Proprietary + confidential LearnShare & Open Compliance and Ethics Group (OCEG) Scott L. Mitchell President, OCEG [email protected] Carole Switzer General

proprietary + confidential

LearnShare &Open Compliance and Ethics Group (OCEG)

Scott L. MitchellPresident, [email protected]

Carole SwitzerGeneral Counsel, [email protected]

oceg proprietary + confidential 2

OCEG Team

WSJ Quote

“…the whole board should consider joining an organization like the Open Compliance and Ethics Group (OCEG)…”

AIG / National Union Akin Gump, Strauss Hauer and

Feld LLP* American Bar Association (ABA) American Corporate Counsel

Association (ACCA) American Society of Corporate

Secretaries (ASCS) Bryan Cave, LLP * Chubb Corpedia Education Corporate Integrity Services * Center for Applied Business

Ethics * Debevoise & Plimpton Dechert LLP * Deloitte & Touche doubleDrum, LLC DuPont de Nemours Ernst & Young EthicsPoint * Ethics Resource Center Frank B. Friedman and

Associates * Foley Hoag LLP *

Gilbert and Associates * Goodwin Procter, LLP Gulf / Travelers Insurance Harris, Wiltshire & Grannis, LLP Holland & Knight, LLP * Institute of Internal Auditors

(IIA) KPMG Kaye Scholer, LLP * Latham & Watkins, LLP * Marsh, Inc. Mathews and Green, LLC McKenna Long & Aldridge,

LLP* Orrick Herrington and Sutcliffe,

LLP * Practising Law Institute (PLI) Professional Liability

Underwriting Society (PLUS) Proskauer Rose, LLP * PwC Winstead Sechrest & Minick,

LLP

100+ individuals

representing

50+ organizations


Drivers

Compliance is Required Laws, rules and regulations SOX / SEC instructions

Compliance is Expensive Legislation is increasing Laws, rules and regulations are changing Laws are often confusing / contradictory “Compliance” is not core…and usually inefficient

Non-Compliance is More Expensive Investor confidence is diminished Litigation is expensive and abundant Insurance rates are increasing Reputations are suffering

Data

• $20b agency costs• $850b organizational costs• $200b - $565b lost due to “white

collar” crime• $??b in litigation / penalties / fees

Sources: Hon. Doug Ose (Ohio), Federal Sentencing Guidelines


Compliance

compliance and ethics program

ethics

go

vern

ance

fin

anci

al a

ssu

ran

ce

emp

loym

ent

envi

ron

men

tal

info

rmat

ion

pri

vacy

inte

llec

tual

pro

per

ty

inte

rnat

ion

al

pro

du

ct q

ual

ity

/ sa

fety

com

pet

itiv

e p

ract

ices

go

vern

men

t (U

S)

DO

MA

INS

PR

OG

RA

M


Program – Who Sets the Standard?

No “standard” Legal Guidance

Federal Sentencing Guidelines Sarbanes-Oxley / SEC Instructions Case Law

Business Guidance Business process management Quality management Best practices Listing requirements

Other Ethics


Domains – Who Sets the Standard?

Various


Common Domains / Topics

ETHICS (Sarbanes, SEC) CODE OF CONDUCT CONFLICT OF INTEREST

GOVERNANCE (SEC, Exchanges, etc.) BOARD RESPONSIBILITIES/STRUCTURE/CONTROL

EMPLOYMENT (Labor, OIG) WAGE AND HOUR DISCRIMINATION EMPLOYEE HEALTH AND LEAVE RIGHTS WRONGFUL TERMINATION/RIFS WORKPLACE VIOLENCE EMPLOYEE INFORMATION AFFIRMATIVE ACTION INDEPENDENT CONTRACTORS HARASSMENT SUBSTANCE ABUSE

FINANCIAL ASSURANCE (SEC, IRS, AICPA, etc.)

INSIDER TRANSACTIONS MONEY LAUNDERING REVENUE/EXPENSE RECOGNITION REPORTING

COMPETITIVE PRACTICES (Div. of Antitrust)

ADVERTISING/MARKETING/TELEMARKETING ANTITRUST/PRICEFIXING

ENVIRONMENTAL (EPA, mostly State Law) ENVIRONMENTAL MANAGEMENT HAZARDOUS MATERIAL MANAGEMENT REPORTING

INFORMATION PRIVACY (DOJ, SEC) PRIVACY LAWS AND REGULATIONS DOCUMENT RETENTION AND DESTRUCTION INFORMATION SECURITY

INTELLECTUAL PROPERTY (DOJ, USPTO)

CONFIDENTIALITY AND TRADE SECRETS COPYRIGHT TRADEMARKS PATENTS

GOVERNMENT (Procurement) GOVERNMENT CONTRACTS LOBBYING/POLITICAL ACTIVITY

INTERNATIONAL TRANSACTIONS (SEC, DOC, ITC, etc.)

