Episode 19: Compliance Risk–Trends, Topics, and Troubles

Show Notes

As is evidenced by the rapid growth of URMIA’s relatively new Compliance Community, enterprise-wide compliance risk is a critical challenge touching almost every area of campus life. Jeff Chasen, Associate Vice Provost for Integrity & Compliance at the University of Kansas, and Jenn Anderson, KU’s Director of Policy & Compliance, discuss key process trends, timely hot topics, and areas of concern for the future.

Show Notes [member-only content, login required]

Connect with URMIA & URMIA with your network
-Share /Tag in Social Media @urmianetwork
-Not a member? Join ->www.urmia.org/join
-Email | contactus@urmia.org

Give URMIA Matters a boost:
-Give the podcast a 5 star rating
-Share the podcast - click that button!
-Follow on your podcast platform - don't miss an episode!

Thanks for listening to URMIA Matters!

Transcript

Jenny: Welcome to URMIAmatters. This is Jenny Whittington, URMIAs Executive Director, and again we are broadcasting our podcast remotely. So, today I have two wonderful guests with me. I have Jeff Chasen and Jen Anderson from University of Kansas and we are going to be talking about the topic of compliance today, and we will give a little bit more history on the compliance community that URMIA hosts right now, but first I’d like to welcome you both and have you give a brief introduction about your professional history and your involvement with URMIA. So, let’s start with Jeff Chasen first. Jeff, welcome to the podcast.

Jeff: Thanks, Jenny. Pleasure to be with you, and really appreciate the podcast as an URMIA member. So, happy to be with you. 

Jenny: Great, so tell me, I know we’ve known each other for a while. I can’t pinpoint the exact first meeting, but I know you have a long history in higher education risk management, so tell us a little bit about the story of Jeff Chasen. 

Jeff: Well I won’t do that but I will keep it germane to our topic. The reality is I do have sort of a long and winding and intersecting history with URMIA and very happily so, but virtually at every stage of my career URMIA has been a most valued association and resource, and I’ve carried forward some of those relationships for a very long time, longer than I would probably care to remember, but I did start my career just simply as a lawyer in a private practice. I got into law to do civil rights work, and I did practice for a period of time before going inhouse and becoming senior counsel to an education-owned risk retention group, so again URMIA would be immediately relevant to that, and then left to lead a compliance risk management and training consulting firm, and so again URMIA would be very relevant to that and now for the first time I’m on a particular campus at the University of Kansas where I was hired to actually create an office of compliance, now the office of integrity and compliance, and URMIA has been probably more valuable in this role than in any other; the partnership, the network, and especially the compliance community that we stood up. URMIA really is just a community. I was thinking about my first experience with URMIA, well I shouldn’t say my first, but probably my most notable experience, and it was actually a regional workshop in San Jose, I think it was about 5 or 6 years ago, and what really struck me was that URMIA is truly, indeed a community all the way through. I was doing a session at the regional workshop and started to get some really good questions, so I, in an abbreviated way, went through the rest of my PowerPoint presentation, but really just morphed it into a large-scale discussion group, and the dialogue was so great and I probably learned more than I was able to present that day, and I still have some relationships that tie back to that day that have just carried on, so it really is an incredible, rewarding place to be and I’m just glad to be with you as our leader today. 

Jenny: Well that’s wonderful. How long have you been with Kansas now? 

Jeff: It’s almost 8 years. Next month will be 8 years, which is hard to believe that it’s been that long and by the same token it’s really been a lot of work and effort across our campus to deal with a series of really challenging situations. 

Jenny: Yeah, time sure flies. That is one thing for sure that I’ve noticed during this pandemic for absolute certainty, but I still can’t even believe that I’ve been with URMIA going on more than 15 years, just can’t believe it. Ok, so thanks Jeff, that was great hearing a brief history of you. So now Jen, I’d like to turn it over to you, tell us a little bit about your professional history. 

