BUSINESS COMPLIANCEGovernance – Compliance – Ethics

05/2014EdItOr-IN-ChIEf:ANthONy SMIth-MEyEr

GOVERNANCE ABIGAIL LEvrAU ANd SIByLLE dU BUS GOvErNANCE IN SMALL ANd MEdIUM-SIzEd ENtrEPrISES: SEttING thE COUrSE fOr SUCCESS

GOVERNANCE rOGEr BArkEr ANd IrIS h-y ChIUIN dEfENCE Of thE MINOrIty: thE Uk’S NEw ENhANCEd LIStING rEGIME

THE EFFECTIVE PRACTITIONER ANNEttE krAUS ANd JULIA SOMMErthE COMPLIANCE ChALLENGE fOr SMALLEr COMPANIES

THE PRACTITIONER’S VIEWPOINT rIChArd t. BIStrONGEMPLOyEES fACING COrrUPtION: A PErSONAL rEfLECtION

THE COMPLIANCE CHALLENGE PhILIP BrENNANIS OUr whIStLEBLOwING SChEME wOrkING?

ON THE HORIzON kOENrAAd vELtMANSPrIvACy rEGULAtION: BE PrEPArEd!

Business ComplianCe 05/2014 Baltzer Science Publishers2

CONtENtSEditor-in-ChiefAnthony Smith-Meyer, Professor of International Business and ManagementMiami University, Ohio – European Campus, Luxembourganthony@smithmeyer.eu

Editorial BoardAndrew Buckhurst, Senior Vice President Investor Relations, RTL Group, Luxembourg Mark Compton, International LLP Partner, Mayer Brown, United KingdomScott Killingsworth, PartnerBryan Cave LLP, Atlanta, Georgia, USA Sonja Lohse, Chief Advisor and Head of the General Secretariat

The Finnish FSA/Finanssivalvonta, Finland.Pedro Montoya, Group Chief Compliance Officer, EADS, France Klaus Moosmayer, Chief Compliance Officer, Siemens, GermanyMark Pieth, Professor of Criminal Law and Criminology, University of Basel, and Chairman of the Board of the Basel Institute on Governance, SwitzerlandLudo Van der Heyden holds the INSEAD Mubadala Chair in Corporate Governance and Strategy and is the Academic Director of INSEAD’s Corporate Governance InitiativeJosé Zamarriego Izquierdo, Director of the Code of Practice Surveillance Unit of Farmaindustria, SpainNico Zwikker, Compliance Professional, former Global Head of Compliance at ABN Amro

Editorial TeamAdrienne Chang, Production EditorSharon Ward, Associate Editor

The Editor-in-Chief together with the Editorial Board meet at least 5 times a year to discuss the content of the journal, and decide together which papers are accepted for publication.

DesignEric G.F. van den Berg ericgfvandenberg@gmail.com Tom van Staveren graphicisland@upcmail.nl

© Baltzer Science Publishers

03 EdITORIAL

05 GOVERNANCE

Governance in small and medium-sized

entreprises: Setting the Course for Success

– A. Levrau and S. du Bus

18 GOVERNANCE

In defence of the Minority:

The UK’s new Enhanced Listing Regime

– R. Barker and I. H-Y Chiu

31 THE EFFECTIVE PRACTITIONER

The Compliance Challenge

for Smaller Companies

– A. Kraus and J. Sommer

42 THE PRACTITIONER’S VIEWPOINT

Employees Facing Corruption:

A personal reflection

– R.T. Bistrong

54 THE COMPLIANCE CHALLENGE

Is our Whistleblowing Scheme Working?

– P. Brennan

63 ON THE HORIzON

Privacy Regulation: Be prepared!

– K. Veltmans

Business ComplianCe 05/2014 Baltzer Science Publishers3

“It all sounds very nice; but at the end of the day it is all about putting food on the table.” The gentleman next to me had just put me in my place – or had he merely challenged me? A recently retired entrepreneur, he did not think very highly of my high-and-mighty views on the benefits of the systematic approach to decision-making I call governance – and as for my views on the need for corporate leaders to understand and define the essential mission of their enterprise, as well as the risk parameters and values by which decisions might be benchmarked … Well, I hardly dare guess what he thought of that.

This, however, is the challenge. This chance meeting on the eve of our October issue, where we are trying to bring life to these topics for the small and medium sized enterprise, merely emphasised the need to continue our efforts to spread knowledge, and to share learning across all industries, irrespective of size. This is the mission of this Journal, and – we believe – the core value that we represent to our readership.

