proprietary + confidential
LearnShare &Open Compliance and Ethics Group (OCEG)
Scott L. MitchellPresident, [email protected]
Carole SwitzerGeneral Counsel, [email protected]
oceg proprietary + confidential 2
OCEG Team
WSJ Quote
“…the whole board should consider joining an organization like the Open Compliance and Ethics Group (OCEG)…”
AIG / National Union Akin Gump, Strauss Hauer and
Feld LLP* American Bar Association (ABA) American Corporate Counsel
Association (ACCA) American Society of Corporate
Secretaries (ASCS) Bryan Cave, LLP * Chubb Corpedia Education Corporate Integrity Services * Center for Applied Business
Ethics * Debevoise & Plimpton Dechert LLP * Deloitte & Touche doubleDrum, LLC DuPont de Nemours Ernst & Young EthicsPoint * Ethics Resource Center Frank B. Friedman and
Associates * Foley Hoag LLP *
Gilbert and Associates * Goodwin Procter, LLP Gulf / Travelers Insurance Harris, Wiltshire & Grannis, LLP Holland & Knight, LLP * Institute of Internal Auditors
(IIA) KPMG Kaye Scholer, LLP * Latham & Watkins, LLP * Marsh, Inc. Mathews and Green, LLC McKenna Long & Aldridge,
LLP* Orrick Herrington and Sutcliffe,
LLP * Practising Law Institute (PLI) Professional Liability
Underwriting Society (PLUS) Proskauer Rose, LLP * PwC Winstead Sechrest & Minick,
LLP
100+ individuals
representing
50+ organizations
oceg proprietary + confidential 3
Drivers
Compliance is Required Laws, rules and regulations SOX / SEC instructions
Compliance is Expensive Legislation is increasing Laws, rules and regulations are changing Laws are often confusing / contradictory “Compliance” is not core…and usually inefficient
Non-Compliance is More Expensive Investor confidence is diminished Litigation is expensive and abundant Insurance rates are increasing Reputations are suffering
Data
• $20b agency costs• $850b organizational costs• $200b - $565b lost due to “white
collar” crime• $??b in litigation / penalties / fees
Sources: Hon. Doug Ose (Ohio), Federal Sentencing Guidelines
oceg proprietary + confidential 4
Compliance
compliance and ethics program
ethics
go
vern
ance
fin
anci
al a
ssu
ran
ce
emp
loym
ent
envi
ron
men
tal
info
rmat
ion
pri
vacy
inte
llec
tual
pro
per
ty
inte
rnat
ion
al
pro
du
ct q
ual
ity
/ sa
fety
com
pet
itiv
e p
ract
ices
go
vern
men
t (U
S)
DO
MA
INS
PR
OG
RA
M
oceg proprietary + confidential 5
Program – Who Sets the Standard?
No “standard” Legal Guidance
Federal Sentencing Guidelines Sarbanes-Oxley / SEC Instructions Case Law
Business Guidance Business process management Quality management Best practices Listing requirements
Other Ethics
oceg proprietary + confidential 6
Domains – Who Sets the Standard?
Various
oceg proprietary + confidential 7
Common Domains / Topics
ETHICS (Sarbanes, SEC) CODE OF CONDUCT CONFLICT OF INTEREST
GOVERNANCE (SEC, Exchanges, etc.) BOARD RESPONSIBILITIES/STRUCTURE/CONTROL
EMPLOYMENT (Labor, OIG) WAGE AND HOUR DISCRIMINATION EMPLOYEE HEALTH AND LEAVE RIGHTS WRONGFUL TERMINATION/RIFS WORKPLACE VIOLENCE EMPLOYEE INFORMATION AFFIRMATIVE ACTION INDEPENDENT CONTRACTORS HARASSMENT SUBSTANCE ABUSE
FINANCIAL ASSURANCE (SEC, IRS, AICPA, etc.)
INSIDER TRANSACTIONS MONEY LAUNDERING REVENUE/EXPENSE RECOGNITION REPORTING
COMPETITIVE PRACTICES (Div. of Antitrust)
ADVERTISING/MARKETING/TELEMARKETING ANTITRUST/PRICEFIXING
ENVIRONMENTAL (EPA, mostly State Law) ENVIRONMENTAL MANAGEMENT HAZARDOUS MATERIAL MANAGEMENT REPORTING
INFORMATION PRIVACY (DOJ, SEC) PRIVACY LAWS AND REGULATIONS DOCUMENT RETENTION AND DESTRUCTION INFORMATION SECURITY
INTELLECTUAL PROPERTY (DOJ, USPTO)
CONFIDENTIALITY AND TRADE SECRETS COPYRIGHT TRADEMARKS PATENTS
GOVERNMENT (Procurement) GOVERNMENT CONTRACTS LOBBYING/POLITICAL ACTIVITY
INTERNATIONAL TRANSACTIONS (SEC, DOC, ITC, etc.)
