Compliance Perspectives

By Adam Turteltaub How do you know your compliance program is working, both for your peace of mind or if the government comes knocking? It’s a tough question, and many wonder either how to start measuring or if they’re measuring the right thing. Andrew McBride, Founder & Chief Executive Officer at Integrity Bridge, has a great deal of experience in this area from his time serving as Chief Compliance Officer at Albemarle. In the wake of an FCPA scandal, the company had to be able to demonstrate the strength and effectiveness of its efforts. In this podcast he advises you remember three key questions from the US Department of Justice’s compliance program evaluation criteria: Is the program well designed? Is it applied earnestly and in good faith? Is it working? At the same time, though, he cautions not to just seek simple metrics alone. It’s important to also track why you are measuring what you are measuring. Compliance teams need to take the time to build out the supporting narratives that explain why and

By Adam Turteltaub Oh, come on, we all know it: sometimes the business people get tired of all those compliance requirements. That’s okay and to be expected.  But, how do you know when it has progressed beyond the usual (and maybe healthy) resistance to full-blown exhaustion? Cecilia Fellouse, General Manager of Compliance for Good, warns that, ironically, when the business team stops pushing back, it can be a sign of compliance fatigue. They may just be going behind your back to get what they want. Another troubling sign to watch out for is systematic escalation. Instead of addressing issues to you, they’re taking the issue straight to higher-level management. So, what can cause compliance fatigue and these bad behaviors? She cites several factors and ways to avoid them. Saying “no” too often and being perceived as operating from an ivory tower. Constantly denying requests without providing constructive feedback can make the compliance team seem out of touch. Lack of engagement with frontline teams.

By Adam Turteltaub Do you ever ask yourself, “What kind of compliance officer am I?” Netherlands-based  Susan du Becker, Director, Risk & Compliance at Microsoft, thinks we all should. To her experience, there are two answers to that question. One is a regulatory compliance officer: someone who is focused on the requirements of regulators, potential fines and legal consequence. The other is a business compliance officer, who is focused on what the business needs and how to ensure it achieves its goals while staying within the multitude of white lines the laws and regulations have painted. She envisions herself as the latter, balancing business and regulatory requirements. She recognizes that the business unit will test the limits, and that she is there to make sure there are always two feet solidly on the ground. To keep the business team focused on their legal and regulatory obligations, she advocates for making it clear what lines absolutely may not be crossed, taking the time to meet with them regularl

By Adam Turteltaub Rob Tull (LinkedIn), Managing Director at Effective Compliance LLC wants every compliance officer to be both competent and able to demonstrate it. He advocates for the development of four sequential, underlying skills: Communication The ability to be aware of risks Adaptability, and Decision-making/judgement Underlying all of them is knowledge, and together they form a framework for effective compliance programs. The single most important competency area, he argues, is communication. The ability to translate complex laws and regulations into simple language that helps the business make good decisions is paramount. So, too, is the ability to tailor your message to the audience:  management and the board likely need to hear something different than line managers. Listen in to learn more about what makes for competency for compliance professionals. Listen now

By Adam Turteltaub Who are you talking to? When you think about all the employees in your organization, who do you see in your mind? You probably, and should, think of several people: the person in the plant, the R&D people, the sales team. They all have different needs, maybe even different cultures. Adam Balfour, Carsten Tams and Karen Moore (LinkedIn), each of whom is a veteran compliance professional, explain in this podcast why it’s so important to truly know who the people are in your organization and the risks they interact with. They explain that you have to take the time to get in their heads to understand what their needs are and how best to communicate with them. One technique they advocate for is developing personas: Create fictional, yet realistic descriptions of the types of people in your organization. That will help you better flesh out who they are, their goals and their skills. This process also helps you stand in their shoes and understand not what you want to say but how they are likely

