SYDNEY ANNUAL GRC CONFERENCE DAILY NEWS GRC Daily_31st... · 2016. 10. 4. · Compliance Publishing Group Level 20, Bonham Trade Centre, 50 Bonham Strand, Sheung Wan, Hong Kong T:

DAILY NEWS18th ANNUAL GRC CONFERENCESYDNEY

News 2-3 | Features 4-13 | Quiz 15 | Schedule 16 | Weather 30⁰C

NEWS

True leaders are not shackled by compliance

Page 02 FEATURE

How to nurture a culture of ethics

Page 04 NETWORKING

Meeting peers from other industry sectors

Page 15

In yesterday’s edition of Compliance Insider Daily News, GRCI President Alf Esteban spoke excitedly about “a number of surprises”

associated with Thursday’s crisis management simulation exercise for GRC2014 delegates.

Sponsored by KPMG, the workshop saw delegates represent fictional mining company AUSDIG as a real-time crisis unfolded. Groups were asked to respond to a variety of questions prompted by the arrest in ‘Zorakistan’ of AUSDIG chairman Mr Trubble over alleged bribery. Although not yet charged, Trubble had

been in the fictional country in talks with local government about purchasing a state-owned mining company when the country’s anti-corruption authority took an interest in him.

With each delegate taking on a separate role within the company’s crisis management team, groups were challenged to find the right strategy and ‘take control’ quickly to mitigate risks as the crisis unfolded.

Responding to a question on immediate actions to take in such a scenario, delegates identified the following: obtaining all of the relevant

“How do you get to a situation where one plus one equals three?” The question was posed to GRC2014 delegates yesterday by John Bertrand, skipper of the Australia II racing yacht that won the 1983 America’s Cup. “Things need to be world class,” he said.

Just over a year ago, at the same venue as the one you are in now, Bertrand and his victorious crew celebrated the 30th anniversary of that

famous win on 27 September 1983.

Prominently displaying the ‘Boxing Kangaroo’ flag, Australia II came from 1-3 down to win 4-3 and become the first successful Cup challenger – bringing to an end a 132-year tenure (and 26 successful defences) by the New York Yacht Club.

The victory also ended a three-race losing streak for Bertrand, and his British-born financial backer

Alan Bond (they were both on losing teams in 1974, 1977 and 1980). “Bond demonstrated tremendous resilience,” said Bertrand.

And it came during a particularly challenging time for Australia. “The country was going through the recession and it needed heroes,” he said. “The celebrations in Australia were similar to the end of World War Two: it was Australia taking on the world.”

Taking control when Trubble strikes

Focus on vision and cultural values… and you too could win the America’s Cup!

www.acigrc.com www.complianceinsider.com

GRC2014

Friday, 31 October, 2014

information; identifying key stakeholders; and establishing a crisis management team.

KPMG’s Geof Mortlock mentioned that they might also want to consider preparing an action list with identified priorities. “We would suggest that’s a pretty important part of crisis management,” he said.

In a workshop debrief later in the day, Mortlock addressed the question of who should be the public face of a company during a crisis. “We would recommend keeping the powder dry for the chairman of the board,” he said. “You should only bring him or her in when you can credibly make a statement. Your chairman offers ‘gravitas’ so there’s a risk in bringing him or her in too soon. In the meantime, your head of PR has the necessary skills and contacts in the media to be effective.”

Joining Mortlock on the debrief panel in the afternoon were KMPG colleagues Anthony Mason and Dominika Zerbe. Mason discussed the challenges that social media presents to crisis management teams. “Social media is full of opportunity in a crisis situation,” he said. “Effective monitoring will inform your response teams. But it’s also a platform of influence if you formulate a strategy early.”

CONTINUED ON P2

Compliance Publishing GroupLevel 20, Bonham Trade Centre, 50 Bonham Strand, Sheung Wan, Hong KongT: +852 3185 0700F: +852 3185 0701E: [email protected]

EDITORIAL TEAMEditor in Chief: Scott LaneManaging Editor: Stephen MulrenanJournalist: Mark Agnew

Contact the Compliance Insider Daily News on +61 424 954 330

or visit us in the Speakers’ Lounge or at Booths 4 & 5 in Exhibition Hall.

