Embed Size (px)
Citation preview
Current Compliance Trends
Giovanni Pantò Deputy Head Compliance SIX Group IRM Switzerland Regional Group Zurich February 1, 2017
• The Regulatory Storm
• Whistleblowers talk
• Transparency is a of fact
• A culture of Compliance is essential
2
Agenda
The opinions expressed in this presentation just reflect those of the presenter and not necessarily those of SIX Group.
The Regulatory Storm
• The causes of the storm: � The American Housing Market and Global Financial crisis � Inadequate supervision and regulation Æ Multiplication of Regulations, e.g. Dodd Frank Act:
• And today: The storm is not over � The fight against terrorism (e.g. EU Action Plan against terrorist financing) � Whistleblowers and the Leak-Legislation (e.g. Lux Leak, Panama Paper) � Transparency
• And tomorrow � Brexit, Donald Trump…
3
The Regulatory Storm
The effects:
• Regulations have become more complex, difficult to read and to understand (e.g. Dodd Frank Act https://www.sec.gov/about/laws/wallstreetreform-cpa.pdf).
• Regulatory changes come with a higher pace (e.g. the 4th and the 5th AMLD)
• Regulators are intensifying their attention and reach (e.g. FINMA has issued ca. 30 industry bans since 2009).
• Stronger consequences in case of non compliance (e.g. violation of AML or GDPR)
• Personal liabilty of Management Team and employees
• Extraterritorial application of law has become normal (e.g. Anti trust laws, FCPA)
Regulatory changes have a massive impact on business models and require more management attention and resources.
4
The Regulatory Storm
5
Whistleblowers are talking!
http://sverigesradio.se/sida/artikel.aspx?programid=2054&artikel=6570105
http://money.cnn.com/2016/03/02/news/companies/whistleblower-olympus-medical-equipment/
6
The importance of Whistleblowers
• Who is a whistleblower: Any person who report or disclose information on acts and
omissions in the workplace that represent a serious threat or harm to the public interest (Council Europe, Protection of Whistleblowers, Recommendation CM/Rec (2014)7).
• Authorities encourage blowing the whistle as a way to promote compliance with laws and regulations Æ deterrent effect of whistleblowers.
• Whistleblower are considered crucial in: � increasing accountability, strengthening the fight against corruption and spreading a
culture of transparency � tackling mismanagement in the public and private sectors.
• Most Regulators have implemented whistleblowing tool such as Whistleblowing hotlines or specific e-mail addresses.
• Several countries have enacted protection rights and offer rewards for external reporting.
7
The importance of whistleblowers
• The private sector also acknowledges the importance of internal whistleblowers in detecting, deterring and preventing wrongdoing that may otherwise remain hidden.
� Employees are often the first to know that something is wrong and are in a privileged position to inform those who can address the problem.
� Whistleblowers can act as an early warning system for real or potential malpractice.
Æ Internal whistleblowing arrangements are an essential part of an effective compliance and risk management system.
• But still…many employees do not file a report (“willful blindness”) - why?
� Fear of retaliation or discrimination
� Lack or perceived lack of follow-up given to reports
� Do not know who or how to address the issue
� Cultural aspects Æ Significant opportunities to protect the assets of a company may be missed.
8
The importance of whistleblowers
Do all you can to get reports first:
• Implement a system that provide assurances to all employees that:
� All reports will be taken seriously � Strict confidentiality to the whistleblower is ensured � Real protection from all forms of retaliation and discrimination against whistleblowers is
implemented � Is fair towards the target of the whistleblower accusations � Discourage actively individuals from trying to identify who blow the whistle.
• Encourage your employees to file reports whenever they have reasonable doubts about
bad practices Æ repeat the message - use different tools (leaflets, clips, posters etc.).
• Publish sanitized examples of reports and the company’s response to the report.
• Implement whistleblowing trainings and let the compliance officer explain the reporting process in person.
9
The importance of whistleblowers
• Nearly 65% of awards recipients were current or former company employees.
