Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.© 2015 Baker & McKenzie LLP

Panel: Liability Issues for Compliance Officers

Strong Compliance Culture as a Measure to Mitigate Risk of Compliance Officer Liability

John P. Cunningham, PartnerCompliance, Investigations & Government EnforcementBaker & McKenzie Washington, D.C.

IIB: Annual Seminar on Risk Management and Examination/Compliance Issues

October 28, 2015CUNY Graduate Center, NYC

© 2015 Baker & McKenzie LLP 2

Content

‒ Compliance Leadership and Culture in a U.S. Context

‒ Best Practices for Building a Strong Culture Through Effective Compliance Officer Leadership

Compliance Leadership and Culture in a U.S. Context

© 2015 Baker & McKenzie LLP 4

High Expectations by US Regulators for Compliance Personnel‒ Compliance officers increasingly exposed to personal

liability for compliance program failings (covered in detail earlier during today’s Panel)

‒ Beyond having strong compliance programs in place, CCOs must proactively seek ways to mitigate risks

‒ Compliance officers viewed as “gatekeepers” for minimizing risk and potential liability

‒ Creating and cultivating a robust culture is increasingly viewed as a critical step to success in this area

© 2015 Baker & McKenzie LLP 5

Recognition by Authorities of Effective Leadership and Impact on Culture‒ U.S. Attorneys’ Manual – Principles for Prosecution of

Business Organizations§ “[A] corporation is directed by its management and

management is responsible for a corporate culture in which criminal conduct is either discouraged or tacitly encouraged.”

‒ Recent SEC NPA with U.S. Company§ Company leadership “thoroughly reviewed its pre-

existing program and undertook steps to further update and enhance its compliance [program and culture], and successfully implemented those new enhancements”

© 2015 Baker & McKenzie LLP 6

U.S. Sentencing Guidelines

‒ Under the U.S. Sentencing Guidelines an “effective” compliance program must, among other things, “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law”

‒ As a result, the Guidelines expect the CCO to have “appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively”

© 2015 Baker & McKenzie LLP 7

Summary of US Expectations for CCOs‒ Empowered with clear mandate‒ Senior executive status with authority to get things done‒ Independent of business management‒ Direct access to the Board‒ Separate budget‒ Effective escalation protocol‒ Unobstructed line of sight into operations‒ A “seat at the table”‒ Adequate resources to do the job right ‒ Foster and encourage (pro)active compliance cultureSource: Investment Company Act Rule 38a-1

Best Practices for Building a Strong Culture Through Effective Compliance Officer Leadership

© 2015 Baker & McKenzie LLP 9

Engage High-Level Stakeholders‒ Report to your board regularly on the following:

§ Ongoing internal investigations § Compliance program status, compliance challenges facing

your company, and initiatives underway to address them§ General enforcement developments related to your areas of

legal and regulatory compliance risk‒ Regularly (e.g., annually) train the board of directors‒ Separately engage your board’s audit committee to facilitate

ongoing dialogue between primary compliance officer and the board on program developments

© 2015 Baker & McKenzie LLP 10

Collaborate with Officers and Senior Mgmt‒ It is important that employees at all levels of the company view the

CCO, CEO, board, and other senior leaders as a team, equally committed to the program’s success§ Actively solicit your CEO’s input (e.g., monthly meetings) and

engage your CEO in program design, implementation, and, in particular, compliance messaging

§ Meet regularly with the business heads to obtain feedback on evolving risks, program design, and program implementation

§ Conduct monthly meetings with company leaders responsible for other compliance related functions (i.e., Legal, Internal Audit, Accounts Payable, CFO, Finance, HR) to ensure adequate communication on program effectiveness

© 2015 Baker & McKenzie LLP 11

Implement Performance Incentives‒ Incorporating specific compliance requirements into annual

evaluation criteria and connecting compensation to meeting these criteria can be an effective means of guiding employee behavior towards greater respect for compliance § Apply incentives at all levels of company§ Work with senior management and HR to integrate

unique evaluation criteria for senior executives that encourages them to take a leading role in promoting compliance throughout their areas of responsibility

© 2015 Baker & McKenzie LLP 12

Push Compliance Out to Field‒ Identify and designate compliance liaisons or

representatives throughout your corporate operations§ Determine numbers and location based on regular risk

assessments§ Incorporate performance incentives into their evaluation

and compensation criteria to ensure accountability§ Train them to conduct future training in their local office

or assigned department (i.e., “train the trainer”)

© 2015 Baker & McKenzie LLP 13

Develop and Implement a Strategic Communications Calendar‒ Plan out your compliance communications on an annual basis to

ensure regular and consistent messaging from senior management§ Time delivery of messages to ensure company’s commitment to

compliance remains “top of mind” throughout the year§ Target client alerts to specific areas of the business based on

recent enforcement developments§ Ensure business leaders reinforce message as part of regular

operational interactions and meetings (e.g., develop incentives for middle managers to include compliance with policies and procedures as part of weekly coordination meetings)

© 2015 Baker & McKenzie LLP 14

Diversify Delivery of Compliance Message‒ Harness internal communications mechanisms such as internal

blogs and video systems, intranet, and social media to deliver compliance message throughout your organization

‒ Work with internal marketing staff to develop compliance messages and themes§ Showcase leaders from across business areas and functions

to demonstrate senior management’s full commitment to the successful implementation of the compliance program

§ Implement a compliance messaging series focused around key members of senior management such as your CEO

© 2015 Baker & McKenzie LLP 15

Identify Key Initiatives to Lead‒ Certain initiatives should be led by the CCO, ensuring

centralized evaluation and management of your company’s highest risks § Regular risk assessments allowing you to understand the

business’s risks across all operations as the business evolves and changes

§ Implementation of key compliance policies and procedures§ Serve as the gatekeeper and evaluator of risk screening

and analysis for high-risk transactions§ Oversight of monitoring, auditing, and testing processes

© 2015 Baker & McKenzie LLP 16

Incorporate Training into Supervisor Performance Evaluations‒ An effective training program is critical to the success of your

compliance program, yet ensuring that employees keep up with their training is an ongoing challenge§ Enlist the partnership of supervisory personnel by

connecting their performance evaluation to the training completion rates of personnel they superviseo Requires supervisors to re-enforce message of

importance of complianceo Fosters greater employee accountability for completiono If possible, employ technology to track training

© 2015 Baker & McKenzie LLP 17

Make Training Compliance Professionals a Top Training Priority‒ Ensure compliance department personnel participate in

key compliance conferences and trainings annually ‒ Ensure personnel from offices that are key compliance

partners (e.g., Legal, Internal Audit) participate in annual compliance conferences as well

‒ Provide function specific compliance training where appropriate (e.g., provide Accounts Payable training on key anti-corruption red flags)

© 2015 Baker & McKenzie LLP 18

Coordinate Audit and Testing Plans

‒ Compliance policies, procedures, and controls should be audited and tested in consultation with the CCO§ The CCO should provide feedback on areas of the

program in need of verification as informed by risk assessments and continuous program monitoring led by the CCO (i.e., compliance “health checks”)

§ Similarly, subsequent program enhancements should be designed and led by the CCO in consultation with Audit and other relevant personnel

John P. Cunningham+1 202 835 6148

john.cunningham@bakermckenzie.com

‒ Thank you.‒ Questions?