ANTI-BOYCOTT CONTROLS ECONOMIC SANCTIONS EXPORT/IMPORT CONTROLS FOREIGN NEGOTIATIONS/SALES

PRODUCT QUALITY/SAFETY (FDA)


Basis of Laws / Rules

ETHICS

LAWS

“Letter of the Law”“Must Do”

PRINCIPLES

“Spirit of the Law”“Should Do”


Laws Require

procedure (what a person needs to DO)

policy (what needs to be DECLARED / ENFORCED)

organization (how people need to be ORGANIZED)

disclosure (what needs to be DISCLOSED – internally or externally)

typ

ica

lly s

peci

fy

knowledge (what a person needs to KNOW)

rare

ly s

peci

fy


Sarbanes / Oxley / SEC Instructions

Section 301 requires a channel of communication be available for reporting anomalies – and for whistleblower protection (sections 1107 and 806).

Section 302 requires certification of “internal controls” SEC proposals introduce the notion of “disclosure controls”

Section 406 requires disclosure of a code of ethics (conduct) for senior financial officers. The exchanges have extended this to ALL employees.

Section 409 requires real-time disclosure of material events – including non-compliance issues

Criminal and civil penalties significantly increased: 802 & 1102: recordkeeping; 807: securities fraud; 1106: strengthens securities

exchange act; 902: conspiracies to commit fraud; 904: ERISA

proprietary + confidential

Open Compliance and Ethics Group (OCEG)How does a company ensure compliance?


Program Drivers

business

(risk management,

business process, etc.)

law

“letter of the law”

(federal sentencing guidelines,

specific compliance

domains, etc.)

Compliance and EthicsProgram

ethics

“spirit of the law”


Compliance

compliance and ethics program

ethics

go

vern

ance

fin

anci

al a

ssu

ran

ce

emp

loym

ent

envi

ron

men

tal

info

rmat

ion

pri

vacy

inte

llec

tual

pro

per

ty

inte

rnat

ion

al

pro

du

ct q

ual

ity

/ sa

fety

com

pet

itiv

e p

ract

ices

go

vern

men

t (U

S)

DO

MA

INS

PR

OG

RA

M


Control Types

procedure (what a person needs to DO)

policy (what needs to be DECLARED / ENFORCED)

organization (how people need to be ORGANIZED)

disclosure (what needs to be DISCLOSED – internally or externally)

cont

rol t

ype

s

knowledge (what a person needs to KNOW)


Stakeholders

“Implementers”(Internal)

“Evaluators”(External)

“Helpers”(Solution Providers)

“Watchers”(Government + Media)

• Organizations that implement and operate processes to manage legal and regulatory compliance risk.

• Consultants• Lawyers• Education Providers• Auditors (non-audit services)

• Investors• Underwriters

• Insurance• Debt

• Rating Agencies• Auditors


Ethics

ETHICS

LAWS

“Letter of the Law”“Must Do”

PRINCIPLES

“Spirit of the Law”“Should Do”


Capability Phases

elaboration inception construction operation evaluation

• establish organizational goals and objectives

• obtain commitment from senior executives

• plan program requirements

• as is / to be / gap analysis

• detail design and build program

• roll-out program

• Identify specific laws, rules, and regulations that apply to organization

• design and implement controls to comply with letter and spirit of the law

• monitor and analyze compliance controls

• report

• manage issues / problems

• evaluate overall program

• internal audit• external audit

optimization


Operation


optimization

record management

issue management

identification design +implementation monitoring

reporting

• audit committee

• disclosure committee

• qualified legal compliance committee (QLCC)


Operation


optimization

record management

issue management

identification design +implementation monitoring

reporting

monitor

discover

review

investigate

resolve


Levels

Red

uctio

n of

Ris

k

Level

1 2 3 4 5

minimumpractices

bestpractices

sustainedworld-class

performance


Key Messages

Compliance and related education is a board-level concern SOX / SEC Listing requirements Insurance / Investment requirements

Real opportunity to help drive tangible and far-reaching benefits

Real opportunity to “get on the radar”

Documents

Proprietary + confidential LearnShare & Open Compliance and Ethics Group (OCEG) Scott L. Mitchell President, OCEG [email protected] Carole Switzer General