Building Resilience in a Time of Unprecedented Change
The U.N. Office on Drugs and Crimes estimates that annual illicit proceeds total more than $2 trillion globally. Proceeds of crime generated in the United States were estimated to total approximately $300 billion in 2010 or about 2% of the overall U.S. economy. As history would remind us and amidst the COVID-19 pandemic, crisis creates extreme vulnerability to fraud and financial crime across our global financial systems.
The ExCo vs. The Status Quo brings together like-minded individuals and brands to illuminate the innovative actions companies are taking to make a bigger impact. This diverse community of industry leaders are building the conversation around what's working, what's not, and how to make things better - together - through a shared commitment towards a common goal.
Compliance should be viewed as a Revenue Protection Center. If we're not already at the table, we should be fighting for a seat.
Tiffany Archer is a leader at Panasonic Avionics Corporation in her role as Regional Ethics and Compliance Officer, and Corporate Counsel for the Americas and Europe. Tiffany has been instrumental in building their compliance function and is involved in just about everything, from policy and program development, cross-border internal investigations, and third party regulatory and reputational risk management. Having worked in legal and compliance functions for financial institutions, global law firms, and Fortune 500 companies, she's managed risk in almost every region of the world, and has represented companies before US regulators including the SEC, DOJ, and Federal Monitors.
We don’t know what the word for "triple threat" is in compliance, but it sounds like Tiffany covers all the bases. Her ability to build trusted partnerships across the business galvanizes a culture of transparency and accountability, creating such a ripple effect that it's really making the world a safer place to do business.
Given where we are in this current moment, we reflected on what the word "safe" means in the context of everything that's happening around us. First, we're in the middle of a pandemic, creating so much stress around keeping ourselves and our families safe, and demanding that compliance teams figure out how to evolve, to manage risk virtually, adding complexity to an already really concerning set of challenges.
Aside from that, we're in a defining moment for race relations, and learning that many of us have taken our safety for granted, one, and are learning moment-by-moment that we have enormous work to do in taking action to create a more equitable and safe world. We’re hearing more and more from our colleagues in the compliance community, who have either deliberately or intend to more deliberately, cultivate diverse teams because they've realized the real functional value of bringing different and honest experiences, perspectives, and biases to the table, to arrive at the best possible outcomes in managing these really complex issues.
Add to all of that, the DOJ and SEC released new guidance saying they expect companies to do more, not less, in their compliance functions, and in keeping companies and partners safe as we move towards our new normal, which holds tremendous uncertainty for so many companies. Talk about an unprecedented time!
Tiffany Archer, Regional Ethics & Compliance Officer and Corporate Counsel (Americas and Europe) at Panasonic: First of all, I want to say that the views and opinions reflected in this conversation are my own and not representative of the views or opinions of my employer, Panasonic Avionics.
So to answer this question, this unprecedented time is multilayered, multifaceted, and I believe that as we proceed through this moment trying to get some comfort with what this "new normal" is going to be, it's only going to become more challenging and more complex. So hopefully, given the sharp compliance professionals that we are, we'll succeed in applying rigor and innovative solutions to adapt to what's to come, and ultimately continue to have success within this space.
Why did you want to get involved with this campaign, and what does "making the world a safer place to do business" mean to you?
TA: I was incredibly excited when Exiger approached me to participate in this campaign. It’s an innovative and enlightening way to shine a light on a systemic issue: combating financial crime. In my view, Panasonic truly embodies the very objective that this campaign seeks to achieve [spotlighting companies making the world a safer place to do business]. Panasonic has been recognized as an industry leader in innovation and a known market disruptor. The name of your campaign is quite clever. I was trying to tie something back to it, and I was compelled to say 'cruising along in the status quo lane contravenes our underlying values. It's not in our DNA to conform to the status quo. We always strive to do more and to be better'.
