D (4:11)

It really is wild, Dottie. But I think, you know, what you said makes a lot of sense in terms of potential walkbacks. But also that should be the plan for organizations. You know, the best chief compliance officers, the best leaders in general, will say, we don't want bribery to happen. We're going to put controls and practices in place to prevent that. But in the event that it does happen, because there is always some risk, we are going to find it and own up to it immediately and take responsibility for it.

C (4:40)

Well, Megan, that is a really good segue to the interview that we had the opportunity to record for you all today, and that is with Cindy Mohring, who is an experienced independent director, but spent her career first as a chief compliance officer, and she served some really big companies. And so I think it's going to be great to have a chance to listen to that interview. She, she had a very nuanced and helpful perspective on how boards and chief compliance teams, or I should say compliance teams, should be thinking about all these things. So let's give that a listen and we can come back and talk some more. Joining us on the corporate Director podcast today is Cindy Mooring. Cindy's an experienced independent director and former chief compliance officer who currently sits on the boards of Pyxis International Church Mutual Insurance Company and she serves on the compliance committee of the board for the US Olympics and Paralympics organization. Cindy, thank you for joining us on the show.

A (5:40)

Oh, thanks, Dottie. It's a pleasure to be here.

C (5:43)

Yeah, returning champion, it's great to have you back. You know, I just said I just sort of rattled off a few of the things that are on your current plate, but would you mind just sharing with our audience a little bit more about your background and in particular about your years as a chief compliance officer?

A (5:58)

Sure, absolutely. So I started with a legal background and law profession and served and worked in private practice, worked then internally for, in financial services for a bank and then I went with a high tech company and so did some of that and then made the jump over to retail and worked for Walmart for several years doing governance work in the legal department and then made the jump over to ethics and compliance and became the global Chief Ethics Officer and the US Chief Ethics and Compliance Officer. So both of those are very senior roles at the company. And saw that spent the bulk of my career there. It was about 20 years left there and retired from corporate America, I like to say, the active 8 to 5 and went down and started in academia and built an ethics and integrity and leadership initiative for the School of Business at the University of Arkansas and then joined the, the, the three boards that you mentioned. So it's been a, it's been a full complement of seeing sort of the whole spectrum of everything. I'm also very involved as well in the Wall Street Journal Chief Compliance Officer Council. So I still have my, my toe in the water there and it's nice to be able to see sort of the next generation, I'd say, of chief compliance officers coming up. And they have me on there as well because I'm now on the board. So it's nice to have that connection between the two.

C (7:26)

Well, Cindy, you're the perfect person to have on the show to talk about this topic because I think there is so much happening right now in the compliance world. I mean, I mean, I'm thinking about all the changes that are happening in the regulatory space. I think about all the societal changes, I think about AI. I'd love to kind of hear your reflection on what do you think are sort of the biggest, most Seismic things happening for chief compliance officers right now that would be useful for boards to know more about.

A (7:52)

Yeah, I think that the role of the chief compliance officer has changed significantly and I think boards need to view them now as a regular strategic advisor to the board as well as to the C suite. It has evolved well beyond just one of the current regulations. And how do we stay compliant? Of course, you have to have a well designed program and you have to make sure that it is working in operation and. But that's sort of just like what gets you in the door. Chief compliance officers now need to be more focused on being agile, being nimble, being strategic, watching what's going to come down the pike, learning from the examples of others, staying abreast of what's going on with technology and figuring out how all of that can become part of the compliance program for the company. So that it is less about backwards looking, which I think some still view compliance as only being sort of a look into the past and what has happened and instead being a look into the future and what are those emerging issues and how to prevent them from ever happening in the first place. And that only comes by being involved with the strategy of the company, the strategic direction of the company and being very agile and able because it is a, as you said, a very fluid, fast changing environment today.

C (9:11)

It seems to me that the further along we get in governance, the more it feels like a team sport that really sort of involves a lot of different players across the company, including the compliance team. And I wanted to talk about some of the big rocks that compliance officers have to move today. And I'm thinking specifically about organizations that are global in nature. There's so much complexity of being a multinational. Can you talk a little bit about what are some, in your mind, what are some of the most pressing issues for compliance teams right now?

