Our recent webinar, Compliance Leadership: Essential Habits, Skills, and Traits for Success, featured Richard P. Kusserow, CEO of Strategic Management Services and Carrie Kusserow, President of Strategic Management Services. Richard Kusserow answered attendees’ post-webinar questions, which we present here. The webinar is available to watch on-demand.
1. What is the most common mistake made by Compliance Officers at Executive and Board Oversight Committees?
Many Compliance Officers want to impress leadership with all they are doing by engaging in “show and tell” presentations that are overdetailed, instead of focusing on what they absolutely need to know to meet their oversight and support obligations. It is important to provide key highlight points and be prepared to provide details when asked. Leaders have baskets full of issues and problems and little patience for a bunch of information they believe is unnecessary to their fiduciary obligations.
2. What would be a serious violation of acceptable executive behavior?
The best way to create enmity with other executives is to “blindside” or embarrass a program manager at an executive meeting by playing “gotcha” in reporting findings of compliance fault in their operation. Not only will that be offending but will not be forgotten. Others at the meeting also would be unhappy with hearing it. The overall result would be creating enmity and loss of leadership respect. The correct practice is to discuss findings with the program manager alone and work out a plan to address any issues. The report to a committee would then be that working with the program manager a compliance issue was identified and corrective measures are being taken. This has the effect of being fair to the other executive and putting the corrective action measure on record.
3. What is the best way to present or report a serious compliance finding?
Most executive leaders don’t want problems brought to the table; they want solutions. As such, don’t announce a finding of a significant compliance failure or problems. A naked announcement of this type would not be welcomed by executives who already have a full plate of problems they are addressing. They don’t expect peers to bring problems without providing what actions are or can be taken to resolve them. So, before reporting a new set of problems at a meeting, work behind the scenes to find means by which the issues can be resolved. This should include the program manager responsible for the concerned issue.
4. What general advice would you have for a Compliance Officer meeting with the Board?
Be concise and succinct in what to present. Focus on the body language of members to see if they are losing interest or not. It is better participants are looking at you than at some PowerPoint slides. When it comes to compliance most board members have short attention spans. The hour allotted to you may turn out to be only 15-30 minutes. Give highlights and leave details by responding to any questions or requests for clarification. For requesting a decision, provide the most important reasons for why it is needed.
5. What is the best strategy when you have been with the organization in Compliance and then are promoted to Compliance Officer?
Under the best of circumstances and regardless of prior experience, it is a major challenge to assume the responsibility of Compliance Officer and meet the expectations of the leadership, board and staff. It is sound practice to immediately engage experts to conduct a compliance program effectiveness evaluation as an inventory of the status of the existing program, pending issues/problems to be addressed, and gaps or weaknesses needing attention. This would be, in effect, a due diligence review of what the Compliance Officer will be assuming.
This would identify existing flaws, weaknesses, and risks, while providing a road map of what needs to be done to ensure the program is on the right track. Doing this is consistent with OIG Compliance Program guidance that states “…[A]n effective compliance program should … incorporate periodic reviews of whether the program’s compliance elements have been satisfied”. It is far better for outside experts to evidence the status of the compliance program, at the time of being provided the position, and leave the Compliance Officer to focus on solutions. The best move, if possible, is negotiating having such a review as a condition of accepting the position. There are many benefits to taking this step.”
- Results have higher level of credibility in results, than if done internally
- Evidences program status and progress, as called for by OIG and DOJ
- Identifies gaps and weaknesses warranting attention
- “Flags” past mistakes, problems, and issues
- Addresses adequacy of budgetary resources
- Helps evaluate staff competence
- Provides feedback on compliance attitudes/perceptions of leaders, managers & staff
- Assesses level of past support by leadership
- Defines relationship with other functions (e.g., legal, HR, finance, etc.)
