The Buy American Act: New focus on government contract compliance

On April 18, 2017, President Trump issued an Executive Order1 requiring that every government agency “…scrupulously monitor, enforce, and comply with Buy American Laws… and minimize the use of waivers, consistent with applicable law.”

Government agency surveillance of contractor Buy American Act compliance in recent years appears to have been inconsistent2.  Allegations of Buy American Act violations over the last several years appear to be more frequently the result of competitive bid protests of awardee compliance or qui tam (i.e., whistle blower) allegations of non-compliance than agency or prime contractor compliance surveillance activities3.

However, that could change with the President’s Executive Order and increased contracting agency focus on Buy American Act compliance.  This leaves contractors vulnerable if they do not have effective compliance programs in place to ensure their articles, materials, and supplies comply with their contractual obligations.  Findings of non-compliance could lead to a number of compensatory and punitive penalties.

Continue reading “The Buy American Act: New focus on government contract compliance”

Compliance modernization is no longer optional

How evolved is your approach?

More than just a cost of doing business. To Chief Compliance Officers, it’s a refrain they’ve heard for years: a challenge, an ambition, and perhaps a sliver of veiled insult. Few dispute that the resources an organization devotes to keeping out of trouble have the potential to contribute far more than they traditionally have.

Continue reading “Compliance modernization is no longer optional”

What is the role of compliance in battling cyber risk?

Cross-Industry Compliance Leadership Summit eyes the intersection of two disciplines

“It’s called the cloud,” Deloitte & Touche LLP Principal Julie Bernard remarked. “It’s not called the vault. Keep that in mind.”

Bernard and Deloitte & Touche LLP Managing Director Susan Ameel moderated a session at Deloitte Advisory’s recent Cross-Industry Compliance Leadership Summit about the ways compliance and cyber security meet, and how the executives responsible for those areas might benefit by coordinating their efforts.

Many of the industries most subject to cyber attacks are also among the ones that have the most sophisticated regulatory and compliance obligations. Financial services, energy and utility companies, health care organizations, defense and aerospace – they all have to safeguard their own sensitive data, their customers’ information, or both.

Continue reading “What is the role of compliance in battling cyber risk?”

So be good, for goodness’ sake

Predictive technology can help employers find the roots of both personal and corporate noncompliance. Where are the ethical boundaries?

As data-gathering and analytics technologies amass more and more ability to squeeze information out of what may feel like thin air, employers face new questions about using these tools to predict and detect behavior. “Can” vs. “can’t” isn’t the only frontier. There’s also “can” vs. “should.” At least one participant in Deloitte’s Cross-Industry Compliance Leadership Summit described themselves as “slightly aghast” at the possibilities.

In addressing the summit, hosted by the Deloitte Center for Regulatory Strategy Americas, Deloitte & Touche LLP Advisory Principal John Lucker said that whatever the benefits of predictive technology, one thing organizations “shouldn’t” do is allow the perfect to be the enemy of the good.

Continue reading “So be good, for goodness’ sake”

Ethics has a strong business case, but measurement is less certain

Cross-Industry Compliance Leadership Summit explores corporate behavior

Are a “culture of ethics” and a “culture of compliance” the same thing? How does an organization build an ethical culture, and how can it measure the results?

At the recent Cross-Industry Compliance Leadership Summit hosted by the Deloitte Center for Regulatory Strategy Americas, New York University Professor Jonathan Haidt suggested there is a method corporate leaders can use to tackle these questions – and he compared notes with compliance executives who tackle them in real life every day.

Haidt is a social psychologist and author of the New York Times bestseller “The Righteous Mind.” His view is not only that there is a business case for ethics beyond “ethics for ethics’ sake,” but that large organizations can design ethical systems by working from the individual level on up. And he says the practice of measuring ethical culture is evolving.

