scce rfg june 24 leffel final - scce official sitehk, china, philippines, jordan, bulgaria the red...
TRANSCRIPT
6/20/2013
1
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
From Good to Great: Compliance Program Evolution for Leading Organizations
SCCE Web ConferenceJune 24, 2013
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Presenter
Robert Leffel,
Director of Advisory,
The Red Flag Group
www.redflaggroup.com
6/20/2013
2
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
About The Red Flag Group
Core practice areas: Advisory
Due Diligence
Technology Solutions
15 Corporate Offices Worldwide
Hong Kong (HQ), Singapore, Shanghai, Seoul, Dubai, London, New York, Boston, Washington DC, Atlanta, Houston, Chicago, Phoenix, Los Angeles, San Francisco
5 research centers HK, China, Philippines, Jordan, Bulgaria
The Red Flag Group is The Compliance Firm™ that helps companies turn compliance into a competitive advantage.
We create customized and integrated compliance solutions that add value to your business.
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Today’s Agenda
Understanding and building the culture of compliance and integrity
Communicating with employees and keeping them engaged, aware and interested
Activating the missing link‐ the tone from the middle
Engaging the Board of DirectorsManaging your organization’s third party risks:
Focus on supply chain compliance & oversight
6/20/2013
3
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture of Integrity and Compliance
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture as Competitive Advantage
Integrity has a tangible impact on corporate performance
CEB: companies with strong cultures outperformed companies with weak cultures by more than 16% over 10 year
Source: Conference Executive Board
Average Shareholder Return Over 10 years
6/20/2013
4
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture and Talent Acquisition
Organizations perceived as ethical leaders can attract better talent
UC Stanford study: prospective employees expect a 12% premium for working at companies perceived less ethical
Organizations with reputational issues have serious succession problems
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture and Misconduct
Improved compliance risk management
NBES and CELC: Organizations with strong cultures are far less likely to experience policy violation
ERC:” Ethical culture is the single biggest factor determining the amount of misconduct that will take place in a business”
Source: NBES
6/20/2013
5
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture and Reporting
Improved misconduct detection:
NBES: “Employees in higher integrity cultures are more likely to report noncompliance and operational failures than employees in lower integrity cultures”
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture and Regulators
U.S. Attorney Manual:
“A corporation is directed by its management and management is responsible for a corporate culture”
U.S. Sentencing Guidelines: “An effective compliance program promotes an organizational culture
that encourages ethical conduct and a commitment to compliance with the law.”
U.S. DOJ and SEC FCPA Guidance: “DOJ and SEC consider the commitment of corporate leaders to a
culture of compliance”
Regulators expect a well‐governed organization to promote the culture of integrity
6/20/2013
6
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Building Strong Culture
Building a culture of integrity is a continuous process
Assess
PlanImplement
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture Assessment
Conduct periodic employee surveys and focus groups
Identify cultural KPIs you want to continuously or periodically monitor and build your “culture dashboard”
Compliance awareness
Transparency
Trust in leadership/ethical leadership/tone at the top
Mid‐management and peers
Pressure to cut corners
Observed violations
Willingness to speak up
Equitable enforcement and justice
Identify red flags and deficienciesAnalyse understand the root causes
6/20/2013
7
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Plan Your Culture
Develop action plan Think out of the box
Consult with experts
Think about values, not rules
Develop measurable short and long term goals
Don’t shoot for the moon, incremental small steps are fine
Leverage internal resources
Communication is key: identify clear communication objectives, target audiences and influences
Get executive and cross‐functional buy inImplement
Track and reassess
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Change Management
1) Identify key Influencers and get their buy‐in
2) Be clear about the mission
3) Paint clear picture of the end state
4) Develop change implementation strategy
5) Break your strategy into manageable milestones
6) Communicate in easy‐to‐understand terms
7) Invite people to share concerns and fears and address them
8) Follow‐up frequently
9) Be flexible on the approach but not on the rule
10) Have a sense of humor
TEN POINTS to help bring about change
6/20/2013
8
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Culture‐building Communications
1) Attitude
2) Transparency
3) Anonymity
4) Address disincentives for whistleblowing
5) Consistency
6) Trained supervisors
7) Quick follow up and investigation
How do you improve employee willingness to speak up?
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Communication Trends
6/20/2013
9
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Spotlight on Communications
Keep the message easy to understand. Communicate what the company wants employees to do and why. Communicate frequently, in short bursts, from and at all levels of the organization.
High
Hard
Fast
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Communication Plan
Consider your audience, consider the core message, think about how, when and how often you will communicate
Engage communication specialists
Consider the range of communication methods and vehicles available
Identify your audiences Develop/tailor the message(s) for each
Consider marketing and branding aspects
Determine the frequency
Integrate with training plan
6/20/2013
10
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Communicating with External Stakeholders
Customers
Suppliers Other third parties Shareholders/investors Regulators AuditorsMedia
NGOs Local communities/general public
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Communicating with Internal Stakeholders
Consider your internal audience: Board members, executives, mid-management, employees, international locations, remote
employees, etc. Keep the message short and basic
Communicate often using different media
Make it interactive, challenge critical thinking and encourage discussion
Engage senior executives and mid‐level management to communicate on your behalf
Tailor the messaging for different groups
Consider roles and job scopes, level, geographic location
Ensure the messaging has reference material and links
Build your compliance intranet portal!
6/20/2013
11
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Tone from the Middle
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Fostering the Tone From the Middle
In order to properly resonate throughout an organization, the top from the top must be supported by strong and consistent
tone from the middle
Train supervisors on their special responsibilities Involve them on your communications plan and initiatives
Manager events and brown bag lunches
Manager specific communications
Provide them with tools and resources
Hold them accountable!