- Warns of potential “land mines” of hot issues with management
- Cites past mistakes and their consequences
- Provides recommendations/suggestions as an action “road map”
- Gives added force and authority to actions to be taken
- Results provide solid information in reports to oversight committees
6. The OIG’s guidance is 20+ years old, how do we keep Compliance Programs fresh and implement new initiatives? Examples?
The basic compliance principles have not really changed much going back to the original US Sentencing Commission Guidelines. What has changed is the manner by which these principles have been applied over time. Both the OIG and DOJ have stated that all Compliance Programs are works in progress, never completed; and must respond to ever-changing regulatory, enforcement, and business environment.
The best way to keep the Compliance Program fresh is to have “fresh eyes” and look at your program from the outside to find evidence and report progress to date, find any weaknesses or opportunities for improvement, and perceive specific proposed action steps to enhance the effectiveness of the program. Outside parties will identify opportunities to update your program and give best practice suggestions from what they have seen work in other organizations. Both the OIG and DOJ call for such periodic independent reviews. They further expect any such evaluations should find ways to improve and enhance the program.
As a side note, recommendations by outside experts often carry a lot more weight than those promoted internally. In most cases, independent reviews produce useful evidence for improving the efficiency and effectiveness of ongoing monitoring by program managers and ongoing independent auditing. These reviews also help move the Compliance Program from focusing on output results (usually numerical) to outcome results (that usually cannot be evidenced numerically) that directly relate to program effectiveness.
7. What are your thoughts on having an annual touch base with each business owner to assess Compliance relationship?
Great idea. You don’t want to be viewed as an adversary and additional problem by other executives. One of the key principles set in the webinar was the importance of Compliance Officers extending themselves to members of executive leadership and management. Every opportunity to touch base with these people outside of the context of a specific issue is very important. Also stressed in the webinar was understanding the problems and challenges other executives must address. This will help in appreciating their perspective on compliance matters and build mutual trust. Also, building personal relationships allows for dealing with problems behind the scenes before they erupt into serious problems. The key point is to have other executives view the Compliance Officer as something other than a “cop on the beat” or someone who plays “gotcha”.
8. What is the best to deal with a difficult business owner that refuses collaboration, guidance and/or any support because they are the SME?
As the subject matter experts, they bear the responsibility and ownership of ongoing compliance monitoring. This includes identifying those compliance risk areas that affect their areas of responsibility, developing and implementing written guidance (internal controls, policies, and procedures) for addressing those risk areas, and training their staff on following that written guidance; and monitoring staff to ensure they are following that guidance. Ask the owner to provide information on how this responsibility is being met. Doing that is ongoing auditing.
Any failures in meeting the ongoing monitoring responsibilities will result in the owner(s) also owning compliance failures and liabilities. The selling point for the Compliance Officer is to help them meet their fiduciary obligations and to protect them against any potential liability for failing in accomplishing that. If there is total resistance to this, having an outside expert consulting firm with a high degree of credibility conduct an independent compliance program evaluation may help sell the message.
If all this fails, the Compliance Officer might consider looking elsewhere for a better position, rather than risk the organization coming into conflict with enforcement agencies; and that would not only not be good for the ownership, but it would also reflect negatively on the Compliance Officer. After all, it is a seller’s market right now for compliance officers.
9. When it comes to sharing FWA investigation information with other executives, how much do you recommend we share?
For active investigations of potential wrongdoing, it is a best practice to provide information only on a “need to know” basis. They should know only that the matter is being investigated and the results will be provided at its conclusion. Providing executives or board members with raw information could result in very serious consequences. First, there is the question of confidentiality. Review your policies on this subject. Secondly, having unsubstantiated information circulated could negatively impact the investigation. Third, circulation of raw information suggesting a person may have committed a wrongdoing that proves false could result in a legal action by the party in question. There are many other reasons and supporting information for not disclosing any details of an investigation in progress. I can provide a litany of horror stories where raw information was improperly disclosed. In fact, this could be a topic for an entire webinar.