Compliance and Ethics: Ideas & Answers. Edition 41
Dear friends,
Welcome to the 41st edition of Compliance and Ethics: Ideas & Answers!
In today's edition, I start with a look at ISO 37001 on antibribery management systems followed by an interesting piece from Rebecca Walker on Chief Compliance and Ethics Officers reporting and independence. I close out today's edition with a look at the fantastic book, Your Year as a Wildly Effective Compliance Officer, by Kristy Grant-Hart.
And as always, there's more content on our website so please do?visit us there?to read our other articles.
Thank you, Joe.
ISO 37001 on antibribery management systems – How important is it?
by Joe Murphy
The International Standards Organization (“ISO”), which issues thousands of standards on a myriad of subjects, decided years ago to issue a standard for anticorruption compliance programs. ISO consists of member organizations around the world. In this case, it was the UK’s ISO organization that first developed a standard. This was taken up by the international organization, which produced ISO 37001, on antibribery management systems. In the ISO world, if a standard ends with a zero it is simply advisory. If it ends with a one then organizations can be officially certified as meeting the standard.
ISO 37001 has been quite controversial, with some strong views opposed to the project and the end product. Some have hailed it as a tremendous step forward in fighting corruption and calling for companies to pursue the certification. Others have denounced it as meaningless and something intended as a mere revenue source for consultants. In the US commentators have asserted that ISO verification will not get a company credit from the DOJ or SEC.
ISO 37001 – a flawed compliance experiment
In my own case I researched ISO 37001 and its history and issued a detailed analysis. Joseph E. Murphy, The ISO 37001 anti-corruption compliance program standard: What’s good, what’s bad, and why it matters (2019)
I found there was good and bad in the standard and in the way it would be applied. I viewed the current version as terribly written and with significant flaws in the certification process. However, unlike some critics I was not ready to write it off. I believed the writing could be vastly improved and the certification process revised to substantially increase its credibility. This is all spelled out in my white paper.
So what has transpired since the standard was published? Has it mattered to enforcers and regulators? Have there been any cases where it made a difference? In my experience until recently there was a startling absence of any news. Were there no cases where a company asserted that its ISO 37001 certification mattered? Had any government agency actually ruled or commented on a company program that had ISO 37001 certification? I had neither heard nor seen anything on this point. A post I put on LinkedIn asking about any cases received no responses.
领英推荐
Chief Compliance and Ethics Officer Reporting: What Matters Most to Independence?
In our years of assessing compliance and ethics (C&E) programs, my partner Jeff Kaplan and I have pinpointed several key attributes that we consider essential to an effective program, including independence, authority, reach, access, and resources. Each of these properties is, in our view, necessary to an effective program, but independence is particularly critical to efficacy. (Perhaps on par with authority, although we save that topic for another day.) Independence is crucial to performing some of the primary functions of a C&E program, such as accurately assessing risks (including with respect to risks created by senior leaders) and conducting impartial investigations of suspected misconduct.
Reporting Relationships
A significant factor in determining the level of independence of the C&E function is the reporting relationships within the organization. In other words, to whom does the Chief Ethics & Compliance Officer (CECO) administratively report?
The debate over whether the Chief Ethics and Compliance Officer (CECO) should report to the General Counsel (GC) has long been a point of contention in the compliance field. The survey data on this question is all over the map, with the Association of Corporate Counsel claiming that nearly three-quarters of compliance functions reside in the legal department, while Navex’s 2022 Definitive Risk & Compliance Benchmark Report puts the number at less than a third. Regardless of what the actual number is, the surveys consistently show that C&E within the legal department is the most prevalent organizational structure for C&E departments.
Your Year as a Wildly Effective Compliance Officer
by Joe Murphy
The first time I saw Kristy Grant-Hart she was doing a presentation for SCCE in London.? She instantly confirmed my belief that people new to the field can have lessons for those of us with decades of experience.? She put on a show about magic compliance dust and then brought the audience to reality by breaking the news that there is no such magic dust.?
But while there is no such dust, there is a path to both personal and career development in compliance and ethics, and Kristy has dedicated herself to being a guide.??
I had the opportunity to write the foreword for Kristy’s first book – a work that I found very impressive.? Later, when I was looking for a topic for an upcoming SCCE program, I thought of Kristy as one who shared the experience of being an entrepreneur and would be interested in presenting on that topic.? We brought in our mutual friend Kirsten Liston and stepped the project up to include writing a book about being an entrepreneur in our field.? (The Compliance Entrepreneur’s Handbook: Tools, Tips, and Tactics to Find Your Killer Idea and Create Success on Your Own Terms (Brentham House Publishing, 2021)?
Now Kristy’s new book provides a detailed, how to guide to career advancement and personal growth in the compliance and ethics field (although anyone in any field could find good growth opportunities in her book.)
Kristy divides the year into quarters and months, setting up different areas of focus for each time period.? The book includes a user-friendly guide and monitoring sections.? Also extremely helpful is hearing about both her successes and her down periods.? I find it easier to learn from humans than from superheroes who never err.
I hope you found today's journal valuable and, if you would like more analysis and insight?please visit and bookmark our website.
Philosopher || Intelligent Design Theorist
12 个月My two favorite concepts! Joe Murphy, CCEP
CEO of Spark Compliance Consulting/Compliance Competitor, Author, Speaker, Board Member, former CCO
1 年Thanks so much for highlighting the book Joe! You're so fantastic. I appreciate all of the thought leadership you bring to the compliance community.