Want to be an Unconventional Compliance Officer?
Here’s how to do it…
Keith Read is a compliance maverick with a fascinating background and an unconventional approach to the profession. His approach is so unusual that he wrote a book about it!
I read “The Unconventional Compliance Officer” during my holiday break and I couldn’t stop highlighting it! It’s short, highly readable, and full of interesting techniques to make you and your program more effective.
Keith was kind enough to answer some of my questions and provide some great tips just for the Compliance Kristy audience. Here we go!
1. The Unconventional Compliance Officer
Kristy: Keith, first of all, congratulations on your book! You should be so proud. Tell us in a nutshell, what’s it about and how can it benefit compliance officers?
Keith: Many thanks indeed for this, Kristy and for all your support over the years.
So – I became the Compliance Director at British Telecom (BT) when the company was facing a raft of complaints – from the regulator, competitors, the telecoms industry, the press and others – about its compliance performance.
The company then had about 250,000 employees operating in 176 countries, so compliance was quite a challenge!
I quickly realized that most, if not all, compliance officers face many common issues – training, communications, whistleblowing, retaliation and anti-bribery/ corruption – to name but a few in what is a long list. However, despite the commonality of issues, I didn’t come across too many new solutions or strategies that really stopped me in my tracks – and it was this that forced me to become unconventional in my approach, and to devise a range of ways of ‘doing things differently’ – hence the book title.
Put simply, the benefit of the book is that those common issues need solutions and different approaches, and that’s what the book provides. I can pretty much guarantee that compliance officers will not have encountered many, if any, of them previously.
2. The Killer Introduction
Kristy: I was so moved and frightened by the story in the introduction that involved the death of witnesses. It certainly identified the need for compliance work. Would you mind sharing that story?
Keith: In brief, the murder of a man connected to a criminal gang resulted in his killer being arrested and going to prison. That would normally have been the end of the matter, but friends of the murdered man vowed they would exact revenge by pursuing the killer’s parents. They were offered witness protection, but that is no small decision and invariably involves a loss of family and friends – for life.
Instead, they decided to leave their home, and move elsewhere to somewhere relatively remote in the hope that the threat would pass. However, some months later, after beginning their new life, they were tracked down to their new home and killed, using details from telephone records given to them by two corrupt (and, perhaps, naïve and frightened) BT employees.
Reports about the consequences of compliance failures invariably bring up fines, reputational damage, resignations, dismissals and, occasionally, prison sentences – but this example really does bring home the realities, risks and challenges. In this case, both employees were dismissed, but I do know that one was physically ill once they first heard about the parents’ murder, and realized their role in it.
When the case came to court, I could demonstrate all the training, communications and other programs that had been put in place, and I had all the records.
However, to this day, I still think about what more I could have done. I now spend a lot of time working with companies to bring home the realities of data privacy, and how the data they have could be used and abused. This example – among the range that I use – never fails to elicit surprise and shock from audiences and teams as they realize the consequences. Utilities, retailers, banks and others could well all potentially encounter similar issues.
3. Favorite Techniques
Kristy: You’ve got so many fun techniques and ideas in the book. Can you give us one or two of your favorites?
Keith: I tried to include a wide range of new techniques and ideas in the book, but these are a couple of my favorites:
How far would you go?
I think that the question I pose – How far would you go?’ as a compliance officer – is one of my favorites. As I say in the book, I was never forgiven for sending everyone in procurement a bottle-shaped box at Christmas containing a copy of the Code of Conduct, but they also never forgot it – and so it delivered far, far more effective learning than what ‘regular’ communications would.
I also think that branding the hotline was one of the best.
Rather than using the ‘usual suspects’ – titles such as speak-up, ethics line and report line – I decided to ‘brand’ our hotline as ‘VeRoniCA’ – our Virtual Regulatory Compliance Assistant. The fact that people felt much more comfortable calling VeRonicA, asking VeRoniCA, e-mailing VeRoniCA and suchlike had a hugely positive and powerful impact.
Coupled with some of the other techniques identified in the book – such as asking people to make reports on canteen food so that they then became familiar with the reporting process for when they need to make a ‘real’ report – this changed the whole landscape of hotline reporting.