A (9:41)

Well, what I would say is that it's the changing regulatory environment and it's just so fast in terms of the way it's changing. If you think about employment compliance, if you think about supply chain compliance, if you think about environmental and compliance with that. But when you then layer on the global divergence in the views, let's say right now between maybe the current environment in the US and, well, let's say where the rest of the world may be, in particular Europe, just taking environmental as an example, you've got global companies now that have to figure out how do they comply with both the US current regulatory environment while also complying with completely different set of expectations. If you're thinking about sort of the European continent and what's going on over there, just in terms of still their very strong focus on environmental, just to use one example. So that, that I think is a real challenge for compliance officers because it means you do have to be it cannot no longer just be a program that I think some companies still try to do, which is just managed from headquarters. You really do have to have boots on the ground, local talent, and a way to be nimble and fast enough to be able to react to what is happening in the now divergent regulatory environments around the world and keeping abreast of all of that. So that's one. But the other one I would say is even I, you mentioned global. And I agree with that, that that's in terms of being really quick and being able to react in the moment is important. But even for domestic companies, particularly when it comes to supply chain and trade compliance, right now, if you will, being even if you're just a domestic company staying abreast of just say a property and casualty insurer. Right. For example, staying abreast of what's happening, for example, in trade compliance. And if you're insuring automobiles, for example, well, all of a sudden the tariffs that are being applied are going to mean potentially higher costs if there's an accident and something has to be fixed or a building gets destroyed because of natural disasters. Right. And now they've got to rebuild the building. And so all of that is not only going to increase costs, but it might change the strategy of the company in terms of where they want to insure, what industries they want to insure, what states they should be in or not be in. And so all of that to the forefront, not just for the board to consider and CEOs and the strategy of the company, but also for compliance, because it's got to be also about risk management. But that's part of looking around the corner that I think chief compliance officers owe it now to their companies and to the boards to be able to do and not wait until it happens.

C (12:25)

Cindy, you've been, you've been sort of doing this work both with public and private companies. Do you see any big differences between the way public and private companies approach compliance? How do they, how do they approach managing these challenges?

A (12:38)

You know, that's a really interesting question. I will, I know you didn't ask, but I'll also throw nonprofit in there as well for large established ones. So, I mean, I think the most obvious answer is public companies have an additional layer of regulation and an additional layer of scrutiny because of their quarterly reports that are filed with the sec. Right. In a private company, you're not going to have that. But when it just comes down to compliance and just call it governance, risk management in general, I would say that the public, private, and even very established nonprofit, if you will, for example, like the US Olympics, which their compliance program is now much more on par, I would say with what you would just see in corporate America generally, that the public private distinction is not what's most salient and not what's most important at all. It's really more about, I would say, the size of the company, the sophistication of the company, the maturity of the company, the industry that the company is in. All of those, aside from, again, the SEC side of it and the additional scrutiny there when it just comes to a compliance program, all of those factor in much more heavily than I would say, whether it's a public company or a private company.

C (13:47)

So said another way, companies are not just doing this work because they have to.

A (13:52)

That is very, very well summarized. Yes, I would agree. And particularly when you see that going over into the nonprofit space, more so than you have before, there aren't really that. I mean, let's, let's face it, every Sarbanes Oxley and all of the requirements for that really were born out of public company failures. But what I have seen in my career since that first happened is it moving from public companies down into the private companies and now into even some of the more established nonprofits, because it's seen as a best practice. You know, once companies sort of figured out what they needed to do and how they needed to do it from a governance, internal controls, compliance perspective, it became the guiding light for others to, to follow and to look at. And as more companies actually stay private these days and they're, you know, there's been kind of not, not as many going public and fewer public companies than there there were. I think private companies are having to shoulder some of that burden as well because they're just large established companies now, whether they're public or not.

C (14:54)

Yeah. And so it just becomes part of the importance of doing good business. Right. For your customers, your investors, et cetera. I want to shift gears a little bit and talk about technology because I think there's so much happening in the space around compliance, specifically for legal teams and compliance teams, ways that things can be automated, ways that AI can help with fraud detection and with whistleblower programs, and you name it. So can you share some of the practical ways that You've seen technology be a game changer and some of the ways that you feel it really hasn't been that maybe it should be.