Jen: So, I have an MPA, and I always wanted to go into local government, that was always something from a pretty young age that I had decided that I wanted to do, and so my very first job was working for a small city in the suburb of Denver, and I worked there for about three years as a management analyst, so I had background in data and performance metrics and policy and procedure, and when I left that position, I took a job with a hospital and did much of the same- data, performance metrics and policy and procedure alignment, that sort of thing. When we moved to Kansas I started with the University of Kansas in 2013 in the internal audit office, so my first couple of years with KU I was part of internal audit and I did the compliance auditing, and it was through that that I first started to work with Jeff and we got to know each other and not too long after, I ended up joining the office of integrity and compliance and working with him. My first URMIA experience, what really stands out to me was in 2018, I went to the, I think it was the 49th conference, at Salt Lake City. That was a great conference, it was a great first experience with URMIA, and Jeff was there as well and he was introducing me to people and several things struck me- one was just how warm and friendly everyone was. I’ve been to countless conferences from a variety of organizations and URMIA was noticeably, then and ever since, always had a very friendly community, kind of cooperative feeling to it, which was just a whole lot of fun and also really educational. I learned a lot of things, people were very open with their resources. There wasn’t any kind of “my turf” sort of attitude, so that was amazing and also while we were there I made a comment to Jeff that, I looked at him and I think we were in a hallway, and after he was speaking with a long-time friend and I said “these are our people”. I’ve been to conferences that are a lot more industry-specific, but this is the first time, URMIA Salt Lake City, that was higher ed, and with people who do what we do and talk the language we talk and this is where we fit, and it was kind of a lightbulb moment for me, I think maybe a little bit of one for him too, that really our vision of compliance and integrity, that partnership with risk management, that URMIA was really the home for that. So, ever since then I’ve just kind of dived in and URMIAs been wonderful. I went to the Eastern Regional Conference in Raleigh a couple months back, I’m guessing that may have been the last in-person?

Jenny: No, we did one more right after. 

Jen: We talked about Coronavirus as one of the “what if” things in this like fanciful, could you even imagine type of way and then look at where we are today. But the regional conference was wonderful and I look forward to not only getting the annual conferences back on the road, but those regionals as well. 

Jenny: Well, thank you. That’s a nice complement and the URMIA community is very unique, and I’ve always said we are a support group for one another and I think we all miss meeting in person, so we’re all optimistic that one day that we’ll return. I had a memory as you were talking there, first the Salt Lake City hotel, I always remember that so fondly because it was such a grand hotel and such a great experience that our members have there and a solute to a great city. It was a great conference and I’m glad you enjoyed it. But I had a memory that, this is a few years ago, one of our retired risk managers Glenn Klinksiek had done kind of a needs assessment on what were the communities that were percolating up in URMIA, and we always talk about international, and we talk a little bit about regulatory affairs and legal and different groups and compliance was definitely a group that was on his radar at that point and he said the compliance people are going to come together and they might need a home one day, and Glenn quite and is a futurist, so I think he saw this years ago, that actually happened, played out over time, so I know Jeff will talk more about the compliance community later but I just had that memory and I wanted to share that we’d been talking about gathering the compliance people over the years because it seems like more and more of our members have gotten a lot of compliance responsibilities, so I’m happy to hear that you found your people, and it looks like Jeff, you have something to add?

Jeff:  I was just going to say if we need other, further proof that URMIA is a community or a family, the long time friend that I was talking to at the moment Jen had the realization that these are our people was Glenn. He’s one of my longest-term colleagues and friends in URMIA and someone who has served in a lot of different capacities for the association and certainly at the University of Chicago, but Glenn was the guy. 

Jenny: Yeah, and he is quite a visionary, he was a wonderful person, a resource for URMIA to have on the board and as a leader and as a volunteer and then to come back and work for us as a staff person was just icing on the cake and Glenn, I hope you’re listening to us because we all think about you often, warmly. So today we’re going to talk about compliance risk trends, topics and troubles, and we are going to kick things off and talk about kind of the trends and I believe Jeff is going to get us started talking a little bit about enterprise engagement, so Jeff, please take it away. 

