Corporate Compliance and Ethics Week: Interview with Roy Snell

By Lara Jezeph, CRI Group


Roy Snell is the CEO of the Health Care Compliance Association (HCCA) and the Society of Corporate Compliance and Ethics (SCCE). Roy was a co-founder and the organization’s first president. I had the pleasure of speaking with him at a compliance conference in New York City.

What’s integrity mean to you?

Telling the truth. Every time.

To what extent are boards and senior executives in your region taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?

In the U.S. there is a very strong movement to move beyond “talking about doing the right thing” to auditing, investigating and taking disciplinary action when necessary. Companies are implementing compliance and ethics programs. The enforcement community previously concentrated on holding a company responsible for regulatory infractions and fining that company. The enforcement community has not seen the reaction they were looking for and believe companies are too willing to pay a fine and consider it a cost of doing business. Now they are now holding individuals and boards accountable.  As a result, senior executives and boards are taking this more seriously and implementing compliance programs to prevent find and fix ethical and regulatory problems.  The US is moving beyond just telling people to do the right thing – they are enforcing it.

Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in your region over the past 12-18 months?

The most visible regulatory developments have been in the area of anti-bribery. There have been many large settlements. There are more settlements to come. Some involve companies based outside the U.S. that do business in the U.S. These settlements are so large that it has become “profitable” for the government to invest in more enforcement. There is a positive return on investment. We will see a continued enforcement and regulatory effort involving all regulations. More importantly, many believe that to become an effective player in the global economy your country needs to have a trusted economic environment to conduct business in. The only way for a country to become trusted is to have the rule of law and enforce it. Countries that achieve that trust are going to prosper in the global economy. Most countries that have no enforcement are suffering economically. Those in the middle or those that make a half-hearted effort will be less effective and less prosperous in the global economy.

When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

People need to stay calm and have a process in place. They need to rely on that process. That process should be free of conflict of interest so that an independent investigation can take place. I would start with finding an outside expert who has handled many cases just like the case you are investigating. Not just any expert but rather a very experienced specialist. That expert will help you with all of the other many details that must be considered such as record retention, conflicts of interest, information gathering, interviews, the potential need for disclosure, etc.

How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?

The “protect the whistleblower” movement is staggering. The pendulum has swung from cases of retaliation to an all-out war on the accused. There are two ways this can go badly, not listening or retaliating against the whistleblower to stunning damage to the life and career of the falsely accused. There are countries in Europe that are leading the way in taking a balanced approach. The rest of the world has yet to appreciate that we must protect the whistleblower and the accused. Reputations of innocent people are often dragged down the street and ruined only to find out later that they are innocent. This can have a harmful effect on the organizations culture and the ability to attract and retain great employees. 

Could you outline the main fraud and corruption risks that can emerge from third-party and counterparty relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?

There are too many laws and ethical expectations to mention. However, the appreciation for the compliance and ethics efforts of business partners and the consideration of compliance and ethics in acquisition and mergers is changing before our very eyes. A few years ago third-party compliance was not considered much at all. Many wise organizations have developed policies and procedures. They have compliance and ethics expectation not only for their own company but expectations of their partners.  Many organizations now consider compliance and ethics an important aspect of mergers and acquisitions. In the past a company may have looked the other way when a partner got into trouble. Now they are more likely to sever ties with that organization. Many organizations have come to the realization that the smallest of acquisitions can result in tremendous pain if shortly after the acquisition the acquired entity runs into trouble. The ultimate regret occurs when a small acquisition results in an investigation that then spreads to the entire organisation.

What is the most important skill of a compliance officer?


What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk assessment process, with appropriate internal controls?

The most important thing to understand in implementing a compliance risk program is the difference between risk to the company (insurance, investments, etc.) vs. risk the company causes others such as not following the rule of law. Most all risk assessments in the past were assessments of risks to the company. A compliance and ethics risk assessment is very different. It is often watered down with a focus on risks to the company. If you have the people in charge of risk assessments that have traditionally focused on risks to the company you are likely to come up way short on your compliance and ethics risk assessment. This is easily solved if you separate the compliance and ethics risk assessment out and have it conducted by an experience compliance and ethics professional.

Name a person with integrity?

No one is perfect. All we can do is get in the ballpark. My father.