SEC personnel frequently speak publicly on a variety of topics. Some speeches are less than memorable, while others so perfectly capture the essence of a subject and provide such practical insight that it would be a shame for them to go unnoticed. A recent speech by Andrew J. Donohue, SEC Chief of Staff, falls squarely into the latter category.

Mr. Donohue began with general observations for effective corporate governance, many of them as fundamental as kindergarten lessons and, therefore, worth revisiting from time to time. He highlighted, for example, the importance of:

  • “integrity and personal responsibility”;
  • “a culture of always doing the right thing”;
  • simple and intuitive policies and procedures;
  • using technology well, but not to excess;
  • integrating systems across all business units and geographies; and
  • understanding that, in the compliance world, ignorance is not bliss.

But the real highlight for me was Mr. Donohue’s fifteen tips (quoted below) for getting comfortable with being responsible (fully or partially) for corporate compliance or, put another way, being sure things are working as they should:

  • Get to know the businesses better than the people who run them;
  • Have a deep understanding of the regulatory regimes you operate under;
  • Identify areas of key risk and focus on them;
  • Get to know all the key people in your organization and try and discern where you should focus your attention;
  • Understand and appreciate the limitations inherent in any system that you rely on;
  • Constantly ask yourself how you know everything is ok [I really like that one];
  • Constantly ask yourself what am I missing;
  • Follow your instincts and if something does not make sense to you work on it until it does;
  • If someone can’t explain something to you in plain English, either they don’t understand it well themselves or you need to do more homework [another good one];
  • Hire good people who are knowledgeable, hardworking and whose judgment you respect and let them do their jobs;
  • Only work at firms that have a good culture;
  • Encourage people to raise questions about practices at the firm;
  • Test a lot and ask a lot of questions;
  • Walk the floor; and
  • When you identify an issue address and resolve it quickly.

It’s easy to get lost in the spreadsheets, bar graphs and committee meetings associated with most risk management and corporate compliance programs, which are essential to managing such a complex task but can sometimes provide a false sense of wellbeing. Mr. Donohue’s speech, on the other hand, emphasizes the fundamentals of effective corporate compliance, and I encourage you to give it a read.

All the best,

harmon-signature