THANK YOU FOR SUBSCRIBING
By Based On An Interview With Campbell Clark, Vice President, Legal And Compliance, Asia Pacific, Medtronic
Establishing a compliance cultureCritical to the success of a compliance program is the culture. No amount of expenditure on building out compliance teams and technology will compensate for a poor compliance culture in an organization. Frequently we hear about “tone from the top,” and whilst it is certainly true that if senior leadership does not set the compliance tone, it will be difficult, if not impossible, for those at lower levels of the business to create the “right” culture. Equally, however, all employees at all levels have responsibility for compliance. “Walk the talk” We are now hearing more about compliance risks than ever before. Businesses are promoting their culture of ethics and integrity as a selling point to employees, potential employees, and external stakeholders. It is, therefore, of utmost importance that business does what it says it will do when it promotes its culture of ethics and integrity. Employees and stakeholders will quickly call out hypocrisy when they see it and will hold leadership accountable if senior leaders are not living up to the compliance expectations that they espouse. Moreover, regulators tend to look more at what business does that what it says it does. Technology in managing compliance risks With the advent of machine learning, there are more tools than ever to enable compliance teams to monitor and manage unusual transactions. These technologies enable compliance teams to identify and diagnose outlier transactions more effectively and efficiently than ever. Deployment of these technologies is not, however, a substitute for experienced compliance professionals who, after all, must interpret the data, understand the context, and take steps to address issues identified. It follows that business counseling will form a bigger part of the compliance teams’ work; with technology, less time needs to be devoted to the more routine and time-consuming monitoring work. Responding to compliance infractions Compliance breaches occur, either through inadvertence, negligence, or intentionally wrongful conduct. And people talk. They are more connected than ever. How business investigates and then responds to a problem will be closely followed by employees, stakeholders, and regulators. This necessitates an independent and accountable investigations team that can be relied on to find the facts and to not embark on an investigation with a pre-determined outcome. Once the facts are found, it is for leadership to evaluate those, guided by their legal and compliance advisers. Leadership is then responsible for arriving at decisions that fairly attribute responsibility where it is warranted and to impose disciplinary actions on wrongdoers. Business needs to take on board “lessons learnt” and to implement strategies to avoid a recurrence. It can only do so if there are opportunities for open discussion about the problem, how it arose, and what leadership is doing to fix the problem. It follows that leadership is also responsible for implementing necessary remedial actions and ensure that the agreed actions are indeed carried out. What is the impact of social media on the compliance landscape? With an ever-increasing awareness of compliance, and the willingness of employees and stakeholders to call out concerns when they see them, the business faces a new challenge. Whilst a decade ago, concerns voiced by employees and stakeholders would likely only reach a limited audience, that has all changed with social media. Now, everyone can be an investigative reporter, and to share their concerns far and wide. This obviously poses risks for business, including a negative reputational impact. The business, therefore, needs to be clear about its compliance expectations and be ready to respond quickly and sincerely to concerns that are voiced on social media. That necessitates closely monitoring social media channels. Better still, business needs to be “out front” of potential compliance risks and be seen to be actively managing those.