PRODUCTIONProduction manager: David WestProduction designer: Pasu Ng Printers: Pegasus Print Group

ADVERTISINGPublisher: Denny Squibb M: +852 9839 1554E: [email protected]

MARKETINGMarketing Coordinator: Charlotte Smith

SUBSCRIPTIONSSubscription Officer: Christina Lai

The Compliance Insider Daily News is produced by Compliance Insider® in association with the GRCI. Printed in Sydney. The Compliance Insider Daily News is also available online at www.complianceinsider.com. © The Red Flag Group 2014. No part of this publication may be reproduced without prior written permission. Opinions expressed in the Compliance Insider Daily News do not necessarily represent those of the GRCI or any of its members.

NEWS

www.complianceinsider.comGRC2014 Friday, 31 October 201402

A leader’s ability to react quickly and effectively to a crisis situation is one of

the most important tools a company has to mitigate any resulting repercussions. Founder of ‘Hands Across the Water’ Peter Baines spoke to GRC2014 delegates yesterday about the role of a leader in such a situation. He discussed the potential danger of getting bogged down with unnecessary procedures, as he recalled his experience of working in post-tsunami Thailand.

Baines said that a leader’s decision made with integrity and honesty, but which turns out to be wrong, can be forgiven whereas not mak-ing a decision through fear of breaking policies or rules cannot. To illustrate the point, he cited the eventual replacement of Australia’s most senior police officer – who worked with him in Thailand after the Boxing Day tsunami – for not making decisions.

True leaders are not shackled by complianceWhile stressing the importance of procedure and policy, Baines told delegates how he could not simply have “turned up” in Thailand, as a member of the NSW Police, to help thousands of people and subsequently make it up as he went along. He needed a plan, a procedure and a policy to be in place.

“Having a procedure in place but remaining flexible is the key to success in a crisis,” he said. “True leaders are defined by their actions and reactions, not by their title.”

Baines describes the latter as “leadership with-out authority”. In a crisis, he adds, the person able to make decisions, irrespective of their au-thority, is the one who should be in charge of the crisis management team.

Equally important is presence, he says. A leader cannot take control of a crisis remotely. He or she needs to be visible at the event.

And even outside times of crisis, Baines says that too much compliance can stifle a company. “The best way to kill creativity is by laying on more procedures. A company cannot be crea-tive and mistake free.”

Baines established ‘Hands Across the Water’ in late 2005 to raise funds for, and awareness of, the children of Thailand who were left or-phaned by the Boxing Day tsunami.

Bertrand told delegates that the 1983 team was successful because it had world class management, technology, and people. “But we also had a set of cultural values that were rock solid. These included trust, vision, integrity, transparency of communications, and fun,” he said.

‘Trust’, according to Bertrand, means that whatever you say you’re going to do, you do. “If you stick by people then they will work with you because they believe in you,” he said. “Otherwise you get internal haemorrhaging.”

Meanwhile the ‘vision’ of the 1983 team was to try and emulate what they thought their children would achieve in 20 years’ time – which, with a bit of luck, would then make them successful. “Part of the leadership role is to set a vision,” said Bertrand. “And the ‘glue’ is the cultural values.”

Bertrand is now applying these principles to Swimming Australia, in his capacity as President, where he has set the goal of becoming number one in the world “in everything that we do” by the time of the Tokyo Olympics in 2020.

Bertrand’s keynote address included three inspiring video presentations. He left delegates with an engaging tale about an encounter with then Prime Minister Bob Hawke as he and his team prepared for the first race of the 1983 America’s Cup.

“Bob reflected great leadership in the sense that he knew how to seize the moment,” said Bertrand. “He first said to me: ‘John, call me Bob. What are you going to do?’ I responded: ‘We’ll do our best Bob,’ to which he said: ‘Bullshit John, tear the bastards apart!”

Peter Baines

CONTINUED FROM P1

John Bertrand

E ach generation is shaped by shared experiences that ultimately influence their

behaviour as they pass through different stages of the lifecycle. ‘Veterans’, or ‘Traditionalists’, were influenced by austerity and the War; ‘Baby boomers’ were shaped by the civils rights movement in the United States; ‘Generation X’ was forced to work hard just to enter a workplace over-populated by Baby boomers; while ‘Generation Y’, or ‘Millennials’, have grown up in the Internet Age … with all of the challenges that presents. In today’s Keynote Address, KPMG social commentator and demographer Bernard Salt will tell GRC2014 delegates how changing demographics creates growth opportunities

workforce is changing; we are evolving into a knowledge nation.

What one piece of advice would you give to someone who is trying to consider changing demographics in their business plan for the first time?Never look at the numbers; look at the story behind the numbers. Align your business interest to the narrative of Australian life.

Why is it important for compliance officers to understand the opportunities for growth over the next 10 years as a result of changing demographics?

say they recognise the characteristics, and they call it ‘Little Emperor Syndrome’.

