Meet Andrijana Bergant
an interview by Adam Turteltaub
AT: I think most people would be surprised to know that we have not just a member in Slovenia, but such an active one. How prevalent are compliance programs in Slovenia?
AB: The SCCE’s professional support had a lot to do with me being able to be so active, not only in developing compliance in the company where I work, but also contributing to compliance profession development in the insurance community and wider corporate environment in my country.
When I started a compliance job six years ago at Zavarovalnica Triglav d.d. (Triglav Insurance Company Plc.), which is the principal company of one of the region’s biggest financial groups, most of the corporate professionals and managers in our broader environment didn’t know (or even hear) about compliance and ethics programs.
Now, the Compliance function is already present in the majority of Slovenian banks and is developing in most insurance companies. Some companies from the pharma, telecommunications, and manufacturing sectors also have compliance programs. Most Slovenian managers and directors nowadays know that compliance and ethics are a special discipline and an ever-more-present part of corporate governance. There is a more recognized link to corporate ethics, too. In Europe, we are more comfortable with legal compliance. Not long ago, ethics wasn’t taken as something that fits in a usual business conversation. It wasn’t considered unimportant, it was more of a neglected issue, and not really something you would manage or have to implement like other business processes or functions. Today, corporate ethics and integrity are highlighted and talked about everywhere.
In Europe, we are more comfortable with legal compliance. Not long ago, ethics wasn’t taken as something that fits in a usual business conversation.
AT: What has led to the growth of compliance programs there?
AB: For banking, financial investment, and insurance companies, there are regulatory obligations to have a compliance function as part of their governance because of the EU directives for the financial sector (known as the Basel 2 and Solvency 2 Directives).
Our corporate environment is also being influenced by multinationals’ compliance programs that are present in Slovenia, either having business partners, ventures, or subsidiaries here, like Johnson & Johnson, Siemens, Microsoft, Novartis, Summit Motors, and Telekom Austria, just to name a few. Compliance and ethics practices are quite diversified in Slovenian companies, since we don’t have unique direct requests for compliance and ethics programs, as is the case with the US FSG (Federal Sentencing Guidelines) or FCPA (Foreign Corrupt Practices Act). There are also some gaps between compliance practices, understanding, and the readiness level between multinational subsidiaries and Slovenia-based companies.
What is happening now in Slovenia, for something more than a year, is that several civil and professional organizations started forming initiatives and working groups exactly for promoting, educating, and sharing good practices about ethics and transparency, using international standards and best practices. One that I am leading, namely the Ethos Initiative (a working group of UN Global Compact—Slovenian branch) has put together the Declaration for Honest Business, which has been signed by 50 organizations in Slovenia since 2011. This makes an important impact on compliance and ethics program development.
Four mainstream economic organizations joined forces to design unified professional standards for compliance and ethics programs, namely the Slovene Corporate Integrity Guidelines, which were published in February this year. In the working group for these guidelines, there were representatives and professionals (including myself) from The Managers’ Association of Slovenia, Slovenian Directors’ Association, Faculty of Economics and Slovenian Chamber of Commerce. This working group was coordinated by the current Chair of the OECD Working Group on Bribery, Drago Kos, the former president of the Slovenian Anti-Corruption Commission. The partnering organizations had prioritized in their agendas the advocacy for integrity and honest business practices as an essential part of responsible and professional management.
For several years now, I have been learning about and observing corporate compliance practices in the U.S. and Europe, especially in Slovenia, and I realise that on our side of the Atlantic, we are less efficient at enforcement.
AT: How much of that growth is driven by local law, rather than EU initiatives?
AB: A little. As explained before, the growth is being driven mostly by EU regulation and is now being accelerated by civil and professional initiatives. Some of it also by international best practices, brought in by international business relationships.
However, we have local laws that regulate the liability of legal entities, including the standard of due supervision of management and the board, as an important criterion for determining liability of the legal entity for offenses. But there is little practice to fill this standard and no authoritative rules or guidelines about how due supervision is proven, like the case is with FSG about the elements of an effective compliance and ethics program. This is the gap that I am hoping is going to be filled with the Declaration for Honest Business, Slovenian Corporate Integrity Guidelines, and the subsequent activities.
In our criminal code, we have several provisions on bribery, including the bribery in foreign transactions, which was influenced by OECD.
