Is it a Risk to Be Compliant?
•
1 like•1,025 views
This presentation has been delivered by Stéphane Martin at the PECB Insights Conference 2018 in Paris
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Is it a Risk to Be Compliant?
Similar to Is it a Risk to Be Compliant? (20)
More from PECB
More from PECB (20)
Recently uploaded
Recently uploaded (20)
Is it a Risk to Be Compliant?
- 1. Is it a risk to be compliant? Stéphane Martin CEO Smart Risk Consulting Co-Founder Risk-!n
- 3. 3 Where do we start? Definitions for Compliance Google: the action or fact of complying with a wish or command Cambridge English Dictionary: the act of obeying an order, rule, or request the state of being too willing to do what other people want you to do ISO 19600:2014: meeting all the organisation’s compliance obligations
- 4. 4 Major Compliance Standards* Securities and Exchange Commission/ Department of Justice, A Resource Guide to the US Foreign Corrupt Practices Act US Federal Sentencing Guideline Manual Section 8B2, Effective compliance and ethics programs UK Bribery Act Section 9, Guidance about procedures to prevent bribing and framework BS 10500 Anti-bribery Management System Italian Decree No. 231/2001 Sections 6 and 7 Australian Standard AS 3806-2006, Compliance Programs German Attestation Standard AssS 980, Audit of Compliance Programs *Source: EY report, ISO 19600 International standard for compliance management
- 5. 5 Major international compliance initiatives* ICC Rules on Combating Corruption OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance United Nations Convention against Corruption Open Compliance & Ethics Group (OCEG) — RedBook COSO — Committee of the Sponsoring Organizations of the Treadway Commission *Source: EY report, ISO 19600 International standard for compliance management
- 6. 6 Compliance… …to what • International standards or Policies • Definitions • Compliance to company rules & controls • Personal standards • …
- 7. 7 Karaoke – The Sound of Compliance
- 8. 8 Compliance Quiz 1. Please raise your hand if you think the company you are operating in, is compliant today. 2. Please raise your hand if you think the company you are operating in, is compliant taking into account the last 10 years of operations.
- 9. 9 Globalization of economies The more you are compliant the more incompliant economies are growing as they attract uncomplicated businesses and entrepreneurs. Industry leaders uses intermediaries. The smaller you are the least compliance obligations you apply. Why?
- 10. 10 Compliance Hope Is your company compliant in 2018? We all hope until we find otherwise LafargeHolcim: “(…) charged with complicity in Syria crimes against humanity. (…) cement firm suspected of paying nearly €13m to Isis and other militants” Source: www.theguardian.com “Shell and Eni face one of the biggest corruption cases in corporate history over $1.3bn Nigerian oil field” Source: www.independent.co.uk
- 11. 11 Compliance Hope Is your company compliant in 2018? “In April, Wells Fargo was fined $1 billion to resolve probes into lending abuses.” Source: www.businessinsider.com
- 12. 12 Late actions are …expensive WHY WAIT?
- 13. 13 Natural fear We pretend we are surprised, it is just a matter of time… It is all discovered too late or after implementing measures, what does that tell us? We are reactive, not pro-active Not challenging Senior management! “If I talk I lose my job, I gave so much to this company!” Source: unknown
- 14. 14 Consequences on individuals It is worse than you think Former CFO of Siemens was sentenced to 2 years of prison on probation Former CEO of Enron was sentenced to 24 years of prison Former CEO of WorldCom was sentenced to 25 years of prison What else: Refund Divorce Suicide
- 15. 15 Consequences on individuals Is it unfightable? Employees don’t care about company’s money so what: People remember how they felt Once it happens you are done, you lose everything so make them feel like it Him: “It won’t happen to me!” You: “Well if it does, what do you think will happen?” Stop fight the causes, you know them, start showing the consequences. Work on human behavior.
- 16. 16 Compliance is a man made disaster How do we work? John Marie 1 2 0 New local legislation Fluffy e-learning Inexplicit and wrongly adapted compliance policies 3 4 5 Please implement …
- 17. 17 Positive Compliance Compliance to risk appetite Facts: Indianapolis Friday, June 17, 2005, 21:12 time Europe, Ralf Schumacher's tire on Toyota bursts in turn 13. Cause: unknown Safety Principle : Michelin recommends to its 7 customers teams,14 cars, not to race. Toyota, Renault, McLaren- Mercedes, Williams-BMW, Bar-Honda, Sauber Petronas and Red Bull 750 million viewers and 130,000 spectators deprived of Grand Prix Impact on image and business, especially in the USA ???
- 18. 18 Positive Compliance 6 months later No markets loss, especially in the United States Enhanced confidence in Michelin, both in the F1 sector and in the automotive sector in general Michelin company seen as "serious, respectful of safety, respectful of its customers". From To 0 10 20 30 40 50 60 70 6/1/05 7/1/05 8/1/05 9/1/05 10/1/05 11/1/05 12/1/05 1/1/06 2/1/06 3/1/06 4/1/06 5/1/06 6/1/06 Michelin share price 06.2005 to 06.2006
- 19. 19 Compliance Risk Management What about it?
