Search results for: "owns the risk"
‘Owning the Risk’ and Compliance
Compliance officers and regulators alike always love to say “the business owns the risk” — and we all know that here in the real world, those words often fall short of reality. I recently had a conversation with a compliance officer friend that reminded me just how widespread that shortcoming is. With his permission, I…
Read MoreOn Compliance Officers Certifying Their Programs
Folks, we need to talk about the Justice Department’s new idea to have chief compliance officers certify at the end of a deferred-prosecution agreement that their company’s compliance program is reasonably designed and effective. I am a fan of the Justice Department and strong compliance programs — but can something like this really work in…
Read MoreNew Report on Third-Party Risk
Navex Global released its newest survey of third-party risk management on Thursday, a report full of statistics that’s well worth reading if you’re a compliance officer trying to benchmark your own program against what other companies do. More than anything else, the numbers in the report tell me that companies’ approach to third-party risk is…
Read MoreUseful Practices for Compliance Committees
Chief compliance officers tend to serve on lots of committees: a compliance risk committee, investigation committees, emerging risk task forces, and so forth. As one compliance officer told me, “I live for the conference table.” So today let’s look at some wise practices for managing committees. Lately I’ve been reading Passion for Leadership by former…
Read MoreAutomation of Third-Party Due Diligence: Before Starting
So there we were, me and a fellow compliance enthusiast, talking about automation of third-party risk management. This is the sort of conversation you have when you’re me. Automating portions of your third-party risk management is a great idea. After all, large corporations are awash in third parties these days. According to the 2016 Kroll…
Read MoreCan We Calm Down Over CCO Liability?
Thank the lord! Yesterday the SEC fined an investment advisory firm and one of its senior managers for failure to prevent insider trading—and did not fault the firm’s chief compliance officer. Now maybe we can all, finally, step back from the fears over CCO liability that have gripped this profession too much. The firm in question…
Read MoreCompliance Lessons: Credit Suisse vs. Wells Fargo
One big lesson for compliance and audit executives this year will be the risks that swirl around compensation and incentives. Wells Fargo will be Exhibit A in that discussion, and rightly so. Still, the more I look at the SEC’s enforcement action against Credit Suisse last week, where it fined the bank $90 million for…
Read More