When predicting the behaviour of a generation and its impact on the market in the coming decade, to what extent do you think it is possible that a generation could behave differently to that prediction?I don’t think so. ‘X’ers were labelled cynical by Douglas Coupland in 1992 when he coined the term ‘Generation X’. ‘Y’s are footloose and fancy-free, and will remain so. I suppose ‘Baby boomers’ were long haired layabout hippies in the late 1960s, and by the 1980s they were mini-me capitalists as disciples of Gordon Gekko!

Are we able to learn any lessons on the potential impact of changing demographics by reviewing those countries that have had similar demographics in the past? Or is context as important as the demographic?I do think demographics or cultural history shape a nation’s business. Perhaps the excesses of the Versailles Palace in pre-revolutionary France created luxury brand names that we associate with the French. And perhaps the pragmatic Germans from a century ago have given us the precision of German engineering.

What tourist sites would you recommend for first-time conference delegates to Sydney?I’m in Sydney every week. It’s a lovely place to visit, but Melbourne is better! I recommend every delegate leave Sydney and come to Melbourne. We play real football in Melbourne!

What provoked your interest in the study of demographics?I have always had an interest in cities and populations. It tracks back to my student days. I like numbers. I like proof.

Are you able to summarise what your talk will address?

How GRC attitudes are shaped by generational differences

Bernard Salt

There are risks associated with the social changes expected in the future. It’s not a guaranteed pathway. Some businesses will make the transition quicker and easier than others. Some might look to cut corners to survive.

When talking about the behaviours of different generations, to what extent does your analysis translate across

different cultures and countries?I have spoken about ‘Generation Y’ and its traits in China, for example. The Chinese say this is all very interesting but they don’t call their kids ‘Y’s. They

Australia is a good place to invest. We are changing from an Anglo society to a fusion culture. Baby boomers are retiring and are changing the way we look at old age. The

HOW EFFICIENT IS YOUR DUE DILIGENCE PROCESS?

With the ComplianceDesktop® Technology Platform your due diligence reports are just one click awayThe Red Flag Group helps you to build automated due

diligence processes through an integrated technology

platform that allows you to monitor and stay up to date on

any status changes of your third parties, ensuring that you

mitigate risks and protect your corporate reputation. From

one single platform, you can gather information on your

third parties, assess their compliance risk, order and store due

diligence reports, and manage the status of all third-party

interaction with your compliance programme.

To schedule a free demo or to learn more about how The Red Flag Group can help,

contact us at [email protected].

| Create | Improve | Monitor | Integrate | Train | Audit | Investigate | Educate

© 2014 The Red Flag Group. All rights reserved.

NEWS

How to nurture a culture of ethics

A culture of ethics is when the members of a company view the seriousness and significance of acting ethically. While this statement is very general, many aspects contribute to a culture of ethics such as

how managers act, what people do when they witness misconduct and what they do when they need help. Defining, shaping and evaluating a culture of ethics can be a difficult and foreboding process, but it is an important one.

A culture of ethics is not a plan in a three-ring binder or an online training course. It is not a code of conduct or a hotline poster in the break room. And it is not what the CEO thinks the culture should be.

A culture of ethics shows how people are really doing business for a company. The costs of not having a culture of ethics are real: high employee turnover, employee misconduct, fines, costly investigations (internally and by authorities), distracted employees, loss of innovation and lost time. Without a culture of ethics, employees are afraid to speak up and are pressured to cut corners to ‘just get the job

FEATURE

done’. Programmes that look good on paper may fall short if not put into action properly. A culture of ethics makes employees feel that acting ethically is the right thing to do.

HOW DOES A COMPANY CREATE A CULTURE OF ETHICS?Discussing and defining what an ethical culture should be is the first step. To achieve the goal of changing the culture for the better, a company first needs to measure it. Often the actual company culture is worse than what it appears to be. Even if compliance professionals suspect the worst when auditing and measuring the culture, there needs to

be a systematic and reliable examination. By gathering real data from a significant sample of employee opinions, you will get an accurate awareness of the culture.

CONDUCTING A CULTURE ASSESSMENTUse a questionnaire to gather dataOne of the quickest and most effective ways to conduct a culture assessment is with a questionnaire. The best type of questionnaire is one that is anonymous and is administered by a third party, as this increases the likelihood that the respondents will provide truthful answers (if the company administers the questionnaire


FEATURE

www.complianceinsider.com GRC2014 Friday, 31 October 2014 05

WOULD YOU LIKE TO SUBSCRIBE?

