United States: Podcast - Risk Mitigation & Management: Bringing A Compliance Program To Life

Compliance programs are difficult to design, and implementing and enforcing policies and procedures is challenging, especially in complex, global organizations.

In this podcast, the first in a series on challenges and best practices in risk mitigation and management, litigation & enforcement partner Amanda Raad and ethics and compliance consultant Hui Chen, former Department of Justice compliance counsel, discuss how companies can transform policies into a culture of compliance. The podcast covers:

  • The importance of identifying and defining your company's values
  • How to ensure clarity in your policies and uncover potential violations
  • What metrics are effective at assessing risk
  • How to meaningfully address risk exposure and encourage compliance

Amanda Raad: Hello, and welcome to our podcast. This is the first in our series of podcasts focused on risk mitigation and management. My name is Amanda Raad, and I am a partner at Ropes & Gray in our litigation and enforcement practice. Joining me is Hui Chen, former Department of Justice compliance counsel, and currently an ethics and compliance consultant. In this podcast, we're going to discuss how companies can bring a compliance program to life and how to meaningfully use the results from a risk assessment. Compliance programs are hard to design and companies spend lots of time just making policies, sometimes binders and binders and binders of policies which I'm sure have been delivered to you for evaluation. But actually making that policy come to life is a bit of a challenge and there's lots of processes that employees need to follow. How do you do that? How do you get from the written paper of the policy to actual compliance?

Hui Chen: This is where I think we need to start with values. And this is why I'm such a strong advocate for companies actually identifying their own values. And this is not the values that you put on a board that you hired a marketing consultant to write a slogan for, but this is the values that attract your employees to work there. This is the values that drive you to be the company that you are. And I think that's where, you know, you need to start because once you have a clear set of values, what you do is to make sure everything you do reflects those values. And one of my favorite things to talk about is, I often talk to rooms full of lawyers.

Amanda Raad: Very exciting as that is.

Hui Chen: And I also at times speak at law schools in a room full of law students. And I always ask them, "How many of you have read the United States Constitution from beginning to end?" Not the Bill of Rights, not, you know, the first ten amendments, but the whole Constitution which by the way is not that long. And I would say it's an extreme minority. Usually less than 10% of the room that would say that they actually have read the Constitution. But it's a living document. Why is it a living document? Because its values are reflected in our society and people fight for it. When the values are actually threatened, people speak up, people vote. people go to court – that's how we keep the Constitution a living document. And I think there are similarities because the Constitution is our nation's code of conduct. And people don't read it, but certainly, for example, during the last election everybody wanted to know how the electoral college worked. So as things come up, and as choices are made, people always go back to that founding document and because that's something that reflects our values. And I think companies really need to think about their values and their code of conduct and everything else they do in light of their own values.

Amanda Raad: And it sounds like in doing that, so the Constitution is equivalent, right, to the policies of a company? But I think I hear you saying that it can be teaching moments. That you will get things wrong. You will find things that happen that are contrary to the policy, and that's okay.

Hui Chen: Absolutely, yes.

Amanda Raad: That's how you work through the things. That's how you make sure you stay true to your values. And that's how you kind of govern conduct.

Hui Chen: That's okay so long as you learn your lessons from it every time. And I think, you know, that's where absolutely you'll get it wrong, because we're all human. But we think, you know, the important thing is that we learn the lesson so that we don't make the same mistakes over and over.

Amanda Raad: And I imagine that practically speaking, trying to put this in practical terms, it means you have to actually be testing and looking to see if there are policy violations, what kind of policy violations there are. You have to be pulling all of that together.

Hui Chen: Exactly, yes.

Amanda Raad: Otherwise you have no idea whether it's understood.

Hui Chen: Absolutely. And one of the metrics, for example, that I know some compliance officers have used are, for example, the type of questions they get on help lines. Because to them help line questions in certain areas indicate where people seem to have, you know, confusions about and that's why they call the hot line or help line to ask the questions. I also know, for example, compliance officers who track the click rates through their web pages because if certain pages on certain topics are clicked more often in a particular time period, for example, that may be indication that there is a problem somewhere. That, you know, some team or some parts of the operation is having reasons to really look into what is the company saying on this particular topic, and that may give you an indication as to where you might want to look into.

Amanda Raad: And even changes over time, right?

Hui Chen: Exactly.

Amanda Raad: So if all of a sudden you have a market where there was open communication or that, you know, you were seeing things in a speak-up culture and it stops, or vise versa, right?

Hui Chen: Exactly, yes.

Amanda Raad: That's all important going back to data.

Hui Chen: Absolutely, yes. Right, that's right.

Amanda Raad: You've taken the data and you've worked with the employees and with the business to come up and actually complete an effective risk assessment. But then you come up with meaningful results. You have a lot of data you've pulled together. You have a lot of information that you've pulled together. It can be overwhelming. How do you pull that all together and action it so that you're actually responding to what you've found in a meaningful way?

Hui Chen: The key here is thinking back to the purpose of risk assessment, which is for you to understand the risk so that you can respond to it, and responding to it means a number of things. You can address issues that you believe to be emerging. You can set controls at the appropriate place. You can allocate your resources accordingly. So one of the things that I always find interesting is in many companies when you talk about, for example, anti-bribery and corruption, people immediately go to gifts and entertainment. So the next thing I would ask them is, "How much out of your total spend is actually on gifts and entertainment?" Very few companies, if any, have the majority of their spend, third-party spend, on gifts and entertainment. It's usually there are other areas of vendor spending and third-party spending that is significantly more risky than that if you just look at the financial data. So companies that, when they do anti-bribery and corruption, allocate disproportionate amount of resources to gifts and entertainment would be misusing their resources. So the idea is getting an understanding of where your risks really are and actually adjust your resources and, you know, resources not just in terms of money and people, but attention, to the places where those are needed the most.

Amanda Raad: And maybe the fact that companies focus so disproportionately on gifts and entertainment goes back to with thinking that that's what the regulators want you to address instead of actually looking at the risk in your particular company. Is that fair?

Hui Chen: I think some of it comes from people thinking, at least in the anti-bribery area, bribes, giving people money and, "Oh, that's what gifts are for." It's the whole sense of, you know, it's giving and therefore they look at the gifts and the meals and the hospitalities. You know, I'm not sure really what has accounted for this excessive focus, but I have always found that to be interesting. And let's, you know, take this also to another area. I mean, if you're talking about, for example, safety and health compliance, then you have to look at where the high risk activities are there. And, you know, you have office workers, for example, in an oil company, let's say, and rig workers. Clearly, rigs is where you need to pay more attention for your safety and health issues. And so I think, you know, the important thing is remember the purpose of risk assessment. It is to help guide your choices in terms of where to pay attention.

Amanda Raad: Thank you, Hui. For additional news and insights, please visit www.ropesgray.com. Thank you for listening.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Sign Up
Gain free access to lawyers expertise from more than 250 countries.
Email Address
Company Name
Confirm Password
Mondaq Newsalert
Select Topics
Select Regions
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions