What Does Guidance Look Like in Practice?

Carrie Penman, Chief Risk & Compliance Officer | NAVEX GlobalDonald K. Stern, Esq., Managing Director of Corporate Monitoring & Consulting Services | Affiliated MonitorsTom Fox, Consultant, Author, Compliance Evangelist | Tom Fox Law

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 2

About the Presenters

Carrie Penman Chief Risk & Compliance Officer

Donald K. Stern, Esq.

NAVEX Global

Managing Director of Corporate Monitoring & Consulting Services

Affiliated Monitors

Tom FoxConsultant, Author, Compliance

Evangelist

Tom Fox Law

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 3

Agenda

• Initial Thoughts

• Risk Assessment Processes

• Role and Placement of Compliance Officer

• Metrics and Continuous Improvement

• Data and Documentation

• Third Parties and Due Diligence

• Communicating to Executives and the Board

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 4

Initial Thoughts on the Updated Guidance

• What are your biggest takeaways from the 2020 updates to the Guidance?

• What should we read into the frequency of guidance being released from regulators including DOJ and the SEC?

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 5

Risk Assessment Processes

• What enhancements do organizations need to make to their risk assessment processes as a result of the new guidance?

• How do you achieve and operationalize more timely, ongoing and robust assessments of risk?

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 6

Role and Organizational Placement of Compliance Officer

• What, if any, impact will the new guidance on “access” and “adequate resources” have on where the person with “day-to-day” responsibility should report in the organization?

• What type of access/authority do compliance practitioners need to have to be truly effective?

• What type of development and ongoing training is needed for compliance practitioners?

• Does this guidance help elevate the compliance function within organizations?

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 7

Metrics and Continuous Improvement

• Should the new guidance be used to create effectiveness metrics that can be tracked and reported?

• What metrics are necessary to inform and track continuous improvement?

• How do you prove your program is adequately resources and empowered to function?

• How do you test your internal reporting system?

• Have tactics to monitor, audit and improve changed due to COVID-19?

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 8

Data and Documentation

• What’s driving the DOJ’s additional focus on data and access to data?

• How can compliance break down siloes that hinder data access?

• What documentation needs to be tracked year over year to demonstrate continuous improvement?

• How do you document and demonstrate consistency and discipline?

• Are there risks to documenting lessons learned from compliance failures?

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 9

Third Parties and Due Diligence

• What is the impact of the new guidance on the use of third parties?

• What are the impacts to ongoing supply chain management and monitoring, especially in the wake of COVID-19?

• Have expectations changed on M&A as a result of the guidance?

Copyright NAVEX Global, Inc. All Rights Reserved. | Page 10

Communicating to Executives and the Board

• What do governing authorities (the board of directors) need to know about the guidance updates?

• What metrics should board members monitor as part of their oversight responsibilities?

© 2020 Copyright NAVEX Global, Inc. All Rights Reserved. | Page 11

Thank You!