Please contact Denny Squibb at

[email protected]

or subscribe through our website at

www.complianceinsider.com

itself, the employees may not provide honest answers for fear of repercussions). Online questionnaires are the most cost effective.

Using an exact set of questions year after year ensures that the questionnaire is consistent and the results can be used for an ‘apples-to-apples’ comparison against the previous years’ results. Companies should also administer the questionnaire at the same time each year; people may be under more stress at certain times of the year, which can skew the results.

Examine the data to identify areas for improvementOnce a company has the results of the questionnaire, it is important that they plan improvements on a holistic level. Improvements should not be aimed at attaining more positive survey responses but at addressing the issues that are causing operational, cultural and ethical problems.

It is important to systematically measure the culture of the company on an annual basis. Using a proven and tested methodology provides more useful actionable items than simply relying on anecdotal or ‘water-cooler’ evidence. There could be a small but vocal employee population that gives the appearance of a false culture. With a detailed and thorough examination of the culture, an organisation can identify strengths and areas for improvement.

KEY AREAS TO EXPLORE DURING A CULTURE ASSESSMENTThere are myriad areas of a company’s culture that can be explored and inspected during a culture assessment. Narrowing down the topics to examine can be difficult, but there are some essential elements to study.

Programme awarenessOne of the most rudimentary topics is awareness of the programmes. Do employees know about the code of conduct that was updated last year? Are they aware of the reporting avenues available to them? Where do they go if they want to read the gifts and entertainment policy? If the employees are unsure or provide negative answers to any of these questions it is a good indication that your company does not have a culture of ethics.

CommitmentMore key aspects to examine are the pressures to commit misconduct and actual occurrences

of misconduct. It can take a good deal of bravery and effort for employees to actually pick up the phone and make a report; however, they are directly asked about witnessing any misconduct in the questionnaire, and this can uncover more data on the subject. Has an employee seen misconduct? What type of misconduct was it? Did they report it? Were they pressured to not report it? These questions can give insight into the realities that employees must deal with when speaking up, as well as the types and frequency of misconduct.

FairnessFairness is something that employees respect and it carries a lot of weight when it comes to their job. Employees can become alienated from the company if they feel that they are not being heard or, worse, if they are being held to different standards than others in the company. Questions should be asked about uniformity of discipline, promotions, standards and rewards across all levels of the company. If employees feel as though managers and executives are held to lower standards, then those senior staff might not be setting the best example.

Demographic dataTo make questionnaire data more meaningful, companies should include demographic questions such as those that concern the employee’s location, gender, tenure, department, role and business segment. With this information, it is possible to segment the data into specific groups to determine if there is a more positive culture in one location than in another. It could be that one supervisor or vice president is implementing great ideas in a location, and these ideas could be used across the entire organisation.

NEXT STEPSAfter a company has collected and analysed the results of the questionnaire, some areas for improvement will be evident. How does a company make those improvements?

Enhance your communication planAlterations to the communication plan are a good first step towards creating a culture of ethics. Many companies will discover that, while they have good documentation in place, nobody at the company is actually aware of it. A focused and deliberate marketing programme should be implemented to deal

with programme deficiencies. For example, if the culture assessment determines that employees don’t know about new policies, a communication plan should be enacted around those new policies. Communication can be sent electronically, included in regular newsletters, or delivered in team meetings, town hall meetings or training sessions. Separate from communications related to compliance and ethics programmes, employees will appreciate more transparent news from the company about any recent changes and how they will be affected by them. Even if the news is not necessarily good news, most employees will appreciate the candid communication.

Create the correct tone from the middleAnother element of change which is often brought forth as a result of a culture assessment is a modification of the tone from the top and the middle. The tone from the middle (set by employees’ direct managers and supervisors) can be one of the most important factors to affect a change of culture, if not the most important factor. Employees look to their direct managers as an example of how to act; in turn, managers should receive targeted communication and training efforts as a vehicle for change. While general audience communication programmes can be effective on some level, seeing a strong example set by middle management can be the most reputable and effective catalyst for culture change. Likewise, the tone from the top is very important. Executive and senior members of the company need to lead by example and regularly communicate with staff about the importance of creating an ethical culture and how a culture of ethics actually looks. Simply expounding on corporate values, while it has its place, can be overdone; employees want more practical guidance.

