By Walter E. Johnson, Compliance & Ethics Professional
walter@wejohnson.com
Today’s conference was filled with approximately 150 compliance and ethics practitioners from a variety of industries. The presentations and panel discussions ranged from implementing a skilled community to an analysis of multiple compliance program frameworks to the CO and CISO’s role in cyber-security initiatives to third party compliance.
Our day began with a presentation from Kira Fuller and Marta Benitez-Guzman of the National Security Agency (NSA). They shared their experience with building a skilled community and how compliance is incorporated into the community from program and compliance officer perspectives. Their corporate culture believes in supporting professional development for all agency employees. This is demonstrated by their documented competency levels (entry to senior level) that serves as a career map; it includes the compliance officer’s role, also. Kira and Marta’s presentation initiated the unofficial conference theme that commitment to the compliance program development is equally as important as compliance officer professional development.
Kirsten Liston (ThreatReady Resources) moderated a panel discussion that included Deborah Wheeler (Freddie Mac), Mike Newborn (Newborn Associates), and Robin Campbell (Crowell & Moring LLP). They discussed the compliance officer and chief information security officer’s role in preventing and mitigating cyber-security risks through workforce engagement. They discussed language barriers between compliance, IT, and the workforce and its contribution to preventing cyber-security risks. Mike shared that he replaced the terms “live compliance training” with “Open Houses”. The open houses had theme such as “How to protect yourself at home” and “How to protect yourself on Facebook”. This approach increased workforce participation. Robin recommended developing “to the point” policies that respond to three questions. They are:
- What is it?
- What does the organization expect employees to do?
- Who should employees contact regarding this topic?
The networking lunch offered a great time to connect with peers, meet session presenters, and engage vendors. FTI Consulting, Morehead Compliance Consultants, and Thomson Reuters were available to assist with attendees with solutions.
After the break, Michael Levin (Freddie Mac) moderated a discussion on the varying maturities of compliance programs. The panel included Michelle Beistle (Unisys), Lauren Camilli (International Relief and Development), and Karen Clapsaddle (Lockheed Martin Corporation). Two of the panel members were in a program that they identified as in the “reboot” stage while the other’s program was in the mature stage. They provided many approaches for compliance officers to improve their programs with minimal resources.
Jason Lunday (IntegrityFactor) moderated a panel discussion that included Robert Burton (Crowell & Moring LLP), Cherie Raven (BAE Systems, Inc.), and Lorie Tansey (International Business Ethics Institute). The session began with Robert reviewing the Defense Industry Initiative Principles and Federal Acquisition Regulations (FAR) Subpart 3.10. Afterwards, Cherie reviewed the Woolf Report. Lori reviewed IBEC Global Principles, OECD Good Practice Guidelines, and ISO 19600. Many notes were being taken as attendees learned that this ISO standard focuses on compliance and ethics. This session included a tremendous amount of background on the development of federal guidelines and multi-industry frameworks.
We concluded this day of learning and networking with a panel discussion on Third Party Compliance. The presenters were Rebecca Davies (The Boeing Company), Suzanne Milton (USFoods,Inc), and Amy Much (Under Armour). Each showed a brief video from their organization prior to presenting. This was an interesting approach to keeping the audience engaged. In one video, Amy asked the audience to identify the third parties in the video. Throughout the panel discussion, there were other questions that compliance and ethics practitioners must ponder. For example, “Is it ethical for a firm to hand over it’s code of conduct that was customized for it’s organizational culture instead of requiring a third party to produce its own as a business condition?” As international organizations, the panelists shared their challenges and approaches to mitigating risks with domestic and international business associates.
Once again, the Society of Corporate Compliance and Ethics (SCCE) has provided a forum for compliance and ethics practitioners to obtain information to consider implementing into our programs. It was exciting to attend my first SCCE conference and serve on the planning committee with Michael Levin, Jason Lunday, and Kira Fuller. I encourage all C&E practitioners to review these handouts in their leisure. I look forward to seeing many of you at the 15th Annual Compliance & Ethics Institute where I will be presenting with my good friend, Frank Ruelas.
[clickToTweet tweet=”Live from the Nation’s Capitol: SCCE DC Regional Conference ” quote=”Live from the Nation’s Capitol: SCCE DC Regional Conference” theme=”style3″]