Q&A: New Hitachi CCO on elevating compliance at global level

Karas has been with Hitachi for 13 years, serving in compliance leadership roles for Hitachi Vantara, the company’s digital infrastructure and solutions subsidiary. Trained as a lawyer, he has an MBA and is a former collegiate wrestler. Karas recently spoke with Compliance Week about the impetus to elevate compliance at Hitachi and what he hopes to accomplish in his new position.

Q: Tell me about your history and background at Hitachi.

A: I had been promoting the implementation of a corporate-wide, or Hitachi-wide, compliance program probably going back to the very beginning of my tenure at Hitachi Data Systems (now Hitachi Vantara). When I started, it was a little bit piecemeal. But compliance, and doing business the right way, have always been very strong Hitachi values.

As you know, Hitachi is a huge conglomerate with many different businesses. … They all have the need for a robust compliance program. And my goal in promoting the program was to make sure that since we all share the Hitachi name, we also share the common value of compliance. We need to be able to measure and promote the value of compliance as part of the Hitachi brand.

Q: What was the impetus for Hitachi creating the position of chief compliance officer? Commonly, compliance gets increased attention due to some event, but that hasn’t happened at Hitachi.

A: To paraphrase the saying about motorcyclists, there are those who fall and those that are going to fall. It’s the same with compliance.

We haven’t had a big precipitating event, fortunately. However, we have had challenges globally from different divisions in different geographies. And there’s just enough inconsistency where we’re at odds to demonstrate a consistent process and provide assurance to management, which is the goal of any compliance program. We’re at a level where we could be promoting compliance as a competitive advantage. The investment is there, but the ability to demonstrate in a consistent manner that we have compliance at an appropriate level in more companies is a little bit difficult.

The other part is we’re not taking advantage of our size and the synergies we could be creating. We have independent companies going out and doing the same processes. For example, we have a couple hundred operating companies, and many have their own whistleblower hotline. That can be implemented from a much, much higher level and not remove the autonomy from the companies. Let’s remove the burden from the companies. Same thing with respect to due diligence or many of the other processes. Training content can be centralized and distributed.

Now, I’m not thinking that one size will fit all. In all instances, processes and content need to be customized to meet various needs of different businesses, and we will allow that kind of autonomy. But the bulk of the work can be done centrally.

Q: You mentioned a good compliance program can be used as a competitive advantage. What did you mean by that?

A: From my business training, I know everyone thinks about ROI, return on investment. Having a compliance program is the table stakes to do business with a lot of our customers. You’re working with financial institutions—they come in and audit, ask questions about your compliance program (say, if you’re bidding on a contract in Saudi Arabia). You have to show you have a due diligence program in place. There are other organizations that are scoring us.

You’re going to make the investment (in compliance). The question is, what do you get back out of it? How do you get the most out of it? How do you do it in an efficient manner? And that goes back to what I was talking about before—not having 25 companies doing the same sort of development activity and instead having one development activity.

The other part is being able to feature your compliance program. And it’s a bit difficult, because you’re trying to prove the absence of bad acts. But more importantly, I think good compliance programs make a company attractive to people who are looking for jobs. Millennials, and all employees, want to work for companies with a social conscience, that do business the right way. When you go out in public and you have that logo on your jacket, you don’t want people saying, ‘Oh, I know that company. You got in trouble with the SEC.’ You want to pick up the box with the Hitachi logo on it and say, ‘OK, there’s quality inside, and this is a company with integrity.’

Q: Reputation is a big part of that. Does a good reputation help you to get new business and to grow existing business?

A: It’s important to consumers, it’s important to enterprises. It’s important to the employees and to potential employees. The ability to attract and retain talent is a large part of what compliance is about, from my perspective. If you can measure it, you can feature it.

Q: You talked about what Hitachi has in place now for compliance. Are you trying to bring together all these different compliance functions under one roof, or is it coming together in some other way?

A: We have lots of companies with very good compliance programs in and of themselves. So, it’s going to be a hybrid approach. There will be some centralization and coordination for reporting and administrative purposes but also development purposes. But the companies will retain a lot of autonomy.

There’s no way someone even like myself can know everything about every business at Hitachi. I don’t know how to produce an elevator. I don’t know what’s involved in putting in a power grid or building a bullet train. But I do know that we’re all human beings. And human beings want to do good, for the most part. It’s about generating materials and tools that allow them to do that so they can do their jobs.

On the flip side, when we take it to the level where something goes wrong, I’m not going to be conducting all the investigations. The whistleblower hotline will rely upon the people that are in place to do that. We have more mature programs and less mature programs. So, we need to get everyone … at least up to a certain level. And then we can work on developing, implementing, and refining the program as we go forward.

We are implementing a risk-based program. We have a risk-based approach, because different companies have different exposures. Some work in different, riskier geographies. They work in riskier businesses and have different business practices in different areas. We will have to be flexible and rely upon the compliance professionals in these groups in order to decide exactly what’s right for them or to customize their programs.

Q: Are you building out a team by hiring, or are you basically using the tools and people already at your disposal to build on?

A: It’s going to be a bit of both. We’re making a significant investment in new personnel, resources, and approaches. And I’m looking to have that investment by reducing the exposure and cost to some of the other group companies. We’re also bringing some processes in-house that were formerly outside services. We’ll have some centralization of functions.

Q: Where does your position sit in the organizational structure of the company?

A: I report to the chief risk management officer, who is also the chief legal officer. The chief legal officer reports to the board.

Q: Is there a trend among Japanese companies to place more emphasis on compliance?

A: The number of Japanese companies instituting robust compliance programs is increasing. It’s not about Japanese or not Japanese, though. It’s globalization. If you’re working in the global market, it doesn’t matter where your headquarters is. You need to have a great compliance program to avoid penalties and be able to promote the brand.

Q: You’re in a new position, but you’ve been in compliance for many years. Is there advice you can offer to other compliance officers who are stepping forward to lead the compliance program within their organizations?

A: I think a lot of compliance is promotion. I mean, we’re all in sales. Everyone has the same goals. Gone are the days when you put a little sign up in the breakroom with executives being hauled away in handcuffs to achieve your goals. That doesn’t work anymore.

Everyone’s completely aware of what can happen, but it is about promotion. It is about building trust. We all hire from the same gene pool. During investigations, I think executives and managers seem to lean on things like, ’Well, I hire the best people. I trust my people. I’ve been working with this guy for 20 years. This could never happen.’ And they’re all surprised at the end of an investigation: ‘I never thought this would happen to me.’ But in fact, it does.

So, you have to convince them you’re not targeting individuals, you’re trying to control activity. … Situations happen, and a compliance program is more about setting yourself up to respond quickly and efficiently, and in a defensible manner, to those situations, not necessarily preventing everything from happening. Things are going to go wrong. Even companies with the best compliance programs will be faced with challenges.