ANTI-BOYCOTT CONTROLS ECONOMIC SANCTIONS EXPORT/IMPORT CONTROLS FOREIGN NEGOTIATIONS/SALES
PRODUCT QUALITY/SAFETY (FDA)
oceg proprietary + confidential 8
Basis of Laws / Rules
ETHICS
LAWS
“Letter of the Law”“Must Do”
PRINCIPLES
“Spirit of the Law”“Should Do”
oceg proprietary + confidential 9
Laws Require
procedure (what a person needs to DO)
policy (what needs to be DECLARED / ENFORCED)
organization (how people need to be ORGANIZED)
disclosure (what needs to be DISCLOSED – internally or externally)
typ
ica
lly s
peci
fy
knowledge (what a person needs to KNOW)
rare
ly s
peci
fy
oceg proprietary + confidential 10
Sarbanes / Oxley / SEC Instructions
Section 301 requires a channel of communication be available for reporting anomalies – and for whistleblower protection (sections 1107 and 806).
Section 302 requires certification of “internal controls” SEC proposals introduce the notion of “disclosure controls”
Section 406 requires disclosure of a code of ethics (conduct) for senior financial officers. The exchanges have extended this to ALL employees.
Section 409 requires real-time disclosure of material events – including non-compliance issues
Criminal and civil penalties significantly increased: 802 & 1102: recordkeeping; 807: securities fraud; 1106: strengthens securities
exchange act; 902: conspiracies to commit fraud; 904: ERISA
proprietary + confidential
Open Compliance and Ethics Group (OCEG)How does a company ensure compliance?
oceg proprietary + confidential 12
Program Drivers
business
(risk management,
business process, etc.)
law
“letter of the law”
(federal sentencing guidelines,
specific compliance
domains, etc.)
Compliance and EthicsProgram
ethics
“spirit of the law”
oceg proprietary + confidential 13
Compliance
compliance and ethics program
ethics
go
vern
ance
fin
anci
al a
ssu
ran
ce
emp
loym
ent
envi
ron
men
tal
info
rmat
ion
pri
vacy
inte
llec
tual
pro
per
ty
inte
rnat
ion
al
pro
du
ct q
ual
ity
/ sa
fety
com
pet
itiv
e p
ract
ices
go
vern
men
t (U
S)
DO
MA
INS
PR
OG
RA
M
oceg proprietary + confidential 14
Control Types
procedure (what a person needs to DO)
policy (what needs to be DECLARED / ENFORCED)
organization (how people need to be ORGANIZED)
disclosure (what needs to be DISCLOSED – internally or externally)
cont
rol t
ype
s
knowledge (what a person needs to KNOW)
oceg proprietary + confidential 15
Stakeholders
“Implementers”(Internal)
“Evaluators”(External)
“Helpers”(Solution Providers)
“Watchers”(Government + Media)
• Organizations that implement and operate processes to manage legal and regulatory compliance risk.
• Consultants• Lawyers• Education Providers• Auditors (non-audit services)
• Investors• Underwriters
• Insurance• Debt
• Rating Agencies• Auditors
oceg proprietary + confidential 16
Ethics
ETHICS
LAWS
“Letter of the Law”“Must Do”
PRINCIPLES
“Spirit of the Law”“Should Do”
oceg proprietary + confidential 17
Capability Phases
elaboration inception construction operation evaluation
• establish organizational goals and objectives
• obtain commitment from senior executives
• plan program requirements
• as is / to be / gap analysis
• detail design and build program
• roll-out program
• Identify specific laws, rules, and regulations that apply to organization
• design and implement controls to comply with letter and spirit of the law
• monitor and analyze compliance controls
• report
• manage issues / problems
• evaluate overall program
• internal audit• external audit
optimization
oceg proprietary + confidential 18
Operation
elaboration inception construction operation evaluation
optimization
record management
issue management
identification design +implementation monitoring
reporting
• audit committee
• disclosure committee
• qualified legal compliance committee (QLCC)
oceg proprietary + confidential 19
Operation
elaboration inception construction operation evaluation
optimization
record management
issue management
identification design +implementation monitoring
reporting
monitor
discover
review
investigate
resolve
oceg proprietary + confidential 20
Levels
Red
uctio
n of
Ris
k
Level
1 2 3 4 5
minimumpractices
bestpractices
sustainedworld-class
performance
oceg proprietary + confidential 21
Key Messages
Compliance and related education is a board-level concern SOX / SEC Listing requirements Insurance / Investment requirements
Real opportunity to help drive tangible and far-reaching benefits
Real opportunity to “get on the radar”