Mike Ward, VP and Chief Compliance Officer at Juniper Networks, recently sat down with Ethisphere to chat a bit about third-party risk, his latest compliance initiatives, and what he wants to see from regulators. He recently sat down with Ethisphere to discuss third party risk management, culture, measurement, and compliance.
Ethisphere: At a recent Ethisphere event, you were on a panel talking about due diligence with mergers & acquisitions. You had a quip about some of the more complicated regulations that come into play when doing that kind of activity: “The notion that everything I need to know about business ethics I learned in kindergarten is not very practical. People can violate these rules.” How do you combat that perception, that ethics are always straightforward?
Mike Ward: That perception can be most dangerous when it’s held by senior management and they resist providing resources for a compliance program as a result of that view. But I have learned that it is not as effective and less durable to try to tell someone that their opinion should be x, y or z. On the other hand, if you can expose someone to specific facts and circumstances which lead them to reach the conclusion you are championing, they will not only embrace it, they will defend it to others because it’s their own conclusion, not just yours. It’s a lesson I learned as a federal prosecutor trying cases to juries. When they go into the jury room, you need your jurors vigorously persuading the other jurors to see the evidence your way. And those jurors are more committed and more persuasive advocates of a conclusion that they reached on their own than one you told them to reach.
Ethisphere: You have also talked about the importance of properly onboarding new employees, both by making rules clear and by establishing the right sort of culture. How can companies make that onboarding engaging for new employees to set them up for success?
MW: My own view is that the onboarding of employees has two components and they both require specific examples rather than abstract vague platitudes. First, there needs to be an introduction to your value system which means how your company prioritizes ethics and compliance in relation to other imperatives such as profitably grow your business. New employees need to hear of specific and tough decisions contexts in which ethics and compliance were prioritized and not just the easy cases. That calibrates them to how serious you are. Next, new employees need to be trained in a very specific way on how to be compliant. As we discussed before, these procedures are not intuitive and most employees are happy to be compliant and just want to know what they need to do.
Ethisphere: What recent initiatives have you worked on at Juniper that you’re most proud of?
MW: I have to give complete credit to the innovative team we have built at Juniper. One of the most interesting initiatives has been a data analytics project whereby the team has established a “data lake” into which we have loaded data from various previously siloed data sets such as our SAP ERP system, pricing data, corruption rankings, our conflicts of interest disclosures, our third-party risk management platform, etc. Everything is going into the lake and it is enabling us to perform analytics we could not previously. Our first project has been the identification of grey market leakage patterns that should inform a real-time predictive risk algorithm that could positively affect our gross margins. We have many other data analytics-driven projects on the drawing board.
Ethisphere: The relationship between compliance professionals and regulators is always an interesting one, and you’ve been on both sides of the equation as a former prosecutor. What would you like to see more of from regulators at the Department of Justice (and elsewhere)?
MW: Yes, I was a prosecutor for 16 years and it was incredibly rewarding. But when I made the transition to in-house, it was very eye-opening for several reasons. First, I was retroactively embarrassed about what I thought I knew about how companies and their compliance programs, what works and what doesn’t work. I learned a good lesson in being cognizant of what I don’t know. I think that the enforcement agencies could formulate more effective incentives if there were more in-house experience within the government. The role that Hui Chen played as the Fraud Section’s first compliance counsel was very helpful and I hope that infusion of in-house compliance officer perspective continues and expands. Second, I think there is a tremendous imbalance in the amount of money, time and resources that companies spend on reactive activities such as investigations as compared to proactive investments in preventative and detective process controls. Investigations are necessary but far too expensive and they do not help achieve compliance going forward. I think that enforcement agencies could help alter this imbalance by discouraging “boil the ocean” investigative responses on the part of outside counsel and forensics firms and more directly and tangibly rewarding companies, with complete declinations, who had proactively invested in creative and tangible preventative and detective control systems.
Ethisphere: You’re going to be on a panel at the upcoming CONVERGE17 program talking about key performance indicators for E&C professionals. How well do you think compliance teams measure their own performance, as a general rule? How do you see KPIs in compliance evolving?
MW: I think that we have to be candid about the state of performance metrics in the compliance field. It’s improving but we have a long way to go as a profession. First, the compliance profession has been dominated by lawyers and lawyers have been very slow to accept that what they do can be quantified or their effectiveness measured. We tend to let the perfect be the enemy of the good and reject any imperfect metrics. But performance metrics are the language of business and dashboards are ubiquitous in any company. If Compliance, and even Legal Departments, want to be taken seriously within an organization, we need to embrace it. And credible metrics are actually a very effective way to truly engage with business leaders. Once you have quantified the ethics and compliance performance of their business unit as compared to their peers, their competitive instincts are engaged and they want to know how to move the metric.
Hear more from Mike Ward and other ethics & compliance leaders at CONVERGE17 on October 3-5 in Denver, CO.