How Compliance and Risk Make a Great Partnership
by Bill Coffin
Headquartered in New York City, Verizon is the world’s second largest telecommunications company by revenue and the largest wireless carrier in the United States with more than 114 million subscribers.
Verizon’s role as a major telecommunications provider entails complex, high-stakes compliance expectations that make risk assessment a crucial part of the company’s larger ethics and compliance strategy. A strategy, by the way, which has yielded the company both World’s Most Ethical Companies honors, as well as a 2024-2026 Compliance Leader Verification recognition.
In this blog, Verizon Chief Compliance Officer, David Kass, shares some of the compliance risk assessment practices that Verizon uses to drive its business integrity efforts.
How Verizon uses risk assessment to drive executive engagement in ethics and compliance
Verizon has a strong partnership between compliance and ERM, Kass explains. The ERM team reports to the Company Controller, with a dotted line back to Kass. That partnership enables the ERM program to drive a wide-view risk assessment program that considers a broad range of risks, including financial, regulatory, operational, and legal.
“The key thing about risk assessment is that it’s hard,” Kass says. “ Figuring out what works for people is difficult and sometimes takes some trial and error. But it’s important, because if you can get it right, it gives life to the concept of the business owning compliance.”
To that end, Kass explains that the risk assessment process is about is about defining, making objective, and measuring the things that Compliance expects the business leaders to own. “If we’ve done those things, then we’ve really empowered them to take ownership of risk, and we’ll have created an effective risk assessment program.”
The role Verizon’s Integrity Survey plays in the company’s compliance risk assessment
Verizon has done an integrity survey for several years, and Kass says he is surprised at how effective it has been to drive executive engagement in ethics and compliance issues. “Business leaders are very successful, driven people,” Kass says. “They want to succeed at ethics and compliance just like they want to succeed at selling or building the network or information security or whatever else their day job is. But in order for them to succeed, they need to know what to do.”
Kass says that business leaders at Verizon are very data-driven, so when creating a risk assessment survey, it was designed to address ethics and integrity in a similarly data-driven way. This created a fluency for the business leaders that in turn has helped the survey itself deliver back to the Compliance team granular data about employee sentiment on a wide range of integrity issues, including speak-up, culture, tone at the top, and how employees respond to pressure.
“Once you see year-over-year data on how teams are doing, you start to understand which compliance training and outreach is resonating with people,” Kass says. “The teams that are really getting traction and doing well are always reflected on the survey. And you can also see the ones that maybe are a little distracted and they have organizational issues or that have other pressures on them that cause those survey scores to degrade.” In the hands of a focused and driven leader, the data on those results can create strong engagement and buy-in to what the Compliance team is trying to accomplish.
How Verizon manages broad risk by focusing on specific process
Verizon is currently experiencing a high level of transformation that is changing well-established processes. As Kass assesses the risks that come with that, he is entertaining new approaches to risk assessment, as well.
“One is to do a top down approach and make sure you’re talking to the senior leaders who are leading those transformation efforts about their specific compliance or financial operational risks that might come about as a result of that transformation,” Kass says. “We are also doing thorough, bottom-up review where we survey the specific teams that are being impacted by transformation and asking them in a really targeted way about their risks.”
For Kass, that word targeted is important. Surveys with vague questions deliver no value, he says, so he delivers surveys to teams undergoing transformations that speak very specifically to risks they may be facing–privacy risk information risk, financial risk, etc. In addition, Kass also delivers bottom-up surveys to mid-level people managers that asks about the likelihood and severity of the risks they face specific to their job function, and the effectiveness of the controls that they’re managing. Ultimately, the goal is to get granular data about projects and specific business activities that lets the Compliance team measure the effectiveness of their policies and procedures. The final goal, Kass says, is to empower business leaders.
Advice for fellow Ethics and Compliance leaders
There are a few key ingredients to the success of this program. The first is a strong partnership with ERM. “Sometimes compliance people approach problems in a fairly rigid way. That is only going to get you halfway there,” Kass says. “You really need to work with non-lawyer risk professionals as you go about this kind of program.” Kass cites his strong partnership with Verizon’s CFO as the motivating force behind setting up Verizon’s ERM program as a partnership between compliance and finance.
Also, try to adopt a long-term perspective. Verizon has a strong and patient leadership that understands that the dividends to a risk assessment program will take time to realize. The assessments themselves tend to raise questions around the benefit of it all. “I’ve been really fortunate to have leaders who’ve trusted the ethics and compliance team to run this process and now see the benefits of it,” Kass says. “But it does take a while to start to see some of those dividends.”
To learn more about how Verizon promotes ethical business conduct within its organization, visit Verizon Ethics, where you will find links to the company’s codes of conduct, FAQs, and more.
To learn more about the Compliance Leader Verification Process, click here.