By Adam Turteltaub It’s a complex world, we all know, and we all try to simplify it and our lives, at least from time to time. Nitish Upadhyaya, Director-Behavioral Insights at Ropes & Gray’s R&G Insights Lab and podcaster, wants compliance teams to appreciate complexity and, if not embrace it, at least understand how to work with it. For him this journey started many years ago with the recognition that disincentives don’t always work. He wanted to understand why. This led him to an understanding of complexity, which explores the connections between people and systems and how nonlinear and unpredictable things can be. Appreciating that knot of connections is important for compliance teams, he argues, since the nature of the job involves affecting individual behavior and culture. He outlines several principles that compliance teams should follow: Move away from the idea that you can map everything. Context matters. Understand the human dynamics and stories. The only real rule in a complex system is

By Adam Turteltaub The Health Care Compliance Association just published the 4th edition of the Research Compliance Professional’s Handbook, and to see what’s new in it we sat down with the editor, Kelly Willenberg (LinkedIn) of Kelly Willenberg & Associates. The Handbook, she explains is there to help both those who attend the HCCA Healthcare Research Compliance Academy and anyone looking for a desktop reference that addresses the fundamentals of research compliance. It addresses topics such as safety, privacy, monitoring, and biosecurity. For this edition each chapter was reviewed thoroughly with any and all necessary updates made, including to the chapter on FDA regulations. In addition, a new chapter was written to address AI. It defines what AI is and why compliance teams need to look at it from a risk management perspective. The chapter also addresses the integration of AI and how therapies are changing. One admonition that she provides for compliance teams is to watch Europe. As with privacy, Euro

By Adam Turteltaub It’s one thing if a company wants to protect its trade secrets. But, what if it wants to keep its dirty little secrets from getting out? Then, the SEC may want to step in. Stephen Cohen (LinkedIn), partner at Sidley Austin, and a former senior leader in the Enforcement Division at the SEC, explain in this podcast that, to understand the issue, we need to look back to the Dodd-Frank Act. The law led to the SEC whistleblower program and included anti-retaliation authority. The SEC believed it had implicit authority to punish efforts that impeded direct communication by whistleblowers with the Commission and its staff. Both the SEC and CFTC have created similar rules prohibiting organization and individuals from taking any action that inhibits someone communicating directly with the SEC about a possible securities law violation. The SEC has interpreted that to mean that language in non-disclosure and severance agreements, codes of conduct, policies and elsewhere that either require employe

By Adam Turteltaub Greg Walters is an attorney in the Cyber Risk and Governance Branch at the SEC. But in this podcast he’s not speaking as an enforcer but as someone who has seen a lot of compliance training during his career as a government attorney across numerous agencies. He warns that while an organization may boast of 100% completion rates for their training, that doesn’t mean 100% of the employees got the message. That’s especially true of online training, where, unlike live training, it’s hard to tell if people are truly following along and then adjust the learning. The goal, he argues, is not to just give knowledge but to affect behavior. So, to see what impact the training has had, look to changes in the number of types and questions you receive, as well as incidents that do or don’t occur. Also, take the time to understand your audience and make sure that the training is relevant to them and reflects the culture of the organization. Listen in to learn more tips for improving the effectiveness

By Adam Turteltaub There is an expectation in many, if not most people, that at some point they will, or should be, promoted. But how do you know if you are ready? And, once you are promoted, what does it take to succeed in your new role? To find the answers we spoke with compliance veteran, Debbie Hennelly, Founder & President of Resiliti. The first piece of advice she shares is that not everyone needs or wants to be a manager. For many it’s okay to say that they love being a subject matter expert and advisor, and they aren’t ready, or maybe never will be ready, to be something else. If you are looking to move up, how do you know you are ready? She reports that you don’t until you are actually in the job. That’s especially true for compliance people, since we who often don’t benefit from the leadership and management training that is given to other parts of the organization. Once in the role, let the team know that you value them. If there was someone else on it that you beat out for the role, acknowled

