Ten takeaways from Compliance Week 2023

The event, held for its 18th year in Washington, D.C., attracted nearly 500 compliance, risk, ethics, and legal professionals for three days of learning, networking, and benchmarking best practices. Attendees had the chance to hear from and question officials from multiple U.S. government agencies, including the Department of Justice (DOJ), Bureau of Industry and Security (BIS), Office of Foreign Assets Control (OFAC), and Customs and Border Protection.

Below are 10 highlights from the conference:

1. Top-of-mind compliance challenges: AI, off-channel comms

The momentum of technological change brought about by the launch of ChatGPT in November was a popular topic of discussion throughout the event as compliance officers seek to tread carefully in moving forward with such capabilities.

Generative artificial intelligence (AI) has the potential to be as game-changing for business and society as the internet, but with it comes pressing risks that remain to be addressed. As part of a Day 2 compliance leadership panel, two of the four participants said AI is the No. 1 thing keeping them up at night.

“Compliance and ethics need to have that balanced side of, ‘It is amazing, it does work, but what are the pitfalls that can come from it?’” said Nigel Benstead, chief compliance and ethics officer, AMESA and APAC, at PepsiCo.

Another area to receive significant attention was employee use of off-channel communications for conducting business. Changes to the DOJ’s Evaluation of Corporate Compliance Programs guidance stating the agency will consider how policies governing messaging app use are tailored to a company’s risk profile and specific business can seem daunting from an employee monitoring perspective. Overheard in one room was a chief compliance officer promising an open bar tab to anyone who could tell them how to wrap their head around the issue.

Glenn Leon, head of the DOJ’s Fraud Section, provided some solace when he said the agency is not expecting companies to invade the privacy of their employees to ensure compliance with its guidance during his Day 2 fireside chat.

“We are not telling companies that their employees cannot use WhatsApp,” Leon said. “A small company with all its employees in the U.S. should have a different policy than a global multinational. There’s a lot of nuance to this; you can’t have one sweeping policy and expect everyone to follow it.”

2. Leon & Co. leveraging CCO experience

No secret is the DOJ’s recruitment of individuals with senior compliance experience to staff the upper ranks of its white-collar crime division.

Leon, the former chief ethics and compliance officer of Hewlett Packard Enterprise, works under Criminal Division head Kenneth Polite Jr., the former CCO of Fortune 500 electric power company Entergy. Around them are a handful of other former compliance practitioners playing key roles in the DOJ’s evaluation efforts, said Leon.

“They will sit in on all the compliance presentations. They will ask many of the questions—many times taking the lead on those series of meetings—to really evaluate how effective is [the company’s] compliance program, how good has their remediation been, should there be a monitor, and even they will give us input as to the form of the resolution,” he said.

The approach represents a double-edged sword for the compliance officers whose programs are being evaluated. On one hand, the agency officials with compliance experience know the job and what an honest effort looks like. On the other, they know when a company’s compliance approach is disingenuous and are charged with informing agency investigators on signs of the latter.

3. Data analytics as DOJ focus

Another recent recruit to the DOJ is Matt Galvin, the former global vice president of ethics and compliance at Anheuser Busch InBev. Galvin joined the agency as its first counsel on compliance and data analytics—an area the DOJ is “trying to do more with,” said Leon.

Lauren Kootman, assistant chief in the DOJ’s Fraud Section, shared her perspective as part of a Day 3 panel on data analytics to improve compliance. A sign of the relative strength or weakness of a firm’s compliance program is whether it has the same access to data analytics technology as other departments, said Kootman.

“Not every company needs to use sophisticated AI, but if you’re using it on the commercial side, you should be using it on the compliance side,” she said. “We’re looking for consistency within an organization. Are you organizing your hotline and investigations data the same way you organize your business data?”

4. Sanctions truly are the new FCPA

Continuing with the DOJ motif, David Lim, acting deputy chief for export control and sanctions in the agency’s National Security Division, spoke as part of a Day 2 panel on operating in an evolving geopolitical environment alongside senior representatives from the BIS and OFAC.

The session was closed to media, including myself.  Attendees afterward shared a key takeaway of how each agency is falling in line behind Deputy Attorney General Lisa Monaco’s proclamation that sanctions are on par with the Foreign Corrupt Practices Act (FCPA) in terms of enforcement priorities.

More than one year removed from Russia’s invasion of Ukraine, U.S. authorities aren’t backing down—OFAC and the BIS on Friday announced more than 300 additional sanctions and restrictions designed to further combat Russia’s ongoing war efforts.

