Compliance Mentalist Extraordinaire!

Transcription

1 How to Be a Wildly Strategic Compliance Officer: Why Every Decision is a Strategic One The Great and Mystical KRISTINI! Compliance Mentalist Extraordinaire! 1

2 25 20 Survey Results ENGAGEMENT OF THE BUSINESS REQUEST FOR RESOURCES / BUDGET PROBLEMS WHERE TO START HOW TO PRIORITIZE SPECIFIC NEW LAW / TECHNOLOGY QUESTION DEALING WITH OTHER FUNCTIONS EFFECTIVELY IS IT GOOD? Percentage of respondents Agenda Where do I start? How do I prioritize? How do I get engagement from the business? 2

3 Kristy Grant-Hart Spark s London based Founder and CEO An accomplished compliance professional and true expert in her field. Risk Universe Magazine Author Speaker Consultant Professor Former Chief Compliance Officer Lawyer Setting the Strategy 3

4 Defining the Risks Do you really want to eat the whole elephant? Defining the Risks Bribery Competition / Antitrust Data Privacy Cyber risk / identity theft Trade sanctions / import / export Health and safety Culture and ethics Modern Slavery / Trafficking Others? Bullying Labor and employment Government / permits Travel / kidnapping Terrorism Money laundering Products liability Supply chain management Others? 4

5 Wildly Strategic Compliance Officer Risk Ownership Chart Media Mogul Company Ltd. Risk Current Owner Explicit Assignment Needs and Next Steps Bribery Compliance Yes in the job None description and in our anti bribery policy Competition / Antitrust None Data Privacy Compliance for internal investigations, Legal for regulatory investigations or formal proceedings Unclear some compliance, some Information Security and some Information Technology Yes separation of duties is explicitly agreed to and implemented by Legal and Compliance No our online privacy policy was written by Legal, but no one is in charge of handling data breach or dealing with regulatory changes Create a rapid response team for data breach preparation including representatives from Legal, Compliance, Communications, Information Technology and Information Security. How Do I Prioritize? 5

6 The key is not to prioritize what is on your schedule, but to schedule your priorities. Steven Covey Sources Seven Pillars of the U.S. Federal Sentencing Guidelines OECD Guidance United Kingdom Bribery Act 2010 Adequate Procedures Defence Guidance ISO and

7 The Big Seven Policies and Procedures Training Monitoring and Auditing Messaging Due Diligence Risk Assessment Governance Three Year Compliance and Ethics Program Plan TOPIC: POLICIES AND PROCEDURES Where We Are Now Where We Want to Be Year One Goals Our Code of Conduct is a black andwhite document only available in English. We don t have a formal anti bribery policy. We don t have a formalized process for due diligence on our third parties, representatives or agents. Our Code of Conduct is best in class with Q&As, color and graphics design. We have a formal anti bribery policy along with supporting procedures that are fully implemented throughout the organization. We have formalized due diligence procedures and have implemented software to manage our third party due diligence review system. Create a working group with representatives from Human Resources, Sales, Finance, Legal and someone from each of our major regions to begin discussion of the new Code of Conduct. Complete first draft by the end of the year. Obtain approval for the Anti Bribery Policy and translate it into all required languages. Obtain approval for third party due diligence process from the Board of Directors. 7

8 The Big Seven Policies and Procedures Training Monitoring and Auditing Messaging Due Diligence Risk Assessment Governance Plan by TOPIC, not by RISK AREA Three Year Compliance and Ethics Program Plan TOPIC: POLICIES AND PROCEDURES Where We Are Now Where We Want to Be Year One Goals Our Code of Conduct is a black andwhite document only available in English. We don t have a formal anti bribery policy. We don t have a formalized process for due diligence on our third parties, representatives or agents. Our Code of Conduct is best in class with Q&As, color and graphics design. We have a formal anti bribery policy along with supporting procedures that are fully implemented throughout the organization. We have formalized due diligence procedures and have implemented software to manage our third party due diligence review system. Create a working group with representatives from Human Resources, Sales, Finance, Legal and someone from each of our major regions to begin discussion of the new Code of Conduct. Complete first draft by the end of the year. Obtain approval for the Anti Bribery Policy and translate it into all required languages. Obtain approval for third party due diligence process from the Board of Directors. 8

9 What If You ve Been Fighting Fires? Request resources If you don t get them, Remove an item from the list Adjust the goal or timeline to reflect what you ve been asked to do instead Get everyone to agree to the new timeline and goals 9

10 Rinse and Repeat: Years Two and Three How Do I Obtain Buy-in For My Program? 10

11 Buy-in Steps First, you MUST get agreement on the vision THEN, you can ask for the resources to achieve it If you cannot the resources, you must Change The Vision What s My Return On Investment 11

12 Finding the Real Motivation Fear for self Competitive advantage The Four Motivators Fear for the Business Noble cause 12

13 Finding the Right Motivation Leaning In Standing Tall Looking Inspired Strategies for Obtaining Resources Be Explicit and Specific Practice Use Stories Use Fear, But 13

14 Strategies for Obtaining Resources Use Visuals Use a Choice of Yes Pattern Putting It All Together Risk Review and Designation 3 Year Vision Creation Compliance Dashboard Buy In 14

15 Questions & Answers Thank you! Let s Stay In Touch! Kristy Grant Hart UK Phone: +44 (0) US Phone: KristyGH@SparkCompliance.com How to Be a Wildly Effective Compliance Officer, available at 15