‘Owning the Risk’ and Compliance

risk assessments

Compliance officers and regulators alike always love to say “the business owns the risk” — and we all know that here in the real world, those words often fall short of reality. I recently had a conversation with a compliance officer friend that reminded me just how widespread that shortcoming is. With his permission, I…

Read More

On Compliance Officers Certifying Their Programs


Folks, we need to talk about the Justice Department’s new idea to have chief compliance officers certify at the end of a deferred-prosecution agreement that their company’s compliance program is reasonably designed and effective. I am a fan of the Justice Department and strong compliance programs — but can something like this really work in…

Read More

New Report on Third-Party Risk

Navex Global released its newest survey of third-party risk management on Thursday, a report full of statistics that’s well worth reading if you’re a compliance officer trying to benchmark your own program against what other companies do. More than anything else, the numbers in the report tell me that companies’ approach to third-party risk is…

Read More

Useful Practices for Compliance Committees

compliance committee

Chief compliance officers tend to serve on lots of committees: a compliance risk committee, investigation committees, emerging risk task forces, and so forth. As one compliance officer told me, “I live for the conference table.” So today let’s look at some wise practices for managing committees. Lately I’ve been reading Passion for Leadership by former…

Read More

Automation of Third-Party Due Diligence: Before Starting

So there we were, me and a fellow compliance enthusiast, talking about automation of third-party risk management. This is the sort of conversation you have when you’re me. Automating portions of your third-party risk management is a great idea. After all, large corporations are awash in third parties these days. According to the 2016 Kroll…

Read More

Can We Calm Down Over CCO Liability?

cco liability

Thank the lord! Yesterday the SEC fined an investment advisory firm and one of its senior managers for failure to prevent insider trading—and did not fault the firm’s chief compliance officer. Now maybe we can all, finally, step back from the fears over CCO liability that have gripped this profession too much. The firm in question…

Read More

Compliance Lessons: Credit Suisse vs. Wells Fargo


One big lesson for compliance and audit executives this year will be the risks that swirl around compensation and incentives. Wells Fargo will be Exhibit A in that discussion, and rightly so. Still, the more I look at the SEC’s enforcement action against Credit Suisse last week, where it fined the bank $90 million for…

Read More