Compliance Perspectives

By Adam Turteltaub Oh, come on, we all know it: sometimes the business people get tired of all those compliance requirements. That’s okay and to be expected.  But, how do you know when it has progressed beyond the usual (and maybe healthy) resistance to full-blown exhaustion? Cecilia Fellouse, General Manager of Compliance for Good, warns that, ironically, when the business team stops pushing back, it can be a sign of compliance fatigue. They may just be going behind your back to get what they want. Another troubling sign to watch out for is systematic escalation. Instead of addressing issues to you, they’re taking the issue straight to higher-level management. So, what can cause compliance fatigue and these bad behaviors? She cites several factors and ways to avoid them. Saying “no” too often and being perceived as operating from an ivory tower. Constantly denying requests without providing constructive feedback can make the compliance team seem out of touch. Lack of engagement with frontline teams. Take the time to talk with them and learn their needs Limited or lack of support from top management. Without their support, the job is all but impossible An isolated compliance team. Without interaction with others, including members of the compliance community, it’s easy for the compliance team to get burned out.  You need to make the effort get out there and connect. She also strongly advocates for taking the time to truly understand the business, not just as a whole but also on a more granular basis, down to what is done day to day. Listen in to learn more, including some signs to watch for in the compliance team that suggests that it, too, may be suffering from compliance fatigue. Listen now

By Adam Turteltaub Do you ever ask yourself, “What kind of compliance officer am I?” Netherlands-based  Susan du Becker, Director, Risk & Compliance at Microsoft, thinks we all should. To her experience, there are two answers to that question. One is a regulatory compliance officer: someone who is focused on the requirements of regulators, potential fines and legal consequence. The other is a business compliance officer, who is focused on what the business needs and how to ensure it achieves its goals while staying within the multitude of white lines the laws and regulations have painted. She envisions herself as the latter, balancing business and regulatory requirements. She recognizes that the business unit will test the limits, and that she is there to make sure there are always two feet solidly on the ground. To keep the business team focused on their legal and regulatory obligations, she advocates for making it clear what lines absolutely may not be crossed, taking the time to meet with them regularly and being prepared to have some difficult conversations if necessary. She also believes that compliance teams are most effective when not positioning themselves as just a gate keeper. Listen in to learn more about the approach, the role of governance and how to ensure the business understand this it owns compliance. Listen now

By Adam Turteltaub Rob Tull (LinkedIn), Managing Director at Effective Compliance LLC wants every compliance officer to be both competent and able to demonstrate it. He advocates for the development of four sequential, underlying skills: Communication The ability to be aware of risks Adaptability, and Decision-making/judgement Underlying all of them is knowledge, and together they form a framework for effective compliance programs. The single most important competency area, he argues, is communication. The ability to translate complex laws and regulations into simple language that helps the business make good decisions is paramount. So, too, is the ability to tailor your message to the audience:  management and the board likely need to hear something different than line managers. Listen in to learn more about what makes for competency for compliance professionals. Listen now

By Adam Turteltaub Who are you talking to? When you think about all the employees in your organization, who do you see in your mind? You probably, and should, think of several people: the person in the plant, the R&D people, the sales team. They all have different needs, maybe even different cultures. Adam Balfour, Carsten Tams and Karen Moore (LinkedIn), each of whom is a veteran compliance professional, explain in this podcast why it’s so important to truly know who the people are in your organization and the risks they interact with. They explain that you have to take the time to get in their heads to understand what their needs are and how best to communicate with them. One technique they advocate for is developing personas: Create fictional, yet realistic descriptions of the types of people in your organization. That will help you better flesh out who they are, their goals and their skills. This process also helps you stand in their shoes and understand not what you want to say but how they are likely to interpret and use that information. Listen in to learn more about how to bring your workforce to life in front of you and have a real impact on their behavior. Listen now

