No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

When it Comes to Risk, Just How Hungry Are You?

by Jim Nortz
June 2, 2016
in Risk
A lax ethics and compliance program could indicate a sizeable risk appetite

This post was originally shared in the ACC Docket and is republished here with permission from the author.

Today, I watched a documentary about a professional surfer that survived a 70-mile-per-hour plunge down the choppy face of the biggest wave ever surfed. This wave was so big and so fast he had to be towed into it by jet ski. In the documentary, the surfer gives a blow-by-blow account of his death-defying feat, describing in detail what it was like to be chased by a wall of water the size of a seven-story office building.

As I marveled at this man’s daring, I noted a significant difference between his appetite for physical risk and mine. I enjoy a wide variety of sports – some of which present moderate physical risks like skiing and wind surfing – but I would never even contemplate being towed into a massive wave on a surfboard. Simply put, my risk appetite is considerably less than that of the professional surfer, who likely resides somewhere near the top of the risk tolerance spectrum.

Similarly, I think corporations exhibit a wide variety of risk tolerance. Some, like the big-wave surfer, may be comfortable operating with few controls to prevent and detect bad behavior, while others are more conservative. As corporate counsel, you may have a sense of where your firm fits on this spectrum based on your observations of the company’s behavior. But if you were asked to do so, how would you go about quantifying your company’s compliance and ethics risk tolerance in terms that would provide actionable intelligence to your leadership team? If your company does not currently have a practical means of answering this question, your management team may be unwittingly careening down a very steep wave while thinking that they are paddling on flat water.

There may be many sensible ways to determine your company’s compliance and ethics risk tolerance. But for such an exercise to be worthwhile, at the least, it must take “risk tolerance” out of the theoretical realm and produce data that decision-makers can use to make conscious choices about how much risk they would like to accept. I think Chapter 8 of the U.S. Federal Sentencing Guidelines (FSG) provides some insight into one way you might assess your firm’s risk tolerance and also satisfy one of the more difficult mandates of the FSG’s seven elements of an effective compliance and ethics program.

The Corporate Risk Universe

As you may know, corporate risks generally fall into one of the following four categories:

  1. Operational
  2. Strategic
  3. Financial
  4. Compliance and ethics

The first three risk categories listed above are driven primarily by external forces like currency fluctuations, natural disasters and the competitive landscape. By contrast, compliance and ethics risks are driven entirely by the behavior of directors, employees and agents. So, when we are seeking to assess our firm’s compliance and ethics risk tolerance, our aim is to determine the degree to which management is comfortable with the state of the company’s compliance and ethics program. As a consequence, one way you might measure your firm’s compliance and ethics risk tolerance is to undertake the work necessary to satisfy the FSG’s requirement to “take reasonable steps to evaluate periodically the effectiveness of the organization’s compliance and ethics program.”

Here’s how this might work. The third element of the FSG’s seven elements of an effective compliance and ethics program reads as follows:

(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.

Evaluating the effectiveness of your due diligence systems designed to satisfy this FSGs requirement will provide you a meaningful measure of your company’s risk tolerance. Specifically, if your company’s due diligence systems are weak or nonexistent, this is evidence that your firm is exhibiting a high risk tolerance in this area. In other words, your management team is, unwittingly or not, “tolerating” a higher probability that one or more ne’er-do-wells will join their ranks than a firm that has invested in a highly effective due diligence system.

Regardless of where you determine your firm sits on the risk tolerance spectrum, your measure of compliance and ethics program effectiveness does the important work of providing your management team the information they need to consciously set your firm’s risk tolerance. If management is satisfied with the effectiveness of the company’s due diligence systems of individuals elevated to senior management positions, then they are “tolerant” of the residual risk. If, by contrast, they are uncomfortable with the current state, they can either increase or decrease the amount of diligence performed to set the risk within what they perceive to be an acceptable range.

The same process can be undertaken with respect to all other elements of your compliance and ethics program. For example, an evaluation of the effectiveness of your standards and procedures, compliance and ethics training programs, auditing and monitoring and responsiveness to detected instances of misconduct could all serve as a measure of your company’s “tolerance” of the compliance and ethics risks such systems are aimed at mitigating.

Reasonable business professionals will certainly differ with respect to how tolerant they are of compliance and ethics risks. But regardless of where your management team sits on the risk tolerance spectrum, be sure to do your part to help them understand where they are so they don’t get clobbered by a giant “wave” they don’t see coming.


Tags: Corporate Communication
Previous Post

New Resilient Podcast Series Explores the Stories of Executives in the Midst of Risk, Disruption and Crisis

Next Post

LockPath Included as a Visionary in Gartner’s 2016 Magic Quadrant for IT Risk Management Solutions

Jim Nortz

Jim Nortz

Jim NortzJim Nortz is Founder & President of Axiom Compliance & Ethics Solutions LLC, a firm dedicated to driving ethical excellence by helping organizations implement effective compliance and ethics programs. Jim is a nationally recognized expert and thought leader in the field of business ethics and compliance with over a decade of experience serving multinational petrochemical, staffing, business process outsourcing, pharmaceutical and medical device corporations. Jim spent the first 17 years of his career as a criminal and civil litigator and Senior Corporate Counsel before becoming Crompton Corporation’s first Vice President, Business Ethics and Compliance in 2003. Since then, Jim has served as a compliance officer at Crompton and for five other multinational corporations, the most recent of which was as Chief Compliance Officer at Carestream Health. Jim has extensive experience in implementing world-class compliance and ethics programs sufficiently robust to withstand U.S. Department of Justice scrutiny. Jim is a frequent guest lecturer at the University of Rochester’s Simon School of Business, RIT’s Saunders School of Business, St. John Fisher College, Nazareth College and other law schools, universities and organizations around the country. Jim writes the monthly business ethics columns for the Association of Corporate Counsel Docket magazine and the Rochester Business Journal. Jim is a National Association of Corporate Directors Fellow, a member of the International Association of Independent Corporate Monitors and serves on the Board of Directors of the Rochester Chapter of Conscious Capitalism as the Board’s Secretary and Chair of the Governance and Nomination Committee. Previously, Jim served on the Board of Directors for the Ethics and Compliance Officers Association and the Board of the Rochester Area Business Ethics Foundation.

Related Posts

Passing the COVID-19 Stress Test: Best Practices for Ethics & Compliance Programs

Passing the COVID-19 Stress Test: Best Practices for Ethics & Compliance Programs

by Corporate Compliance Insights
May 29, 2020

SAI Global unveils key data from its first Ethics & Compliance Report  Seeking to identify and examine the E&C program...

psychologist listening to patient

The Art of Listening: How Communication Cultivates Compliance

by Jonathan Prentice
January 23, 2020

The modern compliance officer must be constantly evolving to be successful in an ever-changing landscape. Some key attributes he or...

red hashtag on sea of white hashtags

3 Ways to Address the Growing Democracy of Ethics

by Neil Lustig
July 17, 2019

A single tweet or viral video can do irreparable reputational harm to a company. GAN Integrity’s CEO, Neil Lustig, discusses...

blue and red price tags shaking hands

3 Principles for Compliant Communications with Competitors

by Brian McCalmon
February 15, 2019

Knowing how to engage in competitor interactions is often more art than science. There are few clear lines of conduct...

Next Post
LockPath Included as a Visionary in Gartner’s 2016 Magic Quadrant for IT Risk Management Solutions

LockPath Included as a Visionary in Gartner’s 2016 Magic Quadrant for IT Risk Management Solutions

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT