by Rebecca Walker
A large group of compliance professionals gathered in New York and virtually on October 30 and 31 to attend PLI’s Advanced Compliance and Ethics conference. The conference included informative discussions of both the basics (e.g., exploring program structure, training, communications, and other program elements) and the future of C&E. In addition, all of the sessions included audience polling, so we also have some interesting data to share.
Program Structure and Board Oversight
We started the conference with an interesting discussion on reporting structure for Chief Ethics & Compliance Officers (CECOs), which was led by Gina Saviola and Tracey Gilliam (and me). Polling results on the question of reporting structure indicated that, for more than half of the organizations represented at the conference, the CECO reports into the general counsel (53%), and for another 11%, the CECO is also the general counsel. (I note that many of the attendees at PLI are in-house compliance lawyers.) This session included a discussion of the importance of the CECO’s relationship with the audit (or another appropriate) committee of the board in empowering compliance officers and facilitating independence and authority.
We also asked attendees which board committee has primary oversight of the C&E program at their organizations. Interestingly, only 50% said that the audit committee at their organization plays that role. For 29% of respondents, their company has a dedicated risk or compliance committee, and for 11%, the responsibilities are split between committees.
Training and Communications
Training and communication are those elements of a C&E program that typically touch every employee in an organization, so it is important to get this aspect of a program right. Michael Koenig and Mike Levin emphasized the importance of making training relatable and engaging, and tailoring the training content and design to the particular audience. In response to the question of what training mechanism respondents find to be most effective at their organizations, 61% answered “online training, customized to your company,” as opposed to only 28% who answered “small group, in person sessions.” (My response was most definitely in the latter category (small group, in person), so it was interesting to see the polling results on that question.) I’m curious to hear from our readers as to their thoughts on that one. The other potential responses were big group live training (7%) and online, off-the-shelf training (5%).
One communications strategy that garnered significant attention during this panel was the use of anonymized real-world scenarios to illustrate incidents of potential misconduct, subsequent investigations, and the actions taken. This approach reinforces the message that compliance is taken seriously; that reports of suspected misconduct are addressed; and that violations result in discipline. While not specifically discussed at PLI, we note that it can be particularly important to highlight those incidents where discipline is imposed on managers so that employees see that higher-level employees are also held accountable.
The polling questions for the risk assessment panel (expertly led by Karen Moore and Vanessa De Simone) contained some helpful insights. With respect to the “greatest challenge in conducting risk assessments,” 38% of attendees indicated that getting buy-in from senior leadership for the time and resources necessary to conduct an assessment is their greatest challenge. Another 22% of respondents indicated that developing and communicating a consistent means of measuring compliance risk across the organization is the greatest challenge in compliance risk assessment. One of the more interesting takeaways from that panel for me was the recognition of the difficulty in identifying and assessing emerging risks, as well as the concern that measurements of risk can contain a high degree of guess work.
Jonathan Chibafa led a fascinating discussion of the impact of ESG on compliance. Interestingly, only 8% of respondents indicated that their company has no plans to integrate ESG with the compliance function. A full 22% said that ESG is already fully integrated, and 58% said that, at their organizations, ESG is partially integrated or in the early stages of integration. If ESG is outside the scope of C&E at your organization, it may be time to consider how C&E and ESG should be integrated.
Claire Rajan led one of the more forward-thinking panels at the conference on the intersection of artificial intelligence and compliance. Claire addressed how AI can be leveraged to identify patterns that may indicate compliance concerns (like fraud detection) and to enhance compliance controls (such as due diligence procedures). The polling in this area was not surprising, but does highlight the importance of our profession getting our arms around this new tool and risk-creator. Only 10% of respondents indicated that they have developed an effective AI machine learning system. (Although that number is perhaps greater than I would have expected.) The remaining respondents indicated that they are either in the beginning phases of implementing such a system (29%), still thinking about it (38%), or have no immediate plans to wade into those murky waters (23%).
Reporting and Investigations
The session on reporting procedures and investigations of misconduct is always one of the more interesting sessions of the program. This panel, led by my wonderful co-chair Julian Moore and Jonathan Cohen, discussed best practices in encouraging reporting and in non-retaliation. With respect to polling, interestingly, only 49% of respondents indicated that their company provides training to employees in relevant functions on conducting internal investigations (although another 22% indicated that training is sometimes but not always provided). Given that investigations can create serious legal risks for organizations, this indicates an important area of potential improvement for many companies.
The panel on anti-corruption compliance (beautifully led by Asha Muldro and another compliance lawyer) included a helpful discussion on how to assess corruption risks as well as on third party controls. When asked about the most effective tool at mitigating compliance risks in third parties, the most common response was – not surprisingly – due diligence before retaining third parties, at 45%. The second most common response was periodic due diligence during the course of a relationship with third parties, which garnered 31% of responses.
One of my favorite panels of the PLI C&E conference is always the final panel on legal ethics for compliance lawyers and compliance professionals. One of the most interesting polling questions of the conference was asked during the ethics panel: In your work at your organization, have you experienced any conflicts between your ethical obligations as an attorney and your ethical obligations as a compliance professional? Only 15% of respondents indicated that have experienced a conflict between their ethical obligations as a lawyer and as a compliance professional – perhaps less than we in the compliance profession may assume.
The role of the CECO and the compliance function are increasingly under the spotlight as compliance expectations increase and the public demands greater corporate transparency and accountability. The importance of the CECO role will only increase as the profile of the function continues to be elevated. The key takeaways from the conference underscore the need for robust, independent compliance functions that can satisfy the increasing expectations of the profession.
One of my favorite things about the compliance profession is the willingness of its members to share best practices and wisdom. The PLI conference was yet another example of this wonderful attribute of our profession. The program is available online for those who may want to watch the recording.
Search the site
The first time I saw Kristy Grant-Hart she put on a show about magic compliance dust and then brought the audience to reality by breaking the news that there is
In our years of assessing compliance and ethics (C&E) programs, my partner Jeff Kaplan and I have pinpointed several key attributes that we consider essential to an effective program, including