Most chief compliance officers are focusing on risk around fraud and financial irregularities, followed by diversity and discrimination and health and safety issues, according to a recent poll.

The January 2020 Corporate Compliance & Ethics Report, developed in connection with the Consero Group's biannual forum on compliance and ethics and produced in partnership with The Red Flag Group, showed more than one-third of participants rated fraud and financial issues as their No. 1 concern. Diversity and discrimination drew 17% and health, and safety had 10%. Other lower ranking choices included human rights, environmental regulations and money laundering.

Perhaps most telling was that a category listed as "other" garnered 60% of the votes, suggesting that compliance officers have a broad mandate and their assessment of risk can vary from company to company.

The survey included responses from 55 senior compliance executives of Fortune 1000 organizations. While not statistically significant, the survey shows the thinking among some compliance professionals today.

Kara Gordon, associate general counsel and chief compliance officer at Baker Hughes Co., one of the world's largest oilfield services firms, agreed with the No. 1 ranking for fraud and financial misconduct.

"Fraud and financial irregularities are pretty substantial risks," Gordon told Corporate Counsel in a recent interview. "Particularly when you're doing business in high-risk countries and working with a lot of third parties."

She was surprised, though, by diversity and discrimination being ranked second. Diversity is certainly a goal at her Houston-based company, she said, "but I don't see it as a risk, not for compliance officers."

Shane Kimzey, deputy general counsel and chief ethics and compliance officer at CenterPoint Energy Inc. in Houston, agreed that he didn't rank diversity high in the poll either.

"Diversity and discrimination are important, but I tend to think it is more owned by human resources, while compliance risks are more [about] fraud and misconduct," Kimzey said.

"Health and safety are very important too," he noted, "but we have a different group that owns that, although we collaborate with them."

Kimzey said his compliance group focuses on third-party risks, cybersecurity and data privacy.

The poll and forum were helpful, he said, "to see what my peers are dealing with and where we are in the playing field, and maybe see what we should be doing differently."

Baker Hughes' Gordon said that third-party risk is a huge category for her as well. "I have one person dedicated to doing third-party due diligence," she said.

The report added, "Third-party risk is often among the most difficult risks to deal with. As such, officers turn to many active methods to reduce third-party risk, the most notable being due diligence (27%), ongoing monitoring (26%), and certification to the company's policies or code of conduct (17%)."

Gordon, who joined Baker Hughes last May and replaced the retiring veteran Jay Martin, now a senior counsel with Willkie Farr & Gallagher in Houston, said she felt fortunate to join a company "with a really first-class program already in place." Baker Hughes' legal team was the training ground for at least 15 chief compliance officers or general counsel.

In other findings, the survey showed:

• The majority of compliance executives, 82%, use the help of outside providers.
• Third parties were most often hired to provide enhanced due diligence at 21%, followed by investigations at 18% and data privacy and cybersecurity matters at 17%. Only 7% reported the need for an external provider to conduct risk assessments.
• To minimize risks, compliance officers most often depend on employee training at 19%, periodic audits 19%, and due diligence 16%.