proprietary + confidential LearnShare & Open Compliance and Ethics Group (OCEG) Scott L. Mitchell President, OCEG Carole Switzer General Counsel, OCEG
oceg proprietary + confidential2 OCEG Team WSJ Quote “…the whole board should consider joining an organization like the Open Compliance and Ethics Group (OCEG)…” AIG / National Union Akin Gump, Strauss Hauer and Feld LLP* American Bar Association (ABA) American Corporate Counsel Association (ACCA) American Society of Corporate Secretaries (ASCS) Bryan Cave, LLP * Chubb Corpedia Education Corporate Integrity Services * Center for Applied Business Ethics * Debevoise & Plimpton Dechert LLP * Deloitte & Touche doubleDrum, LLC DuPont de Nemours Ernst & Young EthicsPoint * Ethics Resource Center Frank B. Friedman and Associates * Foley Hoag LLP * Gilbert and Associates * Goodwin Procter, LLP Gulf / Travelers Insurance Harris, Wiltshire & Grannis, LLP Holland & Knight, LLP * Institute of Internal Auditors (IIA) KPMG Kaye Scholer, LLP * Latham & Watkins, LLP * Marsh, Inc. Mathews and Green, LLC McKenna Long & Aldridge, LLP* Orrick Herrington and Sutcliffe, LLP * Practising Law Institute (PLI) Professional Liability Underwriting Society (PLUS) Proskauer Rose, LLP * PwC Winstead Sechrest & Minick, LLP 100+ individuals representing 50+ organizations
oceg proprietary + confidential3 Drivers Compliance is Required Laws, rules and regulations SOX / SEC instructions Compliance is Expensive Legislation is increasing Laws, rules and regulations are changing Laws are often confusing / contradictory “Compliance” is not core…and usually inefficient Non-Compliance is More Expensive Investor confidence is diminished Litigation is expensive and abundant Insurance rates are increasing Reputations are suffering Data $20b agency costs $850b organizational costs $200b - $565b lost due to “white collar” crime $??b in litigation / penalties / fees Sources: Hon. Doug Ose (Ohio), Federal Sentencing Guidelines
oceg proprietary + confidential4 Compliance compliance and ethics program ethics governancefinancial assuranceemploymentenvironmentalinformation privacyintellectual propertyinternationalproduct quality / safetycompetitive practicesgovernment (US) DOMAINS PROGRAM
oceg proprietary + confidential5 Program – Who Sets the Standard? No “standard” Legal Guidance Federal Sentencing Guidelines Sarbanes-Oxley / SEC Instructions Case Law Business Guidance Business process management Quality management Best practices Listing requirements Other Ethics
oceg proprietary + confidential6 Domains – Who Sets the Standard? Various
oceg proprietary + confidential7 Common Domains / Topics ETHICS (Sarbanes, SEC) CODE OF CONDUCT CONFLICT OF INTEREST GOVERNANCE (SEC, Exchanges, etc.) BOARD RESPONSIBILITIES/STRUCTURE/CONTROL EMPLOYMENT (Labor, OIG) WAGE AND HOUR DISCRIMINATION EMPLOYEE HEALTH AND LEAVE RIGHTS WRONGFUL TERMINATION/RIFS WORKPLACE VIOLENCE EMPLOYEE INFORMATION AFFIRMATIVE ACTION INDEPENDENT CONTRACTORS HARASSMENT SUBSTANCE ABUSE FINANCIAL ASSURANCE (SEC, IRS, AICPA, etc.) INSIDER TRANSACTIONS MONEY LAUNDERING REVENUE/EXPENSE RECOGNITION REPORTING COMPETITIVE PRACTICES (Div. of Antitrust) ADVERTISING/MARKETING/TELEMARKETING ANTITRUST/PRICEFIXING ENVIRONMENTAL (EPA, mostly State Law) ENVIRONMENTAL MANAGEMENT HAZARDOUS MATERIAL MANAGEMENT REPORTING INFORMATION PRIVACY (DOJ, SEC) PRIVACY LAWS AND REGULATIONS DOCUMENT RETENTION AND DESTRUCTION INFORMATION SECURITY INTELLECTUAL PROPERTY (DOJ, USPTO) CONFIDENTIALITY AND TRADE SECRETS COPYRIGHT TRADEMARKS PATENTS GOVERNMENT (Procurement) GOVERNMENT CONTRACTS LOBBYING/POLITICAL ACTIVITY INTERNATIONAL TRANSACTIONS (SEC, DOC, ITC, etc.) ANTI-BOYCOTT CONTROLS ECONOMIC SANCTIONS EXPORT/IMPORT CONTROLS FOREIGN NEGOTIATIONS/SALES PRODUCT QUALITY/SAFETY (FDA)
oceg proprietary + confidential8 Basis of Laws / Rules ETHICS LAWS “Letter of the Law” “Must Do” PRINCIPLES “Spirit of the Law” “Should Do”