The gentleman believed he had no need for my “intellectual theories”. Perhaps he didn’t. I feel certain that he built and ran his enterprise on a deep sense of purpose – but I doubt one as simple as “putting food on the table”. There are many ways a man of his apparent skills and ability could have achieved that. However he made a choice, committed himself to a path – surely with a certain aspiration, conscious or not. He undoubtedly felt in control of the events around him. Possibly he had colleagues and friends who offered him advice and informed him of new ideas – it’s only natural after all. Equally, he spoke with the conviction and certitude of a man who knew right from wrong; a man not without a sense of personal values. From his dress, it appears he succeeded well enough in “putting food on the table.”

Yet, I ask myself, could this man have achieved more? He showed me a mind closed to exploring the benefits of alternative ways; he seemed self-assured to the point where to challenge

EdItOrIALthE StOry Of PUttING fOOd ON thE tABLEBy Anthony Smith-Meyer

* Anthony Smith-Meyer is Editor-in-Chief of the Journal of Business Compliance. His biography may be found in the final section of this issue.

Business ComplianCe 05/20144

him felt rude; in his determination to procure food for his family, there was a hint of willingness to do whatever it takes to get it on the table. Therein lies a danger.

The fact is, all who are engaged in decision-making follow a governance process. This can range from the informal kitchen table discussion to the formal boardroom debate of a global, listed company. That process can be more or less systematic, but mostly concerns an evaluation of relevant facts against consideration of the desired outcome. To believe that governance is something only for the “big players” is to miss an opportunity. If putting food on the table is indeed the objective, then one might do well to think about the menu, and the quality of what is to appear on your plate.

The first articles in this issue try to address the questions of i) what role governance can play in keeping the

SME on its road to success, ii) of how to contend with the conflicting interests of stakeholders in the form of majority and minority shareholders, and iii) the need, and the means of smaller organisations to keep track of, and to stay in compliance with the ever tighter web of regulations that surround them.

We are also excited to follow up discussions initiated in our last June double issue with a fascinating, and personal telling of the path leading to corruption, as well as a practical look at what constitutes effectiveness in the assessment of a whistleblower programme. Last, yet not least, we include a topical introduction to the soon-to-be implemented privacy regulations impacting all organisations – Important subjects unconstrained by size: large or small.

Will my table companion ever read this editorial and reflect on our meeting? I suspect not; he is not a subscriber. M

EdItOrIAL

A governance process ... concerns an evaluation of relevant facts against

consideration of the desired outcome

Business ComplianCe 05/2014 Baltzer Science Publishers54

* Philip Brennan is Founder and Managing Director of Raiseaconcern.com.

thE COMPLIANCE ChALLENGE IS OUr whIStLEBLOwING SChEME wOrkING?By Philip Brennan*

The question: How do we know if our Whistleblowing Scheme is working and what do the issues raised tell us about our ethical and compliance standards? is a question heard across an increasing number of boardrooms in both the private and public sector. Encouraging whistleblowing is becoming increasingly normal and ensuring it truly does contribute to a positive culture of speaking up is ever more a priority. Philip Brennan considers the key success factors and shows the way towards an effective scheme.

These are searching questions and the natural place to look for the answer is in the number, nature and quality (i.e. seriousness) of issues escalated under the Scheme. But they pose an interesting consideration – if very few issues have been raised or they are trivial in nature (not an unusual occurrence), does that mean:

this is an open, transparent well governed organisation where very few issues arise (so the Scheme is working well), or

employees do not trust the Scheme (or the management) and are not raising issues.

Conversely, where multiple issues are raised or some really serious problems

are reported, does that mean:

this is an open, transparent and well governed organisation where employees feel free to speak their mind, or

this organisation has multiple problems and a weak culture of ethical and compliant behaviour.

Is a low number of whistleblowing reports good or bad? Is a high number of whistleblowing reports good or bad? My standard answer is – you are looking at the wrong measure! The best way to evaluate if your Whistleblowing Scheme is working and indeed to get a sense of the ethical and compliance standards of the organisation

Business ComplianCe 05/201455

are the only reasons, it will, in my view, enjoy limited success. Better organisations, private and public, put a Scheme in place because it makes good business sense. When there is wrongdoing or malpractice in the workplace employees are often the first to notice. Workplace wrongdoing or malpractice, at any level, invariably damages an employer. If no one has the courage to raise it, it can take years to uncover. Damage to the employer can be financial, reputational or both.

Workplace wrongdoing or malpractice can negatively impact employee wellbeing, reduce productivity and make the workplace unattractive. Customers, the lifeblood of the business, can suffer. Suppliers and service providers can be adversely impacted. There can be legal or regulatory implications – even fines. The wrongdoing or malpractice can be once off or ongoing. It can involve illegal, unethical or immoral behaviour or breach of process, procedure, codes or policies. It can be deliberate or unintentional – or simply due to negligence or poor practice. It can range from minor in nature to very significant

IS OUr whIStLEBLOwING SChEME wOrkING?

is not by looking at issues raised through the Whistleblowing Scheme, but rather by focusing on the ones that are not – the ones that come to light subsequently. Each time an organisation’s control mechanisms – be they in the second (Compliance, Finance or Risk monitoring) or third (Internal Audit) lines of defence – find a control problem or wrongdoing, a key part of the root cause analysis should be: why was this not escalated through our Whistleblowing Scheme? That is how you determine if it is working or not.

