Joel Katz is the chief ethics & compliance officer for CA Technologies, a New York-based provider of business management software and solutions, specializing in project management, application development, analytics, and more.

Katz’s legal acumen and communication skills have enabled him to build a robust compliance program that blends the hard facts of the law with the soft science of human nature.

Tell me about the path that led you to where you are today. How did you become chief ethics and compliance officer (CECO) at CA Technologies?

I’m a lawyer by training, and my background is in the management side of employment law. I was originally hired as CA’s first employment lawyer at a time when the company had just completed two of its largest acquisitions and had grown to approximately 22,000 employees.

About Joel Katz


Title: Senior Vice President, Chief Ethics & Compliance Officer, CA Technologies; Member, Board of Directors, Ethics & Compliance Association


Years of experience: 21


Areas of expertise: Law, psychology, public speaking


Quote: “I see compliance as a noble pursuit that helps ensure transparency and fairness in business transactions around the world. The field of compliance plays a critical role in the global economy. As we have seen in very recent history (over the last 15 years), a lack of transparency and fairness in business undermines consumer confidence and can lead to potentially catastrophic economic consequences. To use a sports analogy, every game must have rules, and the rules must be rigorously enforced to help preserve the integrity of the game.”

When CA formally founded its compliance program around 2005, I worked closely with the business as the program was being created. Then in 2009, as some people left the organization or moved into different roles, an opportunity arose to lead the compliance function. My boss asked me if I was interested. I said that I was, and the rest is history. I’ve been overseeing the global compliance program since April 2009.

Tell me more about your roles and responsibilities as CECO.

My roles and responsibilities can be broken down into three components.

The first component is policies and procedures. That’s all the things we do from formal policies to our Code of Conduct, and all of the resources we make available to employees to help explain the way we expect them to conduct business.

Next is the education and awareness piece which involves training as well as getting out and talking to employees. That’s one of the most important roles for compliance officers. Meeting with employees helps you understand what is on their minds and what is and is not working from a compliance perspective. The training, the awareness, the evangelism—all of those things that we do to help keep compliance top-of-mind among our employees is a very big piece of what I do.

The final component is investigations and enforcement. Like every company, we, at times, have employees who do things they shouldn’t be doing. So when we hear of allegations that someone has done something inconsistent with our ethical values or compliance rules, my team investigates. When necessary, if we find merit to the allegations and someone has, in fact, breached our rules, we determine what the appropriate remediation will be, working with the business and HR. We believe that the business, HR, and compliance should be a united front. Anytime we discipline or discharge an employee, this agreement between the functions helps us to ensure that we make the best decision for the business and for our compliance program.

What other aspects of your job make the compliance role challenging?

Finding new and interesting ways to keep the compliance message resonating with our employees is always a challenge. By and large, the laws and rules around compliance haven’t changed that much in the seven years I’ve been leading the program. While there have been new bribery laws, for example, the fundamentals of the law haven’t really changed in many years. So when we’re pushing training and awareness to our employees year after year, it is challenging to find interesting ways to keep repackaging what is basically the same information.

It’s also a challenge to connect not just with the employees who have been working here for a number of years, but also the new generation of employees entering the workforce each year. Millennials, for example, are used to having information at their fingertips from a very young age. We have to constantly be thinking about how to connect with all aspects of our workforce.

Corruption is another huge challenge for every company operating in any emerging market. We spend a lot of time focusing on assessing our risk, building the right controls, and ensuring that we are doing the proper amount of due diligence on our business partners to help ensure they understand and share our ethical values. In many societies, corruption is so deeply rooted that it would be naïve to think that any company’s compliance program is going to change societal norms. So finding ways to get comfort that we’ve built a good program, have the right controls in place, and have found the right tools to understand as much as we can about the partners we do business with—all these things are tremendous challenges for compliance officers in every industry.

You mentioned training earlier. How do you keep the compliance message ‘new and interesting’ at CA, so that it resonates with employees?

If you keep pushing things employees don’t like, it waters down the underlying messages. We have found over the years that using humor to teach compliance lessons has been really effective for us. I don’t know that it’s effective for everybody, but it has worked for CA. We created a fictional character named Griffin Peabody who is always doing the wrong thing, and we’ve incorporated some of his escapades into our compliance training courses. Griffin has been very popular with our employees who are always excited to see his “next adventure.” We have posted many of these “Griffin Peabody” videos that were created in-house to YouTube. We’ve received requests from many other companies to use these videos in their own compliance training offerings.

We are finding that effective learning takes place when we give employees information in shorter snippets. Most of the compliance courses we’ve created over the last seven years have been in the 18- to 22-minute timeframe. I’m a big believer that if you want employees to retain key messages from compliance training, the information should be provided to them in smaller chunks, rather than bombarding them with long courses where they’re going to retain very little. With the new generation of employees entering the workforce, that is even more true.

What other employee communication techniques have you found useful?

We publish a quarterly newsletter called “Walk the Talk” that profiles real compliance cases that we have seen at CA. We created the newsletter and began profiling real company cases after employees told us they’d like to learn more about the types of cases we are actually seeing at CA. I’m a big believer in transparency. Employees need to understand that the compliance messages are not simply theoretical—we, like every other company, actually have employees who sometimes do the wrong thing. We want our employees to understand what these issues are and what we can learn from them. By telling employees stories of the cases we’re actually seeing and how we’ve dealt with them, we are giving them information that they are interested in and that will help them understand CA’s expectations.

We’ve also done compliance events. In one of our New York offices, we did a “beer and pretzels with compliance” event, in which my team went around to the different departments. People would come away from their desks and have a beer, and we’d talk about compliance. Those are some of things we’ve done that we’ve found to be effective.

What are some of the more rewarding aspects of being a compliance officer?

I have always believed that most people want to do the right thing. To be a part of leading the charge at making sure we’re conducting business the right way and doing business as a company in a way that we can all be proud of is very gratifying. And our efforts were validated most recently when we were named one of the World’s Most Ethical Companies.

What lessons have you learned throughout your compliance career that you would like to share with fellow ethics and compliance professionals?

First, I believe that constant iteration is the hallmark of a top-notch compliance program. The world changes quickly, and the compliance program must be able to adapt equally as quickly. Next, it is not always easy to find new and interesting ways to deliver compliance messages so, whenever possible, you should try to make compliance messages and training interesting as well as relevant and useful to the target audience.

Facts and circumstances are not always as they may first appear to be—to conduct effective investigations, investigators must keep an open mind and truly serve the role of fact gatherers (rather than judges, juries, and executioners). It is imperative that you communicate and follow up with people who raise ethical- and compliance-related concerns. Doing so will help ensure that your organization is one where people believe in “organizational justice.”

Finally, you really cannot overstate the importance of tone at the top—like children emulating the actions of their parents, many employees will look to their boss and other business leaders for information about the organization’s ethical compass. When only the compliance officer and the legal team are endorsing compliance messages and living the organization’s professed ethical values, the company is clearly heading down a path paved with peril.

Any final words to impart?

More than anything, the compliance officer has to get buy-in from the senior leadership of the company and the board of directors. If you’re a compliance officer who has doubts about the ethical compass of your leaders; or you can’t get time with your leaders; or your leaders are not engaged in driving the compliance message or simply view compliance as a necessary evil, you are likely working for the wrong company if you’re serious about compliance and serious about helping run an ethical business.