Modernizing compliance: a viewpoint from the front lines

Maybe your compliance program has been in place for so long that it has become stale and ineffective, or maybe you’re just now starting to build a compliance program from the ground up and don’t know where to begin. In either case, you could probably use some guidance from other like-minded ethics and compliance peers.

Register: CW's Innovation & Compliance Summit

On June 26 at the Harvard Club in Boston, join Compliance Week and Financial Research Associates for the second annual summit designed to educate compliance, audit, and risk professionals on the potential for artificial intelligence to transform the compliance profession. Register now and get 50 percent off




,

Speaking on a panel last week at the Compliance Week 2018 conference in Washington, D.C., chief ethics and compliance officers discussed how compliance can work with other business functions to become a valuable strategic business partner. One key theme discussed by the panel members is how taking a cross-functional approach—solving problems together with the business—is the most effective and cost-efficient way to mitigate enterprise-wide risks today.

“That goes to the question of: ‘How does compliance play a role in that space?’ ” said Cindy Moehring, chief U.S. ethics and compliance officer at Walmart. At her company, for example, the compliance function has taken a step back to think about how to change from just being the department that assesses risks to becoming a strategic enabler, she said.

A cross-functional, collaborative approach is especially important when compliance budgets are tight and holding steady. In an on-site poll during the session, 36 percent of the audience indicated their annual compliance budget is less than $1 million, while 33 percent said it’s between $1 million and $3 million. Just 15 percent and 16 percent, respectively, said their budgets are between $3 million and $5 million, or greater than $5 million.

It is also important for compliance teams themselves to have a mix of expertise and skills. “People often ask me, ‘What would be the right disciplines to bring into the compliance department?’ ” said Hui Chen, former compliance counsel for the Department of Justice Fraud Section and now a compliance consultant. “My response, with the exception of investigations, is, ‘I would not hire a single lawyer. I would hire data scientists, auditors, social scientists, journalists, marketers, engineers.’ ”

Moehring added to that point: “You need attorneys, auditors, data scientists, folks that understand both HR and the business. It’s taking all that legal advice and regulatory information and understanding the business well enough that you’re able to help them operationalize what they need to do so that they can have a sustainable business moving forward. It takes a special blend and mix of skills of individuals to all get together and help figure that out.”

The consensus at the Compliance Week event was that many compliance departments do have a mix of skills on their team. When polled, 66 percent of attendees at the session indicated that their compliance departments are composed of a mix of attorneys and auditors. Another 27 percent said their compliance function is made up of primarily lawyers, while six percent said primarily auditors.

Beyond professional skills, certain characteristics are also important to have.  “You’ve got to be incredibly collaborative, a good communicator, able to listen and understand the needs of the business people,” Moehring said, “You’ve got to be relatable. You’ve got to be adaptable and flexible. You’ve got to be able to listen, as well as be able to speak well.”

MODERNIZING COMPLIANCE

Below are some results from the Compliance Week poll of attendees to the CW 2018 modernizing compliance session.

“At the need of the day, after all that, you’ve got to have the courage to raise the issues that need to be raised and say what needs to be said,” Moehring added. That builds credibility.

The three competencies that compliance officers need to have are “common sense, social intelligence, and a backbone,” Chen said. “I find the combination of the three very difficult to find.”

The panel also discussed ways to break down silos between compliance and the rest of the business. Chen offered that one way to break down silos is by simply talking to one another. “To me, as a compliance person, the most valuable time … I get to spend with my colleagues is just randomly in the hallway and the cafeteria,” she said, “because once you get to know them as people, they stop stereotyping you as the person they need to avoid.”

Another way to break down silos—and something many companies are starting to experiment with—is putting high-performance employees in a compliance-related function as a rotation. “I think that’s a great idea,” Chen said. “I also think it will be a really good idea to put compliance people into business as part of the rotation. I’ve found too many compliance people who don’t speak the business language. You can’t tell people ‘don’t do this, don’t do that’ unless you know how they’re doing their job.”

Effective training

Another topic discussed by the panel was how to build “muscle memory” around ethics and compliance training. “We have limited time and limited resources,” said Kim Yapchai, chief ethics and compliance officer at auto parts maker Tenneco. “You don’t want to keep doing something if it’s not moving the needle.”

Sprinkling real-world scenarios into training elements is one way to make a lasting impression. Yapchai cited an example of using a role-playing game in which employees get to choose which role they want to fill—a vice president of compliance or a vice president of sales, for example—and then they are presented with three compliance-based dilemmas to gauge how they would handle the situation. 

Let’s say, for example, that the business is about to launch a new product line and, one week before launch, outside counsel calls and says, “I forgot to tell you, there’s a new law. You need to make some changes—but don’t worry about it. The fines are small. Regulators don’t have their act together, and so the risk of an enforcement action is unlikely. The risk is reasonable. Go ahead.”

Presented with that scenario, Yapchai said employees are given three choices: (1) Proceed, since the risk is reasonable. (2) Make the changes. (3) Run a pilot to see if revenues justify the change.  “The data you get from just that hypothetical is amazing, and you get it before they create a problem,” Yapchai said. “It’s a great way to set the tone and gives managers an idea of how employees are going to decide those types of issues.”

Another fun and lasting training technique that Tenneco tried out was a jail game. The game was set up so that employees were baited: “The wrong answers paid more money,” Yapchai explained. “After two quarters, we announced a dawn raid. We pulled back a curtain to show a jail.”

“Last time we did this, I heard an audible, ‘Oh, [expletive],’ ” Yapchai said. “They knew compliance was running the game and that their boss was sitting in the room watching.  The jail ran out of seats.”

If employees make these choices in a room playing a game, “think about what they’re doing on a day-to-day basis,” she said. The whole point is, as ethics and compliance officers, you want to stop problems before they become problems.