I'm hoping that through this dialogue and future interactions, my voice can help move the needle as we try to manage the challenges around bribery and corruption. This topic is not often explored in depth from a solutions-oriented perspective. Many take the easier route and accept the status quo to be “what it is” . . . this campaign should give professionals pause and encourage them to be more proactive in addressing these challenges.
The ExCo platform is a fantastic way to bring thought leaders together, exchange views and thoughts, and plot out how to take meaningful and pioneering action that will effectuate change. Inevitably, synergies will evolve through these broader dialogues, and we will, in fact, collectively work to make the world a safer place to do business. I am truly humbled that you nominated me to the ExCo.
You've worked in legal and compliance functions for more than 10 years. How have you seen the role of compliance change over the past 10 years, and how do you see this current state (COVID-19, the global geopolitical environment we're in, etc.) further evolving it?
TA: The compliance community has evolved tremendously over the last 10 years. I started in private practice about 13 years ago. During that time, I focused on FCPA investigations, standing up compliance programs and AML/BSA investigations.
In those roles, I had the fortunate opportunity to travel the world and gain exposure to various industries, organizational structures, and importantly, many cultural nuances. Through those experiences, I've had the chance to gain a firsthand understanding of the challenges and obstacles to doing business successfully in regions all over the world.
Over the last 10 years, there has been quite a bit of material, including resource guides and guidelines, released through the SEC and the DOJ related to trends, enforcement actions, best practices around FCPA investigations, and how best to achieve an effective compliance program.
The most recent releases – the enhanced Corporate Compliance Program Guidance (released June 2020) and the Second Edition of the FCPA Resource Guide (released July 2020) - actually gave me pause. It made me think, "Wow, amidst the pandemic, social unrest, disruptions across organizations, people dealing with working from home, what is happening here? The DOJ and SEC are clearly suggesting that we need to do more to up our game in the compliance space.”
So, what did that signal to me?
- The complexity of financial crimes and fraud schemes will continue to evolve. In my view this is indisputable. We see it in the news. We hear it in the media. Considering these concerns, the attention and rigor that regulators will place on compliance is only going to increase. Regulators still have an expectation for compliance professionals to operate within the guidelines, despite these disruptions. And it's also clear that they're not pulling back. They're expecting us to do more. And they've outlined many additional requirements and recommendations, as it relates to forming, enhancing, and implementing an effective compliance program.
- Compliance should remind stakeholders that the pandemic can't be used as a shield for the failure of regulatory compliance. Hindsight may be 20/20. But it’s not enough to say, after the fact that, "Oh, had I known, I would have made a drastically different choice.” The fact of the matter is we need to be proactive now; we need to be really thoughtful about our efforts, conduct risk assessments, work diligently to actively mitigate risks, and ensure that we're mindful of and seeking to understand the myriad of issues that might arise in this new environment.
- Be proactive in this space and encourage cross-collaboration within your organization. This pandemic, in many ways, is bringing a lot of organizations closer together. It is critical that organizations, their internal functions and key stakeholders are closely aligned with one another so we can understand our respective organization's business model and directional strategy. In my view, regardless of industry, it is likely that in light of the crisis, the model and strategy will have changed, and there is potential for a shift in risk appetite. Through cross-collaboration and information sharing, key stakeholders will be more informed and can strategically pivot and shift to figure out where to address and implement new controls.
- There may be a need for the implementation of additional controls. Many may believe that nobody's watching because of the distractions at the moment. But, as we've acknowledged and established through this one question, that couldn't be farther from the truth. As the DOJ notes, organizations need to rise above the challenge during this difficult time. Unfortunately, many of us are working on diminished purse strings and reduced resources. Nevertheless, the reality is that we are still required to apply a proactive approach and ensure that we're being mindful of, and adhering to, the recent guidance and requirements that they put forth. The appropriate response after evaluating your program may be that enhanced control frameworks and appropriate protections must be put in place to minimize the likelihood of abuse considering this pandemic.