• 80% had raised their concerns first internally before reporting their information to the SEC. Æ Employees give first their employers a chance to respond.
In 2016 the SEC received 4200 whistleblower tips and paid 57 Mio USD rewards.
10
Transparency
• Billions of devices are connected today to the internet:
� Fragmentation of the media industry
� Rise of the Post Truth
� Public debate less top down and more diffuse
� Loss of control of reputation
• Transparency is shaping legislation and regulations.
• Transparency has reached the agenda of governments and supra-national organisations Æ combatting tax evasion, corruption, money laundering and terrorism financing.
Malpractices and dishonesty will be exposed: Hiding or lying is not an option!
11
Transparency
• Behave as if everything they say and do can become public.
• Change from having “nothing to hide” to pro-actively show you have nothing to hide.
• Be aware of the «peripheries» Æ local issues are global issues.
• Increased information requirements and scrutiny by third parties (e.g. customers, NGO)
Æ social scrutiny has heightened.
• Reports on sustainability are expected and failure to engage with the reporting process could trigger negative consequences for the organisation.
• Decide if you disclose actively malpractices to regulators or even to the public?
12
Consequences for organisations:
Transparency
• Transparency on the organisation (company policies, employment conditions, culture, supply chain, etc.; EU Directive 2014/95 on disclosure of non-financial and diversity information)
• Transparency on products / production (raw materials used, supply chain, etc.)
• Transparency on prices and fees (e.g. Interchange Fees Regulation, IDD, UK RDR)
• Transparency on the supply chain (EU 2014/95, UK Modern slavery Act)
http://www.vodafone.com/content/dam/vodafone-images/sustainability/downloads/slaverystatement2016.pdf
• Transparency on tax affairs and tax policy
� Transparency on earnings and tax payments per country
� Transparency on beneficial ownership
� Transparency on tax rulings
13
Transparency requirements for companies:
A culture of compliance is essential
• Today we know that:
� Many of the problems and failures during and after the financial crisis were triggered by poor cultural foundations.
� A lax corporate culture and systemic non-compliance with policies and procedures increases risk exposure exponentially.
� Acting with integrity mitigates or eliminates risks to which a company is exposed and is a key factor for long-term sustainable success.
• Today, (almost) every company says the right thing on paper (e.g. via the
Code of Conduct).
• And still: Unethical or even criminal conduct in business continues to be a major concern for companies - why?
14
A culture of compliance is essential
15
• Compliance covers the observance of legal requirements as well as internal behavioral guidelines (e.g. codes of conduct) and includes a commitment to acting with integrity (“do the right thing”).
• Culture determines how employees feel about their jobs and the industry they work in, it affects motivation and in particular the way they work.
• Culture has a major effect on public perception and the reputation of an organisation. Æ Problematic culture and subcultures can cause massive (reputational) damage.
• Because a culture of compliance is about doing the right thing whether or not a line
manager, a regulator or anyone else is watching. Æ A sound and embedded compliance culture including a comprehensive and
binding integrity framework is essential!
Why is a culture of Compliance so important?
Elements of a living Compliance Culture
Senior Accountability and Leadership
16
The right People
Controls
Trainings
Documentation
Senior Accountability and Leadership
Tone at the Top
• Compliance culture receives continuous attention from the Board of Directors
Æ Published Board charters includes responsibility for oversight of values and conduct.
• Board and Top Management implement a reputation, values and conduct risk dashboard
Æ monitoring information on reputation, conduct and values is regularly submitted to the Board and debated between Board and Top Management.
• Clear assignment from the Board to the Top Management of the responsibility for ensuring
that the “tone at the top” has a clear and consistent “echo from the bottom”
Æ 1st line f defense is primary responsible for delivering the desired values and conduct.
• Top Management and those reporting to him are held accountable for adhering to the compliance requirements.
Æ Are held accountable for actions that are not line with the requirements.
17
Top Management:
• Is responsible embedding effectively compliance into all business units.
• Makes sure that the tone at the top is matched in the middle and prevent inappropriate sub-cultures Æ Leadership.
• Demonstrate tangible support for the risk functions (staff, resources, tool, etc.) and champions desired values and conducts e.g. celebrates staff who escalate potential issues.
• Implements zero tolerance for behaviors that violates company’s values, ethics and desired conduct Æ violations must be sanctioned, reported to Top Management and remediation actions must be monitored by risk functions.
• Publishes sanitized examples of non compliance and the company’s response to it.
• Implements a strict non-retaliation policy in terms of whistleblowers.
18
Tone at the Top
Senior Accountability and Leadership
Walk the Talk Top Management acts as a role model and
• Sends clear and consistent messages on regular basis to the staff on compliance culture and demonstrates a strong and positive attitude towards compliance organisation
Æ employees know what is expected of them.
• Encourages critical views and installs a speak up culture and acknowledges mistakes
Æ Bans an “Only good news, please”- Culture.
• Reinforces a culture of compliance by appropriate incentive systems.
• Participates in any discussion about controls or in controls and asks regularly and unexpected questions about controls.
• Performs employee and customer surveys that also measure cultural elements and identify behaviors that are contrary to the cultural foundation of the company.
19
Senior Accountability and Leadership
The right people
Desired values and conduct must be reflected in the practices of the company • Hiring, staff development and promotion must include compliance requirements Æ How do you hire? How are employees evaluated and promoted?
• Adherence to compliance requirements is integral to the reward system. Æ Set incentives for desired behaviors and clear negative consequences for improper
conduct Æ Foresee compensation adjustments in the event of breaches of compliance
requirements such as bonus reduction or elimination, claw backs
• How do employees act when managers are not present and when matters of personal judgment arise?
• How do you choose clients, suppliers and business partners? Do you maintain relationship with third parties who have a questionable reputation or have violated laws?
20
Hiring, compensation and promotions practice
Trainings
• General compliance trainings � Implement regular trainings on the relevant rules.
� Train managers on their role in maintaining an open culture without fear of retaliation.
� Implement whistleblowing / anti-retaliation trainings.
• Specific trainings � Implement specific department/team trainings carried out by senior management
Æ Awareness of the compliance requirements and qualifications for a positions.
� Implement trainings with ethical dilemma situation distinctive to your business and organization (“the fine line between acceptable and unacceptable”)
• Repeat the trainings
� Make sure that employees are kept qualified Æ recurring educational trainings.
21
Compliance Trainings Program
Controls
• Review if the risk defense governance framework includes effectively culture, integrity and conduct standards.
• Define control points for each cultural risk and check if for all control points a specific function and person has been designated to manage a determined control point
Æ ownership and accountability must lie with the 1st line of defence.
• Carry out regular assessments, also ad-hoc surprise controls, across the company to identify issues that may be rooted in cultural problems, review in particular the hiring, training, incentives and promotion systems and the efficacy of early warning systems.
• Review if your business partners (distributor, agents, supplier, etc,) adhere effectively to your compliance culture.
• Incidents shall also determine if the underlying cause is a cultural / behavioral failure.
• Benchmark regularly compliance standards and program against peers.
22
Controls of effectiveness
Documentation
23
• Documentation provides transparency and proof on the seriousness of a compliance
program to senior management, internal and external auditors, regulators and stakeholders.
Æ It is not enough (anymore) to tell – you have to show.
• Documentation must be:
� accurate, easy to understand an constantly updated
� Easy and rapidly reproducible
Æ serve as an evidence e.g. in case of an inspection
� Properly stored and archived
• Ownership and accountability for each documentation must be clearly assigned to one employee.
Transparency and Proof
Contact: https://www.linkedin.com/in/giovannipanto [email protected] +41 79 296 91 21
24
Thank your for your attention.
“The time is always right to do what is right”
Martin Luther King Jr.
