Category: Compliance Programs

Evolution of Compliance

I watched a recorded webinar presented Complinet: Compliance Evolution: Lessons Learned, Forgotten and Ignored. (March 13, 2008) Betsy Prout Lefler, the Deputy Director of Compliance at Piper Jaffray and Co. gave the presentation.

There are many different perspective on compliance and what compliance professionals do. In part because the role has changed very quickly.

At first is was only about procedures and monitoring designed to deter and deter violations of applicable laws and regulations. Now, compliance is involved in the CEO certification process, internal controls (SOX) and risk based reviews of company action.

Regulators originally gave little guidance on the role of compliance. Now compliance officers need to be involved in the SEC review process. Compliance officers need to understand not only the regulations, but also need to know the industry, the operations of the company and the products offered. CCO is not a risk manager and a strategist.

Betsy referred to the SIA 2005 Role of Compliance White Paper. This white paper tries to establish a model for compliance professionals thorughout the industry. She also notes that in 2003 the SEC began a formal approach to assessing a company’s culture of compliance.

What has caused evolution?

  • Regulatory changes – there are increasing number of regulations in the financial industry
  • Scandals – each scandal triggers more regulations and more concerns
  • Technology – more and more technology means more and more information

She things technology has made some of the biggest changes. Technology can be a compliance officer’s best friend. It is much easier to find and track issues and trends. Technology can help automate compliance. But technology can also be your worst enemy. There are lots of smoking gun emails. Technology can also automate non-compliance. Technology glitches can cause misstatements.

Don’t get stuck on “how we used to do it.” The role is evolving.

What are WIFs?

My notes from the EthicsPoint webinar on intake models and the value of web intake forms.  The presenter was Erin Watkinson a business solutions consultant at EthicsPoint.

A custom web intake form is a replacement for paper based forms. You can use the web to report on issues.

Reporting should encourage employees to first go to a supervisor and not go anonymously right away.

A custom WIF is a case intake mechanism for non-licensed users. Its a custom report form that you can brand and format as needed or desired. The WIF can eliminate the re-keying of data. The form dumps the information into a central database.  in a WIF you can have explanatory text, images, fields and/or links to other documentation. The WIF is mapped to fields in the EthicsPoint Event Manager. You can create custom print forms to match the look and feel of the WIF. All of the data elements are available for reporting and analytics. There is also branching logic available depending on how questions are answered.

Erin then showed an example of an HR Management report. This highlighted the branching features. Another demo was the Hospira HR system. They used the system for people to ask questions. The system tracks the questions and the answers given.

Investigating Suspected Financial Accounting Irregularities

I watched the webinar from EthicsPoint and Kroll on Investigating Suspected Financial Accounting Irregularities. Jed Davis is the Managing Director in the Business Intelligence and Investigations Division of Kroll and Dave Hess is the Managing Director of the Forensic Accounting and Litigation Consulting Division of Kroll.

Dave emphasized the need to have a plan in place to deal with an investigation.

In Planning the investigation:

  • Establish an independent team with required expertise:
  • Identify and preserve relevant documents and evidence
  • Determine the scope and timing of investigation
  • Develop work plan and approach
  • Establish internal communication protocol

Some key objectives and considerations are:

  • to ensure and maintain rigor and credibility of investigation
  • to work with outside counsel to establish and maintain procedures to protect attorney‐client privilege
  • communicate with the investigating parties and stakeholders.
  • Establish procedures to avoid “scope creep”
  • Determine if alleged misconduct was an isolated act or a systemic problem
  • Establish verifiable chronology of policies, decision‐making and actions in issue
  • Identify internal control deficiencies and make recommendations for improvements
  • Report investigation results to stakeholders

Presentation slides for Investigating Suspected Financial Accounting Irregularities.(.pdf)

Know Your Customer Podcasts

You can find a seried of FINRA Compliance Podcasts on their Compliance Podcast webpage and from iTunes.  Last summer they have a few on Customer Identification Programs and Anti-Money Laundering programs:

Code of Business Ethics for Jones Lang LaSalle

Jones Lang LaSalle Incorporated was named to The Ethisphere Institute’s 2008 World’s Most Ethical Companies list.

The World’s Most Ethical Companies are the ones that go above and beyond legal minimums, bring about innovative new ideas to expand the public well being, work on reducing their carbon footprint rather than contributing to green washing and won’t be found next to the words “Billion Dollar Fine” in newspaper headlines any time in the near future. These are the companies that stand out among the competition in their industry.

The Jones Lang LaSalle Code of Ethics (.pdf) is published on the “investor relations” section of their website.

Making Smarter Risk Decisions

PriceWaterhouseCoopers published Making Smarter Risk Decisions.

The paper looks at how the most successful organisations define their risk appetite and integrate this appetite into business strategy and culture so that all facets of the business consistently apply the desired risk thresholds, top down, to decision making, an organisation can achieve optimal performance and compliance and avoid investing in redundant or ineffective functions, processes and technology.

One section of the paper addresses risk appetite:

Developing this culture requires leadership to not only define risk appetite and ethical
business standards, but to encourage employees to do the right thing through clear communication of objectives and risk appetite; incentive and reward systems that are aligned to employees “doing the right thing”; and role specific ethics, compliance and risk training programmes. It also requires that management be prepared to take a hard line with employees who don’t “do the right thing”, but not with those employees who truly “do the right thing” and achieve sub-optimal results.

No business deal should ever justify putting your company’s reputation at risk.

Iraq Is Quietly Firing Fraud Monitors

From James Glanz and Riyadh Mohammed of the New York Times: Premier of Iraq Is Quietly Firing Fraud Monitors.

The dismissals, which were confirmed by senior Iraqi and American government officials on Sunday and Monday, have come as estimates of official Iraqi corruption have soared. One Iraqi former chief investigator recently testified before Congress that $13 billion in reconstruction funds from the United States had been lost to fraud, embezzlement, theft and waste by Iraqi government officials.

Iraq, in its earliest days of existence, looks like it headed toward being a kleptocracy and will be another example of the resource course.

Assessing Corporate Culture

Ed Petry of the Ethical Leadership Group put together a two part paper on Assessing Corporate Culture: Assessing Corporate Culture – Part I and Assessing Corporate Culture – Part II.

[There are] specific steps that compliance and ethics officers can take to begin the process of identifying their organizations’ culture including:
• Conduct surveys, focus groups and interviews of employees and third parties to determine what people really think about the organization, what motivates them, what’s rewarded and punished, and what are the “unspoken rules” and corporate stories that they believe best illustrate acceptable and unacceptable behavior;
• Distinguish and describe the important subcultures within the organization; and
• Identify what is really being heard by employees – which may be quite different from the message you and senior management are intending to convey.

You should do deep dives that follow roughly track the elements of the revised Sentencing Guidelines:

  • Is there consistency and clarity within your organization regarding the limits of acceptable behavior?
  • Does the Board and management act in accordance with their responsibilities to build and sustain a commitment to ethics and compliance?
  • Is compliance, ethics or even legal requirements – or the people responsible for them at the company – marginalized?
  • Do performance goals and incentives encourage and put unreasonable pressure on employees to act contrary to ethics and compliance standards?
  • Do employees feel they can ask questions or raise concerns?
  • Is bad conduct tolerated – especially at the senior level?

UK’s Law Commission on Reforming Bribery

The United Kingdom’s Law Commission has published its recommendations in a new report on reforming the bribery laws in the United Kingdom. The LC Report 313 on reforming bribery (.pdf) states:

  1. Bribery has been contrary to the law at least since Magna Carta declared, “We will sell to no man…either justice or right”. Most people have an intuitive sense of what “bribery” is. However, it has proved hard to define in law. The current law is both out-dated and in some instances unfit for purpose.
  2. We propose repeal of the common law offence of bribery, the whole of the 1889,1906 and 1916 Acts, and all or part of a number of other statutory provisions.
  3. These offences will be replaced by two general offences of bribery, and with one specific offence of bribing a foreign public official. In addition, there will be a new corporate offence of negligently failing to prevent bribery by an employee or agent.
  4. In the text below, the precise statutory terms and definitions have not alwaysbeen used. The draft Bill must be consulted for these. Not all of our recommendations and draft clauses are discussed below.

Top Ten Ways to Prevent Employee Theft

From Tracy Coenen of the Fraud Files Blog, Top Ten Ways to Prevent Employee Theft:

1. Education . If employees are aware of fraud and how it happens, they will be your best on-the-job sleuths.

2. Surprise Audits . . .

3. Hotlines . A mechanism for anonymous reporting of fraud encourages employees to look out for the best interests of the company, without fear of reprisal.

4. Assessment of Internal Controls . Companies need to take an honest look at what fraud prevention controls they have in place. They also need to be honest about whether or not those procedures and policies are being followed and whether or not they really work.

5. Background Checks . . .

6. Open Door Policy . Make employees feel that it is okay to discuss concerns with management. And then when they do discuss their concerns, act accordingly. Ask lots of questions, but be supportive.

7. Perception of Fairness . . . .

8. Employee Empowerment . Give employees the authority and confidence to make decisions and take action. The more involved and empowered employees feel, the more likely they are to look out for the best interests of the business.

9. Continuous Improvement . Management should be constantly looking for ways to improve policies and procedures. Fraud prevention is an ongoing, dynamic process that requires continuous evaluation and improvement.

10. Employee Involvement . Your employees are the people who are most aware of areas vulnerable to fraud. Talk to them and ask for their help in securing the company’s assets. Fraud prevention applies to everyone, from the top down.