Presentation held at the beginning of February 2017 at the Institute of Risk Management Regional Group Switzerland. The presentation gives an overview on current compliance trends and emphasizes the importance of a sound and embedded compliance culture for companies.
2. • The Regulatory Storm
• Whistleblowers talk
• Transparency is a of fact
• A culture of Compliance is essential
2
Agenda
The opinions expressed in this presentation just reflect those of the presenter
and not necessarily those of SIX Group.
3. The Regulatory Storm
• The causes of the storm:
The American Housing Market and Global Financial crisis
Inadequate supervision and regulation
Multiplication of Regulations, e.g. Dodd Frank Act:
• And today: The storm is not over
The fight against terrorism (e.g. EU Action Plan against terrorist financing)
Whistleblowers and the Leak-Legislation (e.g. Lux Leak, Panama Paper)
Transparency
• And tomorrow
Brexit, Donald Trump…
3
4. The Regulatory Storm
The effects:
• Regulations have become more complex, difficult to read and to understand
(e.g. Dodd Frank Act https://www.sec.gov/about/laws/wallstreetreform-cpa.pdf).
• Regulatory changes come with a higher pace (e.g. the 4th and the 5th AMLD)
• Regulators are intensifying their attention and reach (e.g. FINMA has issued ca. 30
industry bans since 2009).
• Stronger consequences in case of non compliance (e.g. violation of AML or GDPR)
• Personal liabilty of Management Team and employees
• Extraterritorial application of law has become normal (e.g. Anti trust laws, FCPA)
Regulatory changes have a massive impact on business models
and require more management attention and resources.
4
7. The importance of Whistleblowers
• Who is a whistleblower: Any person who report or disclose information on acts and
omissions in the workplace that represent a serious threat or harm to the public interest
(Council Europe, Protection of Whistleblowers, Recommendation CM/Rec (2014)7).
• Authorities encourage blowing the whistle as a way to promote compliance with laws and
regulations deterrent effect of whistleblowers.
• Whistleblower are considered crucial in:
increasing accountability, strengthening the fight against corruption and spreading a
culture of transparency
tackling mismanagement in the public and private sectors.
• Most Regulators have implemented whistleblowing tool such as Whistleblowing hotlines
or specific e-mail addresses.
• Several countries have enacted protection rights and offer rewards for external reporting.
7
8. The importance of whistleblowers
• The private sector also acknowledges the importance of internal whistleblowers in detecting,
deterring and preventing wrongdoing that may otherwise remain hidden.
Employees are often the first to know that something is wrong and are in a privileged
position to inform those who can address the problem.
Whistleblowers can act as an early warning system for real or potential malpractice.
Internal whistleblowing arrangements are an essential part of an effective
compliance and risk management system.
• But still…many employees do not file a report (“willful blindness”) - why?
Fear of retaliation or discrimination
Lack or perceived lack of follow-up given to reports
Do not know who or how to address the issue
Cultural aspects
Significant opportunities to protect the assets of a company may be missed.
8
9. The importance of whistleblowers
Do all you can to get reports first:
• Implement a system that provide assurances to all employees that:
All reports will be taken seriously
Strict confidentiality to the whistleblower is ensured
Real protection from all forms of retaliation and discrimination against whistleblowers is
implemented
Is fair towards the target of the whistleblower accusations
Discourage actively individuals from trying to identify who blow the whistle.
• Encourage your employees to file reports whenever they have reasonable doubts about
bad practices repeat the message - use different tools (leaflets, clips, posters etc.).
• Publish sanitized examples of reports and the company’s response to the report.
• Implement whistleblowing trainings and let the compliance officer explain the reporting
process in person.
9
10. The importance of whistleblowers
• Nearly 65% of awards recipients were current or former company employees.
• 80% had raised their concerns first internally before reporting their information to the SEC.
Employees give first their employers a chance to respond.
In 2016 the SEC received 4200 whistleblower tips and
paid 57 Mio USD rewards.
10
11. Transparency
• Billions of devices are connected today to the internet:
Fragmentation of the media industry
Rise of the Post Truth
Public debate less top down and more diffuse
Loss of control of reputation
• Transparency is shaping legislation and regulations.
• Transparency has reached the agenda of governments and supra-national organisations
combatting tax evasion, corruption, money laundering and terrorism financing.
Malpractices and dishonesty will be exposed:
Hiding or lying is not an option!
11
12. Transparency
• Behave as if everything they say and do can become public.
• Change from having “nothing to hide” to pro-actively show you have nothing to hide.
• Be aware of the «peripheries» local issues are global issues.
• Increased information requirements and scrutiny by third parties (e.g. customers, NGO)
social scrutiny has heightened.
• Reports on sustainability are expected and failure to engage with the reporting process
could trigger negative consequences for the organisation.
• Decide if you disclose actively malpractices to regulators or even to the public?
12
Consequences for organisations:
13. Transparency
• Transparency on the organisation (company policies, employment conditions, culture, supply
chain, etc.; EU Directive 2014/95 on disclosure of non-financial and diversity information)
• Transparency on products / production (raw materials used, supply chain, etc.)
• Transparency on prices and fees (e.g. Interchange Fees Regulation, IDD, UK RDR)
• Transparency on the supply chain (EU 2014/95, UK Modern slavery Act)
http://www.vodafone.com/content/dam/vodafone-images/sustainability/downloads/slaverystatement2016.pdf
• Transparency on tax affairs and tax policy
Transparency on earnings and tax payments per country
Transparency on beneficial ownership
Transparency on tax rulings
13
Transparency requirements for companies:
14. A culture of compliance is essential
• Today we know that:
Many of the problems and failures during and after the financial crisis were triggered by
poor cultural foundations.
