can be held responsible for the illegal conduct of employees. These cases follow up the case in expanding liability for company directors.

An effective compliance program would presumably reduce or prevent any illegal activity and shield the directors and officers from liability by showing that the illegal conduct was by a rogue employee.

One factor to keep in mind is that many private companies lack a meaningful board of directors. For many private companies, the board of directors really means the company’s principal. If there is a board, it may consist largely of family members, insiders and company officers. All the talk about access to the board of directors is lost on those us running compliance programs inside private companies.

Sources:

Financial Overhaul Moves Forward

Senator Dodd

With the health care reform now out of the hands of Congress, there is now movement with financial overhaul. Senator Dodd introduced the Restoring American Financial Stability Act of 2010 last week  without a Republican co-sponsor [Dodd Goes Solo].

Instead plugging in amendments, the Senate Banking Committee voted on straight party lines to advance the bill as introduced by Senator Dodd. The bill is moving so fast that it has not even made into the Thomas system for tracking legislative activity. The vote on Monday night lasted less than 25 minutes.

According to reports, Republicans filed more than 200 amendments on Friday, but withdrew all of them and let the bill pass quickly through committee. I assume the strategy will be to attack the bill in the full Senate instead of in the Banking Committee.

UPDATE: There were 114 pages of amendments made to the bill. Most look like clean-ups and small changes that do not have a big impact on the bill.

Sources: