Effective Interactions Between the Chief Ethics & Compliance … · 2014-09-03 · Shaping a...

1

Written permission to reprint or reuse is required in advance from both NAVEX Global and PwC

Effective Interactions Between the Chief Ethics & Compliance Officer and the Board

Carrie Penman, President, Ethical Leadership Group, NAVEX Global

Barbara Kipp, Partner, PwC

October, 2012


Presenters:

Carrie Penman, NAVEX Global Barbara (Bobby) Kipp, PwC

2

2


News flash…

3

CEOs and Boards of Directors are increasingly under the microscope…


Compliance Department – Scope and effectiveness

Stakeholder demands for evidence of effective compliance are on the rise.

Source: PWC State of Compliance 2012 benchmarking report

4

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Business partners

Regulators

Investors

Employees

Senior management

Audit committee or otherboard committee

Board of directors

Non-governmentalorganizations (NGOs)

Increase No change Decrease

129

Number of respondents

129

127

129

129

129

129

126

3


Voting questions:You and your Board…

5


About you and your Board…

CCO formally reports to the following individual(s)

6

Source: PWC State of Compliance 2012 benchmarking report

Per State of Compliance 2011 study, 8% reported to the Audit Committee/Board

A - 33%

B - 31%

C - 3%

E - 5%

F - 19%

G - 10%

A - General Counsel / Legal

B - Audit Committee / Board of Directors

C - Chief Risk Officer

E - Chief Financial Officer

F - Chief Executive Officer

G - Other Executive

Number of respondents: 126

4


Types of Board Interactions

7


Two types of meetings with the Board

Program briefing (Periodically through the year)

• Risk assessment – risk areas; changes in risk

• Program initiative status and plans

• Implementation of mitigation efforts

• Trends – internal and external

• Issues and concerns raised through the Program

• Executive session

Board training (every 1-2 years)

• Roles and responsibilities

• Role relevant

• Includes case studies

8

5


Boards are people too, but…

9

Attention Span

Level in Company


Biggest mistakes Ethics and Compliance Officers make when dealing with their Boards:

Too much deference (to authority – executives and board)

Irrelevance (of information presented)

Lack of context (with information presented)

Narrow focus on the Sentencing Guidelines, especially Helpline, code, training

Status reporters (rather than strategic business thinkers)

Failure to prioritize risks/concerns

Too much activity reporting; not enough relevant KPI’s/results info

Other scope issues:

• Coverage of compliance risk universe

• Hotline stats vs. all incidents

10

6


Refresher on the Ethics and Compliance Roles and Responsibilities of Boards

11


Roles and responsibilities of the Board re: ethics and compliance

“Exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”

“Direct access” to the ethics and compliance officer

“Promote an organizational culture that encourages ethical conduct”

Receive “effective training . . . . appropriate to such individuals’ respective roles and responsibilities.”

12

Source: US Sentencing Guidelines

7


Role of the Board: Reasonable Oversight and Direct Access

13


Reasonable oversight:

Full Board has knowledge and oversight of the Company’s key risks areas

Full Board has knowledge of, and a Committee is delegated oversight responsibility, of E&C program

Oversight as the goal (not “honorary” board members or micro-managers)

Board leads by example and ensures accountability

• Practice the Company’s values and meet its compliance requirements

• Ensure that senior management is held accountable to the same standards as all employees

• Ensure that compensation/incentives reflects this accountability

14

8


Reasonable oversight:

Ensure that Compliance/Ethics and the businesses/functions have:

• Right scope

• Right people

• Right resources

• Right support from management and the Board

• Right responsibilities and authorities

Provide long term perspective-- compass in a “glocalized” world; be mindful of the great reputation of the organization

Help set the tone; support a culture of integrity; establish risk tolerance/appetite

Review information that provides evidence that risks are effectively identified and managed

15


Polling Question - Reflection

For 25 compliance areas/risks:

• 1 hour per area per year = 4 hours per meeting on risks

• 1 hour per meeting on risks = 10 minutes per risk/year

What do you think?

16

9


Reasonable oversight: what we look for in Program effectiveness assessments:

Does the Board have a comprehensive view of the organization’s compliance risks? What information provides that view?

Is the Board of Directors knowledgeable about the content and operation of the program?

Does the Board exercise reasonable oversight of the implementation and effectiveness of the Program and the organization’s culture?

Does the organization have a high-level person and a person with day-to-day responsibility assigned to manage the program? Is there a defined relationship to the Board of Directors?

Is the Board (or a committee thereof) accessible to individuals with day-to-day responsibility including meeting with them in executive session?

Does the Board (or a committee thereof) receive timely reports of significant issues and investigations involving the company or any elected officers?

17


Direct Access:

4 Requirements to decrease in FSG culpability score:

1. Individual(s) with operational responsibility have direct reporting obligations to governing authority

2. Program detected the offense

3. Organization reported the offense

4. No E&C program personnel involved

What are “direct reporting obligations”?

18

10


Discussion – What is Real, Direct Access?

Is formal reporting enough? Does formal reporting guarantee direct access?

Can you have direct access without formal reporting?

Have the events/circumstances that trigger a call been defined?

19


Role of the Board: Promoting an Organizational Culture that Encourages Ethical Conduct

20

11


When a Rule, Policy or a Code conflicts with an organization’s culture, the culture trumps – and prevails most of the time.

In order to have an effective ethics and compliance program, a company needs to pay as much attention to culture as to policies, training, auditing, etc.

Research proves: programs builds culture; culture drives behavior (programs alone do not drive behavior as much as culture does) *

* Source: Ethics Resource Centre, NBES

21

We know this: culture will trump compliance


The challenge:

For many Board members, ethics and culture are not in their comfort zone

• “Give me a financial statement any day!”

• Not really sure what to ask you = quiet meetings

22

12


The conversation about culture:

Explicit/concrete examples help –

• Responsibility or rules— Will people take personal responsibility to address issues, or is it the job of somebody else?

• Candor or quiet—Will people speak up if they see questionable business conduct?

• Accountability or acquiescence—What happens to great performers who violate the Code?

23


Culture: What Can/Should the Board do:

• Send visible signals about behavioral expectations through actions, including compensation

• When executives/leaders misbehave

• The Big Stuff

• The Not-so-Big Stuff

• Monitor overall corporate culture and subcultures

24

13


Shaping a culture of integrity: talk to your Board about…

Knowing your culture(s)

− Employee perceptions (Surveys, focus groups, message boards)

− Customer and supplier perceptions (Surveys, social media, “social monitoring”/are you listening)

− Reports of concern (Helpline data)

− HR processes

The language and branding shift

− Away from compliance on its own

− Toward integrity and “doing the right thing”

− Selling the vision

25


Program Reporting to the Board - Briefing

26

14


A major discount retail chain faced a challenge when industry regulation changes impacted its marketing strategy.

Discuss current events that could affect your organization:

27

Product SafetyImpact of Subcontractors

on Reputation

Chairman Resigns; Ousted CEO to Meet With FBI

Dealing with Whistleblowers…Encouraging Reporting

Bad Behavior

Bribery and Corruption Concerns


Give them context when reviewing your program:

28

15


Additional context

29

0% 20% 40% 60% 80% 100%

Hotline / helpline metrics

Customer and other third-party complaints (notreported through hotline / helpline)

Training data (completion rates, competency tests,etc.)

Employee disclosures (e.g., conflicts of interest andgift reporting)

Material weaknesses and significant deficiencies

Employee questionnaires or culture surveys

Aging and disposition of litigation and enforcement

Very important Important Not important Not used

Importance of indicators and metrics in evaluating effectiveness of the ethics and compliance program.

128

Number of respondents

127

129

128

127

127

126


Remember:

Boards expect outcome driven information –

Don’t just give them a laundry list of issues and statistics – tell them if the clothes are cleaner.

30

16


Role of the Board: Receive Effective and Role-relevant Training

31


Typical elements of Board training:

Frameworks for ethics and compliance programs (USSG, global requirements, risk based)

Board’s oversight responsibilities

Specific compliance and ethics environment and risks to the organization and to the Board

Creating a culture of integrity—challenges and building blocks - Board observations and potential areas of impact

Cases relevant to their roles and responsibilities

32

17


What do you tell them in training?

They need to know (be trained) about issues they could face

Many CCO’s assume that boards know it already and are afraid to discuss Board-specific risks.

Boards need and want to talk about things like:

• What’s coming?

• Status of the Company’s relationships with regulators

• Benchmarking

• Full compliance risk universe

• Audit coverage

• KPIs

33


What do you tell them in training?

Boards need and want to talk about things like (continued):

• Conflicts of interest – personal and organizational

• Insider trading

• Gifts, gratuities, influences

• Recognizing their unintended influence

• Issues that have happened with other companies and Boards

• Executive accountability

34

18


Use case studies and ask how they would respond:

You and they will be surprised to learn they aren’t as aligned as they think they are…

35


Case example: the anonymous letter…

Several members of the Board receive an anonymous letter stating that a local Company manager is “playing games with the books on a project in process in Corruptistan” but the letter provides no additional information about which project, who is involved, or the specific alleged financial impropriety.

What should the Board do?

Does it matter that the report is anonymous?

What if the allegation involves a colleague at the Board table?

36

19


Questions the Board should ask you…

What information do you get to give you comfort that compliance risks are covered?

Do leaders set the right tone? How are they perceived by employees?

Do we have a “make plan at all costs culture?” Is candor rewarded or punished? What about fear of retaliation?

How are we at discipline? Are top performers and high level people held accountable to the Code of Conduct in the same way as other employees?

Are there any risks that aren’t being addressed as they should be?

Do your businesses/functions have the resources you need to do your job appropriately? Do you feel you have access to the CEO and us whenever you need it?

Do you have visibility to business unit compliance?

37


Questions the Board should ask you…

How do our resources stack up?

What trends in issue types or company locations are you seeing?

Is there anything we should know? What keeps you [ethics officer] up at night?

If you had another $1 million to spend, what would you do with it?

38

20


Questions:

39


Thank you!

Contact information:

Carrie Penman, President, Ethical Leadership Group, NAVEX Global

[email protected]

Barbara Kipp, Partner, PwC

[email protected]

40

21


This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

© 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

© NAVEX Global Holding Company (including its subsidiary and affiliated companies.)

Date post:	22-May-2020
Category:	Documents
Upload:	others
View:	4 times
Download:	0 times

Effective Interactions Between the Chief Ethics & Compliance … · 2014-09-03 · Shaping a...

Documents