Visa’s company-wide approach to compliance
One of the features of Visa’s highly impressive compliance work over the past year or so has been its efforts to integrate that work across the business. In the words of chief compliance officer Obiamaka Madubuko: ‘We think compliance is but one piece of the overall puzzle.’
That view has led Visa’s compliance team to beef up its partnerships with the controllership, audit and risk functions. The teams meet quarterly to look at the risks facing the industry, the company and its business lines to gain a more holistic perspective, Madubuko explains. These regional risk committees and their functional leaders report to the operational risk subcommittee – which comprises business line and global functional leaders and is chaired by the chief risk officer – and to the corporate risk committee, which is chaired by the chief executive.
As part of compliance being embedded across the company, Visa measures and monitors ethical behavior using regional scorecard metrics that affect business leaders’ performance-rating decisions and associated bonuses. Compliance leaders each quarter review business leaders’ progress against agreed goals with the regional president and country managers, and report at year-end to Visa’s CEO and president.
Visa has transferred staff and managers from its technology function into compliance to ensure there is strong control of the millions of dollars in engineering costs spent on enhancing its compliance, anti-money-laundering and sanctions screening tools. Compliance works with technology and product teams to ensure the right controls are built into and tested for each product.
Among other recent initiatives, the compliance risk-management team has been expanded to make sure there is robust second-line testing of more than a dozen substantive compliance areas such as privacy. This team uses automated systems to screen transactions for red flags, and second-line analysts audit and investigate specific transactions. These are then reported quarterly to the top executive corporate risk committee, as well as the board’s audit and risk committees.
Visa’s compliance strategy has been focused on providing both widespread and targeted compliance messaging and training. As part of that, the team recently produced a revised code of conduct and ethics and related training modules. Those modules have a completely new ‘look and feel’ based on detailed benchmarking, and include real-life Visa case studies. They are designed in such a way that data will be used to tailor next year’s training modules based on users’ responses to the latest training pages and quizzes.
Other improvements include providing greater transparency on the investigations and formal resolution process for allegations of employee misconduct, clarifying romantic employee relationship disclosure requirements, and new and more detailed information on pay-to-play laws and EU regulatory requirements. The company achieved 100 percent completion of the new training among more than 20,000 staff and contractors globally.
In another significant achievement, Visa’s compliance for small and medium-sized enterprises function was awarded a US patent for its creation of a peer group data-modeling technique. This is a means for the team to look across all parties within the Visa ecosystem using a common set of characteristics and a common set of risk factors. The approach helps the company to better and more efficiently monitor for suspicious activity.
Among other things, compliance streamlined the client review process for its customer due diligence, improving efficiency by 74 percent. The team also enhanced its anti-bribery gifts, travel and entertainment tracking model. Our judges were impressed by Visa’s work on compliance and ethics, with one commenting that ‘[there is] a spirit of continuous improvement.’
You can read more about the Corporate Governance Awards in the Corporate Secretary Yearbook