Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

The Big Lesson From Compliance Week Europe

Matt Kelly | November 2, 2015

Last week we held the annual Compliance Week Europe conference in Brussels, and it was a smashing success—a large turnout, of compliance professionals from across Europe (and beyond), who had vigorous discussions on all manner of topics, all capped with great Belgian beer. You can’t beat that.

Since then I have been trying to identify the best insights at the conference; those moments that really capture what compliance officers face today. That’s no easy task, but the moment was this: when we started a discussion on the rather dense subject of monitoring compliance activity across multiple departments, and ended up dwelling—as always—on the importance of ethics, culture, and communication.

That’s where the job of chief compliance officer is headed today.

As I said, we started with both feet firmly planted on the ground of operational compliance. We had two excellent speakers from Bayer and E.ON, talking about how they monitor compliance across numerous departments: anti-corruption, financial compliance, regulatory filings, data security, and so forth. That’s a lot of transactions to observe, and both businesses have some innovative ideas on how to parcel out all that work among various parts of the corporation so compliance is not shouldering the whole workload alone.

Then someone in the audience raised the killer question: Would any of this structure have been able to stop the emissions-testing misconduct at Volkswagen?

The speaker elaborated that she is an ethics and compliance officer, and our discussion had not yet talked about the importance of ethics in compliance monitoring. You can implement all manner of programs to monitor transactions, she said, but that won’t necessarily stop someone from wanting to commit an act of misconduct—and once an employee has decided to commit misconduct, that employee usually finds a way to do it. “I find myself spending more and more time on the ‘ethics’ part of my job,” the speaker said. Around the room, heads nodded in agreement.

From there we spent quite a bit of time talking about the misconduct that appears to have happened at Volkswagen. By all reports so far—and yes, our understanding of the facts may still change—several engineers deliberately decided to lie. They adjusted software code in VW’s cars to evade emissions testing equipment. Senior executives allowed this lie to perpetuate.

How can a compliance monitoring program catch something as deliberate, devious, and sophisticated as that?

I noted that challenges like this—subtle manipulation of products or services your business delivers—will only become more common in the future, because more and more company assets will be intangible in nature. That is, your most valuable assets might be software code, or records of consumer buying patterns, or experimental test results. Those assets can be altered quietly and easily if someone has the right skills. And compliance officers themselves typically will not have the right skills to fight that.

“I find myself spending more and more time on the ‘ethics’ part of my job,” someone said. Around the room, heads nodded in agreement.

Some in the audience said this will drive compliance officers to forge even closer ties to the IT department, and specifically to quality assurance experts who work there (or work in an IT audit department, if you are lucky enough to have one). There is a lot of sense in that advice. Others noted that manipulation of data is also crucial to committing fraud in the financial statements, so compliance and audit executives do have at least some practice in the work necessary to hunt down fraud in other types of data. That’s good news.

Still, I can’t help but come back to the first speaker’s point, that ethics—and the pillars of its success, training and communication—has become far more important to any successful compliance program. Years ago another compliance officer, Steve Koslow (then of CUNA Mutual; now at PwC) told me, “If I have only one hour and I can worry about either ethics or compliance, I’ll worry about ethics every time. If I get that right, my compliance problems suddenly become so much easier.”

Koslow was right then, and my European compliance officer was right today. And as we can all see from the insidious nature of what went wrong at Volkswagen, that statement is likely to be right for a long, long time yet. 

Matt Kelly has been editor of Compliance Week for 10 years. He will step down from that role at the end of this year. You can find him on LinkedIn at www.LinkedIn.com/in/mkelly1971 or on GoogleTalk at MattCompliance@gmail.com

Comment on this post on LinkedIn.