A (15:29)

Yeah, yeah, yeah, I sure will. I think that with the advent of technology, particularly as it's applied to, let's say, a compliance program, it allows for fraud detection, all of that, it allows for a deeper and a more precise understanding of risk because it's able to see pattern recognitions with more inputs than the human brain can actually figure out. And so it's this big aha moment where whereas you may have never seen it before, so that really helps a lot. It is able to also connect disparate data which you might not think were connected data points in the past. And so that it shows almost meta themes, whereas you may not have been thinking about those meta themes before. Faster, better monitoring of whether or not a compliance program really is effective at operation. So then you can, the humans can sort of manage by exception instead of being the, you know, the bean counter, if you will, or down there out there checking to see if thing is working the way it should. If you're able to engage technology, it does a lot of that for you. And then you can just manage by exception and really get to sort of the root cause more quickly. Now, where I think it isn't being used enough yet, the data in the compliance program is bringing that through and how the reporting comes up to the board, I think it could be used more, I've seen it a little bit, but I think that is a place where compliance teams could do a little bit more.

C (16:56)

So let's, let's go deeper on that because you've got this unique vantage point. You've been both a chief compliance officer yourself, you've been a board member many times over. What are some of the bits of advice you might have for building more constructive relationships and better reporting between those teams so that everybody can do what they need to do more quickly?

A (17:14)

Sure. So I would say that the first and most important thing is board members need to build a relationship with their chief compliance officer and make sure that they know who that person is and that that person knows them. So that conversations, just the hallway conversations, the five or ten minutes before or even after a presentation, you can really build that relationship, build that rapport, get to know each other and build the trust. And then I think what those, those conversations can also do is serve as prompts to sort of asking some of these questions about, you know, hey, how, how are you kind of using that data? And have you thought about how you might use it in board reporting and just so use those conversations to prompt it a little bit more. Then what I think you can do sort of after you've done some of that and built the relationship, is in the meetings. And this would be more for board member advice would be to ask some more of the probing questions that are more forward looking as opposed to just receiving the report, which oftentimes is just backwards looking and asking information or status updates about that. So putting the questions on the table about, well, what is the data that you're using and the technology that you're using in your compliance program telling you about what could be an emerging risk and what are you doing to manage that emerging risk better so that you're taking the conversation to a different level and making it a more proactive instead of a reactive conversation. And all of that is going to happen a lot better if it is organic and comes from a place of having a relationship. And I think boards that perhaps don't have a relationship with their chief compliance officer or would expect maybe just their general counsel to report on it as part of sort of the overall kind of governance, legal ethics and compliance report are really missing a very rich conversation that they could be having.

C (19:09)

So you speak both languages. You speak chief, chief compliance officer and board member. What are some of the things that you think boards tend to get wrong about the compliance function and vice versa. What are some things that you think compliance officers tend to get wrong about the board role?

A (19:26)

I think that compliance officers who aren't perhaps exposed to the board level conversations can, and this would actually be for anyone who isn't, but I think compliance officers should be exposed to. It will miss the board's role in oversight and the conversations then that compliance officers have with the board are too operationally focused and can delve into minutia to a level that it doesn't need to. So they will miss the strategic value and the oversight role that a board member brings and they will come in unprepared for that level of presentation or just say, here's my report and I'm just going to kind of read through it. And it's all about what's currently happening or when did happen and more of that. I think what board members miss, and probably because that's a, that's their experience many times, is the fact that chief compliance officers and that role done right is a really important strategic voice in the room that also by the way, is separate from legal and if you will, and this kind of takes it into if you think about, you know, we say chief compliance officer, but that typically in most companies will also involve their integrity office or their ethics office. And so legal and compliance to some extent are focused on, okay, what does the law say we have to do, what does the regulation say we have to do? But a compliance officer who's doing their job right is focused not just on that, they're also very focused on the culture of the company and how do you drive to this higher level of values and giving individuals the why and explaining to the board the why and how. Yes, this may be the bare minimum, but because of our company's, you know, corporate mission and strategy and values and focus, we're really driving our employee base to be here by doing it this way and that way. And all of that can get missed if you're just focused on kind of what does the law say or what does the regulation say? And that's a very rich conversation to have with the board, which goes well beyond just what's required.

C (21:43)

So, Cindy, if you could encourage boards to prioritize one new habit or one new approach to compliance oversight for this.

A (21:50)

Year, what would it be? I think that beyond the things that I've kind of mentioned that they should do, I would really encourage them to set aside time on their agenda to talk about the culture of the company, the ethical culture of the company from sort of the 50,000 foot view, get out of the regular board reporting, set aside some time to talk about that and to focus on that and to learn from the mistakes of others and to have those very rich conversations that often don't happen when you are pressed for time in a board meeting. And you know, you have to, you have to get through the certain amount of board materials. So if you put it on the agenda at a, you know, regular, regular cadence, even if it's, you know, once a year outside of the normal, and you set aside time to have that deeper, richer that 50,000 foot view of culture and values and where is the company and how's it doing on its ethical culture and values? And what have you learned from learning from other companies and what are the risks, you see, to losing that? That actually offers a fair amount of strategic insight to the board that they're not going to get if they don't set aside as a group, if they don't set aside that time to do it on a board agenda.

