The Compliance Week 2015 conference is now part of history. We had a more than 560 compliance and audit professionals join us in Washington last week for three days to discuss all things ethics, compliance, audit, and risk management. The whole event was terrific, and we thank everyone—sponsors, attendees, speakers, staffers—for all their help.
You can see plenty of our coverage of CW 2015 on our website, and we’ll have much more coverage in our June and July print magazines. Meanwhile, let me share a few observations here.
Liability on the mind. We closed our conference with a keynote discussion about the rise of personal liability for compliance officers should your compliance program fail to catch misconduct at your business. Several voices on that panel—the head of white-collar defense practice at DLA Piper, and the associate head of enforcement at the Securities and Exchange Commission—said the real risk of CCO liability is rare, and that the last thing regulators want is to foment distrust with people they see as enormously important helpers in their enforcement mission.
Well, kinda sorta. Earlier this month we saw the Serious Fraud Office in Britain bring corruption charges against the former chief compliance officer of Alstom, Jean-Daniel Laine; he is only the latest executive among several now facing charges for Alstom’s widespread bribery in the 2000s. That news was a jolt to many compliance officers, since Laine is well-known to our community and had been a regular speaker at other compliance conferences himself.
Granted, how the SFO handles personal liability for compliance officers is not the same as how we handle it here in the United States, and our SEC speaker pointedly declined to comment on what the SFO is trying to accomplish. Still, it demonstrates that at least some regulators are pursuing cases of failure to prevent misconduct, and in our globalized economic world, compliance officers at global enterprises are not going to like this news.
Liability on the mind, Part II. At our conference we also released the 2015 Compliance Trends Report. This is the survey of compliance officers that Compliance Week and Deloitte undertake every year, and you’ll find plenty of benchmarking data in those pages. Among the findings: 57 percent of CCOs now answer directly to the board or the CEO; and 51 percent serve on the executive management committee.
Good news, but this also means that as CCOs enter the inner circles of corporate management, those fears about liability will persist. If compliance officers start serving on boards of directors, for example, that will bring specific legal liability. If compliance officers are part of the executive management committee setting budgets and buying IT systems, you will need strong documentation to show that your decisions reflected your best efforts to build a strong program.
I agree with our SEC speaker that nobody in the enforcement world wants to antagonize compliance officers. Still, lots of what is normal in Corporate America today are things that nobody ever wanted to see once upon a time. So I wonder about this one.
Audit firms and fraud. We had a fantastic speaker on Tuesday afternoon, Kelly Richmond Pope, an accounting professor who has made her career studying what motivates people to commit fraud. Pope gave several examples of embezzlement and similar fraud, and in all cases the victim company’s external audit firm failed to catch the fraud. According to Pope’s research, audit firms hardly ever catch fraud.
Critics of audit firms (and lord knows, such people abound) would cite Pope’s research as proof that audit firms aren’t terribly useful any more. The truth, however, is that auditors can’t catch fraud easily—at least not yet, without much better IT analytics that lets them study much more data than is currently possible. The person who perpetrated the largest municipal fraud in U.S. history embezzled more than $50 million over the course of 20 years, by generating 175 phony invoices. At even a mid-sized business, could you find 175 phony invoices among the millions generated across 20 years? Probably not.
Fraudsters are correct when they say they can evade audit firms easily. That is not for lack of trying from the auditors. They do work hard. We just need lots more help and research here before the calculus shifts in our favor.
Leadership. One panel discussion focused on how you lead the compliance function, whether you arrive from the outside as chief compliance officer or assume that top role internally. As this profession matures—and it is only now, 10 years on, beginning to hit that level where you might call it “mature”—more and more compliance officers will need to think about questions of leadership and management. You will need soft skills in those fields as much as you’ll need expertise in law or financial reporting.
The best advice I heard on this point came from Karen Griffin, now CCO at MasterCard, after stints as CCO at Visa, Alcatel-Lucent, and elsewhere. Griffin knows her stuff about leading compliance teams. Above all, she said, “respect the work of the people who came before you.”
In a profession where strong employee culture is everything, where creating an environment to let workers feel safe in speaking up, a great way to wreck that is to arrive from the outside and act like a bull in a china shop. So you can’t do much better than Griffin’s words of wisdom.
Please add your comments to this column on LinkedIn.