3. 3
Where do we start?
Definitions for Compliance
Google:
the action or fact of complying with a wish or command
Cambridge English Dictionary:
the act of obeying an order, rule, or request
the state of being too willing to do what other people want you
to do
ISO 19600:2014:
meeting all the organisation’s compliance obligations
4. 4
Major Compliance Standards*
Securities and Exchange Commission/ Department of Justice, A Resource
Guide to the US Foreign Corrupt Practices Act
US Federal Sentencing Guideline Manual Section 8B2, Effective
compliance and ethics programs
UK Bribery Act Section 9, Guidance about procedures to prevent bribing
and framework
BS 10500 Anti-bribery Management System
Italian Decree No. 231/2001 Sections 6 and 7
Australian Standard AS 3806-2006, Compliance Programs
German Attestation Standard AssS 980, Audit of Compliance Programs
*Source: EY report, ISO 19600 International standard for compliance management
5. 5
Major international compliance initiatives*
ICC Rules on Combating Corruption
OECD Good Practice Guidance on Internal Controls, Ethics, and
Compliance
United Nations Convention against Corruption
Open Compliance & Ethics Group (OCEG) — RedBook
COSO — Committee of the Sponsoring Organizations of the
Treadway Commission
*Source: EY report, ISO 19600 International standard for compliance management
8. 8
Compliance Quiz
1. Please raise your hand if you think the company you are operating
in, is compliant today.
2. Please raise your hand if
you think the company
you are operating in, is
compliant taking into
account the last 10
years of operations.
9. 9
Globalization of economies
The more you are compliant the more incompliant economies are
growing as they attract uncomplicated businesses and
entrepreneurs.
Industry leaders uses intermediaries. The smaller you are the least
compliance obligations you apply.
Why?
10. 10
Compliance Hope
Is your company compliant in 2018?
We all hope until we find otherwise
LafargeHolcim: “(…) charged with complicity in Syria
crimes against humanity. (…) cement firm suspected of
paying nearly €13m to Isis and other militants”
Source: www.theguardian.com
“Shell and Eni face one of the biggest corruption cases in
corporate history over $1.3bn Nigerian oil field”
Source: www.independent.co.uk
11. 11
Compliance Hope
Is your company compliant in 2018?
“In April, Wells Fargo
was fined $1 billion to
resolve probes into
lending abuses.”
Source: www.businessinsider.com
13. 13
Natural fear
We pretend we are surprised, it is just a matter of time…
It is all discovered too late or after
implementing measures, what does
that tell us?
We are reactive, not pro-active
Not challenging Senior management!
“If I talk I lose my job, I gave so much to
this company!”
Source: unknown
14. 14
Consequences on individuals
It is worse than you think
Former CFO of Siemens was sentenced to 2 years of prison on
probation
Former CEO of Enron was sentenced to 24 years of prison
Former CEO of WorldCom was sentenced to 25 years of prison
What else:
Refund
Divorce
Suicide
15. 15
Consequences on individuals
Is it unfightable?
Employees don’t care about company’s money so what:
People remember how they felt
Once it happens you are done, you lose everything so make
them feel like it
Him: “It won’t happen to me!”
You: “Well if it does, what do you think will happen?”
Stop fight the causes, you know them, start showing the
consequences. Work on human behavior.
16. 16
Compliance is a man made disaster
How do we work?
John Marie
1
2
0
New local
legislation
Fluffy e-learning
Inexplicit and wrongly
adapted compliance
policies
3
4
5
Please
implement
…
17. 17
Positive Compliance
Compliance to risk appetite
Facts: Indianapolis Friday, June 17, 2005, 21:12 time Europe, Ralf
Schumacher's tire on Toyota bursts in turn 13. Cause: unknown
Safety Principle : Michelin recommends
to its 7 customers teams,14 cars, not to
race. Toyota, Renault, McLaren-
Mercedes, Williams-BMW, Bar-Honda,
Sauber Petronas and Red Bull
750 million viewers and 130,000
spectators deprived of Grand Prix
Impact on image and business,
especially in the USA ???
18. 18
Positive Compliance
6 months later
No markets loss, especially in the United States
Enhanced confidence in Michelin, both in the F1 sector and in the
automotive sector in general
Michelin company seen as "serious, respectful of safety, respectful of
its customers".
