What is the role of compliance in battling cyber risk?

Cross-Industry Compliance Leadership Summit eyes the intersection of two disciplines

“It’s called the cloud,” Deloitte & Touche LLP Principal Julie Bernard remarked. “It’s not called the vault. Keep that in mind.”

Bernard and Deloitte & Touche LLP Managing Director Susan Ameel moderated a session at Deloitte Advisory’s recent Cross-Industry Compliance Leadership Summit about the ways compliance and cyber security meet, and how the executives responsible for those areas might benefit by coordinating their efforts.

Many of the industries most subject to cyber attacks are also among the ones that have the most sophisticated regulatory and compliance obligations. Financial services, energy and utility companies, health care organizations, defense and aerospace – they all have to safeguard their own sensitive data, their customers’ information, or both.

Continue reading “What is the role of compliance in battling cyber risk?”

So be good, for goodness’ sake

Predictive technology can help employers find the roots of both personal and corporate noncompliance. Where are the ethical boundaries?

As data-gathering and analytics technologies amass more and more ability to squeeze information out of what may feel like thin air, employers face new questions about using these tools to predict and detect behavior. “Can” vs. “can’t” isn’t the only frontier. There’s also “can” vs. “should.” At least one participant in Deloitte’s Cross-Industry Compliance Leadership Summit described themselves as “slightly aghast” at the possibilities.

In addressing the summit, hosted by the Deloitte Center for Regulatory Strategy Americas, Deloitte & Touche LLP Advisory Principal John Lucker said that whatever the benefits of predictive technology, one thing organizations “shouldn’t” do is allow the perfect to be the enemy of the good.

Continue reading “So be good, for goodness’ sake”

Ethics has a strong business case, but measurement is less certain

Cross-Industry Compliance Leadership Summit explores corporate behavior

Are a “culture of ethics” and a “culture of compliance” the same thing? How does an organization build an ethical culture, and how can it measure the results?

At the recent Cross-Industry Compliance Leadership Summit hosted by the Deloitte Center for Regulatory Strategy Americas, New York University Professor Jonathan Haidt suggested there is a method corporate leaders can use to tackle these questions – and he compared notes with compliance executives who tackle them in real life every day.

Haidt is a social psychologist and author of the New York Times bestseller “The Righteous Mind.” His view is not only that there is a business case for ethics beyond “ethics for ethics’ sake,” but that large organizations can design ethical systems by working from the individual level on up. And he says the practice of measuring ethical culture is evolving.

Continue reading “Ethics has a strong business case, but measurement is less certain”

Your vendor’s keeper–managing compliance risks in the extended enterprise

Low-angle view of hospital sign

Extended enterprise risk, or third-party risk, is a significant concern at most large organizations. One compliance executive recently said that according to his organization’s regular internal surveys, third parties pose at least double the risk of any other risks they measure. Yet this is a variety of risk over which organizations tend to have less control. What practices can help manage it?

That conversation was part of the recent Cross-Industry Compliance Leadership Summit that Deloitte hosted at Deloitte University. At the event, which gathered risk and compliance leaders from industries like health care, entertainment, financial services, consumer products, and retail, I moderated a discussion about the challenge of managing third-party risk. Because companies in different industries use and relate to vendors in different ways, there were a variety of stories. But a few common leading practices stood out.

Continue reading “Your vendor’s keeper–managing compliance risks in the extended enterprise”

Compliance risk management starts at the top, but depends on the front line

Low-angle view of hospital sign

Compliance would be easy—well, easier—if the Chief Compliance Officer controlled all of the business processes that create compliance risks for the organization.

In the real world, the decisions and actions that add up to compliance happen all over the organization. Business leaders make decisions while balancing multiple concerns and competing objectives. It isn’t a surprise to any seasoned CCO that compliance isn’t always the top priority. As a result, it’s up to the CCO to understand the business and to exert influence over those decisions that drive critical compliance risks. And if that isn’t hard enough, CCOs also need effective processes to identify and measure those risks on an ongoing, real-time basis.