Why does an organisation need an effective Whistleblowing Scheme?Many of the Whistleblowing Schemes in global organisations are in place either because local laws or regulations, or laws in the jurisdiction where the Head Office is located requires them to be. In some cases, they are a corporate governance requirement imposed under Stock Exchange Listing Rules. In the case of Public Service Bodies, they may be related to the protection of public funds. These are good reasons for having a Scheme in place – organisations need to be able to demonstrate compliance. But if these

Business ComplianCe 05/201456

IS OUr whIStLEBLOwING SChEME wOrkING?

and can involve one or more employees or members of management – from the most junior to the most senior.

So even if there was never a law or regulation which required the establishment of a Whistleblowing Scheme, it makes basic common sense that organisations should put structures in place to assist in finding out if there is wrongdoing or malpractice afoot. Systems of internal control, including having competent and effective compliance and risk monitoring officers and internal auditors, are certainly to be recommended as a means of combatting malpractice or wrongdoing. But with the best will in the world, they cannot review everything and will only find a limited amount. The most effective control is when every employee – the first line of defence, the people who really know what is going on in the organisation – is encouraged and facilitated to operate in a manner that escalates suspected impropriety. In fact – if they are – it is possible to get to that Utopian place where the cost of running second and third line control functions can actually be reduced while the effectiveness of the controls improves.

Why do employees often not disclose knowledge of wrongdoing?Before examining what makes an effective Whistleblowing Scheme, it is worth focusing on the reasons why employees do not, in many cases, raise concerns about wrongdoing at work. Virtually all employees know the difference between right and wrong. Virtually all employees, given the proper environment, will promote good practice and behaviour and try to stop wrongdoing and malpractice. So why do so many employees who encounter wrongdoing deliberately decide to stay silent and do nothing?

culture

Organisational culture is a complex matter. It involves the unwritten rules that seep into employees DNA over time and constitute “the way things are done around here”. Just as an individual’s moral values are unconsciously honed during their formative years, principally from parental and family values, cultural values become embedded over years of working in an organisation and can sometimes even displace moral values.

Business ComplianCe 05/201457

In my experience, the more closely knit a working community becomes, the less likely it will be that an employee will blow the whistle on wrongdoing. A type of Omertà Code becomes embedded in the culture. Paoli, in Mafia Brotherhoods, says that Omertà implies ”the categorical prohibition of cooperation with state authorities or reliance on its services, even when one has been the victim of crime”. A code of silence evolves where individual employees develop loyalty to the group and no one snitches to the powers that be.

It is no accident that some of the biggest corporate scandals have taken place in well established, successful, multinational corporations. It is also no coincidence that the wrongdoing is often found to be ongoing for several years before being uncovered. Nor is it any accident that whistleblowers are often individuals who do not ‘fit in’ or who operate on the periphery of the workplace’s social grouping or that they are individuals that are new to the organisation.

To build a successful Whistleblowing Scheme, it is necessary to crack the Omertà Code.

fear

Without doubt the key reason why employees do not blow the whistle on wrongdoing is a fear that others will find out that they have done so and they will suffer adverse consequences. The treatment meted out by employers can vary from straightforward dismissal or formal sanction to much more subtle victimisation such as change in conditions or non-promotion.

Standing full-square with the fear of employer action is the fear of retribution by colleagues and of being ‘labelled’. At one level, this can be even worse than action taken by an employer. All humans crave social inclusion – we want to be regarded positively by family, friends and colleagues. When colleagues decide to ostracise a fellow worker the impact can be drastic. And in this case also, the response can vary from overt retaliation, that the perpetrators want the recipient to feel, to much more subtle distancing or ‘bad mouthing’. And harping back to the Omertà Code, the culture in the mafia was that those who broke the Code suffered the most outrageous forms of retaliation.

IS OUr whIStLEBLOwING SChEME wOrkING?

Business ComplianCe 05/201458

IS OUr whIStLEBLOwING SChEME wOrkING?

To create a credible and effective Whistle-blowing Scheme, it is necessary to protect the identity of those who seek it.

haSSle

Most employees who suspect wrongdoing in the workplace will ask themselves the question – who do I owe my loyalties to and what is in it for me if I report this?

