This document discusses developing a digital compliance program to strengthen corporate governance. It involves 3 phases: 1) updating the corporate governance model, 2) developing digital compliance training courses, and 3) institutionalizing management attestations and supervision. The goals are to align policies with laws, prevent misconduct, and establish stakeholder communications. Regulators increasingly pressure companies to implement robust compliance programs, and enforcement actions against companies like Wells Fargo show the costs of non-compliance.
1. Digitizing
Corporate Governance
Creating the Governance ability to apply information and technology in
raising the firm performance by enhancing the Board capacity to direct
and control through a set of rules, practices and processes
!1
2. OBJECTIVES
!2
To evolve into a high performance organizational culture scaling and
integrating the firm corporate governance model and compliance practice
into its operations, through a digital compliance program effective in;
aligning corporate policies with laws, rules and regulations as well as to
prevent and detect misconducts
To establish the necessary
communications channels with
stakeholders; employees,
customers, suppliers, authorities,
communities and investors
To conform the mechanics for the
effective overlook, proactive
update and supervision by the
Board Corporate Practices
Committee
3. CURRENT CONTEXT
Recent developments confirm that the US Department of Justice (DOJ) is
increasing the pressure on companies to implement robust and tailored
compliance programs.
On November 3, 2015, Hui Chen joined the DOJ as the agency’s first
Compliance Counsel. Assistant Attorney General Leslie Caldwell announced
that Chen’s mission was to assist prosecutors in assessing a company’s
program, as well as to test the validity of the company’s claims about its
program, such as whether the compliance program truly is thoughtfully
designed and sufficiently resourced to address the company’s compliance
risks, or essentially window dressing. hbr.org/2018/03/why-compliance-
programs-fail
!3
4. AGENCY RISKY
Regulatory reviews are expected to address;
A. Whether a violation of the law, company policy, rules and regulations, has
occurred because the company lacked an effective compliance program or
because a rogue employee circumvented an otherwise robust program.
B. Whether a company has designed a program that suits the unique
attributes of its operations and strategy.
C. How the company proactively assess and enhance its Corporate
Governance and Compliance program. HSBC Fx Front-running.
The above has been previously articulated by the Securities and Exchange
Commission in various pronouncements, along the key components of a
strong compliance program.
!4
5. DEPARTMENT OF JUSTICE
Filip Factors specifically include “the existence and effectiveness of the
corporation’s pre-existing compliance program” and the corporation’s remedial
efforts to implement an effective corporate compliance program or to improve
an existing one.
A. The Principles of Federal Prosecution of Business Organizations in the
United States Attorney’s Manual describe specific “Filip Factors” that
prosecutors should consider in conducting an investigation of a corporate
entity, determining whether to bring charges, and negotiating plea or other
agreements.
B. A DOJ investigation triggers the application of the “Filip Factors”. There is
no rigid formula to assess the effectiveness of corporate compliance
programs, each company's risk profile and solutions to reduce its risks
warrant particularized evaluation.
There are, however, common questions for corporations in making an
individualized determination... DOJ/criminal-fraud
!5
8. OBSERVED COSTS
• Volkswagen case metrics illustrates with; an estimated direct cost for the
emissions scandal for up to $50 Bn, almost 50% of shareholders lost value and
a 16% sales drop in NorthAmerica. Triggering as well industry wide revisions
in global scale former-ceo-volkswagen-ag-charged-conspiracy-and-wire-
fraud-diesel-emissions-scandal/May 3rd, 2018 .
Banks Fines and Penalties biggest categories 09-15 ($Bn/Carlytics)
• The financial industry has taken a heavy toll with the 10 largest US and
European Banks fined for more than $ 150 Bn between 09 and 17, wiping out
the equivalent of 14% of their equity capital.
• Fines relate to civil and criminal cases
brought by regulators and authorities with
power to levy penalties.
• Client reporting failures involved
misleading customers about investments
and not communicating clearly enough
with borrowers.
!8
9. KEY COMPONENTS
• The board and senior management have a visible and strong
commitment to the company compliance program that is
communicated throughout the organization.
• The individual responsible for compliance holds a position of stature
and has adequate resources and funding to implement an effective
program.
• Policies and procedures are accessible, easy to understand and
translated into all necessary languages.
• Employees receive periodic training on policies and procedures,
including information on how and where they can seek guidance
and/or report concerns.
!9
10. KEY COMPONENTS
• The program is dynamic and evolves as risks change, such as when the
company acquires other companies or enters new territories.
• Incentives for ethical behavior and disciplinary measures are evenly
applied across all levels of management, supervisors and all
employees.
• The company has procedures in place to ensure that its vendors,
consultants and other third parties comply with the company’s policies
and the law. Companies are expected to terminate business
relationships with third parties that demonstrate a lack of adherence to
laws and policies.
!10
11. RISK GOVERNANCE
• Reputation. An amplifier risk condition which layers on or attaches to other
risks specially; environmental, social and governance. With implications on
materiality, duration and or expansion.
• Leadership and Culture. The creation of a pervasive risk culture and or
silos which may foment behaviors by the rest of the management and
deeper into the organization.
• Cyber Security. Continues to evolve as a multifaceted constantly evolving
treat.
• Resilience. Business continuity and disaster recovery plan.
• Compliance.
!11
12. CYBER SECURITY
Private sector entities operate today on the front lines of cyber conflict, targeted
by a variety of hostile actors that seek to steal and misappropriate their
intellectual property, degrade their infrastructure, and disrupt their business
activities.
• Operationalizing Active Defense with a set of technical, legal, policy and
governance considerations to protect most valuable data and assets.
• Developing an operational template based upon a thorough risk assessment
and integrating incident response protocols.
• Damage on the network of a readily identifiable victim should led to
prosecution, regulatory action or civil action under Computer Fraud and
Abuse Act (CFAA) (Google operation Aurora, Dridex Botnet).
• Employee awareness of company policy and information safekeeping remains
the first line of defense including incident reporting channel.
!12
13. 3 PHASES
1. Updating the firm Corporate Governance model
2. Developing a digital implementation plan
3. Validating management architecture, supervision
functions and measuring performance
!13
14. PHASE 1
Validate and complement firm corporate governance model:
A. Corporate Practices Committee agenda, standards adoption and
communication channels with stakeholders.
B. Regulatory framework, industry specific acts, information security, business
continuity plan, rules and regulations.
C. Incorporating relevant international legislation (Sarbanes Oxley, Dodd-
Frank, OFAC, Foreign Corrupt Practices Act https://www.justice.gov ,
OECD standards http://www.oecd.org/ .
D. Delineating the conduct and behavior practice addressing employee digital
identity, code of ethics, cyber-security, conditions for a respectful and
inclusive workplace. https://www.nytimes.com/2018/04/28/business/
nike-women https://www.nytimes.com/2018/05/08/business/nike-
harassment.html
!14
15. PHASE 2
Developing no more than 12 comprehensive corporate governance
Compliance training courses:
A. One training per month at the most, selectively cascading through
organizational levels, with less than an hour for completion time and
between 5 to 20 questions quiz.
B. Digitally deployed with time completion limits and gathering data on
each individual performance.
C. Firm employees must take all courses on yearly basis for 3 years and
thereafter with every update or under an extended sequence.
D. Corporate Practices Committee communication channel with
employees is reinforced in each training.
!15
16. !16
Institutionalizing management and supervisors attestation practice
on business conduct and behavior:
A. A quarterly/yearly exercise whereby all managers and supervisors
attest to be in compliance with the firm corporate governance practice.
B. Includes up to 30 specific questions on the individuals conduct, good
keeping of accounts and records, company assets, applicable rules and
regulations.
C. Adherence to jurisdictions, foreign laws and global industry
operational standards.
D. Executed prior to performance appraisals and compensation reviews,
aligning supervisors structure and talent development to key
performance indicators.
PHASE 3
18. !18
Elizabeth Warren rips Wells Fargo at Fed chair hearing
Fox News
Sen. Elizabeth Warren (D-Mass.) grilled Federal Reserve Chair Jerome Powell on
Thursday over the measures the U.S. central bank is taking to hold Wells Fargo
accountable for consumer abuses dating back to 2016. Read the full story