Compliance Program Assessment Overview of Findings. Report to the Audit and Risk Committee of the Teachers Retirement Board June 8, 2016

Transcription

1 Compliance Program Assessment Overview of Findings Report to the Audit and Risk Committee of the Teachers Retirement Board June 8, 2016

2 Kaplan & Walker LLP 2 Law firm specializing in counseling organizations on the development and enhancement of compliance programs. K&W has provided compliance counsel to over 100 organizations and has conducted over 50 compliance program assessments. Rebecca Walker Has chaired the Practicing Law Institute s Compliance and Ethics Institutes for the past twelve years. Has helped organize the Society of Corporate Compliance and Ethics Compliance and Ethics Institute, the largest compliance conference in the country, for the past five years. Authored Conflicts of Interest in Business and the Professionals: Law and Compliance, a legal treatise published by Thomson Reuters. Jeff Kaplan Authored the leading treatise on compliance programs, Compliance Programs and the Corporate Sentencing Guidelines. Has served as a monitor on behalf of the World Bank, the Department of Justice and the United Nations.

3 Compliance Programs 3 Opportune time to implement a Compliance Program. Compliance program expectations continue to increase. Size of criminal fines assessed against organizations has increased dramatically in recent years. Research proves the effectiveness of Compliance Programs. Programs lead to less misconduct. Programs increase reporting and thus the opportunity to detect misconduct early.

4 Assessment Methodology 43 interviews of executives, senior leaders and key personnel. Reviewed numerous documents related to Compliance Program. Discussed preliminary findings and recommendations with General Counsel and Business Lead. Review and recommendations in the following areas: 4 1. Compliance Program structure 2. Board oversight of Program 3. Management oversight and support 4. Compliance risk assessment 5. Compliance policies and standards 6. Compliance training and communications 7. Compliance auditing, monitoring and assessment 8. Reporting procedures 9. Investigations of suspected violations 10. Discipline and other responses to misconduct 11. Due diligence in hiring and promotions and incentives 12. Culture of compliance and ethics

5 Findings 5 CalSTRS has a strong culture of compliance and business ethics with an excellent focus on its Core Values. CalSTRS has adopted numerous compliance controls, policies, procedures and systems many of which are well-designed and robustly implemented. The Firm makes a number of recommendations in its Report, which are designed to strengthen the compliance systems currently in place at CalSTRS and enhance its culture of business ethics, including the principal recommendation that CalSTRS adopt a Compliance Program.

6 Principal Recommendations 6 Implement a Compliance Program. Designate the General Counsel to serve also as Chief Compliance Officer Create position of Compliance Director to report to GC/CCO and be responsible for implementation of the Compliance Program and day-today operations. Create a Compliance Council (comprised of appropriate senior leaders) to oversee the Compliance Program. Make Audit and Risk Committee responsible for oversight of Program. Provide CCO and Compliance Director with unfettered access to the Audit and Risk Committee to report on the Compliance Program and specific instances of serious misconduct on a timely basis. Provide Audit and Risk Committee with training on compliance oversight responsibilities and compliance programs more generally.

7 Principal Recommendations 7 Compliance risk assessment Code of Conduct Ethics training Compliance training and communications plan, including additional communications regarding Ethics Hotline Formal protocol identifying types of allegations to be escalated to Audit and Risk Committee and how promptly. Tracking of concerns reported, investigations and remediation Report information of allegations received and responses to concerns to Audit and Risk Committee and Compliance Council to assist them in oversight.