Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
How to Be a Wildly Strategic Compliance Officer:
Why Every Decision is a Strategic One
The Great and Mystical
KRISTINI! Compliance Mentalist
Extraordinaire!
2
0
5
10
15
20
25
ENGAGEMENT OF THE BUSINESS
REQUEST FOR RESOURCES / BUDGET
PROBLEMS
WHERE TO START HOW TO PRIORITIZE SPECIFIC NEW LAW / TECHNOLOGY QUESTION
DEALING WITH OTHER FUNCTIONS EFFECTIVELY
IS IT GOOD?
Percentage of respondents
Survey Results
• Where do I start?
• How do I prioritize?
• How do I get engagement from the business?
Agenda
3
– Professor– Speaker
– Former Chief Compliance Officer
“Anaccomplishedcomplianceprofessionalandtrue
expertinherfield.”– RiskUniverseMagazine
– Consultant– Author
Kristy Grant-HartSpark’s London‐based Founder and CEO
– Lawyer
Setting the Strategy
4
Do you really want to eat the whole elephant?
Defining the Risks
• Bribery
• Competition / Antitrust
• Data Privacy
• Cyber risk / identity theft
• Trade sanctions / import / export
• Health and safety
• Culture and ethics
• Modern Slavery / Trafficking
• Others?
• Bullying
• Labor and employment
• Government / permits
• Travel / kidnapping
• Terrorism
• Money laundering
• Products liability
• Supply chain management
• Others?
Defining the Risks
5
Wildly Strategic Compliance Officer Risk Ownership Chart – Media Mogul Company Ltd.
Risk Current Owner Explicit Assignment Needs and Next StepsBribery Compliance Yes – in the job
description and in our anti‐bribery policy
None
Competition / Antitrust
Compliance for internal investigations, Legal for regulatory investigations or formal proceedings
Yes‐ separation of duties is explicitly agreed‐to and implemented by Legal and Compliance
None
Data Privacy Unclear – some compliance, some Information Security and some Information Technology
No‐ our online privacy policy was written by Legal, but no one is in charge of handling data breach or dealing with regulatory changes
Create a rapid response team for data breach preparation including representatives from Legal, Compliance, Communications, Information Technology and Information Security.
How Do I Prioritize?
6
“The key is not to prioritize what is on your schedule, but to schedule
your priorities.”
– Steven Covey
• Seven Pillars of the U.S. Federal Sentencing Guidelines
• OECD Guidance
• United Kingdom Bribery Act 2010 Adequate Procedures Defence Guidance
• ISO 37001 and 19600
Sources
7
• Policies and Procedures
• Training
• Monitoring and Auditing
• Messaging
• Due Diligence
• Risk Assessment
• Governance
The Big Seven
Three Year Compliance and Ethics Program PlanTOPIC: POLICIES AND PROCEDURES
Where We Are Now Where We Want to Be Year One Goals Our Code of Conduct is a black‐and‐
white document only available in English.
We don’t have a formal anti‐bribery policy.
We don’t have a formalized process for due diligence on our third‐parties, representatives or agents.
Our Code of Conduct is best in class with Q&As, color and graphics design.
We have a formal anti‐bribery policy along with supporting procedures that are fully implemented throughout the organization.
We have formalized due diligence procedures and have implemented software to manage our third‐party due diligence review system.
Create a working group with representatives from Human Resources, Sales, Finance, Legal and someone from each of our major regions to begin discussion of the new Code of Conduct. Complete first draft by the end of the year.
Obtain approval for the Anti‐Bribery Policy and translate it into all required languages.
Obtain approval for third‐party due diligence process from the Board of Directors.
8
• Policies and Procedures
• Training
• Monitoring and Auditing
• Messaging
• Due Diligence
• Risk Assessment
• Governance
The Big Seven
Plan by TOPIC, not by RISK AREA
Three Year Compliance and Ethics Program PlanTOPIC: POLICIES AND PROCEDURES
Where We Are Now Where We Want to Be Year One Goals Our Code of Conduct is a black‐and‐
white document only available in English.
We don’t have a formal anti‐bribery policy.
We don’t have a formalized process for due diligence on our third‐parties, representatives or agents.
Our Code of Conduct is best in class with Q&As, color and graphics design.
We have a formal anti‐bribery policy along with supporting procedures that are fully implemented throughout the organization.
We have formalized due diligence procedures and have implemented software to manage our third‐party due diligence review system.
Create a working group with representatives from Human Resources, Sales, Finance, Legal and someone from each of our major regions to begin discussion of the new Code of Conduct. Complete first draft by the end of the year.
Obtain approval for the Anti‐Bribery Policy and translate it into all required languages.
Obtain approval for third‐party due diligence process from the Board of Directors.
9
• Request resources
• If you don’t get them,
– Remove an item from the list
– Adjust the goal or timeline to reflect what you’ve been asked to do instead
• Get everyone to agree to the new timeline and goals
What If You’ve Been Fighting Fires?
10
Rinse and Repeat:Years Two and Three
How Do I Obtain Buy-in For My Program?
11
• First, you MUST get agreement on the vision
• THEN, you can ask for the resources to achieve it
– If you cannot the resources, you must Change The Vision
Buy-in Steps
What’s My Return On Investment
12
Fear for self
Finding the Real Motivation
01
02
03
04
Fear for the
Business
Noble
cause
Competitive
advantage
The Four Motivators
13
Leaning In Standing Tall Looking Inspired
Finding the Right Motivation
Strategies for Obtaining Resources
Be Explicit and Specific
Practice
Use Stories
Use Fear, But…
14
Strategies for Obtaining Resources
Use Visuals
Use a “Choice of Yes” Pattern
• Risk Review and Designation
• 3‐Year Vision Creation
• Compliance Dashboard
• Buy‐In
Putting It All Together
15
Questions & Answers
UK Phone: +44 (0)203 514 1443
US Phone: +310‐299‐0955
Twitter: @KristyGrantHart
How to Be a Wildly Effective Compliance Officer,
available at http://amzn.to/1VP64pZ
Kristy Grant‐Hartwww.ComplianceKristy.com
Thank you!Let’s Stay In Touch!
www.SparkCompliance.com