For several years now, I have been learning about and observing corporate compliance practices in the U.S. and Europe, especially in Slovenia, and I realize that on our side of the Atlantic, we are less efficient at enforcement. A series of big incidents successfully concluded in court with large penalties actually enforced—and sadly, this is what most effectively makes the decision-makers really understand compliance and ethics risks. Most of the time, only at this point does the readiness level to put forces into compliance and ethics programs, especially to invest in it, increase.
Because of the economic downturn and negative effects on a large number of citizens, the legal enforcement got a push forward and thus the compliance and ethics risks are increasing. The conscience level about the importance of the business and public sector integrity had drastically grown in Slovenia in the last two years; so had the expectations about it. But we lack experience and skills for compliance and ethics management; the risk assessment, internal controls design and implementation, education and communication on the subject, compliance and ethics risks monitoring… these are all new competencies, not very available in our environment. However, there is some professional educational development on this subject starting to develop here, too.
The reason for the possible advancement of compliance programs in the insurance industry, in general, could be because of the nature of its core business; it’s all about risks.
AT: You work in the insurance industry, and a large percentage of SCCE members come from the same industry. Are compliance programs in the insurance sector in Slovenia more advanced than those for other sectors of the economy?
AB: The most advanced compliance programs in Slovenia—at least for now—are those of certain multinationals’ related companies. However, there is a regulatory obligation for the companies in the financial sector in the EU to adopt the compliance function. An EU directive for insurance companies that is entering into force, commonly referred to as the Solvency 2 Directive, has positioned a compliance function as one of the key functions in the system of governance and part of the internal controls system. It says that a compliance function is supposed to assess any changes in the legal environment, assess compliance risks, and report to the governing body about compliance.
The reason for the possible advancement of compliance programs in the insurance industry, in general, could be because of the nature of its core business; it’s all about risks. The insurance sector is highly regulated and the system of governance is especially emphasized. Also, the Insurance Core Principles of the IAIS [International Association of Insurance Supervisors] set out the conditions of independence for all key functions in Principle 8. In this principle, the compliance function is described in more detail, too. Altogether, the insurance sector is one of the pillars of financial stability, so it makes sense that it should have a strong compliance program.
AT: What are some of the key risk areas you are managing?
AB: One of the biggest risk areas in an insurance company is privacy data. We don’t process much of other inputs. We deal with the privacy data of many individuals and data of a sensitive nature. In addition, we have one of the strictest laws on privacy data protection and possibly one of the most dedicated and strictest Information Commissioners. Being the biggest insurer in the country, our privacy databases are huge, which exposes us even more to data breach risks and supervision.
Meeting the mandatory reporting requirements and good practices on disclosures of public companies is crucial as well. When I started working at Triglav Insurance Company at the end of 2007, it was just going public with its shares. Also, the new law on the market in financial instruments was entering into force, based on the MiFID [Markets in Financial Instruments Directive]. So, one of my first assignments was to identify the new disclosure obligations and stock exchange guidance, set proper internal rules and procedures, and implement the IT support.
In the same period, there was the new AML [anti-money laundering] law entering into full force. It brought a new, risk-based approach to AML programs and terrorist prevention in addition. So, this was the third compliance risk area to manage from the beginning. It was basically a regulatory-focused compliance program.
For the last few years, our compliance efforts were also directed to the code of conduct, conflict-of-interest policy and procedures, and honest business practices; evolutionarily bringing more light to the ethics part of our compliance program.
Over the years, we have conducted many adaptations to the new laws. Particularly lately, there is an increase of regulation targeting state owned/influenced companies in terms of severe transparency demands. This is partially understandable, due to the economic downturn and an increase of both general awareness and expectations regarding honesty in public and related spending.
AT: Most of the readers of this article are, of course, based outside of Slovenia. What are some of the compliance risks that they should be aware of when doing business there?
AB: The first that come to mind are definitely regulatory and geographic risks. Second is privacy, as explained. Corruption is starting to be recognized as a highly relevant risk area, too, lately.
Doing business in Slovenia soon takes you across borders. It’s a very small market (2 million inhabitants), but strategically well positioned, so it’s difficult to keep your business just inside of Slovenia. We are historically linked to both west and south-east Europe. We are an EU and OECD member country with economic relations to mostly Germany, Italy, Austria, France, ex-Yugoslavian countries, and increasingly with Russia, Poland, and Southeast Asia. This is an ocean of different legislation regimes.
