Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2018
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: Category: compliance know-how
Dec 13, 2017

Simply having a Code of Conduct, together with compliance policies and procedures is not enough. As articulated by former Assistant Attorney General Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” The 2012 FCPA Guidance stated “When assessing a compliance program, DOJ and SEC will review whether the company Guiding Principles of Enforcement has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.” Some of the questions you should consider are:

  • When was the last time your policies and procedures were released or revised?
  • Have there been changes to your company’s internal controls since the last revision?
  • Have there been changes to relevant laws relating to a topic covered in your company’s policies and procedures?
  • Are any of the policies and procedures outdated?
  • What is the budget to create/revise your policies and procedures?

After considering these issues, you should benchmark your current policies and procedures against other companies in your industry. If you decide to move forward, I suggest a process which can be fully documented as a basis to include revisions to your compliance policies and procedures.

Get buy-in from senior leadership of your company 

Your company’s highest level must give the mandate for a revision to compliance policies and procedures. It should be the Chief Executive Officer, General Counsel or Chief Compliance Officer, or better yet all three to mandate this effort. Whoever gives the mandate, this person should be consulted at every major step of the policies and procedures revision process if it involves a change in the direction of key policies.

Establish a core policies and procedures revision committee 

You should have a cross-functional working group would be ideal to head up your effort to revise your compliance policies and procedures. This group should include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally, there should be functions within the company represented such as finance and accounting, IT, marketing and sales.

From this large group, the topics can be assigned for initial drafting to functions based on their relevance or necessity. These different functions would also solicit feedback from their functional peers and deliver a final, proposed draft to the Drafting Committee. It is important that you establish a timetable for the revision process and you hold representatives accountable for meeting their revisions.

Conduct a thorough technology assessment 

The cornerstone of the revision process is how your company captures, collaborates and preserves all the comments, notes, edits and decisions during the entire project. In addition to this use of technology in revising your compliance policies and procedures revisions, you should determine if they will be available in hard copy, online or both. There must be a distribution plan, particularly if the Code and compliance policies and procedures will only be available in hard copy.

Determine translations and localizations 

The 2012 Guidance made clear that your compliance policies and procedures must be translated into local language for your non-English speaking workforce. The key is that your employees have the same understanding of the compliance policies and procedures-no matter the language. 

Develop a plan to communicate the revised policies and procedure 

A rollout is always critical because it is important that the revised policies and procedures are communicated in a manner which encourages employees to review and use the policies and procedures on an ongoing basis. Your company should use the full panoply of tools available to it to publicize the revised compliance policies and procedures. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide compliance policies and procedures meeting where the new or revised documents are rolled out across the company all in one day. But remember, with all thing compliance; the three most important aspects are ‘Document, Document and Document’. However, you deliver the new or revised policies and procedures, you must document that each employee received it.

Stay on Target and Budget 

You should work to set realistic expectations that to stay on deadline and stay within your budget. This is equally applicable to your policy and procedures revision. Also remember to keep a close watch on your budget so that you do not exceed it.

These points are a useful guide to not only thinking through how to determine if your policies and procedure need updating, but also practical steps on how to tackle the problem. If it has been more than five years since it was last updated, you should begin the process now. It is far better to review and update if appropriate than wait for a massive FCPA investigation to go through the process.

Three Key Takeaways

  1. If you have not revised your compliance policies and procedures in the past five years, you should do so no.
  2. Set a timeline and budget and stick to it in the compliance policy and procedure revision process.
  3. Document your process of revision to demonstrate more complete operationalization of your compliance program as set out in the DOJ Evaluation of Corporate Compliance Programs.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 12, 2017

There are numerous reasons to put some serious work into your policies and procedure. They are certainly a first line of defense when the government comes knocking. The 2012 FCPA Guidance made clear that “Whether a company has policies and procedures that outline responsibilities for compliance within the company, detail proper internal controls, auditing practices, and documentation policies, and set forth disciplinary procedures will also be considered by DOJ and SEC.” And by using the word “considered”, it is clear that this means the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the ‘Document, Document and Document’ mantra applies just as strongly to this area of anti-corruption compliance.