By Adam Turteltaub What if you had a compliance program and nobody noticed? It’s not likely. But what if you had a compliance program, and nobody understood what it did? That, sadly, is more than a bit of an ongoing problem. To take on that challenge we spoke with Carolina Santos de Silva, Head of Ethics & Compliance EMEA for Bridgestone EMEA and Pauline Blondet, Co-Owner and Chief Operating Officer of Upright Solutions. The two recently published the article “How to Sell Ethics and Compliance to your Organization” in the October issue of Ethikos. They persuasively argue in this podcast for compliance teams to think about their product, brand and having a robust message. Start with your product. Is it ethics, ethics and compliance, integrity? Think through which best defines what you are offering. Your brand is the image the compliance team communicates within the organization and what differentiates you from other departments. It needs to reflect the department’s message. From the brand will come a pit

By Adam Turteltaub With the explosion of sanctions regimes globally, and particularly in the US, most any company that exports just about anything now has to have a trade compliance effort. To understand what that entails we spoke with Julia Komarovskaya, Export Compliance Manager at MathWorks. It’s a complex challenge, she explains, with the Bureau of Industry and Security (BIS), International Traffic in Arms Regulations (ITAR), and Office of Foreign Assets Control (OFAC) all having a say, and often with overlapping jurisdictions. Organizations need to watch what goods they export, to where and to whom. Knowing your customer has never been more important. To navigate this minefield, she recommends first recognizing that the rules don’t apply only to goods. Services can be covered as well. Also recognize that exporting something as innocuous as a pencil could be prohibited, if sent to the wrong person. Developing an export control program right takes understanding what you are exporting now, working close

By Adam Turteltaub Reports are that there over 50 million people in the world living in modern slavery conditions, and, of those, 60% work in forced labor in the private economy. Ensuring that your organization isn’t sourcing from suppliers who victimize labor is both a moral and a legal obligation, with more and more jurisdictions enacting legislation in this area. Vera Belazelkoska, Managing Director at Ulula urges organizations to look to balancing this risk with a mixture of boots on the ground and technology. Both, she notes, have their virtues and limitations. While having someone visit a factory provides an eyewitness account, it’s expensive, and unscrupulous manufacturers may hide the truth from investigators. Technology solutions are less expensive, but they are not necessarily as precise as they could be, often providing country data, but not the granularity needed. Only with a prudent mixture of the two can an organization gain a better understanding of its supply chain and the presence, or abse

By Adam Turteltaub There are hundreds of Compliance Perspectives podcasts, and this is the first one that is a podcast about podcasts. More specifically, the podcasts created by the compliance team at John Deere. The compliance team there had long looked to a wide range of tools for reaching the workforce including a monthly email newsletter, channel on internal social media, an intranet site and even digital signs on TV screens at their facilities. Yet, despite all this effort, they knew they could do more. As Wendy Davies-Popelka, the Associate Director, Global Ethics & Compliance, explains, the compliance team was listening to and hooked on several podcasts, and it occurred to them that they should try and create one of their own. So, they did. The podcasts are generally 5-10 minutes long and are based on actual cases that occurred at the company. Investigators, business people and others are interviewed to tell the story, from initial allegation through dispensation. The series has been very successf

By Adam Turteltaub Psychological safety is a term we hear a lot in business and elsewhere.  It’s also a concept that Jen Mason, Vice President, Enterprise Compliance & Ethics at McKesson, thinks we in compliance should embrace. It means creating an environment where employees can feel comfortable expressing their thoughts, ideas and concerns without facing negative consequences. It’s not about being nice. It’s about listening, following through on what you say you will do, being respectful of the workloads of others and showing empathy. It’s also about not punishing mistakes, pushing people until they burnout and talking more than you listen. It’s also about having policies that are flexible but consistent. Listen in to learn more about how to create psychological safety, including at those difficult times when there may be a conflict. Listen now