According to last year’s report of the Slovenian Anti-Corruption Commission about the state of corruption in Slovenia, there is a high level of systemic corruption, whereas street corruption is almost zero. The systemic corruption is supposed to consist of a network between (higher) government officials, state and local politicians, banks, and the corporate elite, developed over the years of corruption tolerance and unawareness of its harm. Until recently, corruption was not even considered to be a risk area, which sadly reflects the general situation in most EU countries, according to the latest EU’s report on anti-corruption.
In Slovenia, more cases were brought to court recently that disclosed corruption nets and sentenced some of the (used-to-be big shot) managers and politicians, many of which were initiated by the Slovenian Anti-Corruption Commission. So, the risks regarding corruption have increased currently, because of the more intense enforcement; but it should decrease over the next years, due to the actual decrease of corruption, hopefully.
AT: One of the issues that is often discussed in compliance is managing cultural differences. For example, helplines are often problematic in certain countries. Are there any cultural issues that compliance and ethics professionals need to be sensitive to when thinking about their program in Slovenia?
AB: Regarding cultural issues, yes, having to report something is perceived negatively in general. We have a more expressed collective culture (even more so in the rest of the countries of the West Balkan) and you don’t tell on members of your companionship. In most cases, compliance hotlines (and you don’t want to call them that) as you know them in the U.S. won’t work at first or not at all, if you don’t communicate it persistently. Even so, people will tell you much more in confidence and directly face to face, rather than through some phoneline (which they don’t trust to be confidential) and they don’t want to stand out. Another reason for this is that we don’t have huge corporations. The biggest count 10,000 employees and there are just few of this size in Slovenia. Most of the bigger (publicly listed) companies count 2,000 to 5,000 employees, so everything is more direct and personal, compared to the 20, 50, or even 100,000 employees in multinationals.
I also came across a worry on the side of employers here that if you encourage such reporting, then many will start to complain and there will be lots of misuse of these lines, especially anonymously. However, good practices in a few companies, even in Slovenia, are proving that the worry is bigger than a real problem and that the benefits are bigger than the downsides. I believe that difficulties about helplines have more to do with a culturally negative perception of direct reporting and hierarchy in the organization.
Lastly, our privacy law and the opinion of our Information Commissioner impose strict conditions for these lines. From the privacy perspective, a compliance helpline is based on collecting the data of individuals from sources other than themselves, for which there is no direct legal basis in any Slovenian law for corporations.
Most of the bigger (publicly listed) companies count 2,000 to 5,000 employees, so everything is more direct and personal, compared to the 20, 50, or even 100,000 employees in multinationals.
AT: Like a lot of other countries in Europe, the economic downturn has been difficult for Slovenia. How has this complicated managing compliance and ethics programs?
AB: It still is. However, it turned out to be a push for the professional and civil society to become promoters for ethics, integrity, and transparency, which opened more space for compliance and ethics program development.
The crisis showed how harmful the long-lasting years of insensitivity to corruption and lack of enforcement were for the entire society. It made the citizens disappointed in our country, which used to be a “star” in comparison to other former socialist countries. Due to this disappointment, the corruption perception is extremely negative (probably more than the situation really is), but this caused many strong movements in the society and, consequently, in the government. We are observing this transformation now, even though the change is not yet happening quickly enough and new incidents are being disclosed practically every day (many times over exaggerated in public media). It’s definitely a cleaning phase.
Being a compliance officer in this time and place is both exciting and frustrating sometimes. On the level of an organization, there is more understanding and awareness from the boards about compliance and ethics necessity, and their expectations about it are bigger. At the same time, the pushback from the business is harder, because of the conditions of the market and still unequal position for the market players that play by the rules and those that don’t. Enforcement should increase much more regarding the market discipline for this disparity to even up, to make compliance programs a true competitive advantage and, consequently, compliance officers’ jobs more effective.
In Europe there are several other countries in which the state also owns a number of (usually) large enterprises, such as Germany, France, Czech Republic, Sweden, and Italy.
AT: Slovenia has a high number of state-controlled enterprises. Does that pose compliance risk? What are some tips for managing it?