Organizations need to rise above the challenge during this difficult time. Many of us are working on diminished purse strings and reduced resources. But, the reality is that we still have to apply a proactive approach and make sure that we're following the DOJ's recent guidance and requirements.
At Exiger, we have seven guiding principles that are core to everything we do. Can you talk a little bit about Panasonic's seven basic business principles?
TA: Absolutely; our seven basic business principles are the core, the heart, of our organization's culture. In fact, we regularly remind employees, even more so during this moment, that despite the many challenges we're experiencing, our values and culture are a priority. Globally, people are facing unprecedented difficulty. We use our business principles to ground our teams by emphasizing the importance of what our founder, Kōnosuke Matsushita, believed. He believed that not only is it our duty to contribute to society through the products that we make, but also to make people’s lives easier through every product we make.
I’d like to share a quote from our founder that I find to be incredibly relevant in this moment, "[Profit-making is important], but this does not mean profit-making should be the supreme objective of corporate activities; it should be considered as a means for realizing more important values, to achieve greater, more worthwhile objectives. In other words, profit-making should go hand in hand with business ethics. Unethical pursuit of profits cannot be justified."
I find Kōnosuke Matsushita’s quote to be incredibly empowering, and it gives me the chills to think that this impactful founding core value from decades ago literally applies in this very moment. I'm incredibly proud to be associated with an organization that takes its core values so seriously and works to live them every day. Fairness, honesty, cooperation and gratitude are a few of the key pillars of our values and underlying business objectives. There's nothing that we create without giving thought to whether those products are aligned with our fundamental pillars.
Even in light of all that's going on in the world, Panasonic still puts society first. We repurposed some of our factories to develop PPE. We were creating masks. We were creating ventilators. True to Panasonic’s core values, it is a priority that we continue to support society and that we're contributing to the greater good. Therefore, reminders such as our seven basic business principles will help carry us through tough times like this. These are the principles that carried us through tough economic times in the past. And as we continue to hold true to them, they'll only serve to guide us through the challenging times that we're experiencing now.
"[Profit-making is important], but this does not mean profit-making should be the supreme objective of corporate activities; it should be considered as a means for realizing more important values, to achieve greater, more worthwhile objectives. In other words, profit-making should go hand in hand with business ethics. Unethical pursuit of profits cannot be justified."
In today's world, how does technology help a compliance function's ability to maintain high standards, keep up with regulatory change and an ever-expanding third party network?
TA: As we've seen in the recent releases from both the DOJ and SEC, third party risk management will continue to be a priority and, specifically, they're looking for a preventative proactive approach.
Simply put, we need technology in order to have an efficient and effective third party risk management process at scale. It's one thing to say, "Okay, I've onboarded this third party. I'm fine." It’s another thing to be able to establish and show that you’ve kept your finger on the pulse of that relationship over time. A prudent practitioner will want to make sure that the right controls are in place when the relationship begins, and ensure that that as that relationship evolves, the management of and controls around the data related to those third parties continues to be reviewed and refreshed, as you progress through that relationship.
In addition, technology is critical as it supports our third party monitoring efforts. Monitoring is key. We're able to get reliable real time data as necessary and then focus on analyzing any datapoints that may have changed. For example, is a business partner now listed as a PEP? On OFAC’s Sanctions List? Have they been involved in corrupt or inappropriate activity that doesn't align, either with our business principles, or our organization's risk profile?
Frankly, without technology, I think it would be nearly impossible to meet the requirements of this changing regulatory landscape, actively manage third parties, and intervene where necessary. The regulators are emphasizing all of this as incredibly important –– without technology, we would be at a disadvantage.
Monitoring is key . . . Without technology, it would be nearly impossible to meet the requirements of this changing regulatory landscape, actively manage third parties, and intervene where necessary.
I feel like the market is receiving encouragement from regulators to innovate in their compliance programs, policies, and procedures. You, in some respects, may be in a better position to innovate than others because you work for an innovative brand. How does that play out for compliance functions in this moment?