- 20. 20 Corruption Perception Index 2017 *Source: 2018 Transparency International. www.transparency.org/cpi
- 21. 21 10 Anti-Corruption Principles For State- owned Enterprises* 1. Operate to the highest standards of ethics and integrity 2. Ensure best practice governance and oversight of the anti-corruption programme 3. Be accountable to stakeholders through transparency and public reporting 4. Ensure human resources policies and procedures support the anti-corruption programme 5. Design the anti-corruption programme based on thorough risk assessment 6. Implement detailed policies and procedures to counter key corruption risks 7. Manage relationships with third parties to ensure they perform to an anti-corruption standard equivalent to that of the SOE 8. Use communication and training to embed the anti-corruption programme in the SOE 9. Provide secure and accessible advice and whistleblowing channels 10. Monitor, assess and continuously improve the implementation of the anti-corruption programme *Source: Transparency International
- 22. 22 Whistleblowers Why would you do this? Faith in compliance Reward Jealousy Right Promotion Want to be fired You are already fired Helplines are essentials. The braves or the unconscious
- 23. 23 Fighters Does it help to fight financial crime? 1. Stop focusing on past events but communicates on misbehaviors 2. Report on crime attempts & forward looking indicators, red flags Refusal to take mandatory vacation or sick leave Employee lifestyle changes Significant personal debt and/or credit problems Borrowing money or requests for pay advances Easily annoyed at reasonable questions Source: www.strategiccfo.com
- 24. 24 Fighters… & technology Technology drives compliance reporting Question: How to trust humans outside systems, emails, sms… If you can ‘t trust you can: Control Train Monitor
- 25. 25 Timing When do you chose to be compliant for? Now Later Too late 1. What does it take to be compliant in time, money and resource wise? 2. If I’m not compliant what are the consequences? How bad can it be for the company and for me?
- 26. 26 Simple? Compliance IS black and white - Either you are compliant either you are not Compliance is a must vs Do I need to be compliant? UPS spokesmen “It’s the cost of doing business.” $1.8 million/year$1 million/year Source: http://www.digitaljournal.com
- 27. 27 Applying risk management principles, implementing ISO 19600, 37005, 27005, 31000… Wrap-up Remember: You take more risks in not doing anything Informed & risk based decisions
- 28. 28 One last gig – Compliance: The Musical
- 29. The end is the beginning! Stéphane Martin
Editor's Notes
- First of all, thins you should know about me and then decide if you really want to stay in this room. One, I’m French, which means I can be …rude and arrogant, very good, Secondly, I like wine, ok quite obvious for a French man, Thirdly, I have been in the risk area for 15 years, so maybe not as much as others but long enough to have learn a few things.
- Read the slide then comment: Wish id the important word in this one, it means it may not happen or it is not realistic Order and request and people, who likes orders, maybe request a bit more Then you are stuck with an ISO standard, very generic that still needs to be fully met, and it doesn’t mention any human aspect of it compared to the other 2 definitions
- All of these guidelines are also giving information to the fraudsters on what they should not focus one, meaning finding others ways to fraud or bribe.
- All of these guidelines are also giving information to the fraudsters on what they should not focus one, meaning finding others ways to fraud or bribe. I like OCEG as their one of the main initiatives that is looking at Governance ICC, International Chamber of Commerce OECD, Organisation for Economic Co-operation and Development Governance: the manner of governing an organization
- How do you like the song? Does it sound familiar? ALCOA, Attributable, Legible, Contemporaneous, Original, Accurate FDA, Food & Drug Administration
- Ask audience why they think this is happening? Or if they have examples Small business uses online platform intermediaries, not secured enough such as, Amazon Marketplace, App Store, Google Play, Apple App Store, Microsoft Store. These platforms are listed by the european commission as being in the scope of the Regulation about transparency and fairness for online platforms.
- Have you worked for a well known international company?
- 1b$, can we imagine what we can do with such an amount of money, maybe fighting unemployment or innovate for a better world.
- Why wait, that is a real question, company hope they will not get caught, eventually it might be after the perpetrators have left, but it is not always the case. They play a highly risky game where they have no idea about the consequences.
- Sounds familiar?
- The purpose here is to frighten people, I’m not being compliant with you, the other meaning of the word. We need to be fully transparent and acknowledge that these things will happen.
- Share price is one aspect of reputation but a very important one when you are a listed company.
- With this slide, I would like to share my thoughts on compliance risk management. Compliance risk management to me is: Management of risk in line with strategy Help to achieve objectives Risk portfolio management (to take more risks) Transparency about concerns, more transparency about risk impact (patient safety impact, …) Exchange of best practices (internally and with stakeholders) Process how to deal with structured risk information (Possibility to have / define risk indicators) to create early warning systems How to escalate the right information to the right people in the hierarchy Priorities in risk mitigation Use to measure performance of the company as well
- Read if time allows
- Faith in compliance, yes you are one of the few but soon we will be millions hopefully Reward, in USA, 80% of fraud cases coem through the reward program, 20% get rewarded between 15-25% of money recovered Jealousy, Right Promotion Want to be fired You are already fired Do not be mistaken, helpline are essential and sometimes mandatory, another compliance element to take into account.
- Because it is all about data and systems
- Ask the audience what these numbers linked to.