By Adam Turteltaub It’s a complex world, we all know, and we all try to simplify it and our lives, at least from time to time. Nitish Upadhyaya, Director-Behavioral Insights at Ropes & Gray’s R&G Insights Lab and podcaster, wants compliance teams to appreciate complexity and, if not embrace it, at least understand how to work with it. For him this journey started many years ago with the recognition that disincentives don’t always work. He wanted to understand why. This led him to an understanding of complexity, which explores the connections between people and systems and how nonlinear and unpredictable things can be. Appreciating that knot of connections is important for compliance teams, he argues, since the nature of the job involves affecting individual behavior and culture. He outlines several principles that compliance teams should follow: Move away from the idea that you can map everything. Context matters. Understand the human dynamics and stories. The only real rule in a complex system is it will have unintended consequences. When dealing with a complex system, think of the direction you want, not just the end point. It's about managing energy in the system and following natural contours Anomalies are helpful. Outliers can be your next risk or innovation. Map constraints, the things that connect or limit people, such as fear of retaliation or cultural issues, And when it comes to a root cause analysis, dig until you find not just the root, but the several roots that likely underlie it. Listen in to learn more about approaching and harnessing complexity. Listen now

By Adam Turteltaub The Health Care Compliance Association just published the 4th edition of the Research Compliance Professional’s Handbook, and to see what’s new in it we sat down with the editor, Kelly Willenberg (LinkedIn) of Kelly Willenberg & Associates. The Handbook, she explains is there to help both those who attend the HCCA Healthcare Research Compliance Academy and anyone looking for a desktop reference that addresses the fundamentals of research compliance. It addresses topics such as safety, privacy, monitoring, and biosecurity. For this edition each chapter was reviewed thoroughly with any and all necessary updates made, including to the chapter on FDA regulations. In addition, a new chapter was written to address AI. It defines what AI is and why compliance teams need to look at it from a risk management perspective. The chapter also addresses the integration of AI and how therapies are changing. One admonition that she provides for compliance teams is to watch Europe. As with privacy, Europe has taken the lead in AI regulation. Be sure to listen in and then take a look into buying your own copy of Research Compliance Professional’s Handbook, 4th Edition. Listen now

By Adam Turteltaub It’s one thing if a company wants to protect its trade secrets. But, what if it wants to keep its dirty little secrets from getting out? Then, the SEC may want to step in. Stephen Cohen (LinkedIn), partner at Sidley Austin, and a former senior leader in the Enforcement Division at the SEC, explain in this podcast that, to understand the issue, we need to look back to the Dodd-Frank Act. The law led to the SEC whistleblower program and included anti-retaliation authority. The SEC believed it had implicit authority to punish efforts that impeded direct communication by whistleblowers with the Commission and its staff. Both the SEC and CFTC have created similar rules prohibiting organization and individuals from taking any action that inhibits someone communicating directly with the SEC about a possible securities law violation. The SEC has interpreted that to mean that language in non-disclosure and severance agreements, codes of conduct, policies and elsewhere that either require employees to report issues internally rather than to the government, or require non-disclosure to the government as a condition of severance, are illegal. Several companies have since run afoul of the SEC on this issue, with cases going back to 2015. So what should companies do? For one, make sure that they are properly balancing the need to protect confidentiality without interfering with whistleblowing. Watch for language prohibiting disclosure of information to third parties that doesn’t provide an exception for the government. Be on the lookout, too, for policies requiring departing employees to attest that they did not disclose information to the government. Look, too, at what your employment agreements say. Likewise, watch what language you include in agreements with your third parties. The SEC looks askance, there, too, to language that it perceives would inhibit reporting of wrongdoing. Listen in to learn more about this evolving issue and its many pitfalls. Listen now

By Adam Turteltaub Greg Walters is an attorney in the Cyber Risk and Governance Branch at the SEC. But in this podcast he’s not speaking as an enforcer but as someone who has seen a lot of compliance training during his career as a government attorney across numerous agencies. He warns that while an organization may boast of 100% completion rates for their training, that doesn’t mean 100% of the employees got the message. That’s especially true of online training, where, unlike live training, it’s hard to tell if people are truly following along and then adjust the learning. The goal, he argues, is not to just give knowledge but to affect behavior. So, to see what impact the training has had, look to changes in the number of types and questions you receive, as well as incidents that do or don’t occur. Also, take the time to understand your audience and make sure that the training is relevant to them and reflects the culture of the organization. Listen in to learn more tips for improving the effectiveness of your compliance training program. Listen now

By Adam Turteltaub There is an expectation in many, if not most people, that at some point they will, or should be, promoted. But how do you know if you are ready? And, once you are promoted, what does it take to succeed in your new role? To find the answers we spoke with compliance veteran, Debbie Hennelly, Founder & President of Resiliti. The first piece of advice she shares is that not everyone needs or wants to be a manager. For many it’s okay to say that they love being a subject matter expert and advisor, and they aren’t ready, or maybe never will be ready, to be something else. If you are looking to move up, how do you know you are ready? She reports that you don’t until you are actually in the job. That’s especially true for compliance people, since we who often don’t benefit from the leadership and management training that is given to other parts of the organization. Once in the role, let the team know that you value them. If there was someone else on it that you beat out for the role, acknowledge the situation and let the person know you recognize the sensitivities and hope to earn their trust. If you are new to the organization, know that it’s okay and better to spend the first 90 days doing a lot more listening than talking. Resist the urge to make changes until you have a better understanding of the organization’s culture. Also, take the time to introduce yourself to peers and leaders. Ask them about their roles and how you can support them. Listen in to learn more about how to step up successfully. Listen now

By Adam Turteltaub What if you had a compliance program and nobody noticed? It’s not likely. But what if you had a compliance program, and nobody understood what it did? That, sadly, is more than a bit of an ongoing problem. To take on that challenge we spoke with Carolina Santos de Silva, Head of Ethics & Compliance EMEA for Bridgestone EMEA and Pauline Blondet, Co-Owner and Chief Operating Officer of Upright Solutions. The two recently published the article “How to Sell Ethics and Compliance to your Organization” in the October issue of Ethikos. They persuasively argue in this podcast for compliance teams to think about their product, brand and having a robust message. Start with your product. Is it ethics, ethics and compliance, integrity? Think through which best defines what you are offering. Your brand is the image the compliance team communicates within the organization and what differentiates you from other departments. It needs to reflect the department’s message. From the brand will come a pitch, or your department’s elevator speech. It should introduce yourself, present your why or purpose, explain what it is that the organization is facing as a challenge and introduce the solution you are providing, and include a call to action. Some other pieces of advice they offer are: Define who your target audiences are, including an assessment of where they are when it comes to compliance, what you expect from them and what the gaps are. To gain leadership support, help them understand the broader compliance context in which the organization operates. Don’t assume leadership understands its role within a compliance program. Show them and then thank them when they help. Seek out as many touchpoints with the workforce as possible. Remember that who sends the message can be just as important as the message itself. Listen in to learn more about strategic and innovative ways to sell your compliance program internally. Listen now

By Adam Turteltaub With the explosion of sanctions regimes globally, and particularly in the US, most any company that exports just about anything now has to have a trade compliance effort. To understand what that entails we spoke with Julia Komarovskaya, Export Compliance Manager at MathWorks. It’s a complex challenge, she explains, with the Bureau of Industry and Security (BIS), International Traffic in Arms Regulations (ITAR), and Office of Foreign Assets Control (OFAC) all having a say, and often with overlapping jurisdictions. Organizations need to watch what goods they export, to where and to whom. Knowing your customer has never been more important. To navigate this minefield, she recommends first recognizing that the rules don’t apply only to goods. Services can be covered as well. Also recognize that exporting something as innocuous as a pencil could be prohibited, if sent to the wrong person. Developing an export control program right takes understanding what you are exporting now, working closely with the business team as early in the process as possible, and planning for the long term since regulations are guaranteed to grow more complicated over time. Listen in to learn more about the basics of the complex world of trade compliance. Listen now