The specific written policies and procedures required for a best practices compliance program are well known and long established. The 2012 FCPA Guidance stated, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company. Procedures are the documents that implement these standards of conduct.

The role of compliance policies is to protect companies, their stakeholders, including employees, third-parties and others, despite an occasional lapse. A company’s compliance policies provide a basic set of guidelines for employees and others to follow. Compliance policies should give general prescriptions and should be supplemented by more specific procedures. By establishing what is and what is not acceptable ethical and compliant behavior, a company helps mitigate the risks posed by employees who might not always make the right ethical choices.

The Evaluation of Corporate Compliance Programs builds up on the requirements articulated in the 2012 FCPA Guidance. Under Prong 4, Policies and Procedures it states, Applicable Policies and ProceduresHas the company had policies and procedures that prohibited the misconduct? How has the company assessed whether these policies and procedures have been effectively implemented? How have the functions that had ownership of these policies and procedures been held accountable for supervisory oversight? The Evaluation then goes on to ask about both accessibility and effectiveness of the compliance policies and procedures by stating, Accessibility – How has the company communicated the policies and procedures relevant to the misconduct to relevant employees and third parties? How has the company evaluated the usefulness of these policies and procedures?

Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.

There are five general elements to a compliance policy. It should stake out the following:

  • identify who the compliance policy applies to;
  • set out what is the objective of the compliance policy;
  • describe why the compliance policy is required;
  • outline examples of both acceptable and unacceptable behavior under the compliance policy; and
  • lay out the specific consequences for failure to comply with the compliance policy.

The Evaluation mandates there must be communication of your compliance policies and procedures throughout the workforce and relevant stakeholders such as third-parties and business venture partners. Compliance training is only one type of communication. I think that this is a key element for compliance practitioners because if you have a 30,000+ worldwide work force, simply the logistics of training can appear daunting. Small groups, where detailed questions about policies can be raised and discussed, can be a powerful teaching tool. Another technique can be the posting FAQ’s in common areas and virtually. Also, having written compliance policies signed by employees provides what some consider the most vital layer of communication. A signed acknowledgement can serve as evidentiary support if a future issue arises. Finally, never forget the example of the Morgan Stanley declination where the recalcitrant employee annually signed such certifications. These signed certifications help Morgan Stanley walk away with a full declination.

The 2012 FCPA Guidance ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” It is important that compliance policies and procedure are applied fairly and consistently across the organization. The Fair Process Doctrine demonstrates that if compliance policies and procedures are not applied consistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated. This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

Three Key Takeaways

  1. The Code of Conduct, together with written compliance policies and procedures form the backbone of your compliance program.
  2. The DOJ and SEC expect a well-thought out and articulated set of compliance policies and procedures.
  3. The Fair Process Doctrine holds for the application of policies and procedures.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 12, 2017

Welcome to Episode 7 of Compliance Man Goes Global podcast of FCPA Compliance Report International Edition. In this episode, we will focus on typical mistakes, which Compliance officers do sometimes. We will explore this matter in a plain language so to say and in the simple game form. Moreover, to make the podcast and text more appealing, will also illustrate today’s episode with an illustration from the Compliance Man illustrated series, created by Timur Khasanov-Batirov.

For those of our listeners who are not aware about our format, in each podcast, we take two typical concepts or more accurately misconceptions from in-house compliance reality. We check out if these concepts work at emerging jurisdictions. For each podcast, we divide roles with Timur, a practitioner who focuses on embedding compliance programs at high-risk markets. One of us will advocate the concept identifying pros. The second compliance man will provide arguments finding cons and trying to convince audience that that we face a pure myth. As a result, we hopefully will be able to come up with some practical solutions for in-house compliance practitioners.

Myth 1-There is no practical way to improve Compliance program. This is just a fancy and useless statement. In corporate practice, it is just unreal.

Myth 2-As compliance practitioners, we should draft and amend exclusively compliance policies. The list of such policies is well known and is exhaustive like code of ethics, gifts policies and alike. There is no need spare time for reviewing corporate policies beyond our Compliance Policies List

Dec 12, 2017

In May 2014, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. It becomes effective for public entities for annual reporting periods beginning after December 15, 2017. In addition to changing things dramatically in the accounting and financial realms, this new revenue recognition standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. In this episode, we consider how you should set your transaction price.

