Keeping your CEO and Board engaged when it comes to risk management can be a challenge. How can you increase your impact and avoid compliance fatigue?
Everyone is responsible for risk and compliance. Everyone in the organization is responsible for managing risk and being accountable to the compliance program – including third-parties. When a CEO delivers the tone from the top, echoing the commitment to compliance, it can be very impactful.
Compliance should remain close to business leaders. Integrating with business unit leaders is key to managing your risk agenda. Staying in front of their priorities, which can shift and evolve over time, is essential. You can also leverage this collaboration and connection to find opportunities to train and educate on key themes. For example, sharing insights in townhalls that would be relevant to the business at that point in time (e.g. in Q4, perhaps a reminder of your conflict of interest policy and gift giving policy).
Managing risk with third-parties. Exposure as a result of the conduct of third-parties is also something to keep top of mind. It is important to set expectations with your suppliers by making sure their contracts have the appropriate clauses, that there is a supplier’s code of conduct and they adhere to it, and that the company has an effective third-party oversight program. You can also consider supplier training programs as a way to educate on your code of ethics, conflict of interest policy, anti-bribery and corruption policy etc.
Managing the flow of information. Being sure that the right information is in the right hands at all times is critical. It is important to understand the cadence and expectation of communication, but it’s equally critical to have standard operating procedures around what kind of information should be shared and when. Bad news never gets better with time, so it’s important to raise those types of issues through the chain of command as soon as possible.
Conducting a compliance risk assessment. An assessment of potential risks is a great place to begin to determine your overall risk profile. You can start this process with the business leaders by asking them what they perceive to be the most significant risks. You will also need to take into account the nature of the business and the geographic regions in which you operate. You will also want to dive into more nuanced details such as the banking systems you might use and your interactions with governments. Starting here will give you a sense of what risks are germane to the business and what can be done as a team to mitigate those risks. These assessments are not a ‘once and done’ exercise and are a continuous process and, depending on the business and risks, you’ll want to calendar them often or even consider an external advisor to support you.
Tracking and monitoring risk and regulatory changes. While having a strong risk matrix in place is key, it must be kept up to date as there may be many new regulations coming into force that you’ll want to monitor.
Defining your legal risk appetite. These are decisions that are ultimately going to be made by the board and executive leadership team, in consultation with the compliance function, along with perspectives from internal audit and external auditors, among other sources. That information needs to be presented to the decision-makers who are then going to make that adjustment to the appropriate level of risk to pursue and what the left and right limits are of that risk.
* * * * * *
These tips are a summary of a Dentons CX webinar (Dentons – Leading the risk agenda), part of an award-winning global webinar program geared towards GCs and in-house legal teams.
Sign up for upcoming webinars
Don’t miss these upcoming webinars! ‘Global cybersecurity legal risk essentials’ (13 February 2025) or ‘Being an effective change leader’ (13 March 2025). Sign up here: Dentons – CX webinar program.
Watch recordings on all the issues GCs care about most
Dentons has built a complimentary library of insightful on-demand content across some of the biggest issues facing in-house teams. You can expect to find practical toolkits and digestible takeaways on the issues you care about most, together in one place. Explore the recordings here (Dentons – Client experience (CX)).