TA: My advice is that we have to remind ourselves that regulators require more than a 'check the box' compliance program. You can have the best policies, procedures and controls. The key is how you operationalize those items, and ensure they're working effectively. And that's really where the rubber hits the road. Operationalization is critical. If the program works on paper, but not in practice, then it's essentially ineffective.
Tying this back to the broader moment that we've been referring to in this dialogue, I believe that in the context of the pandemic, ensuring that a program and its related controls are virtually operationalized is paramount. With the reductions in workforce and people working from home, there are many more challenges that present obstacles to “doing business as usual.” It’s going to require foresight and innovation in light of these circumstances to minimize compliance failures. Going back to the synergies between functions and collaboration, in my view, the compliance function should really be stepping up in this moment. Compliance should be interfacing with other functions like finance, internal audit, IT, making sure that all key players have the appropriate amount of visibility and transparency, so that we can try, as best as we can, to prevent things from slipping through the cracks.
So, how do you operationalize your policies and procedures? How do you ensure that you don't need to mark out an exception in your books and records? If the regulators come back and evaluate your conduct in light of the pandemic, you need to be able say, "Well, this is what I did, and these are the reasons why, and you can find my rationale documented here."
Given this moment, being mindful of the types of processes your organization undertakes that may require modification or the granting of exception, is really critical, and again, falls under that operationalization umbrella.
Moreover, I can’t emphasize enough the importance of data and artificial intelligence (AI); it’s clearly the future of compliance. There's so much data available within any one organization. In my experience, for that data to really be meaningful, you need to be able to take it and piece together a story. To be able to show the narrative to management and empower decision-making, AI is useful to interpret what the metrics mean, and how that may affect the bottom line.
You also need data in order to effectively track trends. You want to be able to predict behaviors, understand where your controls failures are, or maybe where you need to re-allocate resources. Or, perhaps, the data will tell you that you may need to perform a new risk assessment.
The last point I will make, is that continuous training and communication is a critical area where fellow compliance officers should focus. Maintaining connections with your stakeholders and teams is essential. In my view, a successful program will continue to seek to engage your audience using different mediums: microburst training is popular and exploring slightly different types of communication or training tools, like ones that use humor to speak to the audience is something to consider. My favorite is the use of animation and gamification.
I believe that trying to keep the substance of the messaging impactful yet fun is an effective way to connect with stakeholders at the moment because quite frankly, with the many distractions, and the need to meet regulatory requirements, using creativity is critical.
Data with artificial intelligence (AI) is clearly the future of compliance. In order for data to help empower decision-making, you need AI to piece together a story so senior management can understand what the metrics mean, and how that may affect the bottom line.
So much of what you just said too really brings to light your passion and the strength you bring with EQ, psychology, connectivity. It's such a focus of yours. And I think all of the different elements that you just talked about, while not immediately obvious to me, the light bulb went on for me . . . of course you would think of taking that approach because it maximizes connectivity. It maximizes participation. And it really increases your ability as a compliance leader, to hit your success markers. I think you just answered my next questions which is, how do you think our current economic environment could accelerate the need to innovate, to do more with less? Because based on your comments earlier about really rising above the challenge, and then leveraging all of the different tactics and angles, and really almost reinventing the compliance function in this moment in order to meet objectives because not meeting the objectives - as I understand it, as I hear from the regulators, from you, from my colleagues, our subject matter experts - is not an option.
TA: Absolutely. It's definitely a non-negotiable. And I just want to add, as far as our current environment and the need to innovate, I would posit that, yes, organizations need to get a little more creative and innovative and figure out how we can do more with less. I would also say that compliance should not be subject to those sorts of reductions in their budgets at the moment. It was literally 4th of July weekend when DOJ put out additional requirements that they want compliance officers to be mindful of.