If they look to the experience of the majority of whistleblowers, whose cases have been reported in the media, they will find that the universal outcome tends to be that they lose out in some shape or form – some more seriously than others. Often they are required to confront their superiors and argue their case. If they report the issue outside the organisation, they can suffer in any one of the ways mentioned earlier. The personal trauma of blowing the whistle on the behaviour or malpractice of colleagues or bosses can be enormous and the impact can spill over into family life and even broader social circles. It can be disruptive and involve significant hassle – hassle that employees are often unwilling to subject themselves to because they can potentially lose a lot and stand to gain very little.

To build a successful Whistleblowing Scheme, it is necessary to convince employees that it is worth the hassle and their reward is doing the right thing.

Protection verSuS redreSS

Even where there is legislation or an organisational policy in place, which claims to give employees ‘protection’, the reality is that they do not. What they typically give is redress. In other words, if an employee raises a concern with his or her employer, the policy or law will not protect them in advance from being penalised by their employer or victimised or ‘labelled’ by colleagues. What it will do, if they choose to avail of it, is to retrospectively give them the ability to claim redress through the organisation’s internal processes or through the courts. And there is no absolute guarantee of success.

If an employee finds themselves in the situation of claiming such redress, there is typically no going back. It is not possible to wipe the slate clean just because of a favourable outcome. The employee will always be ‘labelled’ by the employer, by colleagues and even (if the case is

Business ComplianCe 05/201459

reported in the media) by the public. And in many cases, despite how much good the person has done in highlighting the wrongdoing, the label will bring with it some shade of negativity.

What makes an effective Whistleblowing Scheme?Attention to a small number of key issues which focus on what influences employees not to disclose, coupled with careful attention to detail and process can make the difference between having a Scheme for the sake of having it and having a Scheme that really works.

Key in fluencerS

Every organisation has members who shape and mould its strategy and direction – its key influencers. They may be members of the Board or Executive Management or sometimes up and coming natural leaders. Often, but not always, the Chief Executive is a key influencer.

Key influencers set the tone – where they lead, others will follow. For a Whistleblowing Scheme to be effective, the key influencers must be demonstrably and unequivocally on board – not by

way of lip service, but by their actions. I often quote a former colleague who, in my younger days, frequently dished out the advice “….if the boss smells gas, you smell gas!” If key influencers make it clear that they want employees to escalate their concerns, even where they subsequently prove to be not well founded, and help them make the workplace better for all, then there is a very good chance that this is the behaviour they will get. Conversely, if there is even a sense that these key influencers regard whistleblowers as potential troublemakers or people they would really have preferred stayed quiet – then that is what they will do.

Protecti ng i dentity

The focus of attention must move from the person to the problem. Often when an issue is reported, far too much time is spent commenting or speculating on the motivation of the discloser and not enough on reviewing the concern being reported. One cure for this might be to have a Scheme which permits anonymous disclosure. However, such Schemes can, under the cover of anonymity, attract malicious or malevolent disclosure from employees with less than pure motivations,

IS OUr whIStLEBLOwING SChEME wOrkING?

It is necessary to convince employees that it is worth the hassle and their

reward is doing the right thing

Business ComplianCe 05/201460

and may still be considered illegal in certain jurisdictions as an encouragement to malicious libel, so need to be treated with caution.

A better alternative is to introduce the option for employees to use a trusted, professional third party intermediary who does not disclose the identity of the concerned employee to the employer. Concerned employees should, ideally be given three alternatives under their Whistleblowing Scheme:

Raise the concern with their line manager;

Raise the concern with a nominated senior employee (ideally in a control function), and

Raise the concern with a professional third party service provider whose services are retained by the employer but who does not disclose the identity of the concerned employee.

This service provider can provide a listening ear and valuable guidance to concerned employees, before, during and

after they make their disclosure. They can intermediate in the investigation.

The mere provision of such a service by an employer to employees in itself sends a very strong message – we want you to raise concerns, we are prepared to facilitate you and we are much more interested in hearing about and curing problems than knowing your identity.

The ‘internal’ recipients at the first two of the above alternatives should also be required to keep the identity of the whistleblower confidential. But the introduction of the third alternative removes the understandable fear and possible mistrust that employees will have when disclosing internally.

KeeP it S i m Ple

To encourage employees to disclose wrongdoing the process must be accessible, easy to understand and simple to use – the ‘hassle factor’ must be removed. In this day and age, a secure, user-friendly web-based system is probably the most ideal, but other options such as face-to-face discussion, telephone, fax and surface mail should

IS OUr whIStLEBLOwING SChEME wOrkING?

Business ComplianCe 05/201461

be offered. I do not favour email, as I do not believe it is sufficiently confidential.

