No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Q&A with Steven Grimes and Robb Adkins of Winston & Strawn LLP

by Corporate Compliance Insights
December 13, 2017
in Featured, Leadership and Career
Q&A header

Corporate Compliance Insights’ CEO, Maurice Gilbert, interviews Steven Grimes and Robb Adkins, partners at Winston & Strawn LLP. 

 

Maurice Gilbert: How do you stay current on ethics & compliance issues?

Steven Grimes: I am a member of a number of professional organizations, read the relevant blogs, monitor the newsfeeds and case trends, and most importantly, I am in constant contact with in-house colleagues and clients. I regularly catch up over informal benchmarking sessions, or at various conferences to learn what others are experiencing and to share things I am hearing. I also routinely reach out to vendors in the compliance space to hear about their areas of focus. Finally, there are formal benchmarking tools that I regularly consult.

Robb Adkins: Several national professional organizations, such as the ABA White Collar Crime Committee, follow and report out on the latest ethics and compliance issues. While such national organizations are helpful, I find the most relevant source for the latest ethics and compliance challenges is an informal local group we formed several years ago, which is composed of former prosecutors and other white collar professionals in the Bay Area. That group meets every month or so to discuss what we are seeing in terms of compliance and enforcement issues in real time.

MG: What are some of the significant legal issues facing CCO’s, Risk Managers, etc.?

SG: Corruption, anti-trust and trade risks continue to be pressing issues. With rapidly evolving regimes governing privacy, and disparate IT systems being utilized, I see privacy and information security as a hot topic that will continue to be top of mind. While not many CCOs and Risk Managers are focused on it, I also see theft of trade secrets by internal actors as probably the most unmitigated high-risk area.

RA: Specific to the West Coast and in particular Silicon Valley, privacy and information security continues to be a significant and growing concern, as well as theft of trade secrets, often involving foreign actors.

MG: What do you believe is the optimal reporting structure for the CCO and why?

SG: While it varies greatly depending on the structure of the organization, I like to see the CCO directly reporting to the GC, with a separate and independent line of reporting into the governing body of the organization, either through the audit committee or some other format. Plugging into the law department can give the CCO better access to resources and can facilitate greater coordination. The direct line to the board ensures that compliance maintains its independence and is also viewed as standing on its own two feet outside of the law department.

RA: I agree that it depends on the structure of the organization. In some smaller entities, the CCO and others may wear multiple “hats” and that can have an impact on potential reporting and privilege issues. For some of those smaller entities, many of which have very limited legal departments, I have served as stand-by outside counsel to routinely review matters that are reported up by the CCO, in order to advise regarding next steps and to preserve privilege.

MG: How do you effect change within your client’s environment?

SG: It has to be cultural, and it has to be engrained in the business itself. You need the compliance team designing programs, processes, policies, and specific action items that make it clear that the message is coming from the top, but that the middle management is carrying the load. You also need to develop a specific, measurable, and sustainable framework for changing the culture. Quick fixes do not work, so systemic change (in small steps, over time) are needed. And that change must be measured and reported on to assess how it’s going.

RA: This is a frequent question at almost every compliance conference, and there is no easy answer. In my experience, the necessary first step is to create a realistic compliance program that aligns with the business realities and risks (see answer to question 10 below). This allows greater buy-in by employees, alignment with current structures and resources, and better auditing to ensure effective implementation.

MG: What do you see as the greatest business risks facing companies today?

SG: Loss of trade secrets. Too many companies do not do enough to protect their most valuable assets, and too many employees think it is OK to walk out with confidential information. Whether the employees feel entitled to the information, or whether they have specific plans to put it to financial gain, the data shows that theft is rampant. Companies need to take a cross-functional look at this problem and implement cross-functional measures to mitigate the risks up front, best positioning themselves to combat specific instances as it occurs.

RA: I agree that loss of trade secrets is an underestimated business risk facing companies today. In addition, privacy and data/information security are also significant and increasing concerns, especially for my Bay Area clients.

MG: What do you see as the greatest regulatory risks facing companies today?