And so, for me, it's incredibly important that compliance demonstrates to leadership, that while historically the function has been viewed as a cost center, it is truly more than that. And cutting the budget in light of this moment is not the most prudent approach. I prefer to say that compliance should be viewed as a Revenue Protection Center. Why? Because as Compliance officers, what do we do? We detect, prevent, and try to mitigate risk and misconduct. And all the while, we are simultaneously shielding an organization's revenue from the impact of unexpected or unwanted expenses. For example, regulatory inquiries, or investigations or the costs related to reputational damage.
In light of all of this, compliance really should be, if we're not already, fighting for a seat at the table. We should be considered a trusted business partner and ally. We should be part of conversations related to business strategy and directional leadership. And with that seat, compliance will be able to have more visibility into the operational challenges and risks of which we may not otherwise have been aware.
In doing that, Compliance professionals can more successfully apply a proactive rather than reactive approach, which aligns with what the regulators are looking for. It also helps to avoid down the road losses. Once we get a handle on the downstream impact of the pandemic, this economic crisis, etc., we can then make the appropriate adjustments. And hopefully, by then, we have a baseline operational structure. But I really am an advocate for compliance continuing to forge ahead because, in my view, we should be on the frontlines and protecting companies from issues related to misconduct, fraud, risk, etc.
Compliance should be viewed as a Revenue Protection Center. If we're not already at the table, we should be fighting for a seat.
What are the biggest challenges related to financial crime and corruption today?
TA: I think that's a great question. For me, it's the element of the unknown. We’re experiencing the pandemic, disruptions in supply chains, societal unrest. We are absolutely operating in an unprecedented environment. And, frankly, every day, something else comes up that presents another layer of complexity. With all of that as a backdrop, research shows that when we’re in the midst of a crisis, people are more likely to behave improperly; I believe that crisis breeds creativity. In my view this is the moment when the prominence of rogue actors or masterminds of creative financial schemes will come to light.
Not only will we likely see an increase in misconduct, I also believe it's going to be more challenging to detect illicit behavior. When companies are facing financial pressures, studies show that this results in an increase in anxiety and stress, and going back to the psychology aspect of my background, research also shows that, when you're stressed, when you're frustrated, when you're anxious, the likelihood of making poor decisions and participating in unethical behavior increases tremendously.
Knowing all of this, I believe in the importance of appreciating that these broader organizational pressures trickle down. The trickle-down effect has an impact from leadership to those who are working on the ground, those who are working towards targets or sales goals, and the mounting pressure to still meet those goals, even though, quite frankly, with the economy and the current environment, it might be untenable or just impossible.
It's human nature to succumb to these pressures. A number of behavioral economists and scientists have studied these very types or scenarios –for example, Richard Thaler and Dan Ariely. It’s for the compliance officer to make efforts to understand their stakeholder’s pressures, fears, stressors in order to get ahead of the potential misconduct, such as cutting corners in violation of policies or procedures in order to achieve success.
Companies have to be vigilant, think really broadly, outside of the box, as it relates to risk mitigation. . . Increase your monitoring, do more in the analytics department, think about whether or not you need to re-evaluate or launch another risk assessment, and be aggressively proactive about how you're identifying new areas of risk. And importantly, make sure you're protecting your organization’s reputation. I believe that over the long term, repairing reputational damage is incredibly expensive and one of the most difficult things from which to rebound.
We've heard so much about Panasonic and your leadership today. Can you share an example of another company you respect who is innovating to make the world a safer place to do business in their work?
TA: Yes; I am happy to have the opportunity to shine a light on the innovative work being done at Booking.com. A colleague of mine, Femi Thomas, formerly with Nokia, is now the CCO of Booking.com. For those unfamiliar with this company, Booking.com is the world's largest online travel company. While they're a relatively young organization, they're rich in innovation; they have to be really creative about the algorithms they create, and how they obtain useful data to offer interesting and creative travel and leisure options to their customers. Booking harnesses the power of data and technology, to improve people's lives and experiences.