Jeff: Sure, happy to. Especially when we think about compliance, and our office is integrity and compliance at a lot of institutions it’s ethics, compliance, and also let’s remember that compliance risk is a critical component of the larger concept of risk, and often times at KU when there is a risk management issue often times I will be the person, or my office is the office that is tapped to provide the risk management support, and that’s because it is a critical and overarching focus. So I do want to talk about enterprise engagement, and it’s interesting because we’ve been talking about doing a compliance related podcast for quite a while now through a variety of circumstances and an occasional mishap, and here we are today but the world is very very different than when we first started talking about this and yet, at the same time, I would have to say, that everything we’re going to talk about is directly relevant, and so yes to your point, Jenny, time certainly flies, it flies when you’re having fun, and all of us are fortunate to work in our field, but it also flies when you’re having a crisis, and we seem to be having a number of those, not just most recently, but certainly recently, we’re dealing with a number of situations, and I say this really in a positive sense, things that really command focus not just in a narrow compliance sense, but in the broader sense of ethical and operational integrity and so I want to focus in particular on what I think is the leading trend as it relates to compliance, and that is leveraging the behavioral sciences. It is not a new concept, but there are so many different academic fields: psychology, sociology, neurology, biology, economics, communications, political science, diversity equity and inclusion, and more, but there are so many fields that are rich, not only for the education they provide on our campuses, but really valuable from the standpoint of helping us do a better job of doing our job to serve the university community. Unfortunately, the research in our field indicates that still about half of us don’t really know about behavioral compliance or about the application of behavioral science, and so it really is a field in its adolescence, but one that’s  incredibly important. So just to keep things moving, I’ve sort of distilled it down into three Rs, if you will. Not the familiar three Rs of education, but the first is this concept of right-doing. The fact of the matter is  as important as it is, in the compliance risk, and all risk categories, to prevent wrongdoing, it’s so much more important, valuable, and productive to promote right-doing, and so we work very hard to activate the best of our efforts to activate both of the dual modes of thinking that all of us as human beings have, that fast track, system 1 thinking that allows us to move through our day and through the various issues, probably too many issues that hit our desks, but also that slow track, thoughtful, purposeful thinking, system 2 thinking that allows us to really make meaningful change, now, the traditional notion of compliance from a command and control standpoint, that largely is sort of on the way out in terms of the state of the art for our field. Those things are finite, they leverage heavily that system 1 fast track thinking, but they don’t allow us to make the meaningful systemic change that we need, really in all aspects of campus life. I saw a study from the SECE journal that indicated that centralized compliance and risk management functions find out only about 10% of compliance issues sort of organically through the command and control method, so it’s so much more important to build a community or of our own. We think of it generally, Jen and I, of a professional association at KU that we’re trying to build internally, and in fact, in the 7 plus years that we’ve had a compliance program, it took me about 5 months to stand it up and its moved a lot more quickly now that Jen has joined me, but in that time we’ve grown from 20-33 units across campus that are part of our program, but of all the new units all but one of them joined at their own requests, and how often do people volunteer to be part of a compliance program? I would say, is negative an answer? Like, I …

Jenny: That’s a compliment. 

Jeff: But I think what it is is a testament to this same thing we’re talking about in terms of the URMIA community mindset, which is bringing people together, working together in the cause of rightdoing. So, we’re trying to provide more ‘just in time’ resources, not a one time, check the box training. The reality is, if you’re just checking a box, you’ll never get out of the box, and that’s where this has to live, and in fact compliance can actually increase productivity, it can increase growth, individually and for your institution., if you’re focusing on things like knowledge and technology, and ultimately actions. So, rightdoing is the first and I would say most important of the three Rs, but the second one is relationships, because that’s the context, the critical context, where everything happens and you can’t really do rightdoing without having critical relationships, much like enterprise risk management brings folks together under the expertise of risk management, which I believe is paramount, but brings people together and brings their talents from all walks of university life. So often we faction a lot, and so it’s us vs. them or people will complain about faculty or what have you, and I say this partly because I’ve had the benefit of being in the role as adjunct faculty earlier in my career, and the reality is we all need each other, and it’s especially true under the notion of compliance risk where, really if you think about the good stuff of compliance, it is really at its most pure essence, risk management at large, and I actually believe that on a campus, risk management is the highest calling, because you get to touch and be touched by really everything that a university does, and so the notion of compliance or compliance risk, or even risk as critical elements of a universities ethics, and also their operational integrity are critical, so those are the first two: rightdoing and relationships. And the third is real accountability. That isn’t just to keep the alliteration going because so much of what passes for accountability nowadays isn’t that. It’s calling out, it’s complaining, it’s blaming, but without constructive solutions. So, I apologize to Jen because she’s heard me say this a time or two or ten, or ten thousand, but I will often cite something that Ross Perot said, which was that the activist is not the person who complains the river’s dirty, the activist is the person who cleans up the river, and in fact on of the reasons Jen joined our program was to be one of those activists that actually rolls up their sleeves, gets their hands dirty, and begins to clean it up and so the formula was sort of commitment plus engagement, and that’s when collaboration and compliance can occur. 

Jenny: Wow Jeff, I mean that whole segment there really resonates with what’s going on in the world today. I love those three Rs, so thank you for that. So I think Jen, you’re going to talk a little bit about data that was a big part of your history, so let's hear the data piece. 

Jen: Yeah, data is a big part of what I’ve always done and a big part of what I continue to do, and certainly what I take ownership of within the integrity and compliance office for the University of Kansas. First off I’ve got to say to Jeff's last thing about wanting to do stuff when I left audit and moved into compliance, it really was that with audit you identify problems, and then that’s when you leave, you end- you’ve identified it and it’s up to other people to implement action plans and figure it out. I saw Jeff and he was always part of those solutions. Every unit on campus, it seemed like he touches them, and there was just an opportunity to get your hands dirty but really change things for the better, be part of a solution, be creative, and I navigated towards that, I wanted to do that so I have my analytical side, which we’re going to talk about that now with data, but how do you make that practical, how do you put it into action and how do you.. You’ve identified something, then now what is where we go from there. First, when we say data, I mean information, so it doesn't have to be numbers, it doesn’t have to be percents, it’s information. When Jeff first came to KU, one of the things he said he was going to do was set up a data and reporting program, and I’m not sure that anybody knew what that meant, but we did it and it’s amazing and I’ll share about it now. As Jeff mentioned, at this point we have over 30 units that report into our professional organization