Panel: Liability Issues for Compliance Officers · ‒ Compliance officers increasingly exposed to...
Transcript of Panel: Liability Issues for Compliance Officers · ‒ Compliance officers increasingly exposed to...
Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.© 2015 Baker & McKenzie LLP
Panel: Liability Issues for Compliance Officers
Strong Compliance Culture as a Measure to Mitigate Risk of Compliance Officer Liability
John P. Cunningham, PartnerCompliance, Investigations & Government EnforcementBaker & McKenzie Washington, D.C.
IIB: Annual Seminar on Risk Management and Examination/Compliance Issues
October 28, 2015CUNY Graduate Center, NYC
© 2015 Baker & McKenzie LLP 2
Content
‒ Compliance Leadership and Culture in a U.S. Context
‒ Best Practices for Building a Strong Culture Through Effective Compliance Officer Leadership
Compliance Leadership and Culture in a U.S. Context
© 2015 Baker & McKenzie LLP 4
High Expectations by US Regulators for Compliance Personnel‒ Compliance officers increasingly exposed to personal
liability for compliance program failings (covered in detail earlier during today’s Panel)
‒ Beyond having strong compliance programs in place, CCOs must proactively seek ways to mitigate risks
‒ Compliance officers viewed as “gatekeepers” for minimizing risk and potential liability
‒ Creating and cultivating a robust culture is increasingly viewed as a critical step to success in this area
© 2015 Baker & McKenzie LLP 5
Recognition by Authorities of Effective Leadership and Impact on Culture‒ U.S. Attorneys’ Manual – Principles for Prosecution of
Business Organizations§ “[A] corporation is directed by its management and
management is responsible for a corporate culture in which criminal conduct is either discouraged or tacitly encouraged.”
‒ Recent SEC NPA with U.S. Company§ Company leadership “thoroughly reviewed its pre-
existing program and undertook steps to further update and enhance its compliance [program and culture], and successfully implemented those new enhancements”
© 2015 Baker & McKenzie LLP 6
U.S. Sentencing Guidelines
‒ Under the U.S. Sentencing Guidelines an “effective” compliance program must, among other things, “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law”
‒ As a result, the Guidelines expect the CCO to have “appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively”
© 2015 Baker & McKenzie LLP 7
Summary of US Expectations for CCOs‒ Empowered with clear mandate‒ Senior executive status with authority to get things done‒ Independent of business management‒ Direct access to the Board‒ Separate budget‒ Effective escalation protocol‒ Unobstructed line of sight into operations‒ A “seat at the table”‒ Adequate resources to do the job right ‒ Foster and encourage (pro)active compliance cultureSource: Investment Company Act Rule 38a-1
Best Practices for Building a Strong Culture Through Effective Compliance Officer Leadership
© 2015 Baker & McKenzie LLP 9
Engage High-Level Stakeholders‒ Report to your board regularly on the following:
§ Ongoing internal investigations § Compliance program status, compliance challenges facing
your company, and initiatives underway to address them§ General enforcement developments related to your areas of
legal and regulatory compliance risk‒ Regularly (e.g., annually) train the board of directors‒ Separately engage your board’s audit committee to facilitate
ongoing dialogue between primary compliance officer and the board on program developments
© 2015 Baker & McKenzie LLP 10
Collaborate with Officers and Senior Mgmt‒ It is important that employees at all levels of the company view the
CCO, CEO, board, and other senior leaders as a team, equally committed to the program’s success§ Actively solicit your CEO’s input (e.g., monthly meetings) and
engage your CEO in program design, implementation, and, in particular, compliance messaging
§ Meet regularly with the business heads to obtain feedback on evolving risks, program design, and program implementation
§ Conduct monthly meetings with company leaders responsible for other compliance related functions (i.e., Legal, Internal Audit, Accounts Payable, CFO, Finance, HR) to ensure adequate communication on program effectiveness
© 2015 Baker & McKenzie LLP 11
Implement Performance Incentives‒ Incorporating specific compliance requirements into annual
evaluation criteria and connecting compensation to meeting these criteria can be an effective means of guiding employee behavior towards greater respect for compliance § Apply incentives at all levels of company§ Work with senior management and HR to integrate
unique evaluation criteria for senior executives that encourages them to take a leading role in promoting compliance throughout their areas of responsibility
© 2015 Baker & McKenzie LLP 12
Push Compliance Out to Field‒ Identify and designate compliance liaisons or
representatives throughout your corporate operations§ Determine numbers and location based on regular risk
assessments§ Incorporate performance incentives into their evaluation
and compensation criteria to ensure accountability§ Train them to conduct future training in their local office
or assigned department (i.e., “train the trainer”)
© 2015 Baker & McKenzie LLP 13
Develop and Implement a Strategic Communications Calendar‒ Plan out your compliance communications on an annual basis to
ensure regular and consistent messaging from senior management§ Time delivery of messages to ensure company’s commitment to
compliance remains “top of mind” throughout the year§ Target client alerts to specific areas of the business based on
recent enforcement developments§ Ensure business leaders reinforce message as part of regular
operational interactions and meetings (e.g., develop incentives for middle managers to include compliance with policies and procedures as part of weekly coordination meetings)
© 2015 Baker & McKenzie LLP 14
Diversify Delivery of Compliance Message‒ Harness internal communications mechanisms such as internal
blogs and video systems, intranet, and social media to deliver compliance message throughout your organization
‒ Work with internal marketing staff to develop compliance messages and themes§ Showcase leaders from across business areas and functions
to demonstrate senior management’s full commitment to the successful implementation of the compliance program
§ Implement a compliance messaging series focused around key members of senior management such as your CEO
© 2015 Baker & McKenzie LLP 15
Identify Key Initiatives to Lead‒ Certain initiatives should be led by the CCO, ensuring
centralized evaluation and management of your company’s highest risks § Regular risk assessments allowing you to understand the
business’s risks across all operations as the business evolves and changes
§ Implementation of key compliance policies and procedures§ Serve as the gatekeeper and evaluator of risk screening
and analysis for high-risk transactions§ Oversight of monitoring, auditing, and testing processes
© 2015 Baker & McKenzie LLP 16
Incorporate Training into Supervisor Performance Evaluations‒ An effective training program is critical to the success of your
compliance program, yet ensuring that employees keep up with their training is an ongoing challenge§ Enlist the partnership of supervisory personnel by
connecting their performance evaluation to the training completion rates of personnel they superviseo Requires supervisors to re-enforce message of
importance of complianceo Fosters greater employee accountability for completiono If possible, employ technology to track training
© 2015 Baker & McKenzie LLP 17
Make Training Compliance Professionals a Top Training Priority‒ Ensure compliance department personnel participate in
key compliance conferences and trainings annually ‒ Ensure personnel from offices that are key compliance
partners (e.g., Legal, Internal Audit) participate in annual compliance conferences as well
‒ Provide function specific compliance training where appropriate (e.g., provide Accounts Payable training on key anti-corruption red flags)
© 2015 Baker & McKenzie LLP 18
Coordinate Audit and Testing Plans
‒ Compliance policies, procedures, and controls should be audited and tested in consultation with the CCO§ The CCO should provide feedback on areas of the
program in need of verification as informed by risk assessments and continuous program monitoring led by the CCO (i.e., compliance “health checks”)
§ Similarly, subsequent program enhancements should be designed and led by the CCO in consultation with Audit and other relevant personnel