SG: Corruption, financial disclosure requirements, trade sanctions, privacy, and antitrust.

RA: I would add that environmental enforcement has been a significant issue as well for companies out west.

MG: How might Chief Compliance Officers, Chief Audit Officers and Chief Risk Officers prepare to face these risks?

SG: These professionals first need to create a heat map specific to their company to understand the risks and the specific actions the company takes to mitigate each risk. Once this assessment is in hand, companies need to build out a specific plan for prioritizing and maturing their program as it relates to the priority of each risk.

RA: Most compliance officers are aware of the need to tailor a compliance program on a risk-based model. However, one weakness I sometimes see is the failure to periodically reassess risk and thus alter the compliance protocol to take into account changes in the business footprint, regulatory changes, or enforcement priorities. This is especially true in fast-changing business sectors, such as tech and life sciences.

MG: How does your company help its clients mitigate risk?

SG: We have developed a maturity model framework that we teach to companies to help them first assess, then address their risks in a way that is specifically tailored to the company, the risks, and the available resources. Putting this framework in the hands of our clients empowers them to get the internal support they need to drive change and be able to continuously improve.

RA: In addition to the maturity model framework described by Steve, our international white collar practice has created a short handbook on what steps to take in the event a regulatory or enforcement issue suddenly arises. Although “dawn raids” are the most extreme and unlikely example of risks to be prepared for, many other enforcement issues can quickly arise and companies can often feel unprepared in the crisis that often follows. Clients have stated that they are appreciative to receive a short checklist that can be drawn upon in the unlikely event of such a crisis.

MG: What legislative and policy changes do you see on the horizon that would impact compliance professionals?

SG: We will continue to see CCOs be held personally accountable for compliance failures. This trend is specifically seen in the banking industry and will spread.

RA: Recent changes in enforcement priorities and leadership, often brought about by the recent change in administration, will continue to be an area of potential impact on regulation and enforcement (e.g., the leadership and priorities of the Consumer Financial Protection Bureau).

MG: What is the best advice you give your clients?

SG: Compliance is a continuum. Too many clients get frustrated or overwhelmed with the myriad difficulties that come with building a top-flight compliance program. It’s important to remember that these types of changes cannot come overnight, and that taking specific, tailored, and measurable steps to continuously improve the program, over time, is the best way to achieve lasting results.

RA: Do not set an unrealistic standard that you will fail. Many clients care deeply about compliance and earnestly endeavor to create a compliance program that is ambitious and robust. Sometimes those good intentions can lead to the creation of a compliance program that appears ironclad on paper but is unrealistic or even impossible to implement in day-to-day operations. One of the first things an enforcement authority will look at is whether a company has a mere “paper policy” versus a compliance program that is effectively implemented and embraced within the corporate culture. No compliance program can avoid all risks; and the best compliance programs are those that are realistic and actually implemented.

Steven Grimes, Partner, Winston & Strawn LLP, Chicago, contact: sgrimes@winston.com

Robb Adkins, Partner, Winston & Strawn LLP, San Francisco, contact: radkins@winston.com

 


Previous Post

55% of Organizations Unaware of Policy Violations in their Own Enterprise, Reveals MetricStream Research Survey

Next Post

The Looming Risk of Money Laundering

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

Phaxis 100 dollars

AML & KYC: Addressing Key Challenges for 2023 and Beyond

by Alex Roberto
March 16, 2023

(Sponsored) In today’s world, financial criminals are often a step ahead of regulators and financial institutions who struggle to effectively...

audit

IIA Survey: Technology Issues Widening Risk Landscape

by Staff and Wire Reports
March 15, 2023

The past year has seen internal audit staffing and budgets continue their recovery to pre-pandemic levels as organizations contend with...

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

insider fraud threat

As Layoffs Continue, the Potential for Insider Fraud Is Growing. Are You Ready?

by Chris Gerda
March 15, 2023

From startups to big banks, the technology and financial services sector have already seen tens of thousands of layoffs in...

Next Post
computer money laundering

The Looming Risk of Money Laundering

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT