School Brings Together Compliance Officers from Top Companies to Discuss Best Practices and Emerging Issues
February 25, 2016
Amid a field undergoing rapid growth and change, compliance officers representing a range of large companies gathered at the School of Business in February to share best practices and to learn about their own risk for personal liability.
“This is a good way to keep track of what’s going on in the industry,” said Travis Winslow, senior director of ethics and compliance for Carnival Corp. “Compliance can be lonely sometimes. Businesses want to do the right thing, but we limit them and that can be a hard message to hear.”
The meeting, drawing officers from companies including Caterpillar, Boston Scientific, Diageo, Federal Express and Ingram Micro, offered more than a much-needed dose of camaraderie.
“We have a collection of experts in the area of compliance here to talk about cutting-edge issues shaping up in compliance,” said Mark Shapiro, a professor of business law who focuses on compliance. “It’s an expanding field, and the law is changing every day. We have everybody together for a brainstorming think tank.”
Bruno Grandguillotte, vice president and chief compliance officer at Ingram Micro, outlined his company’s compliance program and the metrics used to analyze its effectiveness. He divided his program into six pillars: risk assessment, standards, oversight, communication and training, monitoring and reporting, and enforcement.
“For each component of the program, we identify the relevant data and look for convergence and trends,” Grandguillotte said. “When you look at metrics individually, they don’t give you insight, but when you look at them together, they start to tell a story.”
He demonstrated this truth with an example of his compliance figures in a specific region. “They looked great, but then you look per country and you spot areas of risk,” he said. “You go into detail and see a sales guy was new and didn’t have time to go through the processes. To him, it wasn’t that important. Now I can focus on this particular person and put in place a corrective action plan.”
His top priority is assessing risk, and he relies, simply, on Excel with macros to mine his data.
Grandguillotte battled for two years to make compliance training mandatory by linking it to compensation “because at the end of the day, it’s where it really sinks in.” Real world effect: the departure of a top senior executive who was denied his bonus after failing to complete his training, despite repeated warnings.
Anita Cava, a professor of business law and director of the School’s Business Ethics Program and Latin American Health Care Compliance Program, discussed her research into the emerging issue of personal liability faced by compliance officers. “There is certainly reason for concern, but what I see happening very recently – in the last six months – is pushback by regulators themselves,” Cava said.
She referenced a 1992 case that set a standard requiring compliance professionals to pay attention to red flags, not just sit back and wait to be alerted to wrongdoing. More recently, last year, the SEC said compliance officers will not be second-guessed for good faith judgments, but those who “cross a clear line” can be held responsible for poor implementation and controls.
“My challenge is how can I illuminate what ‘crossing the line’ means?” Cava said. “There are no pronouncements. It’s a question of threading your way through decided cases, of which there are very few.”
The best thing to do? The experts, Cava said, recommend a robust compliance program that demonstrates enforcement and keeps the policies and procedures fresh. Officers should make their best case to the board for more resources, escalate and, if necessary, resign.
Tony Viera, regional compliance director for Microsoft, was grateful for the afternoon. “You don’t hear about gatherings like this going on at other schools,” he said. “What an opportunity!”