how better reporting changes the game for … · 2018-10-17 · presentations on compliance topics...
TRANSCRIPT
HOW BETTER REPORTING CHANGES THE GAME FOR COMPLIANCE
LIVE WEBINAR | JUNE 11, 2015
GOOD. SMART. BUSINESS. PROFIT.TM
How Better Reporting Changes the Game for Compliance
June 11, 2015
Chelsie Chmela Global Events Manager [email protected] 847.293.8806
We encourage you to engage during the Q&A portion of today’s webcast by using the chat function located within your viewing experience.
HOST
QUESTIONS
RECORDING The event recording and PowerPoint presentation will be provided post event.
4
2
Introductions
Korin Neff SVP and Corporate Compliance Officer Wyndham Worldwide Corporation
Philip Winterburn Chief Product Officer Convercent
Michael Massiatte Former Compliance Counsel Denbury
3
State of Compliance Reporting
Written reports to the board are delivered at least quarterly nearly
60% of the time.
Presentations on compliance topics are delivered at least quarterly over
50% of the time.
Face to face meetings on compliance are held at least quarterly over
60% of the time.
38% of CCOs report to the CEO, and 79% have a dotted line to the board.
Sources: PwC 2014 State of Compliance Survey, 2014 NYSE Governance Services and SCCE Compliance and Ethics Program and Environment Report
4
Yet…
30% of CCOs do not measure the effectiveness of their programs.
42% are only “somewhat confident” or “not confident” in the metrics they use to give a true sense of effectiveness.
59% are only somewhat confident, or not confident at all, that their IT systems can fulfill their reporting responsibilities.
35% cite data analytics and reporting as one of the top three most challenging aspects of their job; behind third party compliance, risk assessments and monitoring compliance with policies.
Source: Compliance Week and Deloitte In Focus: 2015 Compliance Trends Survey
5
Compliance functions are still spending a disproportionate amount of time collecting data, versus time spent adding strategic value to the business through analyzing and trending the data collected.
In Focus: 2015 Compliance Trends Survey from Compliance Week and Deloitte
6
The Big Problem
• Current compliance technology is: • Siloed and inefficient • Tied together by email, file sharing, excel and manual
processes • Antiquated—mostly built prior to Federal Sentencing
Guidelines
• Meanwhile… • Consumers, business buyers and governments worldwide
demand greater proof and transparency that companies are proactively addressing ethics and compliance
7
You’re Not Alone
80% of solutions used are standalone, non-integrated technologies
51% of the market feels that GRC technology is underutilized How technology is currently used*:
53% rely primarily on spreadsheets, documents and email to manage compliance
17% have an in-house solution built by IT
24% have a commercial GRC solution
6% other
*Source: OCEG 2014 GRC Technology Maturity Survey
8
The Current State of Reporting
Source: 2014 NYSE Governance Services and SCCE Compliance and Ethics Program and Environment Report
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Program results/assessments/benchmarking
Code updates/revisions
Overall program performance
Risk assessments
Training initiatives and statistics
Misconduct investigations and resolutions
Significant legal and regulatory updates
Upcoming program initiatives
Misconduct reporting statistics
Policy management/updates
Industry trends and best practice updates
Compliance communication initiatives
Culture assessments
Other
9
The Problem with “Flat” Metrics
• Lack context and don’t paint full picture • Don’t identify contributing factors or root causes • Won’t help you identify or address problematic cultural or
behavioral issues • Don’t offer analytic depth or richness expected in the C-suite or
boardroom • Difficult to measure or defend ROI, effectiveness or improvements
Compliance management is disjointed and reactive instead of cohesive, predictive, proactive, and
preventative
10
Compliance and ethics programs create the most value by preventing noncompliance. Tracking metrics that quantify the root causes of noncompliance (i.e., the processes, conditions, and attitudes that drive misconduct) set the foundation for a predictive monitoring program that prevents noncompliance.
Corporate Executive Board, Building a Risk-Based Monitoring Dashboard
11
What Needs to be Done Information access isn’t enough…
Base reporting layer
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
• Conflicts disclosed • Incidents involved in • Training completed • Policies a6ested to • Employee data (loca:on, department, :tle, start date)
What Should be Done
12
Faster and better decisions, responses and program
Compliance Data • [Case Management] Bribery alleged against EMEA
sales director • [Disclosure Management] Sales director’s disclosure
of ties to executive at Chinese state-owned enterprise Company Data
• [ERP System] Red flags in EMEA expense reports
• [HRMS] Sales directors approve own expense reports
External Data • [Politically Exposed Person (PEP) Database] List of PEP in China
includes individual named in incident, disclosure and expense reports • [Regulatory Feed] PRC law prohibits gifts to state employees for
unjustified benefits.
13
14
15
Questions...
What regions have elevated FCPA risk?
16
Questions...
FCPA Risk Hot Spots
17
Questions...
Have we been consistent in applying sanctions?
18
Questions...
Sanction History
19
Questions...
Where is there higher risk of IP leakage?
20
Questions...
Intellectual Property Leakage Risk
Excel LMS Email Database/Sharepoint
= + + +
Before: Disparate Systems
21
After: Purpose-Built Compliance Management Technology
22
Reduce Risk Centralize and link to risk areas
23
Increase Efficiency Simplify and standardize
24
Improve Performance Connect business data with results
25
Enhance Flexibility Reduce complexity, cost and requirements
26
27
Who Companies Report Metrics To
Internal • Board of Directors • Senior Leadership • Business Teams • Compliance Group • Employees
External • Customers • Business Partners • Vendors • Indices
28
Why Companies Measure and Report
Effectiveness of Program
Monitoring of Program
Benchmarking
29
How Companies Measure and Report
Key metrics relating to compliance risk areas
Compliance Processes
Risk based metrics
Metrics involving compliance projects
Limited metrics for efficiency
30
What Companies Measure and Report
Training Compliance
Hotline Call Analysis
Vendor Assessments
OFAC Screening
Number of Records
Dispositioned
31
What Is The Impact on Companies
Improve Processes
Increases Transparency
Boost Productivity
Enhance Effectiveness
of Compliance
Program
This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world. For more information on BELA contact:
Stefan Linssen [email protected] 646.571.2430
Business Ethics Leadership Alliance (BELA)
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
THANK YOU