For purposes of context, I should note that while with Nokia, Femi had a sizeable budget and led a sophisticated investigatory practice. In essence, it was an ideal scenario as they had the financial means to leverage technology and other resources to build out a strong compliance program. In contrast, Femi is now at the helm of an organization rooted in innovation, yet working within financial constraints. His call to duty is to be resourceful and inventive in his approach to developing solutions.
Currently, Femi and his team are evolving their ethics and compliance program significantly and looking into new products and new markets. One significant innovation includes enhancements to Booking’s payments processing capabilities which has a clear intersection with AML regulations and requires the management of the myriad risks that accompany this highly regulated landscape. In addition, as a company that relies on data and technology for success, they must also manage risks around data privacy and cybersecurity.
On a separate but related note, I admire Femi’s commitment to Corporate Social Responsibility (CSR). He makes it a point to balance key risk mitigation obligations alongside societal considerations and contributions. This takes me back to Panasonic and our seven basic business principles, the parallel here being that we both prioritize the importance of giving back to society.
Under Femi’s leadership, Booking places an importance on incorporating a culture of diversity and inclusion within the organization, and actively seeks to defend against discrimination at all properties listed on Booking’s platform. It’s clear that Booking’s core values include a commitment to integrity and CSR; key pillars to making the world a safer place to do business.
We want to hear quickly about your legacy. When it comes to making the world a safer place to do business, what do you want to see when you look over your shoulder in 10 years?
TA: I'm really interested in how best to use science to develop a best-in-class compliance program. I think it is something that is undervalued and not often discussed. It's not novel, but I don't think it's the norm either. I would love the opportunity to have the chance to stand up a compliance program, using both emotional intelligence and behavioral science principles. I believe it's important and fundamental to bring science into a program, in order to create a strong culture of compliance. From the emotional intelligence or EQ perspective, it's integral that you understand your stakeholders, what motivates them, what they fear, etc. And also how best to communicate with them, so that when you are delivering messages, whether through your policies, trainings, communications, etc., that stakeholders receive that message and understand your expectation, as it relates to their obligations to the organization.
Adherence to company policies and procedures is key, but it's not enough to just put a policy out and then train on it. To truly be effective, you have to take time to get to know your stakeholders, and then give time and thought to how you prepare those materials. It could go as far as how you approach that from a culture-by-culture perspective to the extent it's a global organization. I think it would also warrant additional cultural surveys, or things of that sort, in order to make sure that you are covering off on what's relevant and what will resonate with those stakeholders.
From a behavioral science perspective, I would say it's critical to understand bias. There are so many biases and social norms that drive behavior. Ultimately, you want to get a sense for why people behave the way they do. There is so much research out there that informs the development of such programs. And I think that an effective program that can appropriately mitigate risk requires the ability to predict human behavior. That's how you know where to focus your attention. That's how you know what sorts of controls you may need in place. That's how you may know you need someone on the ground in that area because the likelihood of someone misbehaving, or some misconduct occurring is great.
In summary, I'd really love the opportunity to apply the learnings that I've obtained through my studies in psychology and, potentially, work with leading behavioral experts to develop a program that would serve as a model for others. As far as a legacy goes, I think that would be fantastic. I could stamp my name on that.
I'd really love the opportunity to apply the learnings that I've obtained through my studies in psychology and work with leading behavioral experts to develop a program that could serve as a model for others. I could stamp my name on that.
Rapid Fire Round with Tiffany
- Favorite Place to Travel: Hands down to Dubrovnik, Croatia. Make sure to drive the coastline from Zagreb to Dubrovnik; it's absolutely gorgeous.
- Favorite Food: Tomahawk steaks. I think the meat is amazing, and the presentation is beautiful.
- Favorite Show to Binge: The Marvelous Miss Maisel
- Favorite Book: 100 Years of Solitude by Gabriel García Márquez. A great literary work.
- Favorite Band/Singer: Mariah Carey…She’s a walking instrument.
Join the Conversation
The fight against financial crime and corruption won't be won by one company, provider, government or bank