Removing the requirement for employees to sit across the table from their boss or superior and make their case removes a significant part of the fear factor.

feedBacK

In my experience, one of the things that causes employees to totally lose faith in a Scheme, is if they raise an issue and it disappears into a ‘black hole’ with no update on what is happening and no feedback on whether the organisation agrees the concern is well founded and is going to do something about it. Employees either fear that nothing is being done or that they are not being taken seriously. Having gone through the mental torture of bringing themselves to make a disclosure, this can be infuriating for the employee. Often it can result in the disclosure being made again (the second time is always easier) in this case to the Press or to a Regulator or Law Enforcement Agency. This is typically not a good outcome. Employers lose control of the investigation process and the concerned employee feels aggrieved.

So the investigation process should, either directly or via a third party intermediary, give regular updates and feedback. In so doing, care should be exercised that the rights of all parties, particularly any individual accused or under suspicion of wrongdoing, are respected.

managem ent in formation

I always recommend that employers design their Scheme or use an Outsourced Service Provider that will collect management information from concerns submitted. In this way the Scheme can contribute in a meaningful way to improving business management.

One way of keeping everyone focused on the value-adding contribution of a well-run Scheme is for Management to publish a report annually, perhaps as part of the Annual Report to Shareholders, setting out the number and type of issues that were raised and what Management did about them.

The ones that got awayI mentioned at the outset the best way of knowing if your Scheme was working is to analyse the cases that were not

IS OUr whIStLEBLOwING SChEME wOrkING?

To encourage employees to disclose wrongdoing the process must be accessible,

easy to understand and simple to use

Business ComplianCe 05/201462

reported and perhaps should have been. It should be a standard part of root cause analysis for all control failures that, as far as possible, the reasons why the organisation’s whistleblowing scheme was not used to escalate the issue should be analysed.

A final word for those who influence management….By way of conclusion, I think that strong management in well run organisations know and value the contribution an effective Whistlebloweing Scheme can make to a strong control culture and to adding/preserving value. However, not all management or organisations ‘get it’. For this reason, Boards, shareholders, regulators and leaders of control functions should challenge management who either have no Scheme, or have an ineffective Scheme, to do something about it. M

Philip Brennan is Founder and Managing Director of Raiseaconcern.com (www.raiseaconcern.com), an Irish based firm which advises on and operates whistleblowing schemes for employers and public bodies. Philip is also currently Chairman of the Association of Compliance Officers in Ireland (ACOI). Philip was previously Group General Manager, Regulation and Compliance in AIB Group, one of Ireland’s largest financial institutions, a position he retired from in 2011. Between 1995 and 2002 he was Head of Group Taxation at AIB.Philip is a former President of the Irish Tax Institute and between 2008 and 2010 served as a member of the Consultative Industry Advisory Panel to the Irish Financial Regulator (now the Central Bank of Ireland).Philip holds an MSc in Business Administration from University of Dublin, Trinity College. He is a Fellow of the Institute of Banking, a Fellow of the Irish Tax Institute and holds a Professional Diploma in Compliance. He is a Licentiate Member (LCOI) of ACOI.

Page 57: Marlon Brando in The Godfather

IS OUr whIStLEBLOwING SChEME wOrkING?

Business ComplianCe 05/2014 Baltzer Science Publishers77

EdItOr-IN-ChIEf Anthony Smith-Meyer

left mainstream banking to establish a career as a specialist within Governance and Compliance matters. He is Editor-in-Chief of the Journal of Business Compliance and is an Adjunct Professor and lecturer of International Business and Management at the European Campus of Miami University, Ohio. Previously a member of the Group Executive Committee of Compliance and Control at BNP Paribas, Anthony has been extensively involved with Compliance matters since 2003, when he established the Compliance Department for Merchant Banking at Fortis Bank, assuming responsibility for their Group Compliance function in October 2008. Anthony’s career spans over three decades working for UK, North American, Scandinav ian , Bene lux and French institutions in

a wide range of activities including relationship driven corporate and correspondent banking, as well as product area trading room activities, structured, asset and project finance. Anthony served as Chairman of the European Securitisation Forum during 2003/04. Anthony holds the UK Institute of Directors Dip loma in Corpora te Direction and is certified as a qualified Director by the Institut Luxembourgeois des Administrateurs; the Luxembourg Institute of Directors, where he regularly instructs on the subject of Governance and Director Responsibilities.

Anthony Smith-Meyer

EdItOrIAL BOArd

Business ComplianCe 05/201478

EdItOrIAL BOArd Andrew Buckhurst is

Head of Investor Relations at RTL Group, Europe’s largest media company. He previously combined this role with that of Ethics and Compliance officer. Andrew was responsible for the management of the Groups’ e th ic s and compl iance programme which entails reporting to the Group’s Audit Committee and the Group’s Corpora te Compl iance Committee, which is made up of senior management. He was responsible for t h e d e v e l o p m e n t a n d implementa t ion o f the Group’s Code of Conduct and co-ordinated the Group’s approach towards related policies and procedures. As compliance officer, Andrew handled all the whistle-blowing and other code of conduct violations across the Group. Andrew has a degree in Accounting and Finance and

is a member of the Institute of Chartered Accountants in England & Wales (ICAEW).

Mark Compton is a partner in the Financial Serv ices Regu la tory & Enforcement practice of the London office, where he advises on UK and EU financial services legislation and enforcement. In addition, Mark counsels clients on an t i -money l aunder ing and anti-bribery legislation and systems and controls, and economic sanctions. Alongside banks and other financial services firms the clients he advises include multinational energy trading and exploration companies and engineering companies. Prior to joining Mayer Brown in 2011, Mark worked for BP plc for over six years as the senior financial services and regulatory lawyer, covering also their commodity trading

division. Mark’s work also advised on matters related to physical commodity and emissions allowance trading, internal investigations, import licenses and more. Mark also spent over five years at the FSA where he worked in the Enforcement Division on market abuse and Listing Rule breaches amongst other areas.

EdItOrIAL BOArd

Mark ComptonAndrew Buckhurst

Business ComplianCe 05/201479

Scott Killingsworth is a partner in the Atlanta, Georg ia o f f i ce o f the international law firm Bryan Cave LLP. As a business lawyer, he is focused on governance and strategy formulat ion, corporate c o m p l i a n c e p r o g r a m design and implementation, and transactions such as intellectual property licensing and protection; strategic alliances; and mergers and acquisitions. A 2013 Burton Distinguished Legal Writing Award honoree, Scott has a long standing interest in both the writing and publication of authori tat ive works in the area of corporate governance and regulatory compliance. He has served on the Editorial Boards of E-Commerce Law Report, Technology Transactions, the International Journal of e -Business Strategy Management and Intellectual Property Counselor, and

as Contributing Editor to a Matthew Bender treatise on the legal duties of corporate boards of directors. He is a regular speaker and facilitator at governance and compliance events in the USA and has been honored by inclusion in the Ethisphere Institute’s 2013 list of “Attorneys Who Matter” in ethics and compliance. Scott currently serves on the Boards of the Center for Ethics and Corporate Responsibility and the Georgetown Corporate Counsel Institute. Having published numerous articles deal ing with corporate law, compliance and ethics programs, technology law, and legal history, his work has been cited in law reviews from Stanford, Harvard, Northwestern, Berkeley, and Vanderbilt, among others, in several textbooks and legal reference works, and in an opinion of the Supreme Court of Canada.

Sonja Lohse is presently the Chief Advisor and Head of the General Secretariat at the Finnish FSA. She started at the FSA in 2014 after a long banking career spanning 13 years, during which she was heading the compliance function of Nordea Bank. She is a lawyer by profession and after having graduated from the University of Helsinki she went into banking business. Dur ing 3 0 years wi th Nordea she held numerous positions e.g. introducing a framework for corporate social responsibility as well as for compliance, which function she built up in Nordea. During her years in banking she was also involved in many European working and expert groups appointed by the EU Commission or European FSAs, holding the chairmanship of the EBF Financial Markets Commit tee f rom 2007 through 2013.

EdItOrIAL BOArd

Scott Killingsworth

Sonja Lohse

Business ComplianCe 05/201480

EdItOrIAL BOArd

Pedro Montoya

Pedro Montoya was appointed Group Chief Compliance Officer by the Board of Directors of EADS in October 2008. Under the authority of the Board’s Audit Committee, he designed and set up the newly created Corporate Compliance Office. Reporting to the Group CEO, he leads the EAD S Eth ics and Compliance Program with 140 full time employees. Pedro graduated in his home town from the Universidad Complutense of Madrid and obtained his Master in Laws by the Instituto de Empresa. He started his career in 1986 in Procter & Gamble and 4 years later joined the Spanish Aerospace Group CASA where he became General Counsel and Company S e c r e t a r y. U p o n t h e formation of EADS in 2000, when he actively participated to the contr ibut ion of the Spanish assets, Pedro

joined the Corporate Legal Department as VP Head of Contracts, Litigation and Intellectual Property. Before his appointment as Group CCO, he served three years as General Counsel EADS International.

Dr. Klaus Moosmayer is since January 2014 the Chief Compliance Officer of Siemens AG. He is leading the global Compliance Organisation of Siemens and reports to the General Counsel of Siemens and the Board of Management. Before his recent nomination he served since 2007 in several top management positions of the Siemens Compliance Organisation and had a leading role in developing the new Siemens Compliance Program in the course of the last years. Before entering the Siemens Legal Department 2000 he

was in private practice as a lawyer. Klaus has published extensively to Compliance and white collar crime topics – including Compliance and Anti-Corruption Manuals for companies – and speaks frequently on national and international conferences on Compliance topics. In November 2013 Klaus was elected as the new Anti-Corruption Chair of the Bus iness and Indus t ry Advisory Committee to the OECD (BIAC).