Continue reading “Compliance risk management starts at the top, but depends on the front line”

Compliance executives say globalization amplifies regulatory challenges–and agree local knowledge and communication are keys to overcoming them

Low-angle view of hospital sign

Globalization has opened more business opportunities around the world, but the pace and rigor of regulatory oversight and enforcement are rising as well, and regulators are cooperating more across international lines. For a company that operates in more than one jurisdiction, the risk of unintentional and even irreconcilable conflict is a natural consequence, and the resulting environment can affect the way people go about their business. To cope, companies should find ways to adapt global goals to local specifics.

That was a key takeaway from a great exchange of views I was privileged to moderate at the recent Cross-Industry Compliance Leadership Summit at Deloitte University. Compliance chiefs from financial services, life sciences, health care, consumer products, entertainment, communication, natural resource extraction, retail, and other industries gathered to compare their experiences and insights. In our own spheres, global regulation is a topic we address every day. But sharing views among different industries was a refreshing opportunity.

Continue reading “Compliance executives say globalization amplifies regulatory challenges–and agree local knowledge and communication are keys to overcoming them”

Cross-Industry Compliance Leadership Summit finds we have a lot in common


bridges

Regulation can apply to each of our industries in such specific ways—from a liquidity coverage ratio in banking to an ICD-10 code in medicine—that we may sometimes feel the very process of regulatory compliance is unique to our industries too. It isn’t, of course. Regulatory compliance is an experience we share across many ways of doing business.

On October 29, 2014 Deloitte’s Center for Regulatory Strategies invited more than 30 corporate compliance chiefs, regulators and others to use that common experience as a bridge. The Cross-Industry Compliance Leadership Summit was a day-long dive into well-earned wisdom and leading practices across not only financial services and healthcare but also energy, education, life sciences, retail, and other sectors.

Continue reading “Cross-Industry Compliance Leadership Summit finds we have a lot in common”

An ethical culture helps uphold the rules—but it doesn’t begin with them

Culture

Culture is one of those words we use a lot, but have trouble getting our hands around. At our recent Cross-Industry Compliance Leadership Summit at Deloitte University, we gave it a try. Compliance leaders from the financial services, healthcare, life sciences, consumer, energy, and other industries joined me and several of my Deloitte colleagues to discuss the challenges in culture-building that extend across disparate industries—and the common strategies as well.

The heart of the discussion focused on the notion that a culture of compliance is made up of human interactions. The right attitude can be worth more than the number of rules you promulgate. Fostering trust is a good way to earn it back. Organizations that build trusting relationships with stakeholders experience reciprocity from them.

Continue reading “An ethical culture helps uphold the rules—but it doesn’t begin with them”

To assess compliance, look beyond the rules

Culture

I recently moderated at an interactive discussion on evaluating compliance programs at Deloitte’s Cross-Industry Compliance Leadership Summit, where compliance executives from a variety of industries compared notes on the methodologies and metrics they use to measure their efforts.

“If my compliance program prevents, that’s great,” one attendee stated. “If it fails to prevent but detects, that’s okay too. Where it ultimately fails is if there’s management inaction.”

Continue reading “To assess compliance, look beyond the rules”

Building relationships with regulatory agencies

Relationshipregulatory

Posted by Peter Reynolds on February 19, 2015.

When a number of C-level compliance officers joined me recently for a discussion about their relationships with regulatory agencies, it was more than a meeting, it was an education. That’s because we had two regulators with us, and the give and take between them and among the other Compliance officers—the candor, and constructive input—could serve as a model for regulatory interactions all year round.

The occasion was Deloitte’s Cross-Industry Compliance Leadership Summit. Chief Compliance Officers from energy, healthcare, finance, retail, and other sectors all took part, as did Jim Sheehan from the New York State Attorney General’s office and Carlo di Florio, Chief Risk Officer of the Financial Industry Regulatory Authority (FINRA).

Continue reading “Building relationships with regulatory agencies”