oceg proprietary + confidential9 Laws Require procedure (what a person needs to DO) policy (what needs to be DECLARED / ENFORCED) organization (how people need to be ORGANIZED) disclosure (what needs to be DISCLOSED – internally or externally) typically specify knowledge (what a person needs to KNOW) rarely specify
oceg proprietary + confidential10 Sarbanes / Oxley / SEC Instructions Section 301 requires a channel of communication be available for reporting anomalies – and for whistleblower protection (sections 1107 and 806). Section 302 requires certification of “internal controls” SEC proposals introduce the notion of “disclosure controls” Section 406 requires disclosure of a code of ethics (conduct) for senior financial officers. The exchanges have extended this to ALL employees. Section 409 requires real-time disclosure of material events – including non-compliance issues Criminal and civil penalties significantly increased: 802 & 1102: recordkeeping; 807: securities fraud; 1106: strengthens securities exchange act; 902: conspiracies to commit fraud; 904: ERISA
proprietary + confidential Open Compliance and Ethics Group (OCEG) How does a company ensure compliance?
oceg proprietary + confidential12 Program Drivers business (risk management, business process, etc.) law “letter of the law” (federal sentencing guidelines, specific compliance domains, etc.) Compliance and Ethics Program ethics “spirit of the law”
oceg proprietary + confidential13 Compliance compliance and ethics program ethics governancefinancial assuranceemploymentenvironmentalinformation privacyintellectual propertyinternationalproduct quality / safetycompetitive practicesgovernment (US) DOMAINS PROGRAM
oceg proprietary + confidential14 Control Types procedure (what a person needs to DO) policy (what needs to be DECLARED / ENFORCED) organization (how people need to be ORGANIZED) disclosure (what needs to be DISCLOSED – internally or externally) control types knowledge (what a person needs to KNOW)
oceg proprietary + confidential15 Stakeholders “Implementers” (Internal) “Evaluators” (External) “Helpers” (Solution Providers) “Watchers” (Government + Media) Organizations that implement and operate processes to manage legal and regulatory compliance risk. Consultants Lawyers Education Providers Auditors (non-audit services) Investors Underwriters Insurance Debt Rating Agencies Auditors
oceg proprietary + confidential16 Ethics ETHICS LAWS “Letter of the Law” “Must Do” PRINCIPLES “Spirit of the Law” “Should Do”
oceg proprietary + confidential17 Capability Phases elaboration inception construction operation evaluation establish organizational goals and objectives obtain commitment from senior executives plan program requirements as is / to be / gap analysis detail design and build program roll-out program Identify specific laws, rules, and regulations that apply to organization design and implement controls to comply with letter and spirit of the law monitor and analyze compliance controls report manage issues / problems evaluate overall program internal audit external audit optimization
oceg proprietary + confidential18 Operation elaboration inception construction operation evaluation optimization record management issue management identification design + implementation monitoring reporting audit committee disclosure committee qualified legal compliance committee (QLCC)
oceg proprietary + confidential19 Operation elaboration inception construction operation evaluation optimization record management issue management identification design + implementation monitoring reporting monitor discover review investigate resolve
oceg proprietary + confidential20 Levels Reduction of Risk Level minimum practices best practices sustained world-class performance
oceg proprietary + confidential21 Key Messages Compliance and related education is a board-level concern SOX / SEC Listing requirements Insurance / Investment requirements Real opportunity to help drive tangible and far-reaching benefits Real opportunity to “get on the radar”