By Adam Turteltaub Reports are that there over 50 million people in the world living in modern slavery conditions, and, of those, 60% work in forced labor in the private economy. Ensuring that your organization isn’t sourcing from suppliers who victimize labor is both a moral and a legal obligation, with more and more jurisdictions enacting legislation in this area. Vera Belazelkoska, Managing Director at Ulula urges organizations to look to balancing this risk with a mixture of boots on the ground and technology. Both, she notes, have their virtues and limitations. While having someone visit a factory provides an eyewitness account, it’s expensive, and unscrupulous manufacturers may hide the truth from investigators. Technology solutions are less expensive, but they are not necessarily as precise as they could be, often providing country data, but not the granularity needed. Only with a prudent mixture of the two can an organization gain a better understanding of its supply chain and the presence, or absence, of modern slavery in it. Listen now

By Adam Turteltaub There are hundreds of Compliance Perspectives podcasts, and this is the first one that is a podcast about podcasts. More specifically, the podcasts created by the compliance team at John Deere. The compliance team there had long looked to a wide range of tools for reaching the workforce including a monthly email newsletter, channel on internal social media, an intranet site and even digital signs on TV screens at their facilities. Yet, despite all this effort, they knew they could do more. As Wendy Davies-Popelka, the Associate Director, Global Ethics & Compliance, explains, the compliance team was listening to and hooked on several podcasts, and it occurred to them that they should try and create one of their own. So, they did. The podcasts are generally 5-10 minutes long and are based on actual cases that occurred at the company. Investigators, business people and others are interviewed to tell the story, from initial allegation through dispensation. The series has been very successful with a growing audience. Importantly, it has demystified the compliance program. To learn more about the podcasts and how easy they can be to create, be sure to listen to this podcast about John Deere’s podcasts. Listen now

By Adam Turteltaub Psychological safety is a term we hear a lot in business and elsewhere.  It’s also a concept that Jen Mason, Vice President, Enterprise Compliance & Ethics at McKesson, thinks we in compliance should embrace. It means creating an environment where employees can feel comfortable expressing their thoughts, ideas and concerns without facing negative consequences. It’s not about being nice. It’s about listening, following through on what you say you will do, being respectful of the workloads of others and showing empathy. It’s also about not punishing mistakes, pushing people until they burnout and talking more than you listen. It’s also about having policies that are flexible but consistent. Listen in to learn more about how to create psychological safety, including at those difficult times when there may be a conflict. Listen now

By Adam Turteltaub We live, to say the least, in polarized times. While it’s easy to look to politicians as the cause, Karthik Ramanna, Professor of Business and Public Policy at the University of Oxford’s Blavatnik School of Government and author of the book The Age of Outrage: How to lead in a Polarized World, argues there are other causes to consider. In the latest Compliance Perspectives podcast he explains that multiple factors are leading to polarization. These include: Fear of the future: Many believe that the world is and will continue to change for the worse due to factors such as AI, climate change and shifting demographics. A belief that they have been handed a raw deal: They perceive leaders have not managed the issues well and that they have been short-changed in the process by globalization and other factors An Us vs. Them Mentality: A climate of decreasing trust has eroded the belief that we are all in it together So what should compliance teams do in this era? He recommends humility. Set modest goals and don’t seek to radically transform the culture. Instead focus on setting boundaries for your program and focus on what you can do. Second, look to build trust before a crisis breaks. The more you can establish relationships now, the better off you will be later. Listen in for more insights into how to navigate through these polarized times. Listen now

By Adam Turteltaub The Corporate Transparence Act was a part of landmark anti-money laundering legislation passed in 2021. It was designed to shift reporting of corporate ownership from a hodgepodge of different financial institutions to the owners or the companies. As Jamie Schafer (LinkedIn), Partner at Perkins Coie explains in this podcast, the goal is to create a national registry of non-public companies that would be transparent to law enforcement. These companies had previously not been required to provide ownership information, which increased the potential for them to be used for money laundering purposes. Due to the complexity of the law and the many exemptions, as well as the fact that publicly-traded firms may even have to report entities they control, she urges organizations to read the law carefully to determine whether they will need to report. Listen in to learn more about the complexities behind whether your organization will have to complete what is, quite often, a fairly simple report. Listen now