RebrandFinally, a rebranding effort can take place to liven up some of the written documents and online experiences, such as training and the compliance intranet portal. While some of the information that employees need to know might not be the most exciting, it doesn’t need to be presented to them in a legalistic and boring way. Making content more user-friendly is a way to draw employees in and help them remember the information more easily. Simplifying the tone by removing phrases such as ‘notwithstanding the foregoing …’ and ‘hereunto known as …’ and adding in some photographs goes a long way.

FEATURE


FEATURE

It is important to remember that the existing culture took quite a while to establish and, in turn, it will take a while to change. Like evolution, changes happen incrementally and big changes can take many years, but steady and consistent progress can be made.

As many companies consider undertaking a culture assessment for the first time, it is important to remember to conduct them in a way that produces valuable and actionable information. The result of the culture assessment should not be charts and graphs but rather updates and improvements to the compliance and ethics programme. Conducting a culture assessment is an effective way to gauge employees’ perceptions of the company, sources of pressure, and how employees are really getting the job done.

‘How to create an optimal workplace culture’ is a subject that will be tackled by leadership

development programme creator Philip Oude-Vrielink in one of today’s Breakout Workshop sessions. GRC2014 delegates will hear from Philip, who has created the ‘The Aware Leaders’, ‘Important Conversations’, ‘Strategic Culture’, and ‘Leading Legacy’ programmes, on: the stages of cultural maturity and cultural change; the strategic culture dynamics model; the process for identifying optimal culture; and, the factors of continuous culture regeneration.


The GRC Institute is running two prize draws at GRC2014 you won't want to miss out on!

GET SOCIAL & WIN AN APPLE IPAD MINITo give you a little extra incentive to download the GRC2014 conference app, the GRC Institute is giving away an Apple iPad mini 16GB to the delegate who posts the most creative Tweet with the hashtag #GRC2014syd during the conference.

Whether it's a conference selfie with one of our speakers or exhibitors, or a creative way you want to demonstrate

our theme #takecontrol, we'll be on the look out for the best Tweets from GRC2014 and announcing our winner during afternoon tea on Friday 31 October.

We've made it really easy for you to post directly to Twitter through our conference app.

and win!START A CONVERSATION & WIN A SET OF BOSE QC25 HEADPHONES

This year the GRC Institute is giving away a set of Bose QC25 Headphones to delegates and GRCI members who can complete the questionnaire contained in their delegate satchel bag.

The questionnaire is a fact-finding mission about the sponsors and exhibitors of GRC2014 and to obtain the answers, you’ll need

to start a conversation with each participating exhibitor. When you’re done, drop the completed questionnaire in our collection box at the Speaker’s Lounge. Only complete and 100% correct entries will be counted towards the prize draw!

M icro-managing every employee to ensure that they are nurturing a culture of compliance is not desirable, let alone feasible, for most companies. The art of communication is the most

important element in explaining to employees how to conduct business on behalf of the company, and what is in the rules for them.

The United Kingdom Bribery Act brought corporate governance to the forefront by requiring a further tightening in compliance. While relevant changes are being introduced in many companies worldwide, these companies all realise that it is not possible to police every employee to make sure they follow internal requirements.

The most effective management style is to agree on a set of firm principles and, beyond that, to trust and empower staff and let them get on with their jobs. To achieve that, the company has to instil a strong culture of compliance where employees understand

How to develop a culture of compliance

what the rules are and how to conduct business on behalf of the company. When hiring new management staff, make sure that they have the same values as the company and receive adequate induction.

“You have to start with your organisation’s values,” says Stacey Babson-Smith, Vice President and Chief Ethics and Compliance Officer of global equipment manufacturer Terex. “Spend time making sure those values are the basis of how the company wants its employees to conduct business, and that any change the company wants to implement is aligned with these values. Employees are

looking for clear guidance, and when you fail to provide that you can end up with some challenging results.”

Employees need to understand that compliance officers are there to enable them to do business within the limits of the law and not to limit opportunities.

To build up a compliance framework, compliance officers need to first get firm commitment from top management. Management support is vital for the company culture as well as for getting the adequate resources both in terms of funds and manpower. Management support is also

FEATURE


FEATURE


IS YOUR WHISTLEBLOWER PROGRAMME THE BEST IT CAN BE?

Contact us at [email protected] to find out how we can support your whistleblower programme. Let us review your whistleblower programme to ensure you get the most out of it.



Do you have a whistleblower programme or just a hotline?From tip-offs to investigation handling, companies should be

protecting themselves against risks and liabilities from poor

whistleblower management. Having a strong and robust

whistleblower programme not only ensures that issues are

raised and discovered early on, but that they are handled

and investigated appropriately.

of all cases were detected by a tip in savings when there

is an effective way of detection

faster in detection when there is an effective way of

detection

*2014 Report to the Nations of Occupational Fraud and Abuse, Association of Certified Fraud Examiners (ACFE)

Let us review your whistleblower programme in accordance with best practices

42%

50%

41%

needed for any incentives and rewards to be integrated into ethics.