Continue reading “Ethics has a strong business case, but measurement is less certain”

Across industries, 2016 shapes up as a year of regulatory transformation

Posted by Christopher Spoth, Executive Director, Deloitte Center for Regulatory Strategies, on February 19, 2016

Each year, the Deloitte Center for Regulatory Strategies publishes a series of outlooks on what the coming year may bring. Each one focuses on regulatory challenges that are unique to a particular industry. But perhaps the greatest lessons I find in them are the challenges that aren’t unique—the priorities that will likely shape the next 12 months for business leaders everywhere.

What do I see in 2016? A year of transformation. New tools are changing the ways regulators define their jobs. Organizations that recognize the changes have an opportunity to apply several lessons to their regulatory strategies:

Continue reading “Across industries, 2016 shapes up as a year of regulatory transformation”

Your vendor’s keeper–managing compliance risks in the extended enterprise

Low-angle view of hospital sign

Extended enterprise risk, or third-party risk, is a significant concern at most large organizations. One compliance executive recently said that according to his organization’s regular internal surveys, third parties pose at least double the risk of any other risks they measure. Yet this is a variety of risk over which organizations tend to have less control. What practices can help manage it?

That conversation was part of the recent Cross-Industry Compliance Leadership Summit that Deloitte hosted at Deloitte University. At the event, which gathered risk and compliance leaders from industries like health care, entertainment, financial services, consumer products, and retail, I moderated a discussion about the challenge of managing third-party risk. Because companies in different industries use and relate to vendors in different ways, there were a variety of stories. But a few common leading practices stood out.

Continue reading “Your vendor’s keeper–managing compliance risks in the extended enterprise”

Compliance risk management starts at the top, but depends on the front line

Low-angle view of hospital sign

Compliance would be easy—well, easier—if the Chief Compliance Officer controlled all of the business processes that create compliance risks for the organization.

In the real world, the decisions and actions that add up to compliance happen all over the organization. Business leaders make decisions while balancing multiple concerns and competing objectives. It isn’t a surprise to any seasoned CCO that compliance isn’t always the top priority. As a result, it’s up to the CCO to understand the business and to exert influence over those decisions that drive critical compliance risks. And if that isn’t hard enough, CCOs also need effective processes to identify and measure those risks on an ongoing, real-time basis.

Continue reading “Compliance risk management starts at the top, but depends on the front line”

Compliance executives say globalization amplifies regulatory challenges–and agree local knowledge and communication are keys to overcoming them

Low-angle view of hospital sign

Globalization has opened more business opportunities around the world, but the pace and rigor of regulatory oversight and enforcement are rising as well, and regulators are cooperating more across international lines. For a company that operates in more than one jurisdiction, the risk of unintentional and even irreconcilable conflict is a natural consequence, and the resulting environment can affect the way people go about their business. To cope, companies should find ways to adapt global goals to local specifics.

That was a key takeaway from a great exchange of views I was privileged to moderate at the recent Cross-Industry Compliance Leadership Summit at Deloitte University. Compliance chiefs from financial services, life sciences, health care, consumer products, entertainment, communication, natural resource extraction, retail, and other industries gathered to compare their experiences and insights. In our own spheres, global regulation is a topic we address every day. But sharing views among different industries was a refreshing opportunity.

Continue reading “Compliance executives say globalization amplifies regulatory challenges–and agree local knowledge and communication are keys to overcoming them”

Compliance on the brink: Harnessing Big data to the risk challenge

Harnessing Big data to the risk challenge

Posted by Rob Biskup and Maureen Mohlenkamp on August 17, 2015.

At the annual Compliance Week conference earlier this year, Deloitte’s status as a sponsor and presenter put it in the center of some compelling conversations. Across the discipline, there’s a growing consensus that Chief Compliance Officers (CCOs) are moving out from behind their general counsels and taking their own seats at the big table.

The question now is what they’ll do there. Part of the challenge is to help connect compliance officers with internal control and technology solutions. But the corresponding challenge is to make strategic sense of what those solutions can deliver and prioritize accordingly. Another challenge is for CCOs to engage broadly across the enterprise on these solutions, so compliance can make the same robust use of big data that leaders in other areas have done.

Continue reading “Compliance on the brink: Harnessing Big data to the risk challenge”