Klaus Moosmayer

Business ComplianCe 05/201481

EdItOrIAL BOArd

Dr. Prof. Dr. jur. Mark Pieth completed his PhD in criminal law and criminal procedure at the University of Basel. After an extensive time abroad, including the Max Planck Institute for Criminal Law and Criminology in Ger-many and the Cambridge In-stitute of Criminology in the United Kingdom, Mark prac-ticed for a time as a barrister, before he completed his post-doctoral thesis on sanctioning and other aspects of crimi-nology. From 1989 to 1993, Mark was Head of Section – Economic and Organised Crime at the Swiss Federal Office of Justice (Ministry of Justice and Police), whilst also serving as Member of the Fi-nancial Action Task Force on Money Laundering (FATF) and Chair of an intergovern-mental expert group charged by the United Nations with determining the extent of the illicit traffic in drugs. Mark’s work at the international level

has continued through to the present, including chairing the OECD Working Group on Bribery in International Business Transactions, and co-initiating the Wolfsberg AML Banking Initiative; and as a Member of the In-dependent Inquiry Commit-tee into the Iraq Oil-for-Food Programme and the Integrity Advisory Board of The World Bank Group (IAB).

Ludo Van der Heyden has been Professor of Technol-ogy and Operations Management at INSEAD since 1988. He currently holds the Mubadala Chair in Corporate Governance and Strategy. As the Academic Director of INSEAD’s Corpo-rate Governance Initiative, he is responsible to develop IN-SEAD’s activities in corporate governance and contributes to INSEAD’s MBA and Ex-ecutive Programmes. He also holds mandates as board di-

rector for a number of start up ventures. At INSEAD, he has earned several awards and was the first holder of the Wen-del Chair in the Large Family Firm, which to the creation of the Wendel International Centre for Family Enterprise. Ludo has published in many journals such as Harvard Business Re-view, Family Business Review and The International Journal of Game Theory a.o. He co-au-thored Industrial Excellence, a book identifying better manu-facturing practices. Before joi-ning INSEAD, Ludo taught at the School of Organizati-on and Management at Yale University and at the John F. Kennedy School of Govern-ment at Harvard University. He holds an Engineering De-gree in Applied Mathematics and a Ph.D. Degree in Admi-nistrative Sciences from Yale University.In 1996 the King of Belgium appointed him Officer of the Order of Leopold.

Ludo Van der Heyden

Mark Pieth

Business ComplianCe 05/201482

EdItOrIAL BOArd

José Zamarriego Izquier-do is the Director of the Code of Practice Surveillance Unit of the National Association of the Pharmaceutical Industry in Spain (Farmaindustria). Togeth-er with his team he oversees implementation and compli-ance with the self-regulation system of the pharmaceutical industry. At a European level, José is Chair of the EFPIA (European Federation of Phar-maceutical Industries and As-sociations) Code Compliance Committee and Vice-Chair of the Compliance Committee. He is also Chairman of the In-ternational Federation of Phar-maceutical Manufacturers & Associations Code Complaint Procedure Adjudication Group. José holds a PhD. in Econom-ics & Business Studies at the Universidad Complutense de Madrid, and an MBA on Busi-ness Administration at the Uni-versity of Wales, and a General Management Program by the IESE Business School. Before

joining the innovative pharma association, he was General Secretary and General Director of the Spanish Generic Pharma-ceutical Manufacturers Asso-ciation (AESEG). José also has a background as an educator in the Universidad Europea de Madrid (UEM), where he was Dean of the Faculty of Econom-ics and Business Administra-tion and Executive Director of the UEM General Foundation.

Nico Zwikker started his career as a lawyer at the Am-sterdam bar and went on to the banking industry where he has been active for the past twenty five years. During this period Nico has held a number of se-nior positions as a lawyer, and as risk and commercial man-ager, but for the past six years he has held the position of head of compliance at a num-ber of international financial institutions, the last being ABN Amro following the nationali-

sation and integration of the Netherlands assets of Fortis and ABN Amro. Nico’s experience in compli ance, reputation and regulatory risk management overarch a wide range of busi-nesses and business risk pro-files, from the retail and private banking end of the spectrum. During the course of his ca-reer, Nico has embarked on a stakeholder management ap-proach in dealing with regula-tors including national regula-tors and a significant number of foreign regulators, and has gained experience in the fast developing regulatory banking and securities landscape. He was one of the founding fathers of the Netherlands Association for Compliance Officers and chaired the association for a number of years. Nico teach-es at the Vrije Universiteit in Amsterdam and at the Nether-lands Institute for the Banking and Securities Industry. He is a regular contributor to industry conferences and publications.