When talking to the top management, you have to tailor your language to the way they think. If top management is focused on numbers, you have to communicate the benefits to the business. If they are more focused on risk, you have to show them the impact of not complying. The communication should share the benefits and be detailed, clear and specific.

Work should always start with aligning the programme with the company’s corporate strategy. A well-defined mission and the purpose of change should be clearly communicated to all those affected. Communication at this point is of utmost importance.

A vision of the results should be painted after the changes have been implemented. The picture painted should be detailed and exact, so that everybody can clearly visualise and share the objectives. Once the objectives are clear, the strategy and milestones should be outlined to show employees how to get there.

Babson-Smith believes that an organisation can never “over-communicate”. She says: “Keep the content easy to understand. Communicate what the company wants employees to do and why, and what is in it for the employees,”

She adds: “Test what you are seeking to change across different border and functions. Before a company rolls out new policies or guidance, understand how it impacts all stakeholders.”

Communication should be pitched in layman terms, with common daily examples to make sure all employees understand clearly and will remember. When working with offices in other countries, it is also important to have policies translated well, and to speak to people in their own language to ensure a complete understanding.

It is unavoidable that, at one or more points of the process, compliance officers will meet resistance. This can occur when people are worried about how changes will affect them and the way they do business, but it can also happen because they disagree with some of the steps taken. Therefore, experts advise not to dismiss them but carefully listen to their

concerns and value their expertise and input. “Know who your resisters and influencers were in the past and involve them in the process,” says Babson-Smith. “They have valuable points of view to consider and can be influential drivers of buy-in for the larger group.”

While the procedural guidelines are worked out by the compliance officer, the actual procedures, such as workflow, approvals and segregation of duties, have to be worked out at operational level, supported by good documentation.

Compliance officers cannot hold everybody’s hands in the operational workflow. Rather, give them the right level of guidance and motivation, and delegate authority, task and responsibility. Then they will feel a part of the process and get the job done with satisfaction.

It is vital to follow up with training, talk with employees about the challenges they may be facing, and provide them with solutions on how to resist or deal with the problem. Babson-Smith also advises giving employees different channels to work through problems and identify a broad range of people they can go to for guidance. At this point, mentoring and coaching can be introduced.

It is good to measure the success of training, but a quick questionnaire may not reflect an exact measurement of the depth of understanding and long-term results. It is a good sign if employees voice their opinions and give feedback. That means their interest has been aroused, they think about what they learned, and will consequently remember it for longer. Through the feedback, compliance officers and leaders of specific operations will also be able to discover a lot of imperfections and can close any gaps.

Preventive and detective controls are necessary and employees should occasionally be reminded that they are being monitored.

No system is ever perfect, and compliance officers should regularly review their programme. This extends from confirming whether the programme is still valid and meets its objectives to getting feedback from those on the ground to see how it works. Timely tweaking or improving the programme is usually necessary while follow-up training can also be useful.

Identify key influencers and ensure their buy-in.

Be absolutely clear about and communicate the mission of the change initiative.

Paint a clear picture of the end state after the change initiative has been successfully implemented.

Develop a strategy on how to implement the change.

Break your strategy down into manageable milestones.

Communicate more than you think you need to, and in easy-to-understand terms.

Recognise that change is hard; invite people to share their concerns and fears and address them.

Follow up to ensure that employees understand what they are being asked to do and that they have implemented the change. Don’t assume that change has been implemented just because it has been communicated.

Be flexible on the approach, but not on the rule.

Have a sense of humour.

TEN POINTS to help bring about change

123

4567

8

910

Learning how to create an optimal workplace culture is challenging. GRC2014 delegates are therefore fortunate to have the opportunity this afternoon to hear from leadership development programme creator Philip Oude-Vrielink in one of today’s Breakout Workshop sessions.

FEATURE


www.complianceinsider.com GRC2014 Friday, 31 October 2014

IntegraWatch® | Compliance Screening has critical data on high-risk individuals, companies and organisations, who may be engaged in illegal or non-compliant activity. So with only a few keystrokes you can comprehensively identify risk and fulfil compliance requirements against blacklists, sanctions and known people and companies that are ComplianceChallenged®. IntegraWatch® is a collection of over 1300 lists from Government and The Red Flag Group’s proprietary ComplianceChallenged®

lists. Compiled and maintained by a global team of experts, IntegraWatch® compliance screening covers people and companies

who have, or are suspected to have, been involved in illicit activities.