as he called it, and it really is a very collaborative effort and one of the requirements for being part of that is that every six months each of those units submits a compliance report. So they turn into me and Jeff in the office, an excel spreadsheet that collects information for the previous six months. First, just on that, we have access to a lot of information and they are very open and willing to provide it. I’ve been astounded at how much transparency, how much detail, the number of attachments, it’s been more than I thought possible when we first launched this, so to anybody out there thinking ‘how could I do that at my university? That would never happen’, don’t think that. It takes time, it takes relationship building, it takes all of those R’s that Jeff just talked about, but if you do it that way and you get by in, and people see the value and the partnership with it, that this is to build a better unit, to build a better university, you could really do great things. So this report that I’m talking about, what is it? As I mentioned it’s an excel spreadsheet, I like the KISS acronym, I think it’s keep it simple, smart (not stupid). So being simple can be very.. There’s so much value in that. And with 30 plus units and I say 30 plus because I hope it keeps growing, we couldn’t come up with anything that would work that is very advanced and that would fit all the different units, so everyone can use excel. The questions that we ask are very important questions, but they are applicable to all the different units in whatever capacity it is that they operate on the campus and we collect data under three different segments, and the first, it’s the three I’s, we like alliteration. Jeff came up with these so I could… I can’t take any credit for the three I’s, but the first of the three I’s is issues. The issues would be anything that pretty much makes a unit part of our compliance groups there. What are your obligations, what is your role… In this area, every six months ask if there are pending or new regulations coming, if there’s any guidance from governing agencies, if we have policies, do they meet, not meet whatever the requirements are, that sort of information would be the data submitted there. Then we have the incidents tab, which is the second I, incidents. I think it’s natural to hear incidents and think bad, think negative, that's not what this is supposed to be. This is the activity. For the past 6 months, what’s happened in your unit? That could mean a unit, it could be a breach, it could also be a near miss. Collecting information on near misses is important. There have been accidents that have happened on campuses and when the agency looked back and said “oh, well you actually had some near misses, you did some training,” that played into evaluating the university and being more generous towards them with the.. What we’re doing as much as possible - try to prevent harm or wrongdoing. The activity is also if there’s ever a site visit, if you have any audit, that would be where this information would go, and then the third and final I is investments. So, investments are the things you do to improve, maintain or monitor your compliance environment. So this could be training, hiring new staff, self audit, providing training to others, and anything that kind of falls under that umbrella, and if you look at the three I’s together, your issues, why you’re a compliance unit, your incidents, the activities that happened in the six months we’re talking about, and your investments, what you’re doing to improve, maintain or monitor, those all together are your compliance story. I think it’s really important that we report on all three, that we look at all three and that it’s a holistic view of how their interconnected, and that approach I think has really helped a lot of our compliance partners realize that we are in this together, that we look at all of the information and not just focus on the things that maybe aren’t great. The natural human fear of where you’re going to focus in on a weak spot, and in fact that’s the opposite of what we do. We’ve been focusing on investments and really trying to elevate and show senior leadership at the university the positive, proactive steps that our partners are taking to make the university a better place. We like to say that data is the life blood of our compliance program, and I believe that is true, and I think it could be for any university that was interested in implementing such a system. 

