DLA Piper

DLA Piper Compliance Survey Says…continued

In my previous post I wrote about the “DLA Piper 2016 Compliance & Risk Report” (DLA) that contains some very interesting information about general compliance, rather than specific to the insurance industry. That post was the first of a series to look at this report and here's the second.

In the interim, we received the April 18, 2016 edition of Insurance Compliance Insight (ICI), which reported on an EY report titled “A time of evolution for compliance: laying foundations for future success: Global insurance Chief Compliance Officer survey.” (EY)

One of the things that Alan Prochoroff, editor of ICI, pulled out of the EY survey related to differences in approach depending on whether the compliance function reported to a legal or a risk based function. DLA Piper reported that 44% of respondents said their CCO reported to the Chief Legal Officer, while 25% reported to the CEO and 29% reported directly to the Board. (DLA, p. 5). There was no mention of reporting up through a risk-based function in that report. EY reported that in the insurance industry, 35% of respondents to their survey said that the function reports to the CLO/General Counsel, 20% to the CEO and 15% to the Chief Risk Officer/Risk. (EY, p. 4). Prochoroff reports that “EY found that compliance pros on the risk side tend to be more advanced in their use of risk management tools and techniques like risk appetites, risk registers and risk metrics. Importantly, those on the risk side also can be more forward-looking in terms of seeking to manage potential regulatory risks.

Prochoroff also noted that “All of the companies conduct compliance risk assessments, and they also monitor key controls that are the company’s first line of defense.” Our experience is consistent with that, as we see much more interest in independent assessments from carriers, fraternals, IMOs and insurance agencies. Roger Hayashi, Compliance and Risk Mitigation Assistance (CARMA) Program Co-Director, will be giving a session on this important topic at our upcoming Currin Insurance Compliance Symposium in June.

The DLA report indicated that “monitoring” was considered the weakest part of the compliance program by 66% of respondents! In the commentary to this section it states “Experts note that being able to monitor (in real time) and audit compliance programs is crucial – and that companies should consider building it into quarterly or annual audits of plans. ‘You’ve got to do something to figure out if the program is working – and if not, where it needs to be tweaked,’ one CCO said.” (DLA, p. 23).

Agreed.

DLA Piper Compliance Survey Says….

DLA Piper published its First Annual Compliance Survey, titled “2016 Compliance and Risk Report: CCOs Under Scrutiny” (Survey) this month, which contains a lot of very interesting information. DLA Piper distributed the survey in 4Q15 and received 78 responses. Eighty-one percent of respondents held the title of Chief Compliance Officer (CCO) or General Counsel/Chief Legal Officer. This is the first in a series of posts in which we will explore some of the survey results.

One of the survey’s primary focuses is the increasing liability faced by CCOs for compliance lapses at their companies. Approximately 2/3 of survey respondents said that changes in tone from Washington and recent developments with respect to CCO exposure would affect their decisions to remain in or accept positions as CCO. (Survey p. 3, 8-9). One of the dilemmas those on the job reportedly face is, not surprisingly, resources: only 1/3 of those responding were confident they had the resources they needed to do their jobs (Survey, p. 3, 11). Forty-seven percent of respondents encountered resistance “to some extent” when requesting budget increases (Survey p. 4, 11). This is, of course, problematic when faced with increasing external accountability because it may mean that CCOs are left knowingly exposed but with no means to address the exposure without adequate resources.

Given the recent launch of our online training program, Currin Insurance Compliance Education Program (CICEd), it was interesting to note that “[r]espondents said they considered monitoring to be the weakest aspect of their compliance programs and also the aspect (along with training) that took up the most time.” Sixty-five percent of respondents indicated that they use online, interactive training, with public companies more likely to use online resources than their privately held counterparts (Survey p. 4, 16).

The report identified four recommendations to mitigate CCO risk (Survey p. 6):

  1. Track Effectiveness – This begins with assessing the program and documenting its development and maintenance. The goal is to be able to point to concrete evidence that the program works.
  2. D & O Coverage and CCO indemnification – This makes sense and the report suggests including indemnification in employee contracts and corporate by-laws. (The challenge here is to not let these important protections have the effect of weakening the compliance program.)
  3. “Wear One Hat” – The recommendation is to have clear reporting lines with defined roles and responsibilities.
  4. Escalate any concerns – Taking prompt action when any red flags are identified is key as is continuing with an active program, including compliance reviews, during any periods of crisis.

Check back again for more discussion and analysis of this important survey and report.