Contact us at [email protected] to find out how we can support your legal and sanctions programmes with

high-quality integrity analysis services, ranging from a simple check of a proposed partner’s background through

to full, ongoing integrity due diligence research into any potential compliance risk.


ARE YOU DEALING WITH SANCTIONED COMPANIES?


To keep up with constant changes to global sanctions you need access to consolidated lists of sanctioned companies and individuals

SANCTIONS COMPLIANCE

An important due diligence tool for compliance officers to prevent compliance failures is ongoing due diligence. Constant monitoring will help ensure that business partners act with integrity at all times and will allow for a timely response as and when integrity issues arise.

WHERE DOES ONGOING MONITORING STAND?With ongoing due diligence, you are a step ahead of new risks that may surface while conducting business with third parties – as third-party-related risks are monitored and identified in real time throughout the entire life of a relationship.

Due diligence monitoring focuses on a range of compliance challenges, litigation records, reputational media screening, significant

corporate registry changes and business intelligence findings.

BE ALERTWith ongoing monitoring, you receive real-time, customised notifications when a red flag arises regarding the integrity of a third party. These red flags may come up via searches of:

• sanctions lists

• watchlists, blacklists, denied parties’ lists and most wanted lists

• politically exposed persons lists

• state-owned lists

• the ComplianceChallenged® database

Such notifications highlight high and relevant risks, rather than bombard the client with less-significant information in the form of a data

dump, which could overwhelm compliance and business teams. Intelligent filters, analyses, advice and counsel are provided in real-time in any market, in any country, and in any language.

Ongoing monitoring also reveals third parties’ involvement in legal disputes, facilitating a proactive approach for managing and foreseeing reputational failures.

Compliance officers save time and effort by analysing the reputational profile of the subject company through continuous English and local language online media and database monitoring, as well as through on-the-ground business intelligence.

Ongoing due diligence ensures that compliance officers are made aware of any changes in their

M ore and more companies are hitting the headlines for compliance failures, and many of these failures involve third parties engaging in corrupt business practices on behalf of the companies. While many companies have adopted

a due diligence programme to collect information to ensure their business partners meet integrity standards, few have started actively monitoring their third parties.

Ongoing monitoring:

Being one step ahead

FEATURE


business partners’ risk and compliance status, and extends the life of one-time due diligence reports. It saves time and effort, enhancing customised advice while relevant information is flagged.

The following are some examples of when ongoing monitoring is an efficient tool to keep ahead of compliance failures:

• A client is running a standard third party due diligence programme. An initial report is completed containing no negative news affecting the business partner’s integrity; however, allegations of corruption involving a director surface in the national press a few days after the report has been delivered. Using a standard due diligence renewal process this information would not have come up until two years later, meaning that the client would have been exposed to considerable risks in that two-year period. Ongoing monitoring, on the other hand, would have allowed the client to follow how the corruption allegations

evolve and take immediate action when and where needed.

• A due diligence case details the corporate registry records of a third party and finds no concern in terms of integrity; however, the third party’s ownership structure changes a few weeks after the delivery of the report. The new shareholding structure ultimately links the business partner to a sanctioned entity, which would not have been uncovered until a new due diligence report was conducted when the contract was up for renewal two years later. With ongoing monitoring, the client would have been alerted straight away.

• Preliminary proceedings related to an intellectual property legal dispute involving a subject company were revealed through initial litigation checks. With a standard due diligence report, this is the only information that would have been obtained. Ongoing monitoring, however, would enable an

update as soon as the court’s final decision was made publicly available.

In summary, opting for ongoing monitoring will support its users in:

• identifying compliance risks early to minimise potential impact

• improving cost efficiencies throughout the due diligence process

• reducing the workload of compliance teams; and

• strengthening compliance programmes.

‘How to monitor and screen supplier/third party risks on ongoing basics’ is just one of the topics to be covered by The Red Flag Group’s Executive Chairman Scott Lane in one of today’s Breakout Workshop sessions. GRC2014 delegates will learn about best practice when identifying and selecting key suppliers, and when deciding on what level of due diligence/background checks to conduct with each supplier.

FEATURE


HOW OFTEN DO YOU CONDUCT BACKGROUND CHECKS?



INTEGRITY

GRC2014


Question: What characteristics make a good GRC professional?