From
To
0
10
20
30
40
50
60
70
6/1/05
7/1/05
8/1/05
9/1/05
10/1/05
11/1/05
12/1/05
1/1/06
2/1/06
3/1/06
4/1/06
5/1/06
6/1/06
Michelin share price
06.2005 to 06.2006
21. 21
10 Anti-Corruption Principles For State-
owned Enterprises*
1. Operate to the highest standards of ethics and integrity
2. Ensure best practice governance and oversight of the anti-corruption programme
3. Be accountable to stakeholders through transparency and public reporting
4. Ensure human resources policies and procedures support the anti-corruption
programme
5. Design the anti-corruption programme based on thorough risk assessment
6. Implement detailed policies and procedures to counter key corruption risks
7. Manage relationships with third parties to ensure they perform to an anti-corruption
standard equivalent to that of the SOE
8. Use communication and training to embed the anti-corruption programme in the SOE
9. Provide secure and accessible advice and whistleblowing channels
10. Monitor, assess and continuously improve the implementation of the anti-corruption
programme
*Source: Transparency International
22. 22
Whistleblowers
Why would you do this?
Faith in compliance
Reward
Jealousy
Right
Promotion
Want to be fired
You are already fired
Helplines are essentials.
The braves or the unconscious
23. 23
Fighters
Does it help to fight financial crime?
1. Stop focusing on past events but communicates on misbehaviors
2. Report on crime attempts & forward looking indicators, red flags
Refusal to take mandatory vacation or sick leave
Employee lifestyle changes
Significant personal debt and/or credit problems
Borrowing money or requests for pay advances
Easily annoyed at reasonable questions
Source: www.strategiccfo.com
24. 24
Fighters…
& technology
Technology drives compliance reporting
Question: How to trust humans outside systems, emails, sms…
If you can ‘t trust you can:
Control
Train
Monitor
25. 25
Timing
When do you chose to be compliant for?
Now Later
Too
late
1. What does it take to be compliant in time, money and resource
wise?
2. If I’m not compliant what are the consequences? How bad can it be
for the company and for me?
26. 26
Simple?
Compliance IS black and white - Either you are compliant
either you are not
Compliance is a must vs Do I need to be compliant?
UPS spokesmen “It’s the cost of doing business.”
$1.8 million/year$1 million/year
Source: http://www.digitaljournal.com
27. 27
Applying risk management principles, implementing ISO
19600, 37005, 27005, 31000…
Wrap-up
Remember: You take more risks in not doing anything
Informed &
risk based
decisions
First of all, thins you should know about me and then decide if you really want to stay in this room.
One, I’m French, which means I can be …rude and arrogant, very good,
Secondly, I like wine, ok quite obvious for a French man,
Thirdly, I have been in the risk area for 15 years, so maybe not as much as others but long enough to have learn a few things.
Read the slide then comment:
Wish id the important word in this one, it means it may not happen or it is not realistic
Order and request and people, who likes orders, maybe request a bit more
Then you are stuck with an ISO standard, very generic that still needs to be fully met, and it doesn’t mention any human aspect of it compared to the other 2 definitions
All of these guidelines are also giving information to the fraudsters on what they should not focus one, meaning finding others ways to fraud or bribe.
All of these guidelines are also giving information to the fraudsters on what they should not focus one, meaning finding others ways to fraud or bribe.
I like OCEG as their one of the main initiatives that is looking at Governance
ICC, International Chamber of Commerce
OECD, Organisation for Economic Co-operation and Development
Governance: the manner of governing an organization
How do you like the song? Does it sound familiar?
ALCOA, Attributable, Legible, Contemporaneous, Original, Accurate
FDA, Food & Drug Administration
Ask audience why they think this is happening? Or if they have examples
Small business uses online platform intermediaries, not secured enough such as, Amazon Marketplace, App Store, Google Play, Apple App Store, Microsoft Store.
These platforms are listed by the european commission as being in the scope of the Regulation about transparency and fairness for online platforms.
Have you worked for a well known international company?
1b$, can we imagine what we can do with such an amount of money, maybe fighting unemployment or innovate for a better world.
Why wait, that is a real question, company hope they will not get caught, eventually it might be after the perpetrators have left, but it is not always the case.
They play a highly risky game where they have no idea about the consequences.
Sounds familiar?
The purpose here is to frighten people, I’m not being compliant with you, the other meaning of the word.
We need to be fully transparent and acknowledge that these things will happen.
Share price is one aspect of reputation but a very important one when you are a listed company.
With this slide, I would like to share my thoughts on compliance risk management.
Compliance risk management to me is:
Management of risk in line with strategy
Help to achieve objectives
Risk portfolio management (to take more risks)
Transparency about concerns, more transparency about risk impact (patient safety impact, …)
Exchange of best practices (internally and with stakeholders)
Process how to deal with structured risk information (Possibility to have / define risk indicators) to create early warning systems
How to escalate the right information to the right people in the hierarchy
Priorities in risk mitigation
Use to measure performance of the company as well
Read if time allows
Faith in compliance, yes you are one of the few but soon we will be millions hopefully
Reward, in USA, 80% of fraud cases coem through the reward program, 20% get rewarded between 15-25% of money recovered
Jealousy,
Right
Promotion
Want to be fired
You are already fired
Do not be mistaken, helpline are essential and sometimes mandatory, another compliance element to take into account.