C (23:10)

I think that's great advice and I'm thinking about some, you know, big name companies that, had they done that, might have had very different outcomes. So I think that's really great advice. Well, Cindy, before we let you go, there are three questions we like to ask every guest who joins us on the show. And I think you've answered these once before, so I'll be eager to hear how your new answers differ. But what do you think will be the biggest difference between boardrooms today and 10 years from now?

A (23:35)

The use of AI in the boardroom. Like in the boardroom. So read a really interesting article on this in the Harvard Business Review just in the I think it was the July, August or May, one of the very recent additions. And it's fascinating, you hear all this conversation about how AI is being used in companies, but not as much as about how it's being used in boardrooms. And I think it's going to evolve from and I think it's going to be a little slower, but it's going to evolve from some board members right now who are using it to help them prepare for board meetings, stay up on information and collect information and summarize it on what's happening in the industry or with competitors, which is all great. Two, helping board members actually analyze in the moment, I would say some management recommendations or presentations, doing some scenario planning, challenging assumptions from the board, I mean, sorry, from the from management by the board members and then using it as well to make their own board governance better. So boards, all boards should be doing board evaluations and those can take many different kind of formats. You can just do surveys. You can have somebody come in and do conversations with the individual board members about the board itself and the committees. Or if you really want to go deep, you can also have them evaluate their other individual board members. Well, with the use of AI, you can now do that real time. You can have the tool actually provide feedback based on its participation in a meeting. And there's a company that was highlighted in the Harvard Business Review article who had used it and some of the feedback was spend 20% less time on management presentations. Encourage director A and B to talk out more and encourage director X and Y to maybe not talk quite as much. Avoid using terms like no brainer or well, that's an easy one. So it's very like in the moment and it will dramatically reduce the cost. Right. So there shouldn't be any excuse in the future for boards not using even it to that to that extent using it to improve the overall board dynamics of and so I think it's going to be fascinating to watch it happen.

C (25:59)

Cindy, I love all of that, especially because those Are all things Diligent cares passionately about. We are full steam ahead on the AI in the boardroom process, I can tell you. Well, I'd love to ask you what was the last thing that you read or watched or listened to that made you think about governance in a new light?

A (26:17)

Yeah, so. So I watched and listened to. Because it was a webcast, a recent one that was titled Better Questions for Boards and it was about effective board oversight of, they called it geostrategic risk. So kind of going back to what we've already talked about in this whole conversation about just what's happening in the world and some divergent views and different regulations. But the world has changed and we've been watching it happen over the last, I don't know, five to eight years or so, and it's going to continue to change. And so from a governance perspective, having companies create cross functional geostrategic committees and teams that can report up to the board, from an oversight perspective on how all of those geopolitical, geostrategic and general considerations should play into the strategy of the company. And you have to be able to both do that in the short term, but not think that that's all you can keep your eye on because you still have the company's overall mission. Right. And values that you have to keep your eye on for the long term, despite what's going on from a geopolitical perspective. And if you, if you just kind of treat that as a sideline, oh, that's just corporate affairs or that's just politics and not really bake that into the strategy and keep your eye on the long term and how that's going to affect the long term company's strategy. Then you're gonna, you're gonna miss out on something that I think is sort of here to stay, which is a change in the, in the way the world is operating.

C (27:54)

Well, Cindy, the last question I'd like to ask you, what is your current passion project?

A (28:00)

My current passion project is building the endowment for the initiative that I built down at the University of Arkansas, which is focused on integrity and leadership. So I started that after I retired from Walmart about years ago now and got the endowment started and got the initiative set up. But there's always room to grow an endowment. So that is my passion project right now, sort of paying it forward to the next generation of the future business leaders.

C (28:29)

I love that. Well, Cindy, thank you so much for joining us on the show.

A (28:33)

Oh, thanks for having me, Dottie. It's been a real pleasure We've been.

C (28:37)

Joined today by Cindy Mooring, an experienced independent director and former chief compliance officer. Cindy, thanks so much for joining the show.

D (28:51)

That might be my favorite interview of the year. Dottie, really just. I selfishly got my wheels turning in terms of the art of the possible with AI and the work that we're doing here at Diligent.

