Chief Compliance Officer Valiants Verify Compliance Program Judith W. Spain, J.D. Chief Compliance Officer

Overview Compliance Background Elements of an Effective Compliance Program Valiants Verify Compliance Program Annual Compliance Risk Assessment Next Steps Questions

Compliance Background

Compliance is Not New Laws and regulations are the same; always had to comply Historically, compliance has been decentralized (silos) without Board of Trustees oversight Compliance program provides assurance to the Trustees and College management regarding institutional compliance Assists both groups fulfill their fiduciary responsibilities

Compliance Program Identify compliance risks Raise awareness of compliance risk Keep employees aware of current compliance risks Implement management controls Assist in developing policies and trainings

Elements of an Effective Compliance Program

U.S. Federal Sentencing Guidelines To have an effective compliance program, an organization must establish and maintain an organizational culture that “encourages ethical conduct and a commitment to compliance with the law.” U.S. Federal Sentencing Guidelines §8B2.1(a)(2)

Elements of an Effective Compliance Program: High level personnel who exercise effective oversight and have direct reporting authority to the governing body; Periodic compliance risk assessments; Written policies and procedures; Training and education;

Elements of an Effective Compliance Program, cont’d Lines of communication; Well-publicized disciplinary guidelines; Internal compliance monitoring; and Response to detected offenses

Valiants Verify Compliance Program

Valiants Verify is… Board of Trustees approved initiative that provides an infrastructure to facilitate on- going assurances that the College has methodologies in place to comply with laws, regulations, and policies.

Valiants Verify is NOT… An enforcement mechanism A “Big Brother” mode of “mind control”

Valiants Verify is… Commitment to: “Since Manhattanville’s inception in 1841, its founders have bequeathed its mission, vision and heritage of social responsibility: the symbiotic relationship of academic excellence and social and ethical responsibility to its faculty and students.” http://annex.mville.edu/about/social-action.html

Purpose of Valiants Verify Identify compliance risks that impact the College. Understand the potential exposures of the compliance risks and ensure we have measures in place to proactively mitigate those exposures. Foster a culture of ethics and compliance that is central to all of the institution’s operations and activities. Provide a resource to those charged with day-to-day compliance activities.

Program Structure Compliance Partners Chief Compliance Officer President’s Cabinet President Board of Trustees Audit Committee

Compliance Partners Responsible for day-to-day compliance activities (not necessarily the area VP); Develop and execute quality, effective training programs to mitigate compliance risks; Complete compliance risk self-assessment surveys; and Assist CCO in identifying level of probability and potential impact of occurrence.

Chief Compliance Officer Manage a compliance risk assessment; Rank compliance risks on probability and potential impact of occurrence; Develop an annual plan of risk areas to be addressed; Submit the compliance monitoring plan to the President’s Cabinet for approval; and Work with the Compliance Partners to develop policies and trainings, as necessary.

President’s Cabinet Assist the Chief Compliance Officer in monitoring of the University's compliance with legal and regulatory requirements; Review the College’s compliance risk assessments, identify areas of highest compliance risk, and propose activities and programs to effectively manage those risks; Seek any information it requires from College employees or external parties; and Recommend appropriate actions to the President.

President Provide tone at the top for implementation of the Valiants Verify initiative; Review recommended appropriate actions provided by the President’s Cabinet; Exercise effective and ongoing oversight of the compliance program; Approve the compliance risk mitigation plan; and Inform the Board of Trustees Audit Committee of any significant compliance issues.

Trustee Audit Committee Ensure that the proper tone for compliance and ethics is established and reinforced; Be knowledgeable about the Valiants Verify program; Exercise effective and ongoing oversight of the compliance program; and Inform the Board of any significant compliance issues.

Annual Compliance Risk Assessment

Purpose of Annual Compliance Risk Assessment To maximize the use of the College’s limited resources by directing them to the most significant compliance issues.

Risk Assessment Process Step 1: Compliance Risk Identification What are the possible compliance risks Manhattanville College faces? What issues keep us up at night? Create a compliance risk registry Utilizing existing risk registries with customization for state compliance risks

Risk Assessment Process Step 2: Compliance Partner Identification Who is responsible for the day-to-day compliance activities for identified risk? Examples of compliance risks Truth in Lending Act OSHA Consumer Credit Protection Act Examples of Compliance Partners Voter Registration – Dean of Students Title IX – VP for Student Affairs Clery Act - Director, Department of Campus Safety Financial Aid - Director of Financial Aid & Veteran's Affairs

Risk Assessment Process Step 3: Self-Assessment Survey CCO sends self-assessment surveys to identified Compliance Partners Compliance Partners provide information regarding existing and needed methodologies for compliance Policies, procedures, trainings, staffing, etc. Compliance Partners return surveys to CCO

Risk Assessment Process Step 4: Perform Risk Assessment CCO reviews the self-assessment surveys Compliance Partners and CCO together rank the likelihood of the compliance risk event happening and the potential impact of the compliance risk event

Risk Assessment Process Step 5: Develop a Monitoring Plan Developed by the CCO for the high probability and high impact compliance risks What steps must be taken to mitigate the compliance risks? What policies and/or trainings need to be developed? President’s Cabinet reviews and makes recommendations to President to approve the compliance risk monitoring plan

Risk Assessment Process Step 6: Implement the Monitoring Plan The CCO works with the Compliance Partners to implement the approved compliance risk monitoring plan.

Next Steps

TENTATIVE Timeline 2015-2016 Identification of Compliance Partners – Dec. 2015/Jan. 2016 Informational sessions with Compliance Partners – Jan./Feb./March 2016 Implementation of self-assessment survey Sent to Compliance Partners – March/April 2016

TENTATIVE Timeline 2015-2016 Self-assessment survey results CCO completes initial risk monitoring plan – May 2016 Present compliance risk monitoring plan to President’s Cabinet – June/July 2016 Implementation of compliance monitoring plan – Fall 2016

Project List Valiants Verify webpage Develop “Whom Do I Call If?” matrix Develop Compliance Calendar Conduct Compliance Awareness and Effectiveness Survey Implement policy webpage/policy review

Associations with Reference Materials NACUA: http://www.nacua.org Society for Corporate Compliance and Ethics: http://www.corporatecompliance.org Association of Corporate Counsel: http://www.acc.com/ ECOA: http://www.theecoa.org NACUBO: http://www.nacubo.org/ Higher Education Compliance Alliance: http://www.higheredcompliance.org/index.php

Questions?