AB: I am happy to work for one that has been successful over many years and has a reputation for safety and professionalism—a market leader in many ways. Our company is known for developing the best professionals in the industry and has a quite conservative investment policy. So, this has shown to be most beneficial, especially in the rough times.
In Europe there are several other countries in which the state also owns a number of (usually) large enterprises, such as Germany, France, Czech Republic, Sweden, and Italy. The compliance risks regarding the state-controlled enterprises are dependent on the standards and the model of managing them, as well as actual governance practices of these enterprises and the state of political influences. So, how much is the state involved, through what kind of mechanisms, and for what purposes it practices its control in these enterprises is crucial. It’s also important how stable these systems and practices are and how the state-owned enterprises are categorized as investments.
The situation that we have in Slovenia, where the governance model and mechanisms or even investment segmentation of the state-owned enterprises are frequently changing, this causes some difficulties. Typically, the tone from the top can get less effective and the organization’s structure can be changing often, and this doesn’t affect the corporate culture in a positive way. So, different compliance issues arising from the unstable corporate culture can be the basic issue.
The tips: Probably it’s most important for the compliance professionals in this situation to always keep track regarding the profession, to research good practices from the environment, be in touch with senior management, and constantly being ready to build new relationships. You might face a situation when you have to start over with the board or different members of senior management more than once in one mandate. It’s good to take this as a package in order not to get too frustrated or exhausted. Also, know the stable and more constant parts of the organization to build a compliance program with. More than usual, it’s important to get the tone from the middle and also know that the crucial influence can be elsewhere than you would expect. Be a person that people come to. Build in a system and document as much of the compliance processes and tools as you can. These are ways that can help a compliance program be relatively constant and progressing, even after the changes in the organization’s structure and influences.
Also, regulatory risk is quite high for the state-owned enterprises. As mentioned earlier, there are many new laws entering into force, addressing the public sector and spreading stricter rules on the state-controlled enterprises. Also, the existing rules for the public sector are extending to the state-controlled enterprises. These are meant to do well in terms of transparency and greater public control over public and related spending; however, it can get difficult to comply with and can hurt some legitimate business interests. To give you an example, the biggest change in these terms is the new law on publicly accessible information. It forces the state-influenced companies to publish basic information from all of their contracts on sponsorship, donations, consulting, and intellectual work in five days from concluding the deal, regardless of the confidentiality.
AT: It’s obviously a long distance from Ljubljana, where you work, to our office in Minneapolis. How did you manage to find SCCE?
AB: I was looking for a general educational program in compliance at the beginning of my compliance career. I searched on the Internet, and SCCE was the most frequent result. I was able to get a lot of information on your website, and the program for the 2008 Chicago Institute looked good. Then I wrote you an e-mail and you kindly took the time to answer all my questions. I also concluded that the price-value comparison with other compliance conferences was in obvious favor for the CEI. The certification program caught my attention, too.
AT: Since finding us, you’ve been a speaker and/or attendee at the Compliance and Ethics Institute four times. What advice would you give to compliance officers from outside the U.S. to ensure they get the most out of their experience at the Institute?
AB: First of all, don’t worry if you feel that you don’t understand everything, or even if you think that you can’t use what you hear in your country or company. It will become clear and connect with what is familiar to you later and then reshape into something really great that you can use. Just go with the flow and visit as many sessions as you can. Meet other compliance professionals and you will be soon relieved to see that you speak “the same language.” It’s quite easy to meet and talk to new people at CEI, including the lecturers. I advise you to join the networking events and learn about good practices, about things that you may be working on right now in your company. Take time to go to the volunteer project. It’s a genuine experience, both humanitarian and sociable. It will help you relate to the other attendees and even make friends. Advanced discussions are great, and you can find one that you will feel good about getting involved in actively. It’s so rewarding.
And then of course, keep coming back to the Institute. Each time you will feel more “at home” and you will always get new practical ideas for your compliance program or a confirmation that what you are just doing or planning to do is the right thing.
AT: Thank you, Andrijana, for sharing your experiences with us.
Originaly published in SCCE Compliance & Ethics Professional, June 2014
A Publication of the society of corporate compliance and ethics
www.corporatecompliance.org
Copyright © 2024 Andrijana Bergant. All rights reserved.
Permission is granted to use, distribute, and reproduce this article in any medium, provided the source is properly cited and a link to the original article is included. Unauthorized use or duplication without proper citation is prohibited.