8 Panels, 7 Keynotes and a Head Full of Ideas: Compliance Week 2014

logo-cw2014I am just returning from Compliance Week’s 2014 conference, held in Washington DC this past Monday through Wednesday.  I’m leaving with a new tote bag, a t-shirt, 36 pages of notes taken during the sessions and a head bursting with ideas that I want to share with all of you.  I participated in CW 2014 strictly as an attendee, to learn from the best in class compliance officers.  8 breakout session panels, 7 key note addresses and a whirlwind of conversations later – I’m happy to report that I accomplished that mission.

While there are some specific topics that we’ll dig into deeper in the coming weeks (after I’ve had a chance to digest those 36 pages of notes), I wanted to provide a couple of highlights in time for our May newsletter!

Cyber Security is a Hot Topic

For many compliance executives, it doesn’t feel like cyber security should belong in the compliance department’s realm.  Alan Brill, Senior Managing Director at Kroll, agrees that the domain of cyber security is unclear, but stresses that it is a compliance issue.  He suggests that compliance teams and IT security teams partner more closely in this age of “everything cyber” to put compliance tools in the hands of the IT resources who need them.

One very practical suggestion made by Mr. Brill was to partner with IT to issue employee communications about good data security practices, using the compliance mindset to provide guidance and understanding of why the topic should be taken seriously.  (The example used was the number of employees who likely have a personal DropBox account, where they store work in progress to be accessible from multiple locations.)

My takeaway: How can we help organizations to push their compliance processes-controls, testing, reporting, employee communication-to the IT security side?  In some cases we already work with both financial compliance and IT compliance, but where we don’t, can we help to foster more coordination?

Third Party Risk Management is Critical

It is surprising, to be honest, how many organizations are still underestimating the exposure they face due to third parties.  The actions of suppliers, partners, contractors and sometimes even customers can bring risk onto your organization.  The need for effective – and efficient – third party risk management and due diligence was a key theme through many Compliance Week 2014 sessions.

How to do third party due diligence and risk management in a reasonable, cost-effective and resource-efficient way was a matter of much discussion – both during panel events and in the hallways over breaks.  Panel experts stressed the need to push the due diligence process down to the business units and owners of the third parties, while having compliance oversight – and audits – to make sure the process is working.

My takeaway: policyIQ can help organizations to build a 3rd party due diligence process.  Over the next couple of months, we should illustrate more specifically so that our clients can see the process in action in a practical – and cost-effective – way.

Compliance Should Be Embedded in the Business

This theme ran through virtually every session at the conference – and while it is definitely a desire of most attendees, there did seem to be some skepticism about how to accomplish it.

One session specifically focused on “Tone at the Middle”, taking the common idea of “Tone at the Top” to a new level.  It is the middle-managers that are closer to the majority of the workforce, and the commitment to compliance and ethical conduct at this level can be even more critical.  (Of course, it is clear that “Tone at the Top” is critical to THIS level of commitment.)  The idea boils down to the concept that if you have an ethical environment that is committed to compliance, compliance shouldn’t feel like a hurdle that has to be overcome.

The other side to this coin is the concept that in the ideal world, compliance can be seen as a revenue positive activity.  Compliance departments can work within the business to identify opportunities for process improvement – in line with compliance initiatives.  Risk management and issue management can also be viewed within a revenue-positive light.

Practical advice on this subject was a bit thin, however it is clear that everyone wants compliance to be seen as a positive force, rather than a revenue-restriction.

My takeaway: How can we talk about processes like risk management and issue management in revenue-positive language?  Consider ways to identify opportunities rather than issues.

So much more…

I have notes on issue management, creating a positive “speak up” culture, ideal issue escalation processes, risk-focused issue management, suggestions for creating better relationships with regulators, and much more.  Stay tuned for more notes and ideas!  If you have a specific question or if you are curious about a specific area, don’t hesitate to reach out to us.

This entry was posted in Best Practices, Business Lessons, Industry News and tagged , , , , , by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

2 thoughts on “8 Panels, 7 Keynotes and a Head Full of Ideas: Compliance Week 2014

  1. Pingback: Third Party Risk – Are you doing your due diligence? | policyIQ Blog

  2. Pingback: Third Party Risk and Compliance: Screen potential partners effectively with policyIQ Forms | policyIQ Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s