Q&A With Nationwide's General Counsel & Secretary

This profile is the latest in a series of weekly conversations with executives at U.S. public companies who are currently involved in establishing and developing compliance programs. An index of previous conversations is available here.

How much of your job is specifically compliance, versus other legal duties you have?

First, technically my position is responsible for four functions: one is the lawyering; second is corporate governance and the secretary’s office; third is government relations; and fourth is compliance.

In my view, the more accurate answer is that in some ways 100 percent of my job is compliance. By that, I mean we’re in the midst of a concerted effort to fold compliance into every aspect of this company. What portion of my time is spent with our chief compliance officer, versus the general counsel at one of our business units? That varies from time to time. Clearly the compliance issues are a substantial portion of my time on a day-to-day basis, but I can’t say it’s 25 percent or 50 percent.

Nationwide has two large divisions and many subsidiaries. What personnel structure do you use to manage all that?

Great question; that’s something we’ve spent a lot of corporate time to figure out. I came to Nationwide five years ago, and was told that one of the first things I had to do was to make recommendations about structuring the compliance organization. At that time a lot of compliance activity went on across the operation, but it was embedded in many different parts and there wasn’t as much connectivity as you might want. We got some outside consulting advice, put together a cross-organization team, and spent several months thinking through what the most effective structure was.

The final result was that in 2001 we created an office of compliance, with a chief compliance officer who reports to me. Organizationally, under that person is an executive responsible for property and casualty compliance issues, and our money-laundering activities are there. On the life-insurance side of the business, we divided it into one group for retail compliance and one for wholesale compliance, and we’re just now creating one other specific position for issues relating to suitability. Again, that’s taking something where we do a lot of activity, and identifying someone to keep us on track for that activity.

What about ‘softer’ issues such as corporate ethics—who handles that?

Our Office of Ethics is in our compliance office. And to the credit of a former chief executive, Nationwide established its ethics office more than a decade ago … We’ve had an anonymous hotline for a decade where employees can ask questions about the code of ethics. That ethics officer is responsible for leading the revisions and reviews of our ethics policies. [The code] gives people broad philosophical guidance, and the ethics office is one resource they can use when they have specific questions.

Roughly how many Nationwide employees in total work on compliance issues?

It’s about 85 people, and millions of dollars in budget numbers.

You report to the CEO, but you still give compliance updates directly to the board, correct?

On the governance side of the house, I am lead contact with the board of directors. That’s not to the exclusion of the CEO or the presidents of the business units, but board governance, agenda, materials and whatnot—my office does that. I have direct relationships with not only all the directors individually, but also all the committees, including the governance committee and audit committee.

So reports about ongoing investigations or calls to the tip-line … you deliver that news?

I do.

Nationwide handled its Sarbanes-Oxley implementation with little outside help. How did you manage?

That’s a bit of an overstatement, but generally we did. The head of our internal audit group … stepped up to the plate early on. He put in place a conceptual structure for how to get through a process that, first of all, could support our Section 302 certifications, and secondly, could support the annual Section 404 reviews. That has very much been a joint effort among my office, internal audit and the finance department.

The process we built identified thousands of control points, that every quarter are reviewed by various appropriate levels of management. And our outside auditors are well on their way doing their own review of our internal Section 404 activity. So I wouldn’t suggest that we did this in a vacuum, but we didn’t outsource it. We got advice, but we implemented and built it internally.

What other sections of Sarbanes-Oxley proved nettlesome?

Let me give you two sets of issues. The first is board governance, that series of thresholds Sarbanes required companies to go through … In the first 18 months after Sarbanes-Oxley there was a lot of activity at the board level about independence polices. We took our ethics office and used that as the hotline for our accounting and finance issues. We had a grid, literally, where we identified every issue and requirement under Sarbanes, and matched up where we were in that grid, where the regulators were with their final requirements … For the most part, we didn’t have to do much tweaking.

Then on the securities side, our staff was empowered to say, “Figure out what we need to do, tell us, and we’ll do it.” That’s really how it works here. There is an enormous management commitment to putting whatever resources we need into doing these things well.

Is Nationwide mulling some project for ‘enterprise risk,’ the next buzzword in governance circles?

Very much so. Historically we’ve had a fairly robust set of risk identification and management activities embedded within our business units. And by “risk” here, I’m not just talking about insurance risk, but rather business and financial risk; that has been an ongoing practice at Nationwide.

On our radar screen is an enterprise-wide look at risk. We have a group of senior executives who are going to drive the defining of parameters to put around risk on an enterprise basis, and what types of structures to have surrounding risk. We haven’t figured this all out yet, but a lot of effort has been put into this in the last 18 months, led by our CFO. It has been a very interesting series of conversations so far.

Do you do risk assessments now, or will that come after this project?

A lot is already done within the different business units. And there are areas such as money-laundering where starting out with a risk assessment is the only way to put in place a process, because so many rules really require companies to make their processes risk-based. So a lot of risk assessment goes on within the business units. What we’re looking at now … is the appropriate level of connectivity for risk discussion and risk governance across all of those business units.

Does Nationwide benchmark its compliance against peer companies?

We do. It’s often an apples-and-oranges comparison, but I, our chief compliance officer, our chief ethics officer, our CFO and our other financial executives all make a point of participating in industry groups that talk about these issues. That’s so we can get some comparative information, and share some best practices. And those are productive conversations.

Give us an example of something you’ve learned.

Let me describe it at the board of directors level. We have a mutual insurance company board of independent directors … and then we have a public company board, with some overlapping directors but a majority of independent directors. We’ve had a lot of conversations with the National Association of Corporate Directors, the Association of Corporate Counsel, and the Association of Corporate Secretaries talking about governance best practices. Whether that’s independence standards, board effectiveness and evaluation, how to structure executive sessions … that’s been a place where both of our boards said, “Tell us what we need to do.” We’re now two or three years into having executive sessions at every single board meeting, and that’s not something we had to push to create. Both boards embraced it.

What are your top one or two compliance priorities for the next 12 months?

One is that we do a great deal of training surrounding various compliance and legal requirements, and we track today how many people take that training, and whatnot. We want to set up—and remember, we have more than 30,000 employees—an electronic compliance training system that has a wide range of modules. It would cover everything from insider trading to document and email content creation, privacy, ethics, that would be self-administered. Someone would sit at their desks and go through the training on their PC, and we would then have a database so that we could track more effectively, on a much larger scale, who has taken what, when … Now we have that in many places across the company today, but we don’t have any easy way to generate reports about it.

Thanks, Pat.

Click here for upcoming Webcasts with compliance officers.