By Adam Turteltaub We live, to say the least, in polarized times. While it’s easy to look to politicians as the cause, Karthik Ramanna, Professor of Business and Public Policy at the University of Oxford’s Blavatnik School of Government and author of the book The Age of Outrage: How to lead in a Polarized World, argues there are other causes to consider. In the latest Compliance Perspectives podcast he explains that multiple factors are leading to polarization. These include: Fear of the future: Many believe that the world is and will continue to change for the worse due to factors such as AI, climate change and shifting demographics. A belief that they have been handed a raw deal: They perceive leaders have not managed the issues well and that they have been short-changed in the process by globalization and other factors An Us vs. Them Mentality: A climate of decreasing trust has eroded the belief that we are all in it together So what should compliance teams do in this era? He recommends humility.

By Adam Turteltaub The Corporate Transparence Act was a part of landmark anti-money laundering legislation passed in 2021. It was designed to shift reporting of corporate ownership from a hodgepodge of different financial institutions to the owners or the companies. As Jamie Schafer (LinkedIn), Partner at Perkins Coie explains in this podcast, the goal is to create a national registry of non-public companies that would be transparent to law enforcement. These companies had previously not been required to provide ownership information, which increased the potential for them to be used for money laundering purposes. Due to the complexity of the law and the many exemptions, as well as the fact that publicly-traded firms may even have to report entities they control, she urges organizations to read the law carefully to determine whether they will need to report. Listen in to learn more about the complexities behind whether your organization will have to complete what is, quite often, a fairly simple report.

By Adam Turteltaub Are employees where you work suffering from ethical burnout? What is it exactly and how can you tell? To understand more we spoke with Richard Bistrong (LinkedIn), newsletter author and CEO off Frontline Antibribery, who co-authored with Dina Denham Smith and Ron Carucci an article for  Harvard Business Review, “4 Warning Signs of Ethical Burnout on Your Team.” Ethical burnout, as they defined it, is a state in which commercial goals and demands are so overwhelming that workers no longer have the time or energy to consider compliance and ethical obligations. They simply want to get the job done and over with any way that they can. It has a number of potential roots including: Increased commercial pressures and targets, including goals gone wild Survival mode thinking Decision-making overload and speed Envy of unhealthy status symbols So what should compliance teams do to prevent ethical burnout? First, be aware of when the stress levels are high and any of these potential root

By Adam Turteltaub Back in November 2023 on a previous podcast,  Jason Meyer (LinkedIn), founder of Meyer Business Law and President of LeadGood Education, shared with us an interesting statistic: Estimates are that about 20% of the workforce has some sort of neurodiversity such as ADHD, autism, dyslexia, sensory integration and executive function issues. In this podcast, he shares that with such a large population there are two risks that the compliance team needs to be aware of and address. First, the training and other content being delivered may not be effective for segments of the neurodivergent population. Second, there are Americans with Disabilities Act (ADA) considerations to be addressed. The ADA, he explains, covers physical or mental impairments that substantially limit one or more of life’s activities. Thinking, reading and communicating all fall under major life activities and are affected by neurodivergence. Consequently, if you know or should know that one of your employees is neurodiverge

By Adam Turteltaub Governments don’t only want to prosecute companies for paying bribes. Increasingly, they are looking for companies to join with them to reduce the global challenge of corruption. To learn more we spoke with Shruti Shah, Senior Policy Advisor, Office of Coordinator on Global Anti-Corruption at the US Department of State. In this podcast she outlines several initiatives in which the business community can play an important role, working alongside state actors and organizations like the OECD. These include: Blue Dot Network Galvanizing the Public Sector GPS initiative CIPE's PROTECT program on critical minerals USAID's JET Minerals Challenge USAID's Doing Business with Integrity All of these programs have in common a desire to engage all the parties interested in reducing corruption, particularly in the developing world. As importantly, they reflect a growing recognition that the business community is a part of the solution. Listen in to learn more about what each of these initi