INTERVIEW SHARON ODED
CHAIRMAN WORKING GROUP COMPLIANCE
The past year has seen multiple developments in the financial economic crime (fec) sector in terms of aggressively combatting it and raising awareness. Insurers saved over EUR 101 million by carrying out effective fraud investigations, multiple arrests for match fixing that rattled the sporting community, and rolling out and enforcing GDPR in the field of compliance. IFFC contributed to the developments in FEC through multiple projects, research and events.
Sharon Oded is Chairman for the Compliance Chamber and professor of Corporate Compliance and Enforcement at Erasmus University Rotterdam. He is a lawyer at De Brauw Blackstone Westbroek’s Regulatory and Criminal Enforcement practice, were he helps multinational corporations and financial institutes to mitigate their regulatory compliance risks and respond to corporate incidents and crises. With over 15 years' experience, Sharon contributes substantially to the world of Compliance.
Which trends did you see in the field of compliance in 2018?
2018 presented a continuation of a few important trends, which had already started several years ago. One clear trend—which is probably of the greatest importance—is the multi-jurisdictional dimension of enforcement. In a growing number of cases, corporations are subject to parallel—and in the worst cases, subsequent—investigations and enforcement actions by various regulatory authorities from different jurisdictions. The multiplicity of enforcement actions—which are often insufficiently or not at all coordinated between different authorities—often result in duplicative penalties in relation to the same misconduct. In such an environment, in many cases penalties, unfortunately, have gone way beyond what I would consider proportionate to remedying the harm and deterring future misconduct.
Additionally, in recent years—and 2018 was a clear example of that trend—enforcement authorities have focused on individual accountability. An increasing number of enforcement authorities around the world are no longer satisfied with settling a matter with the culpable organisations. Instead, they are keen to hold accountable the individuals that are responsible for the misconduct, as well as those who supported or facilitated it. Several cases in 2018 ended up with corporate executives sent to spend many months away from their loved ones. Behind bars.
Another clear trend is the increased risk of detection of corporate misconduct. In 2018 we have seen the US Securities and Exchange Commission (SEC) paying the largest ever financial reward to whistle blowers (over USD 49 million alone to two whistle blowers), thereby encouraging more and more employees to share incriminating information with the SEC. Similarly, many enforcement authorities have increased the pressure on gatekeepers, such as accountants and banks, to detect and report suspicious transactions. ING's settlement with, and EY's investigation by, the Dutch Public Prosecutor in relation to Vimpelcom's (currently VEON) suspicious transactions are clear examples of the increasing exposure of gatekeepers, which going forward may encourage such gatekeepers to better facilitate the detection of misconduct.
All of these together make compliance an important topic for corporate board and executives to handle with care and attention. From a risk management perspective, this means that multinational corporations and financial institutions are required to be much more sophisticated in dealing with their compliance risks. They need to adopt a global approach to compliance. They need to identify the unique compliance risks in the specific regions, countries and industries in which they operate, and to tailor their responses to the level of risk.
Do you see that organisations take this into account and react to it?
Certainly, yes. More and more multinational corporations and financial institutions continue building and improving their internal risk and compliance programs, adjusting them to the emerging challenges. Obviously, some organisations are in a more advanced stage of development than others, but this is only natural. Compliance programs are dynamic processes, a never-ending journey. There is no stage at which your compliance program is so comprehensive that it stops developing.
As a General Counsel or Chief Compliance Officer, you normally strive to continuously improve your organisation's program; you learn from your organisation's experience. What worked well? What could be improved? How do developments in the operation or structure of the organisation affect the risks the organisation is expected to be facing? How does the regulatory and enforcement environment affect the organisation's exposure? Based on these considerations and others, you determine the way in which your program may improve, to address those risks, taking into accounts existing constraints, such as budget and other resources.
Many organisations are busy with revisiting their compliance programs regularly. I believe that others, who haven't done that recently, will follow the same path, but there always seem to be also those who will have to get there through the hard way.
So there is more attention among organisation, but are the organisations also capable to achieve success? Do they have the ability to change their culture?
You now touch on the most burning dimension of the compliance world. Effectiveness. Are the efforts that companies exert fruitful? Do they actually influence employee behaviour with their programs? Do they reduce the risk of misconduct occurring within the organisation? These are the questions that many compliance leaders within organisations struggle with regularly. The ongoing improvement of your compliance program often leans on assessments that you perform by using tools such as compliance reviews and audits, questionnaires, interviews and experiments. Those assessments may play back to you the organisational pulse, its culture. Repeating such measurements over time allows the organisation to create its own record book, which assists in identifying the impact of the compliance program as implemented in relevant periods.
What makes a program effective? I believe the odds of compliance programs becoming effective increase with the level in which they are tailored to the organisation and the level in which they are genuinely implemented in actions. I have seen cases in which the greatest benefits of a very resourceful whistleblowing awareness campaign are washed away by a single case of retaliation against a whistle blower. I have seen cases in which the value of a flashy, well-articulated Code of Conduct is drained because the company refused to let the "rain-maker" manager go, even though the "rain" was rooted in corruption. Actions speak louder than words.
What did the IFFC Working Group Compliance achieve in 2018?
The Working Group is a very unique venue, in the sense that it brings together many professionals with diverse backgrounds, including academics, in-house professionals and external advisors–all with the joint goal of openly discussing current and upcoming compliance challenges. Last year, one important subject, which got a lot of attention, was money laundering.
Under the leadership of its former Chairman, Gert Demmink (currently the Head of Enforcement at Central Bank of United Arab Emirates), our Working Group has discussed the challenge of duplicative efforts invested in KYC (Know Your Client) exercises, conducted by various financial institutions, sometimes with respect to the very same customers. As a result of continuous discussions, the Working Group set out a proposed mechanism that relies on outsourcing part of the KYC exercise to a third-party vendor, which may use the collective resources, or part of them, to conduct a much more thorough and reliable KYC exercise. The White Paper, published by the Working Group on the IFFC website, gained from valuable input from several of the Dutch authorities, and we expect it to trigger some further discussion and possibly to support the improvement of the currently applicable system.
Sounds like a great achievement. What are the goals set out for 2019 by the Working Group?
The working Groupis very much inspired by the broader IFFC vision to promote the collaboration between the public and the private sectors and to achieve an impact in the area of financial crime prevention. For 2019, we have chosen four projects which we would like to promote. Those are topics we essentially believe are at the forefront of the minds of General Counsels and Chief Compliance Officers within global organisations.
- Money laundering – we are planning to work further, including with the Dutch regulators, on clarifying the expectations from organisations in the field of money laundering prevention. Even post-ING settlement, there are a lot of question marks to address with respect to those expectations, not only from financial institutions—but also from organisations, which are not necessarily subject to the Wwft (Wet ter voorkoming van witwassen en financieren van terrorisme), but may possibly find themselves facilitating money laundering schemes by simply not having the right policies in place to react to red flags.
- Compliance culture – the Working Group will address the challenges of moving from written policies to cultural influence. The idea of this project would be to formulate ways of measuring the effectiveness of compliance programs and their impact on the corporate culture.
- Multiplicity of stakeholders in the compliance world – in this project, we are planning to deal with, for instance, the topic of whistleblowing. We would work towards understanding: How should corporations react to whistleblowing? When should they look into reports and how? There are obviously many resources dealing with whistleblowing systems, and we thought that having a list of concrete dimensions, which General Counsel and Chief Compliance Officers would need to consider when dealing with whistleblowing reports, could be a useful, hands-on tool for in-house compliance leaders.
- Export control and economic sanctions – the project will explore ways to deal with the emerging challenges in the field of export control and economic sanctions that are of critical importance for many global organisations. The Working Group would develop practical tools, in order to assist organisations ensure their compliance with the frequently changing regimes.
Is there something that is very important for people outside the corporate world to know about this subject?
We believe that the output of the Working group discussion would be a fruitful ground for discussion with policymakers, regulators and enforcement authorities in the Netherlands and outside the country. As we have done with the KYC white paper, we are planning to continue the dialogue with the public sector and seek to promote the discussion of those important topics.
(22 January 2019)