Jenny: Wow, well I want to congratulate you. That sounds like you’ve gotten a lot done, you’ve built a lot of trust among your constituents there, and I think we all know that’s kind of hard to do so kudos to guys, I mean, that is awesome. I bet getting all that information is a little overwhelming from time to time and just sifting through it but it sounds like you’ve got a great thing going there. 

Jen: It can be, especially like I said, the volume is way more than I anticipated, which is a good thing, this is not a complaint. So if anybody that we work with is listening to this, keep it coming. But, yes, we have to sift through it, we have to make sense of it, we try to look holistically and, as you said, it really is that buy-in. It was using the behavioral sciences, implementing the three R’s, maybe even before we even really understood what the three R’s were, but I think it was a natural gear for Jeff and I, and it was also just… smart people skills. We started at year 0 approach, kind of this “hey, we’re just trying it”. The very first report was only issues, and so we even baby-stepped into even filling out the template and made everybody comfortable, made everyone feel like this was part of our program, not just us, you know the big group our, and it’s been amazing ever since.

Jenny: That’s terrific, well thank you for that great explanation. So I think we’re going to kind of switch and talk a little bit about hot topics and human beings, I believe, right, Jeff? And you’re going to take us from here. I look forward to this. 

Jeff: Well, we’ll just do a little bit of issue spotting around some of the hottest topics but frankly most of them are pretty clear and evident, and Jen’s exactly correct when she says data’s the life blood of the program, but it feeds the organism that really relates to human beings, I mean that’s really the key component, and so the data is used in service with and in furtherance of individuals, people and that’s where this right-doing concept is so critical, so important. We really do want to do right by all the members of our campus community, all the human beings, the souls that make up our campuses and right-doing is actually something that has been a pretty consistent part of my career at least consciously from the time that I was working for the education owned risk retention group. I’m really focusing on doing the right things and focusing less on just avoiding liability or those kinds of problems, which is unique because often times if you’re dealing in more of a traditional corporate sense, you’re focused on playing defense and this was the chance to actually go on offense and make things about what we want them to be about. I think, truthfully, even when I practiced law, which was my first role, I probably, to Jen’s point, probably did have right-doing inside my mind but it wasn’t crystalized as a concept until a few years later, and through subsequent positions, this focus on right-doing. I mentioned earlier that the reason I got into law in the first place was in the area of civil rights, and I don’t think it will surprise anyone that that would be on the top of our list of hot topics right now, and although there is a lot of heartbreak and a lot of hardship right now, I have to say that I also feel a sense of gratitude that these issues are coming to the fore, and that I am optimistic in a way I’ve not been for the whole of my life, that we may make some meaningful inroads, and it won’t just be a chapter in our history books, but maybe whole new history books will get written about this time in history. I actually think that for educational institutions, it’s very possible that the paramount value is inclusion in the broadest possible sense, and that means not only the typical things we associate it with, but it means inclusion of each and every member of the community, it means inclusion from the standpoint of providing undergraduates meaningful research or other internship opportunities, and all those other implications that I think make inclusion a paramount value. Certainly, it’s important to say that people matter, that black lives matter, that folks who are in underrepresented groups matter, that people who have marginalized identities and most, many if not most of us have at least one marginalized identity, but that really, each member of our campus community is important and so in all of those areas I think it’s important that we come together, but it’s not enough to say that someone or something matters, they actually have to matter, and so that’s a critical element and why we probably consider it our top priority even in building our program. The second one that I want to just highlight is the impending changes in the law regarding Title IX, and again when I say so many of these things are compliance risk in a way, but they are risk management in a complete and total way, I think that’s true. The compliance community, which we’ll talk about in just a second, but the compliance community is made up of a number of folks who don’t have compliance in their title, or even as a formal part of their job responsibilities, but compliance is a way to sometimes get things done, and so one thing that we’re going to have to get done is to conform to the new regulations around Title IX, but also to continue to look for ways to maintain our own campus cultures and values and so it’s important to comply with the law, but that’s a baseline, and it doesn’t mean that they can’t do more or do what we think is better, but we are looking almost two months from the dat we are looking to a vastly different regulatory scheme, unless one of the pending lawsuits actually interrupts that, that’s among the hottest of topics, and at a time when things are really challenging overall on campuses and the fact that  it’s the summer. Another critical area is free speech and again it’s only more relevant in the moment, but free speech is a core value of any educational institutional, and so that is something that can relate to public assembly and really implicate safety issues, which is the next hot topic: physical safety and security, and that certainly related to COVID-19, and a host of other issues, and again I use physical safety and also security because there are elements of safety that go beyond just the most narrow definitions of whether someone is in tact, and really in terms of the human element, it touches anything and everything else, it’s the largest single risk factor. For example, related to technology, most breakdowns in terms of safety issues, in fact close to 90% of the primary factors are actually people factors, even if it is a systemic or structural failure. It all comes back to the person, and so those issues, and especially safety and security are absolutely critical, but above all it’s about human beings. 

Jenny: Yeah, well Jeff, you were very eloquent there with your words about what’s happening right now and when you said civil rights at the beginning of the podcast I was hoping you would get there and I appreciate your thoughts on that, and I think we all appreciate your enthusiasm, and I hope we see some change as well. So I think we’re going to talk a little bit about information security and Jen is going to lead us down that path and its relation to compliance.