Link compliance/tone with compensation
Performance appraisal objectives/criteria
Other incentives
6/20/2013
12
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Engaging the Board of Directors
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Engaging the Board of Directors
The Board of Directors has oversight responsibility for your organization’s compliance and ethics program. This can include
personal liability.
Governance principles, committee charter
Board member training
Code of Conduct
Conflicts of Interest
Oversight responsibilities
Reporting lines and direct access Escalation/”red flag” process Frequency, format and scope of regular reporting
6/20/2013
13
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Updates to the Audit Committee
When should be communicated to the audit committee?
Review of audits and investigations
Progress reports Final remediation steps following an investigation
Upon allegations being made
Hotline requests Allegations made through formal sources
Regulator letters and enforcement
General Updates on Compliance program
Update on key program initiatives
Monitoring and Measuring of the program Improvements and changes
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Updates on investigations
Whether to discuss with a committee or the full board
Full Board• Escalations from committee• Disclosure issues
Committee
• Larger investigations• Multiple country investigations• Multiple business unit
investigations• Senior executive involvement
6/20/2013
14
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Role of External Auditors
When the external auditors should be brought into a serious issue (e.g. FCPA allegation)
External Auditors
Complete collapse of
internal controls
Restatement of financials and revenue recognition
issues
Finance staff involved in issues and
investigation
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Supply Chain Oversight
6/20/2013
15
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Building Supplier Compliance Oversight and Due Diligence Program
Which problems are you trying to fix? What are your risks?
Who owns it?
New suppliers or both new and existing? Do you have complete data?
How do you address data gaps? How do you integrate into other system?
Which suppliers to focus on? How to prioritize?
How do you do the screening? How do conduct due diligence and analysis? How do you do follow up and monitoring?
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Supplier Integrity Analysis
Supplier Integrity Analysis
Data Collection
Risk Assessment
Screening
Due DiligenceCertifications
Training & Communication
Remediation
6/20/2013
16
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Which Suppliers fall into the mix?
Risk categorise of suppliers and other third parties based on: Category Dollar spend Compliance risk areas (with some overriding others depending on
risk appetite) Risk rating distribution charts can thereafter be generated from the data
Example:
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Risk Categorization and Rating
Examples
6/20/2013
17
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Data Collection Options
Multiple Inputs
Your Website
• Mapped from a Web form on your website (i.e new suppliers ‘sign up here’)
• Other CRM options
Your CRM
• Mapped from your CRM direct into an onboardingplatform
Direct into an on-boarding
• Questionnaire’s in multiple language entered by the third party
• Upload lists from CSV
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Questionnaires to Existing Third Parties
Features
Seamlessly track the rollout of questionnaires, both internally and externally
Request detailed information from your partners in local language
Configurable and dynamic flow of questions
Score and escalate each questionnaire response in line with your internal risk parameters and processes
Integrate internal comments, vetting and approval by your Compliance, Finance and Legal teams
Email integration for updates and task notifications
Powerful and configurable reporting
Collect critical information required for due diligence planning
Manage and document the workflow that includes a configured evaluation and escalation process
6/20/2013
18
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Benefits of using a questionnaire
Questionnaire Seamlessly track the rollout of questionnaires, both internally and externally
Request detailed information from your partners in local language
Configurable and dynamic flow of questions
Score and escalate each questionnaire response in line with your internal risk parameters and processes
Integrate internal comments, vetting and approval by your Compliance, Finance and Legal teams
Email integration for updates and task notifications
Powerful and configurable reporting
Collect critical information required for due diligence planning
Manage and document the workflow that includes a configured evaluation and escalation process
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Risk Assessing the Data Collected
Two Options for Risk Scoring the Data
• Implemented into the questionnaire• Automatically recommends a
screening or due diligence level
Automatic Risk Scoring Embedded in the Questionnaire
• All third parties proceed to batch screening as a baseline
• Follow steps are determined based on results of screening
No Risk scoring
6/20/2013
19
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Questionnaire – Risk Scoring
Determine risk score based on answers provided by the third party and the business sponsor in the Questionnaire
Score and escalate each questionnaire response in line with your internal risk parameters and processes
Link risk score with the Due Diligence level required
Summary of risk when reviewing the questionnaire
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Screening
Content
Watchlists
Sanctions/DPL/etc
PEP
SOE
ComplianceChallenged™
Company own lists
Embedded within a platform
Can be auto searched from an incoming questionnaire
Can be escalated for false positive analysis
Can be escalated for further due diligence
Technology
6/20/2013
20
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Due Diligence
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Analysis and Reporting
6/20/2013
21
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Certifications
Pushing certifications out to third parties
Automatically route when
needing review
Receive and analyse
Send Certification
annually to the third party
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Training & Communication for Suppliers
Supplier Code of conduct Supplier directed communication materials
Roundtables and face to face meetings
Incentives Training and communication plan
How/when/what/who owns it?
6/20/2013
22
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Remediation
Consider the red flag and any additional controls needed Contractual precautions Ongoing monitoring and audits
Compliance incentives
Track follow up/remediation actions against the third party
Set owners, actions and reminders
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Thank you.
6/20/2013
23
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
The Red Flag Group Resources
Compliance Insider™ quarterly magazine
White papers
Benchmarking studies
IntegraMaps™
www.redflaggroup.com
Advisory | Auditing & Monitoring | Training & Communications | Due Diligence | Investigations | Technology | Education
Questions?