Nico ZwikkerJosé Zamarriego Izquierdo

Business ComplianCe 05/201483

EdItOrIAL tEAM

EdItOrIAL tEAM Adrienne Chang is a for-

mer management consultant with Booz Allen Hamilton, a global management and strategy consulting firm. Pre-viously based in Washington, DC, Adrienne advised U.S. domestic and foreign govern-ment ministries undergoing large-scale regulatory change and organisational restructur-ing to better improve service delivery to its citizenry. Spe-cializing in organisational strategy and redesign, she worked with public sector clients primarily in the ar-eas of governance, business process improvement and reengineering, performance measurement, change man-agement, and strategic com-munications. With ten years in the management consult-ing industry, Adrienne has also worked with internation-al accounting and consulting firms Arthur Andersen and Grant Thornton, providing

advisory services to public sector clients in the areas of government regulation and international development. She most recently finished a one-year position at the U.S. Embassy in Luxem-bourg, where she served as the personal assistant to the American Ambassador to Luxembourg. Adrienne re-ceived her Master’s degree in international relations and public policy from Columbia University, in New York City.

A regulatory compliance specialist, Sharon Ward is the Chief Examiner for Com-pliance at the International Compliance Association (ICA) and a regular tutor/contributing author for Inter-national Compliance Train-ings (ICT) professional edu-cation programmes, both in the UK and worldwide. She is also involved in a number of compliance related projects, including the development

and delivery of the Financial Services Compliance Mod-ule of the Chartered Banker MBA at Bangor Business School, for which she is cur-rently the Module Director. A former senior compliance practitioner in the UK, as a member of the senior man-agement team Sharon played an integral role in ICA’s – and ICT’s development. Sharon has been involved in key ini-tiatives within the industry over a number of years and served as Chair of the Mid-lands Region for the Com-pliance Institute in the UK where she was also a member of its Professional Education Board. A Fellow of the ICA, Sharon is also a Fellow of the Chartered Institute of Educa-tional Assessors and holds an MSc in Financial Regulation & Compliance Management from London Guildhall Uni-versity. Sharon is currently undertaking doctoral studies at Bristol University. M

Sharon WardAdrienne Chang

Business ComplianCe 05/2014 Baltzer Science Publishers84

SUBSCrIPtION INfOrMAtION

Subscription prices international*

Universities

e 195e 255

e 450e 450e 450e 450

Corporate

e 195e 255

e 450e 550e 750

To be negotiated

FTE’sPersonal subscription1 Hard Copy (6 issues)1 Online userInstitutional subscription3 Online users +1 Hard copy 5 Online users + 5 Hard copies10 Online users + 10 Hard copies>10

Online access includes the complete archive

Please go to our website for the general information regarding our journal subscriptions. http://www.baltzersciencepublishers.com

New SubscriptionsSubscriptions start with the first announced issue of the calender year. If subscriptions are started in the course of the calender year the full subscription rate applies, and the subscriber will get full access to the archive of the journal.

Change of addressPlease mail your change of address to the address mentioned on the contents page, or consult the website.

Terminating a subscriptionSubscriptions can only be cancelled, by email or letter, until 1 December of the present subscription year. After this date subscriptions will be automatically renewed for the following year.

Subscription InformationDetails on subscription rates and offers are available on request from the publisher.

© Baltzer Science Publishers

Journal of Business Compliance

Baltzer Science Publishers BV

Amsterdam - Berlin

+31 6 53 88 1602

+49 30 679 60 435

info@baltzersciencepublishers.com

www.baltzersciencepublishers.com

ISSN 2211-8934

E-ISSN 2211-8942

* For distribution and subscription in Germany,

Austria, Switzerland and Liechtenstein please contact:

Erich Schmidt Verlag GmbH & Co. KG

Genthiner Str. 30 G, 10785 Berlin, Germany

phone +49 30 250085 227

fax +49 30 250085 275

IBAN DE31 1007 0848 0512 2031 01

BIC (SWIFT) DEUTDEDB110

Vertrieb@ESVmedien.de

www.BUCOdigital.de

E-ISSN 2198-803X**

** This ISSN number is applicable for D, A, CH and FL

Advertising Rate Card2014 prices, excluding applicable VAT.

Full page 1x € 10005x € 750 (per page)

Half page1x € 6005x € 450 (per half page)

For technical instructions please contact the marketing/sales

department: info@baltzersciencepublishers.com

This journal and its contents are copyrighted material, with the copyright either held by the publisher or if indicated by the authors and / or their employing organisations with permission granted for publication in this journal only. Unless otherwise indicated, the content and opinions expressed in the Journal of Business Compliance are personal to individual authors or the individual members of the Editorial Board. The Journal cannot warrant for the accuracy of content. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, whether paper, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright holder, which may be obtained via the publisher.