Jen: Right, so as Jeff did, I’m going to kind of gloss over and hit some hot topics in this area, which I have to say when we first talked about doing this podcast several months ago, pre-COVID19, and the items I had identified then, still are on my list and I’m going to get to those, but I have a whole slew more related to the world in which we live. First, just information security, that pops up certainly about privacy, about research, administration, open access, there’s definitely an issue there. HIPAA, HIPAA’s always something to consider on a college campus whether you have a medical center or not, I would assume most universities have some form of HIPAA data somewhere, again in the context now of COVID19, who knows maybe there’ll be some extra exposures in this area or some extra considerations to go around as we consider health information that we’re going to collect information  from our students if they use one of our services that of course does electronic billing, there’s always a little caveat for it to be HIPAA, but certainly it’s a hot topic and it’s something to really pay attention. Kind of similar to that would be FERPA, that’s just always an area of vulnerability and something we need to be aware of, so watching for that. GDPR, that’s something that feels like ages ago but is actually still relatively new in the compliance fair and how is that going to work, what is that going to look like, is it really enforceable in the US where we by nature in higher ed, you have that globalist approach, so if it’s not this one, what’s going to be the next kind of world-wide approach to regulation that could impact us, so that’s always interesting to keep an eye on and just kind of see where that’s going to lead to, and then we get to the general IT concerns that we always have, which really again COVID-19 has brought to the forefront, so Zoom, security of online meetings, using platforms to share materials, to post and edit documents together, things that maybe we were doing to some extent when we were all physically present, but now that’s pretty much all we’re doing so that just kind of heightens that level of risk as well as the importance of making sure that the infrastructure behind that it is secure and people have access, the access that people have to our systems, the access they have to information especially now that they’ll be doing that primarily from locations that are not physically present on campus, it’s certainly a hot topic, and then equipment. Usually you think of equipment as something that the university, property of the university on university soil, again not really the case. A lot of what happened very quickly, so people and equipment, not at home under the same circumstances that would normally happen where there would be a lot more of a thought out process and forms and things completed, so just kind of trying to get our arms around that, what does that look like now, how do we track our property, make sure that equipment is returned, make sure that everything is used in accordance with university policy. Then I would just have to say that we don’t know what the future looks like, IT is an ever changing field, we’re going to rely more and more on it and really the future is so uncertain that this is just something to consider. What will the future be? 

Jenny: Well said. I’ve been thinking about cyber actually this week because URMIA just renewed our cyber insurance policy, so I know, and you were talking about equipment and URMIA’s small staff of 5 full time and 2 part time, I mean it was just like you said. We were in a hurry to get things set up and Ronna, our IT guru on staff sent us a friendly reminder about security just a couple weeks ago, and it’s hard to keep track of all that stuff when you just want to do the most important things first, but it’s really important to do that. So I think we’re going to switch and talk a little bit about concerns for the future, and I think you’re going to talk first about international issues, which is always a hot topic to the URMIA audience, and you know what this new normal is going to be like with international concerns. I think our landscape is going to change dramatically.

Jen: Right, so international issues has always been a hot topic and, like you just said, it’s more so now, maybe some new layers or just extra focus on it, certainly we have to think about other campus locations, we have to think about campus visitors, we need to think about our international student population, but that’s going to look like, are they going to have the same presence on campus, are they going to be able to get here, are they going to be able to go home when they need to. Immigration is definitely something where it feels like daily there’s new guidance or information, and we really need to monitor those areas. We are also seeing a lot related to security issues and to an increased awareness of the research that we need to have on campus and how to navigate those types of issues. I think that the international piece is something that we’ll only continue to grow and that really all universities keep an eye on for the latest information because it really is changing daily.

Jenny: Yeah, well said. And I think Jeff, you’re going to wrap up the bullets that we planned on increasing regulation and enforcement, that sounds like a fun topic.

Jeff: Yeah, at least in callback to Jen, the administrator of our data program, and I’m so grateful for all of the work that she does, but the reality is I have never lost any sleep based on what I knew, no matter how unpleasant, it’s always the stuff I don’t know or that I know there’s something I don’t know that really does keep me awake at night and she’s also quite correct when she says the future becomes the past very quickly, seemingly these days almost on a day-to-day basis, but what we’re seeing in a larger scale is, and one of the benefits of looking at the data snapshots every 6 months over a period of years is that there is a clear trend toward increased regulation and especially enforcement, and that’s especially true for institutions of higher education, there are some segments of the organizational universe that are probably seeing definitively less regulation these days, but that is not worn out for institutions of learning, and so that’s something that we just simply have to be very mindful of and in particular the enforcement activity has become more pronounced. Again I try not only to be a glass half full kind of person, but beyond that to say, okay well that’s accountability. Accountability is a good thing, and we should actually be held accountable. On the other hand we want to make sure that the regulatory efforts are productive and constructive and that’s a discussion probably for another podcast, but what I will say is tracking our data, the most recent data collection period, this is a callback to something Jen was talking about, the most recent data period ended at the end of 2019, the last six months of 2019, so everything that’s happened in 2020, I hear a lot of memes about 2020, we’re good with this year already to move onto the next one, none of that is even reflected in this data, but what we found was just in the last six months alone, the growth of regulatory issues, so to speak, we use that issues concept, actually matched the growth of the prior two years combined, so we’ve not only seen a steady increase in regulation and enforcement, and the resulting resources that it requires from our institutions, but we’ve actually seen a spike in the six months before the current last several months, so it’s something that should be on the radar screen and for that reason that I would say this is something not only matters to those of us who practice in the field of compliance risk, but also for all risk managers and really for all of us. I do want to thank you, Jenny, and your team for providing the support to bring what was originally a little compliance clube is what we called it, involved 15 or 20 of us, and now we’re 140 strong, this has all been since the 50th annual meeting, just last September, but we’ve grown at a meteoric rise, and not just folks who are compliance professionals, but anyone with a risk portfolio, anyone really that’s part of the URMIA community can be part of this compliance community. It’s obviously completely available, no additional costs, but the resources are invaluable, and really none of this would have happened, Jenny, without you and your team, but we do have monthly topical calls, our next monthly call will be at the end of the summer, and it will be on the topic of Title IX, which I’m guessing is foremost in the minds of everyone connected to a campus community. The most recent one before that, we were looking at self evaluation of compliance and risk management programs. Audit is great, with all due respect, Jen, it’s a critical partner, but I think I probably enjoy self evaluation a little bit more than I do internal or external audit, and so providing tools and resources for that is something our community could share with each other. It also is part of the quest to be better. We also have an online discussion group so we can be together 24/7, a library of resources, and really the whole URMIA library is magnificent, and then when we do have conferences in person, we set aside time to get together. URMIA has been great at developing a compliance track at their programs, and next year we might even have a compliance-focused regional workshop where we can really do some in-depth higher ed work. Again, or all of compliance or compliance risk, not just legal compliance or regulatory compliance, but more broadly enterprise risk, so it is something that I hope people consider joining and it’s very simple to join. At this point, the process is to send me an email jchasen@ku.edu, send me an email and say I want to join. You don’t have to do anything, but you’ll get the invitations to all of the monthly calls and you’ll immediately be able to tap into the online discussion group and those sorts of things, but the community had grown 7 times in about 7 months and we would love to keep seeing that growth, though I would encourage any of you that touch compliance or risk or just a university, that’s as broad as I can make it, but I’d love to have you join us and keep building that growth and that community, and it’s just a little community within the large URMIA community, but it wouldn’t happen without URMIA, so thank you. 

Jenny: Well, Jeff, thank you. You have been the leader of the compliance club, now community, and it wouldn’t have happened if it weren’t for you. I am thrilled that URMIA can provide space for compliance because, as you said, it’s a huge part of risk management and a huge concern for all of our members they need to be aware of, they need to keep up on the latest. The compliance community is really providing such a benefit for URMIA, so thank you. We’ve been developing our education plan and we’re being much more diligent about including compliance resources and we’re adding kind of a compliance section or fine tuning it on our resource guide, so Jeff, you are going to be more and more helpful to us all the time and Jen, thank you for your participation and the podcast today, thank you for speaking, at URMIA being involved. Really, we thank you guys, I mean it’s people that make URMIA a special organization and you guys have provided so much great content for URMIA and we always look forward to having you guys on the future agenda as well. So, thank you so much for being my guests today. I think that’s going to be a wrap for URMIAmatters. Thanks guys!