Greg Ashe, director, QED CompliFast

“Compliance is useless unless it is commercially viable. You need knowledge

and diligence of the law, but tempered with commercial empathy for the people you serve.”

Heidi Dunbar Jonson, group regulatory risk officer, AMP

“Relationship skills are very important.”

Ken Cameron, director, Ken Cameron & Associates

“Thick skin, resilience and having a sense of humour.”

Roy Cottam, compliance program manager, University of Western Sydney

“A common sense approach. Being able to articulate your message

to the executives.”

Joseph Dowse, analyst, Australian Securities & Investment Commission

“You have to have integrity and good communication skills. You have to be able to stand up for what you believe in.”

Kane Patena, partner,

Meredith Connell

“The ability to adapt to challenging situations.”

Kirsten Staveley, compliance manager, Fidante Partners, Challenger

“Integrity is a core value, even in hard times.”

Dr Walter Zure, group principle governance and compliance officer, CBZ Holdings

“A questioning mind and project management skills.”

Vox Pop #GRC2014syd

Jeanette Scott @buffythelion

#GRC2014syd “management is accountable - our job is to make sure they know it”

Tim Tim @cfotim

#GRC2014syd Perfect is the enemy of good.

Eli Singer @eli_singer

Feeling inspired at #GRC2014syd

Mike Evans @MikeJohnEvans

Great conversation at the break, it’s good to talk to people of all walks of GRC life #GRC2014syd

Nicola G Grace @nicola_g_grace

#GRC2014syd Humbled by Leonard Blazeby’s talk on ICRCs proative efforts to ensure all people live in societies that respect IHL

Leonard Blazeby @LBlazebyICRC

Good take aways from interesting exercise in crisis management at #GRC2014syd

GRC2014


Win a one-year online subscription to Compliance Insider®!

Today’s quiz question:

In which city was Compliance Insider®’s first Compliance Club held?Send your answer to [email protected] by midnight tonight. Winner announced in Monday’s edition of Compliance Insider Daily News.

* The correct answer to yesterday’s quiz question was @complyinsider, and the winner is Jeanette Scott, Heart Foundation

Workshop rooms

Level 1 Level 2

Networking with peers

COMPLIANCE INSIDER®It’s Not just News - It’s Intelligence

FRIDAY 31 OCTOBER 2014

TODAY’SSCHEDULE:

0700 - 0830

0800 - 0830

0830 - 0835

0835 - 0930

0930 - 1015

1015 - 1100

1100 - 1130

1130 - 1330

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

CCP Alumni Breakfast

Conference Registration

Welcome from Chair, Martin Tolar, Managing Director, GRCI

Keynote: Opportunities for growth through changing demographics, Bernard Salt

Keynote: How has the role of risk management changed at Westpac? What lies ahead? Dirk McLiesh

CEO Perspectives on Organisational Resilience: A Research Study, Dr Robert Kay

Morning Tea

Breakout Workshops

Workshop 1 Defending your company’s honour and reputation: What role does GRC play in establishing a due diligence defence?

Lvl 2 Rm 6

Workshop 5 Strategically Relevant Culture Change: Your optimal workplace culture and how to create it

Lvl 2 Rm 4

Workshop 2 International supplier/channel partners identification and risk assessment

Lvl 2 Rm 5

Workshop 6 Risk Management Frameworks End to End

Lvl 2 Rm 2

Workshop 3 Practical Privacy Compliance: The first six months

Lvl 1 Rm 5

Workshop 7 GRC: Making it Work Lvl 2 Rm 3

Workshop 4 Organisational Resilience: Developing the Muscle

Lvl 1 Rm 6

Workshop 8 Third Party Risk and Performance Management

Lvl 1 Rm 3&4

1330 - 1430

1415 - 1500

1500 - 1545

1545 - 1615

1615 - 1700

1700 - 1715

1900 - 2330

Lunch & GRCI Graduation Ceremony

The TradeMe Story: Becoming proactively involved in consumer protection regulation, James Ryan

How the Royal Australian Navy adopted a risk led strategy, Yvonne Butler & Commander John Metzl

Afternoon Tea

Adopting a forward-looking risk driven portfolio, Brad Walters

Conference wrap-up and GRC2015 announcement, Martin Tolar

GRCI Annual Awards Dinner

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Ballroom, Level 3

Crystal Palace Luna Park

Documents

SYDNEY ANNUAL GRC CONFERENCE DAILY NEWS GRC Daily_31st... · 2016. 10. 4. · Compliance Publishing Group Level 20, Bonham Trade Centre, 50 Bonham Strand, Sheung Wan, Hong Kong T: