“So, what do you do?”  Whether at a conference, networking session, work meeting or cocktail party, this question will come up at nearly every event you attend.  Having a good answer to this question will make you more interesting and more likely to find yourself engaged in a meaningful conversation.  It will also make you more memorable, which can increase your career prospects and your network. 

The phrase “elevator speech” is used to describe the short nature of the time it should take to deliver it.  It only takes a few seconds to go from floor to floor on an elevator.  What makes a good elevator speech? 

1.     Clarity on who you are and what you do

A good elevator speech answers two questions: who are you, and what you do.  Who you are should always include your name.  When starting your elevator speech, try to avoid relying solely on your title.  Instead, try to explain what you do in the context of why you do it.  The fact that you’re a compliance manager or vice president doesn’t really tell anyone what you do. 

Your elevator speech will necessarily change depending on the environment.   For instance, at a conference, you might say, “I’m Jenny Campbell, and I work Xyzzy’s compliance and audit function in our Denver office.”  If you’re at a cocktail party where people are unlikely to work in compliance, you can try, “I’m Jenny Campbell, and I help my company to be more ethical and compliant with the law.”  If you’re at a work meeting, you could say, “I’m Jenny Campbell, and I work to make sure the company doesn’t pay bribes or get in trouble with the law through the compliance function.”  By expanding on what you do day-to-day, or what your intentions and responsibilities are, you’ll immediately be more interesting. 

2.     Succinctness…

Jean-Paul Sartre famously said that, “Hell is other people.”  For many compliance officers, hell is dealing with other people known as third-parties, and the companies they own.

Third-party management is a perennial headache.  Recently at the Compliance Week conference, on-the-ground polling found that third-party management was the greatest challenge facing compliance officers today.  Tracking metrics around third-party management is critical to seeing trends in your company, and being able to respond to movements in the business quickly.

In this blog, we’re going to explore metrics relating to third-party management.  This is Part 5 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, and training, which can be found HERE.

Too Much Information (for a change!)

Perhaps more than any other area of the seven elements of an effective compliance program, third-party metrics are usually the easiest to collect.  Most large companies have some sort of online or technology-based system that can gather data.  Even small companies managing third-parties on an Excel sheet can sort by column to find out how many third-parties they have in a certain country. 

Because of this wealth of data, choosing the right metrics relating to third-parties is critical.  Having numbers for numbers’ sake is not useful.  You must carefully answer the most fundamental question when choosing third-party-related metrics…

“I do,” say the lovers in front of friends and family.  “I now pronounce you husband and wife,” says the officiant, followed by cheering and clapping.  Marriage ceremonies happen in public.  For a marriage to be legally binding, nearly every jurisdiction requires that the ceremony is witnessed and then written down in public records.  Why?  Because commitments made in public are much stronger than those made privately.  Social science research has borne this out time and again.

To help your employees be more compliant and ethical, construct opportunities for people to pro-actively and publicly commit to compliance.  Here are three ways to allow your employees to make their commitment to compliance loudly and proudly.

Raise your hand

When we’re asked questions by a teacher, we raise our hand to show that we agree or are in alignment with the answer.  When Americans pledge allegiance to the flag or sing the National Anthem, they place their hands over their heart.  Raising your hand or making an affirmative movement sends a signal to our mind that we agree with the speaker.  Movement of this sort physically manifests our intention to say “yes.” 

When you’re performing live training, ask the group to raise their hand if they’re willing to commit to being compliant and ethical.  When you’re presenting to the leadership team, ask who intends to use the slides to cascade information on a new policy to their team.  Find ways to ask people to pro-actively raise their hand for compliance and business ethics.  The results will speak for themselves.

Write it out…

Compliance officers, it is time to rejoice, reflect and re-educate.  We should rejoice because the U.S. Department of Justice just issued a guidance document that unequivocally supports our role, especially in places where we’ve had trouble making a case with specificity (e.g., resources).  We should reflect on our programs because there are seriously high expectations for risk assessments, program evaluations, planning and tracking metrics, and integration with other functions.  And we should re-educate our leaders about the criticality of the independence of our function, requirements to fund it correctly, and to provide access to the Board and/or Audit Committee. 

The Evaluation of Corporate Compliance Programs Guidance Document (“Guidance”) is structured into questions that a prosecutor will ask to evaluate the effectiveness of the company’s compliance program – both before an incident occurs and after an incident is known.  These questions give answers – they show what the DOJ thinks is important in an effective compliance program.  Here are 10 critical musts that compliance officers need to know from the new DOJ’s Guidance.

1.     Compliance MUST be Properly Resourced 

There can be no doubt that a major factor in the evaluation of a compliance program is this: Is the compliance department properly resourced?  The word “resource” appears 21 times in the 18-page document.  The compliance program must be properly resourced with staff and budget.  Twice the Guidance states that the compliance function must have the resources to be able to “audit, document, analyze and act.”  Importantly, one of the questions prosecutors are to ask is, “Have there been times when requests for resources by compliance and control functions have been denied, and, if so, on what grounds?”  It is critical that you explain the DOJ’s approach to resourcing the compliance department to your board of directors and C-Suite.  They need to know how thoroughly that resourcing will be analyzed if there were a prosecution.  Speaking of the Board…

2.     Compliance MUST have Independent Access to the Board of Directors or Audit Committee

The Guidance leaves no wiggle room for this: Compliance MUST have independent access to the board of directors or audit committee. …