The Evolving Role of the Chief Compliance Officer

GOOD. SMART. BUSINESS. PROFIT.TM

The Evolving Role of the Chief Compliance Officer

August 26, 2014

Kevin McCormack Managing Director, Content & Programming [email protected] 303.819.9817

We welcome you to submit any questions for the panel through the chat functions you see on your screen.

HOST

QUESTIONS

MATERIALS You’ll receive a copy of this presentation following the webinar (within a few days) along with some additional resources. You can also contact us with any questions at [email protected].

3

Robert Chersi Executive Director, Center for Global Governance Reporting and Regulation, Pace University Seth Rice Assistant General Counsel – Compliance & Director of Global Ethics & Compliance, Kennametal Joe LeBas Chief Strategy Officer, Convercent

SPEAKING TODAY

The Evolving Role of the Chief Compliance Officer August 26, 2014

©2014 Convercent. All rights reserved. 6


Robert Chersi Execu&ve Director Center for Global Governance Repor1ng and Regula1on Pace University

Seth A. Rice Assistant General Counsel – Compliance & Director of Global Ethics & Compliance Kennametal

Joe LeBas Chief Strategy Officer Convercent

©2014 Convercent. All rights reserved.

Historical Context: When things go wrong, legislation “to make sure it never happens again” often results

7


Sample Occurrences The “Robber Baron” era (Morgan, Carnegie, etc) The Great Depression Corporate Governance failures (Enron, World Com, Tyco, etc.) The Great Recession, and its bankruptcies (Lehman), conservatorships (Fannie), forced marriages (Countrywide), new banks (Goldman), etc.

Sample Resulting Legislations Sherman Anti Trust Act of 1890 Clayton Anti Trust Act of 1914 Securities Acts of 1933 and 1934 Sarbanes Oxley Act of 2002 Dodd Frank Act of 2010 Basel III Etc., etc., etc.


8


Legislation Number of Pages

Dodd Frank (2010) 848*

Federal Reserve Act (1913) 31

Glass Steagall (1933) 37

Sarbanes Oxley (2002) 66

Gramm Leach Bliley (1999) 145

* Excludes pages resulting from the subsequent “studies” called for in Dodd Frank. For example, the “Volcker Rule,” when issued in December 2013, added a further 900 plus pages.

Regulations are at record levels and complexity


The criticality of complying with The Federal Sentencing Guidelines… §8B2.1. Effective Compliance and Ethics Program

(a) To have an effective compliance and ethics program, for purpose of subsection (f) of §8C2.5 (Culpability Score) and subsection (b)(1) of §8D1.4 (Recommended Conditions of Probation – Organizations), an organization shall —

(1) exercise due diligence and prevent and detect criminal conduct; and (2) otherwise promote an organizational culture that encourages ethical conduct

and a commitment to compliance with the law.

Such compliance and ethics programs shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.

9



While compliance’s resources have increased …

10


2012 vs. 2011 Staff Dollars Increased 47% 47%

No Change 41% 45%

Decreased 12% 8%

Source: Consero’s “2012 Chief Compliance Officer Data Survey”

Last 12 Months Staff Dollars Increased 34% 34%

No Change 49% 39%

Decreased 7% 7%

Don’t Know 10% 20%

Source: PwC’s “State of Compliance: 2013 Survey”


…Challenges remain Do you have sufficient resources to manage a compliance program effectively? Yes: 53% No: 47% Do your performance appraisal and incentive programs positively support your compliance and integrity objectives? Yes: 45% No: 55% Source: Consero’s “2012 Chief Compliance Officer Data Survey”

11



…Challenges remain Percentage of compliance professionals surveyed who: Expect their PERSONAL liability to increase in 2014 53%

(of which) “Significantly increase” 17% “No Change” 43%

Expect the 2014 cost of their compliance staff to increase 66%

(of which) “Significantly more” 21% “Slightly more 41%

Source: “Cost of Compliance 2014” by Thomson Reuters

12



So what can we do?

13



Core attributes of risk intelligent compliance •  Ongoing alignment of compliance investments with compliance risk ratings

and business priorities •  Separate, but consistent with, the company’s ERM approach

•  Widespread recognition of compliance’s potential impact on multiple dimensions of enterprise value

•  Financial PLUS reputational, sanctions, etc. •  Don’t underappreciate “tail risks”

•  The use of the company’s compliance strengths to pursue “upside” business value

•  Play both defense AND offense

Source: Deloitte

14



What metrics do you use to measure the compliance function’s effectiveness?

15


Analysis of internal audit findings 74%

Completion of annual & new hire compliance training 68%

Volume of calls to hotline 65%

Disposition of internal investigations 59%

Feedback from employees Ethics surveys 56%

Comparisons to competitors or similar organizations 48%

Size of regulatory fines or penalties 31%

Source: Compliance Trends Survey 2013


The “10 Hallmarks of an Effective Compliance Program” (DOJ/SEC)

16


1. Tone at the Top 6. Incentives & Disciplinary Measures (“from the board room to the supply room”)

2. Code of Conduct, and Compliance Policies & Procedures 7. Third Party Due Diligence

3. Oversight, Autonomy & Resources 8. Confidential Reporting & Investigating

4. Risk Assessment 9. Continuous Improvement

5. Training & Continuing Advice (to business partners)

10. Pre-acquisition Due Diligence & Post-acquisition Integration


“Skate where the puck is going, not where it’s been.”

- Wayne Gretzky

17



Kennametal introduction Kennametal (NYSE: KMT), is a leading global manufacturer of wear-resistant solutions, founded in 1938 and headquartered in Latrobe, Pennsylvania Serve customers in more than 60 countries Annual sales of approximately $3 billion Recognized as a World’s Most Ethical company for three consecutive years Employs approximately 14,000 globally Office of Ethics and Compliance sits within the Office of the General Counsel

18



Themes & trends from the front lines •  CCO reporting structure / organizational placement:

•  32% of CCO’s report to CEO (PwC State of Compliance 2014 Survey) •  Balance report through General Counsel or other functions

•  Cross-functional / integrated approach to compliance is a must: •  It’s not just Legal and Internal Audit anymore •  Seeing the enterprise compliance ‘dashboard’ •  Aligning business plan with compliance / reputational risk framework

•  Exponential increase in complexity of regulatory / risk environment: •  Both developed and emerging markets •  Risk-based approach is essential

•  CCO must become a strategic business partner – its expected

•  Meaningful program metrics are expected by senior management and the Board

19



Compliance challenges & opportunities •  Top Compliance Challenges:

•  Bribery and Corruption Risk •  Conflicts of Interest •  Data Privacy •  Conflicts Minerals Compliance •  Trade Compliance (in a volatile and increasingly divided world)

•  No cookie-cutter compliance solutions (DOJ/SEC statements to this effect) •  Must assess and understand your organization, business, and growth strategy

against compliance and reputational risk

•  Consider both the “can I” (i.e. legal) and “should I” (i.e. risk) questions

20



Compliance challenges & opportunities •  Global bribery and corruption enforcement focus on 3rd party relationships •  Challenging area to assess and manage relational risk •  Strong integration with the business / channel partner programs / sourcing functions is

key

•  3rd Party Risk Management: •  Critical current and near-term focus on agents and distributors •  Compliance can be part of channel partner branding •  Challenging to scope and design effective programs •  Identifying and managing supply chain risk •  Holistic / proactive approach:

•  Actively communicate compliance expectations •  On-boarding / supplier selection due diligence •  Monitoring the relationship (i.e. technology) •  Auditing to confirm compliance with established expectations

21



Enterprise risk management process •  ERM provides valuable strategic risk-based information to inform compliance

program design

•  Process helps inform audit program design and health of compliance programs and ‘firewalls’

•  Kennametal conducts structured ERMs across our global operations every year: •  Enterprise-wide •  Regional •  Functional assessments •  ERM outcomes are risk-ranked and tackled at each level of the organization

and woven into ‘compliance risk management fabric’

22



Integrated approach to compliance •  Seeing beyond the compliance ‘silos’ is essential but challenging

•  Cross-functional approach necessitated by complexity: •  Legal •  Internal Audit / Finance •  Human Resources •  Information Technology •  Other compliance functions (EHS, trade, etc.)

•  Kennametal is exploring how to achieve a more integrated approach – many options to consider:

•  Centralized compliance model •  Decentralized compliance model •  Hybrid / matrix approach

23



Evolving with the organization •  CCO must constantly assess and modify compliance and ethics posture as the

business evolves / markets change

•  Emerging markets are increasingly complex and active compliance risk hotspots

•  Monitoring and reacting to leading and lagging indicators: •  Employee engagement data •  Audit findings •  Reputational profile •  Whistleblower data

•  Critical to be involved in the business strategy development process to effectively assess and manage complex compliance risk environment

24



Enhancing program fundamentals

•  Program fundamentals cannot get lost in the shuffle: •  Strong policy management •  Clear guidelines and communication •  Engaging and dynamic training strategies •  Whistleblower processes •  Leveraging technology

•  Focus Areas: •  Dynamic (risk-based) training model v. one size fits all •  Ethical leadership:

•  Living it and modeling it •  Beyond just tone-at-the top •  Building enterprise-wide capacity

•  Leveraging whistleblower data for risk assessment process •  Enhancing quality and consistency of internal investigations

25



26


Developing meaningful program metrics

•  Board and senior management increasingly expect (and need) meaningful compliance metrics

•  Collecting and sorting relevant data is key – what, how, and when to report are not easy questions to answer

•  Traditional Metrics: •  Whistleblower report data •  Training programs •  Policies and procedures

•  Future State Metrics: •  Leverage technology to analyze program data •  Predictive metrics •  Audit outputs


“You can’t build a reputation on what you are going to do.”

- Henry Ford

27



In Summary: CCOs are becoming more strategic, Boards are also becoming more involved Risk Managers …

28


Source: PwC State of Compliance Survey, 2014


Thus, an Effective Compliance Program should also be an Actionable Platform.

29



Thank you. Questions?

30


You’ll receive a recording of this webinar along with a copy of the presentation slides shortly. Thank you for attending!

This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world. For more information on BELA contact:

Laara van Loben Sels Senior Director, Engagement Services [email protected] 480.397.2663

Business Ethics Leadership Alliance (BELA)

THANK YOU

The Evolving Role of the Chief Compliance Officer

Career

Transcript of The Evolving Role of the Chief Compliance Officer