The Compliance Week 2015 conference starts on Monday, and as usual we'll have more than 500 compliance officers, audit executives, regulators, and other leading thinkers talking shop on all things ethics & compliance. Check our website frequently for the latest updates, since we'll be posting lots of them. Meanwhile, here are my personal picks for what should be the most interesting or most important sessions we have. (Given how strong our agenda is, choosing only a handful is not easy.)
Managing FCPA Audits at Scale. Not every third party is paying bribes everywhere and deserves full investigation—sometimes you just want to do an audit for Foreign Corrupt Practices Act risk, nothing more. Except you have to do thousands of them, across multiple operating units, with incompatible accounting software. That sort of data extraction and analysis job can induce migraines.
Hence we will have a stellar session on Tuesday about the task of managing FCPA audits, led by two legal and compliance officers from Baker Hughes who have tag-teamed this challenge for several years. They will talk about how they do find and extract all that data they need, and how they study it to understand which concerns are best handled by an audit and which might need to be escalated into a more formal investigation—and how you communicate with all those employees and third parties to assure them that an audit is not a witch hunt. It’s just an audit.
In the Driver’s Seat: Becoming the CCO. We will devote most of our agenda on Wednesday to leadership, starting with a fantastic session on how a compliance officer can establish his or her authority when first taking that chief compliance officer role. After all, as much as technical or legal expertise are important, leading a compliance program means that you need to know how to lead; how to judge your own success and that of your team; .
This session on Wednesday morning will have three great speakers: Raphael Richmond, head of compliance at Ford, who spent many years in other roles at Ford before leading compliance; Karen Griffin, chief compliance officer at MasterCard, who arrived in that top role after a stint as CCO at Visa; and Jeff Wu, head of internal control and compliance at the Haier Group in China, who had to define the compliance function for Haier and do so in a very different culture than what most North Americans would understand.
Is Orange the New Black for CCOs? This will be our closing keynote session on Wednesday, in step with our theme of strong leadership—and the question of whether those leadership duties now include personal liability for failure to prevent corporate misconduct.
Until a few months ago, I would have said the answer to that question is “no.” Now I’m not sure. In December the former CCO of MoneyGram was fined $1 million for his role in what looks like very poor oversight of anti-money laundering controls. In March the Securities and Exchange Commission fined the chief compliance officer of Pension Financial Services $20,000 in an administrative hearing over poor trade and clearing procedures. And just this week in Britain, the Serious Fraud Office filed charges against the former head of ethics and compliance at Alstom, the embattled French construction giant that just paid the largest criminal fine in FCPA history six months ago.
Enforcement officials tell me this fear of personal liability is overblown, that the SEC and Justice Department want compliance officers to be their friends and helpers in the quest for good conduct. Even lawyers on the defense bar say personal liability is a negligible risk for most CCOs. That’s not the sentiment I hear from CCOs themselves, so I look forward to a vigorous discussion Wednesday about what the landscape really looks like.
What We Talk About When We Talk About Practice Alert 11. This is for all the diehard internal control and audit executives at Compliance Week 2015. Practice Alert 11, issued by the Public Company Accounting Oversight Board at the end of 2013, has been interpreted widely as pushing audit firms to be more skeptical—which translates for you, the corporate executive, as an audit firm reluctant to accept your own internal testing and evidence and likely to charge higher fees. Debate has raged among internal auditors, external auditors, audit committees, and the PCAOB ever since.
On Tuesday morning we will have a panel discussion about what the PCAOB hoped Practice Alert 11 would accomplish, and how companies can try to maintain productive relationships with their audit firms in this era of sharper PCAOB scrutiny.
As I said, choosing only a handful of sessions from our agenda is really difficult. In addition to these four, we have dozens of other keynote speeches, panel discussions, workshops, product demos, and conversations with regulators. You name the subject—employee training, antitrust risks, cybersecurity, emerging markets, codes of conduct, FCPA enforcement, case management, much more—and it’s on the agenda.
And for those of you in the Washington area, we still have some seats available! Drop by the Mayflower Hotel, get registered, and enjoy the show.