5. Neuroscientist reality check resonates

The highlight of the conference for many attendees had nothing to do with regulators—or compliance, for that matter.

Neuroscientists Dr. Sahar Yousef and Lucas Miller educated practitioners on productivity and performance during their Day 1 keynote inspired by their “Becoming Superhuman” course at UC Berkeley’s Haas School of Business. The session featured practical takeaways on how to get more done in less time, with much of the advice relating to ways to decrease the influence smart phones and similar devices have on our life.

“At 8 a.m. when you’re starting your day, think about yourself at 8 p.m. and ask, ‘What do I need to accomplish today that my future self will thank me for?’” advised Miller. “… Start with the end in mind.”

6. Whistleblower candid on process results

Many think whistleblowers start with their end—perhaps a life-changing award from the Securities and Exchange Commission (SEC) or Commodity Futures Trading Commission (CFTC)—in mind. The whistleblowers will tell you otherwise.

Such was among the messages delivered by Edward Siedle, a former compliance director turned whistleblower, during his Day 3 fireside chat. Siedle emphasized how whistleblowers aren’t motivated by money—it’s integrity that drives them to pursue justice in the face of the personal adversity the process often brings.

Siedle most notably received $78 million in awards from the SEC and CFTC after blowing the whistle externally in a case against JPMorgan Chase, though he continues to work on exposing corporate malfeasance. His message to the compliance officers in the room: If you’re good at your job, be prepared to catch your company breaking the law one day.

7. Madoff author draws modern parallels

Speaking of breaking the law, few have done so on the scale of Bernie Madoff and his $64.8 billion Ponzi scheme.

The 15-year-old scandal received new play this year with a Netflix documentary informed by the writing of Jim Campbell, author of the book “Madoff Talks.” Campbell, during a Day 2 fireside chat, spoke of how alleged fraudulent misconduct that has played out at Wirecard and FTX in recent years shows how the lessons learned from Madoff’s scheme can still be relevant today.

One interesting nugget Campbell shared: He said he believes the Madoff Ponzi scheme could still be in business today had it not been for the 2008 financial crisis.

8. Lessons in training

A comment made by Kim Yapchai, former senior vice president, chief environmental, social, and governance (ESG) officer at Tenneco, during the Day 2 leadership panel struck many in the audience as simple in execution yet powerful in results.

Yapchai said she calls it “leadership training” and not “ethics training” because, “Nobody thinks they need training on ethics. It’s the person next to them (who needs ethics training).” For the practitioners that have faced this viewpoint among employees, Yapchai’s advice offers a potential solution to an age-old issue. And all it takes is changing one word.

Such is an example of my favorite part of our compliance events: Providing a forum for practitioners to share what’s worked for them in ways others can bring back to their programs.

On that note, another conference highlight was the Day 3 panel on using movies to enhance ethics and compliance training. Adam Balfour and Brian McAlhaney of Bridgestone Americas made the session interactive by having  attendees in the room pick where they sat based off their favorite film among the options provided. Of course, everybody picked the 2019 masterpiece “Cats.” (Or not).

9. Compliance as a collaborator

Multiple panel discussions spoke to the need for compliance to work with other departments at the business and the benefits collaboration can bring.

A Day 2 panel titled “Compliance and HR Walk into a Bar” featured practical tips on how compliance and human resources can build strong relationships—in addition to having an actual bar in the back of the room. Day 3 saw a presentation from Warner Bros. Discovery on how the company’s financial compliance department is working with internal audit on control testing, while another panel examined compliance’s growing role in cybersecurity and data privacy and the other players involved.

The content all tied back to what I believe to be the call to action for compliance officers this year:

10. Seizing opportunity

In delivering the conference’s opening remarks, I acknowledged the additional scrutiny compliance officers face today regarding recent policy changes at the DOJ and new responsibility areas like ESG. If it seems like compliance is under more pressure than ever before, that’s because it is.

With that pressure comes an opportunity to elevate compliance as a business priority. The prospect of CCO certifications at the DOJ can forge a partnership between compliance and the chief executive officer—who is also required to sign—while involvement in ESG efforts puts compliance at the table of an area of growing importance to the next generation of investors.

Taking advantage of these opportunities isn’t easy and might require practitioners to go out on a limb—something the industry is typically averse to doing. But perhaps the first step is attending a compliance conference and leaving feeling empowered and energized with new perspectives, connections, and purpose.

We hope to see many of you in attendance at Compliance Week 2024 with that goal in mind.