C (29:03)

Ooh, say more about that, Megan, because I felt the same way. But I want to hear what occurred to you.

D (29:08)

Well, I mean, obviously this idea of, like, being able to measure engagement around board members when they're meetings or even outside of meetings is a very interesting one. One that obviously has lots of legal ramifications too. But the idea that technology is here to help us all work more effectively, surface new insights, be the best board, be the best organization, be the best chief compliance officer possible. And that technology is there to help that and help to break down the silos, as cliched as that is to say that this is. I loved your comment in the interview that this is a team sport.

C (29:48)

Yeah, well, it's got to be a team sport, right? Because quite often you've got teams collecting very different data, none of which talks to each other. And that to me, is maybe one of the most compelling arguments for the use of Gen AI that I've ever heard, which is Genai is quite good at looking at disparate types of data and coming out with a new way of seeing that data, you know, kind of connecting the dots. And even if one dot is a dot and another dot is a square, it can kind of look at those and say, here's how those things might connect. And, you know, that then can help you with, as she pointed out, you know, faster and better monitoring and then just faster reaction time. And that reaction time can be so critical because the longer an issue is at play, you know, likely the more money you're losing and the more opportunity you're losing, and the more damage is being created, the longer that it continues. I mean, think about a fire. Faster you put out that fire, the more likely you are to save parts of the building and parts of the stuff inside the building. If you just let that fire rage out of control, you're pretty much going to have a total loss. So I thought that was really helpful to hear her, you know, come up with some ways that we could eventually use this technology. And quite frankly, in the. Not just in the. In the present, Megan, because we're rolling out these very kinds of tools in the diligent product stack, and we try really hard not to do lots of commercials here, but strongly recommend, if you don't know all the cool things that Diligent's rolling out both for our governance software and for our compliance software, take a look, because there's a lot coming that I think you're going to find very, very helpful.

D (31:18)

Well, it's not just us saying that. I want to give a special call out to the recent IDC MarketScape GRC report, where we were named a leader in the space. And I think it's really important to call that out, because what we are trying to do is bring together all of these silos, all of these teams, as you mentioned, Dottie, working to make the organization better. And how much more powerful can they be when they're all speaking the same language?

C (31:50)

Yeah, Megan, I'm glad you called that out. I mean, again, we try not to toot our own horn as often as we can avoid it, but this one is really exciting. I mean, when you have a major analyst firm like idc, take the time to really get to know you, understand your strategy, understand where you're going, and then you see where they put you. And we really kind of came out by far and away at the top of the heap of governance risk and compliance software. I had the opportunity to attend a couple of the meetings with the analysts, which was really interesting. And in one of the meetings, they asked a lot of questions related to the educational programs that we provide to our customers. Because one of the things that we definitely believe here at Diligent is we don't want to just roll out a bunch of software and hope for the best, but we actually really want to help you understand not just our software, but the context within which you're using that software. So what is happening just in general with AI and ethics and board oversight and what's happening with AI governance, and then help you make really good, informed usage of those kinds of tools, including Diligent, but beyond Diligent. And so they recognize that the work that we're doing there to provide that kind of education to our customers is really quite different from what a lot of vendors are doing. A lot of vendors are really just focusing on, here's a product suite, here's how you use the product suite. We're not interested in just limiting ourselves there. We're really trying to help board members and senior executives grapple with some of these bigger existential issues, like how do we ensure ethical, responsible use of AI across our company? So that was nice to get recognition for that, because obviously that's something I'm very passionate about. I make no bones about that. But yeah, Megan, thanks for the shout out. I think it was really cool to.

D (33:29)

See the least I can do. Come on.

C (33:32)

Well, that wraps up another episode of the Corporate Director Podcast, the voice of modern Governance. I'd like to say a few special thank yous, first and foremost to our Chief Compliance expert Cindy Mooring, podcast producers Kira Ciccarelli, Steve Clayton and Laura Klein, our sponsors for the show including PwC, KPMG, Wilson Sonsini and Meridian Compensation Partners and most especially, thank you to Diligent, the top IDC winner. If you like our show, please be sure to give us a rating on your podcast player of choice. You can also listen to our episodes and see more from Diligent Institute by going to diligent.com resources thank you so much for listening.

B (34:10)

You've been listening to the Corporate Director Podcast. To ensure that you never miss an episode, subscribe to the show in your favorite podcast player. If you'd like to learn more about corporate governance and tools to help directors do their job better, visit www.digent.com. thank you so much for listening. Until next.