A lax corporate culture and systemic non-compliance with policies and procedures
increases risk exposure exponentially.
Acting with integrity mitigates or eliminates risks to which a company is exposed and is a
key factor for long-term sustainable success.
• Today, (almost) every company says the right thing on paper (e.g. via the
Code of Conduct).
• And still: Unethical or even criminal conduct in business continues to be a major
concern for companies - why?
14
15. A culture of compliance is essential
15
• Compliance covers the observance of legal requirements as well as internal behavioral
guidelines (e.g. codes of conduct) and includes a commitment to acting with integrity
(“do the right thing”).
• Culture determines how employees feel about their jobs and the industry they work in, it
affects motivation and in particular the way they work.
• Culture has a major effect on public perception and the reputation of an organisation.
Problematic culture and subcultures can cause massive (reputational) damage.
• Because a culture of compliance is about doing the right thing whether or not a line
manager, a regulator or anyone else is watching.
A sound and embedded compliance culture including a comprehensive and
binding integrity framework is essential!
Why is a culture of Compliance so important?
16. Elements of a living Compliance Culture
Senior Accountability and Leadership
16
The right People
Controls
Trainings
Documentation
17. Senior Accountability and Leadership
Tone at the Top
• Compliance culture receives continuous attention from the Board of Directors
Published Board charters includes responsibility for oversight of values and conduct.
• Board and Top Management implement a reputation, values and conduct risk dashboard
monitoring information on reputation, conduct and values is regularly submitted to the
Board and debated between Board and Top Management.
• Clear assignment from the Board to the Top Management of the responsibility for ensuring
that the “tone at the top” has a clear and consistent “echo from the bottom”
1st line f defense is primary responsible for delivering the desired values and conduct.
• Top Management and those reporting to him are held accountable for adhering to the
compliance requirements.
Are held accountable for actions that are not line with the requirements.
17
18. Top Management:
• Is responsible embedding effectively compliance into all business units.
• Makes sure that the tone at the top is matched in the middle and prevent inappropriate sub-
cultures Leadership.
• Demonstrate tangible support for the risk functions (staff, resources, tool, etc.) and
champions desired values and conducts e.g. celebrates staff who escalate potential issues.
• Implements zero tolerance for behaviors that violates company’s values, ethics and desired
conduct violations must be sanctioned, reported to Top Management and remediation
actions must be monitored by risk functions.
• Publishes sanitized examples of non compliance and the company’s response to it.
• Implements a strict non-retaliation policy in terms of whistleblowers.
18
Tone at the Top
Senior Accountability and Leadership
19. Walk the Talk
Top Management acts as a role model and
• Sends clear and consistent messages on regular basis to the staff on compliance culture
and demonstrates a strong and positive attitude towards compliance organisation
employees know what is expected of them.
• Encourages critical views and installs a speak up culture and acknowledges mistakes
Bans an “Only good news, please”- Culture.
• Reinforces a culture of compliance by appropriate incentive systems.
• Participates in any discussion about controls or in controls and asks regularly and
unexpected questions about controls.
• Performs employee and customer surveys that also measure cultural elements and
identify behaviors that are contrary to the cultural foundation of the company.
19
Senior Accountability and Leadership
20. The right people
Desired values and conduct must be reflected in the practices of the company
• Hiring, staff development and promotion must include compliance requirements
How do you hire? How are employees evaluated and promoted?
• Adherence to compliance requirements is integral to the reward system.
Set incentives for desired behaviors and clear negative consequences for improper
conduct
Foresee compensation adjustments in the event of breaches of compliance
requirements such as bonus reduction or elimination, claw backs
• How do employees act when managers are not present and when matters of personal
judgment arise?
• How do you choose clients, suppliers and business partners? Do you maintain
relationship with third parties who have a questionable reputation or have violated laws?
20
Hiring, compensation and promotions practice
21. Trainings
• General compliance trainings
Implement regular trainings on the relevant rules.
Train managers on their role in maintaining an open culture without fear of retaliation.
Implement whistleblowing / anti-retaliation trainings.
• Specific trainings
Implement specific department/team trainings carried out by senior management
Awareness of the compliance requirements and qualifications for a positions.
Implement trainings with ethical dilemma situation distinctive to your business and
organization (“the fine line between acceptable and unacceptable”)
• Repeat the trainings
Make sure that employees are kept qualified recurring educational trainings.
21
Compliance Trainings Program
22. Controls
• Review if the risk defense governance framework includes effectively culture, integrity
and conduct standards.
• Define control points for each cultural risk and check if for all control points a specific
function and person has been designated to manage a determined control point
ownership and accountability must lie with the 1st line of defence.
• Carry out regular assessments, also ad-hoc surprise controls, across the company to
identify issues that may be rooted in cultural problems, review in particular the hiring,
training, incentives and promotion systems and the efficacy of early warning systems.
• Review if your business partners (distributor, agents, supplier, etc,) adhere effectively to
your compliance culture.
• Incidents shall also determine if the underlying cause is a cultural / behavioral failure.
• Benchmark regularly compliance standards and program against peers.
22
Controls of effectiveness
23. Documentation
23
• Documentation provides transparency and proof on the seriousness of a compliance
program to senior management, internal and external auditors, regulators and
stakeholders.
It is not enough (anymore) to tell – you have to show.
• Documentation must be:
accurate, easy to understand an constantly updated
Easy and rapidly reproducible
serve as an evidence e.g. in case of an inspection
Properly stored and archived
• Ownership and accountability for each documentation must be clearly assigned to one
employee.
Transparency and Proof