By Adam Turteltaub Are employees where you work suffering from ethical burnout? What is it exactly and how can you tell? To understand more we spoke with Richard Bistrong (LinkedIn), newsletter author and CEO off Frontline Antibribery, who co-authored with Dina Denham Smith and Ron Carucci an article for  Harvard Business Review, “4 Warning Signs of Ethical Burnout on Your Team.” Ethical burnout, as they defined it, is a state in which commercial goals and demands are so overwhelming that workers no longer have the time or energy to consider compliance and ethical obligations. They simply want to get the job done and over with any way that they can. It has a number of potential roots including: Increased commercial pressures and targets, including goals gone wild Survival mode thinking Decision-making overload and speed Envy of unhealthy status symbols So what should compliance teams do to prevent ethical burnout? First, be aware of when the stress levels are high and any of these potential roots are growing. That’s the time to double down on ethics and compliance. Also, keep your ear to the ground then reach out proactively and intentionally. Finally, be sure to pay attention to individuals who are particularly susceptible. That star performer may be so addicted to his or her status that they might do whatever they can, ethical or not, to keep it. Listen now

By Adam Turteltaub Back in November 2023 on a previous podcast,  Jason Meyer (LinkedIn), founder of Meyer Business Law and President of LeadGood Education, shared with us an interesting statistic: Estimates are that about 20% of the workforce has some sort of neurodiversity such as ADHD, autism, dyslexia, sensory integration and executive function issues. In this podcast, he shares that with such a large population there are two risks that the compliance team needs to be aware of and address. First, the training and other content being delivered may not be effective for segments of the neurodivergent population. Second, there are Americans with Disabilities Act (ADA) considerations to be addressed. The ADA, he explains, covers physical or mental impairments that substantially limit one or more of life’s activities. Thinking, reading and communicating all fall under major life activities and are affected by neurodivergence. Consequently, if you know or should know that one of your employees is neurodivergent then you are obligated to engage in a dialogue and make a reasonable accommodation. The ADA is not triggered, however, if the employee is making or not requesting one. There is also risk if your organization fails to hire or promote people because of their neurodivergence. So what should compliance teams do? Add this to the risk assessment and start working on mitigation plans, starting with your compliance messaging and training. Listen in to learn more about how to address this risk that affects one fifth, or more, of your workforce. Listen now

By Adam Turteltaub Governments don’t only want to prosecute companies for paying bribes. Increasingly, they are looking for companies to join with them to reduce the global challenge of corruption. To learn more we spoke with Shruti Shah, Senior Policy Advisor, Office of Coordinator on Global Anti-Corruption at the US Department of State. In this podcast she outlines several initiatives in which the business community can play an important role, working alongside state actors and organizations like the OECD. These include: Blue Dot Network Galvanizing the Public Sector GPS initiative CIPE's PROTECT program on critical minerals USAID's JET Minerals Challenge USAID's Doing Business with Integrity All of these programs have in common a desire to engage all the parties interested in reducing corruption, particularly in the developing world. As importantly, they reflect a growing recognition that the business community is a part of the solution. Listen in to learn more about what each of these initiatives are and how you can become a part of them. Listen now

By Adam Turteltaub Woo hoo! You got the interview. Now, how do you make the most out of the opportunity to determine if this is the job of your dreams or of your nightmares? Lisa Fine, Senior Director, Global Ethics & Compliance at Pearson takes a break from her Great Women in Compliance podcast to share that you need first to focus on the basics, starting with who the job is reporting to, what the employer thinks the compliance program should be addressing, and what resources you will have in the role. Learning that information early, either from the position description, recruiter or your own online searches, will enable to you maximize the time in the interview on more sophisticated matters such what they anticipate the role becoming and how real the commitment to compliance is. Some other things to scope out during the interview: Is the job in-person, remote or hybrid, and how does the rest of the company work? If you’re the only remote employee, that may be a warning sign. What do the code of conduct and annual report indicate about the compliance program? Are you the chief compliance officer, or do multiple individuals hold that title? Why is the job currently open? What happened to your predecessor can be telling. Is there a helpline, and how easy is it to make a report? Finally, she advises spending some time asking yourself what it is that you want from the job. It’s very different if you are looking for your first compliance job, than if you are looking to it to be your last. Listen now