4. Positive Conflicts of Interest
Kristy: Chapter 15 is entitled Positive conflicts of interest. That’s a controversial idea. Can you explain what you mean by that?
Keith: Clearly, asking people to disclose potential conflicts, such as jobs, investments, and relationships that could represent a conflict of interest is always going to be potentially sensitive and perceived as intrusive – which is reflected in some international legislation.
However, despite that, companies often plow on with implementing their conflict of interest processes without really thinking about the realties, and how they could perhaps do it better.
A single mother with three children literally standing two inches from my face really brought home the message that she desperately needed her second job to make ends meet, and there was no way she was going to take any risk by disclosing it. That experience, together with other concerns
It had, triggered me to think about how conflicts are invariably perceived negatively, but what about ‘positive’ conflicts of interest?
That approach ultimately resulted in a process involving charitable roles, for example, with large numbers of declarations of charitable and voluntary-type positions forthcoming – of which we previously had no idea.
The work resulted in a win-win-win – for the charities, the individual employees and also for the company, which suddenly had a very positive and important story to tell. Crucially, there was also an ‘aura’ effect on the wider conflicts of interest process, which was no longer near-universally perceived as negative, intrusive, ‘not for me’ and ‘none of their business’.
Moreover, including examples (some of which are in the book) of the dreadful real-life consequences of conflicts of interest really serves to bring home the message that it is not just a box-ticking exercise, and that the risks can be very severe and real.
5. Biggest Difference Between European/UK Programs and US-Centered Programs
Kristy: You and I met when I was living in London and worked together at numerous events there.
As you are British and frequently work with UK and EU-based companies, you can see how the US approaches compliance programs and culture differently. In fact, there are several places in the book where you address UK/EU issues like the EU Whistleblower Directive and managing interactions with works councils.
What do you think is the biggest difference between European/UK programs and US-centered programs?
Keith: That’s a very good question!
I’d firstly say that, as you’ve highlighted, of the 21 chapters, just the two you mention – works councils and the EU Whistleblower Directive – are EU issues. However, I made the decision to include them because I’ve worked with a multitude of US companies and their compliance officers who are facing these issues for the first time (particularly works councils). They need practical advice, given the potential powers of works councils.
I also think that some facets of the EU Whistleblower Directive will appear in other legislation – particularly regarding retaliation and the ‘reverse burden of proof’ – and, again, that’s why it is covered in the book.
To respond to your question, I think that if we consider principles-based compliance then there is a surprising level of commonality between the core processes for Europe/UK and the US; whistleblowing and the near-universal challenge of getting people to make reports is one example.
Also, whilst not directly comparable, nevertheless the issues around regulations and directives in the EU and federal and state legislation in the US bring similar challenges for compliance officers.
Put simply, I have seen it argued that whilst the main components of a compliance program are very similar internationally, differences in employment law, data privacy and legal privilege, for example, can significantly impact a compliance programmer’s structure and so need to be factored in, as do the legislative specifics of say, anti-trust and competition legislation.
6. The Vital Questions for Compliance Officers
Kristy: What should compliance officers be asking that they aren’t right now?
Keith: First, how do you know what the company’s ‘cost of compliance’ is? I.e., what is the annual spend on compliance per employee? This proved to be a powerful and hugely useful figure for me, but in all my travels I have only encountered one audience member who had developed a similar analysis!
My second, and last question, is do you utilize analytics in your anti-retaliation program?
Most companies and their compliance officers utilize training and communications but – in my experience – very few have data and analytics that they use to really address retaliation much of which, by its very nature, is hidden or disguised.
For me, some of that data was truly shocking and the analysis incredibly powerful.
7. How can we learn more?
Kristy: Where can people buy the book and how do they get in touch with you?
Thank you so much Keith!
Chief Compliance & Ethics Officer & Author
Keith Read is a Compliance and Ethics Director.
Keith has specialist expertise in compliance training, education, communication, risk management, audit, operations and reporting.
CEO of Spark Compliance Consulting
Kristy Grant-Hart is the founder and CEO of Spark Compliance.
She’s a renowned expert at transforming compliance departments into in-demand business assets.