Matt Kelly and I have put together a five-part podcast series where we explore implications of this new revenue recognition standard. Each podcast is short, 11-13 minutes and deals with one topic on the new revenue recognition standard. The schedule for this week is:

Part 1: Introduction

Part 2: What the logic of your transaction price?

Part 3: Shaking up software revenue recognition.

Part 4: Auditors need to pay attention.

Part 5: What does it all mean for compliance (and everyone else)?

FASB states that Step 3, determine the transaction price, is the amount of consideration to which an entity expects to be entitled in exchange for transferring promised goods or services to a customer, excluding amounts collected on behalf of third parties. To determine the transaction price, an entity should consider the effects of:

  1. Variable consideration - If the amount of consideration in a contract is variable, you must determine the amount to include in the transaction price by estimating either the expected value or the most likely amount.
  2. Constraining estimates of variable consideration - An entity should include in the transaction price some, or all, of an estimate of variable consideration only to the extent it is probable that a significant reversal in the amount of cumulative revenue recognized will not occur.
  3. The existence of a significant financing component - An entity should adjust the promised amount of consideration for the effects of the time value of money if the timing of the payments agreed upon by the parties to the contract provides the customer or the entity with a significant benefit of financing for the transfer of goods or services to the customer.
  4. Noncash consideration - If a customer promises consideration in a form other than cash, an entity should measure the noncash consideration at fair market value.
  5. Consideration payable to the customer - If an entity pays, or expects to pay, consideration to a customer in the form of cash or items, such as a credit, a coupon, or a voucher, that the customer can apply against amounts owed to the entity, the entity should account for the payment as a reduction of the transaction price or as a payment for a distinct good or service, or both.

Kelly noted all of this means judgment are going will become more important under the new revenue recognition standard. He said “People should be thinking about that judgment means, who will be able to defend, precisely how your organization is defining the transaction price. That is something that your audit firm will want to look at and you should understand that the audit firms have more pressure to be more skeptical about judgments their clients make.”

One particular problem could be non-cash transactions or even consideration. He advised to think “about the difference between cash and non-cash compensation for a deal. What if some of your payment for a transaction was in Bitcoin; the value of which is literally changing by the day right now. You could have a transaction that you agree to payment on the first of the month and some part of it might be conveyed in Bitcoin at the end of the month. However, the value of bitcoin could change dramatically before the end of the month or the quarter. Further,  compensation can come in many forms, such as receipt a patent from a joint venture partner, travel voucher or really anything of value. It will create a requirement to accurately value them and implement that valuation.

An ancillary result will be that many non-accountants are going to find that they get pulled into these conversations that you probably have not had much experience with before over revenue recognition. Lawyers and compliance practitioners, for instance may well be a part of these conversations going forward. They typically have not been a part of the discussion to determine the transaction price in the past.  That is really going to be the tricky part of defining what a transaction is under this new revenue recognition standard.

For the compliance practitioner, it is not simply being able to read a spreadsheet anymore. It is understanding the underlying basis of that spreadsheet and are those underlying bases defensible. Consider in the FCPA and greater compliance ream, you may be required to justify the values assigned to either discounts, rebates or some other form of payment variance. In the overall context of an FCPA investigation, under the books and records provisions, a compliance professional may well have to take a much more detailed view of this to determine the transaction price when you sit down across the table from somebody at the DOJ.

Kelly concluded, “in the grand scheme what FASB wanted to achieve with this new revenue recognition standard was to bring more transparency to the logic of the economic action.” You will need to be able to justify where did these numbers come from related to this business transaction the companies are engaged in going forward. It is certainly going to be a very different world for some people.

I hope you will continue to join us for our exploration this week. Tomorrow in Part III, we will explore how this new revenue recognition standard will shake up the software industry.

Dec 11, 2017

How can you work to operationalize the Code of Conduct as articulated in the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs? The Evaluation focuses not on whether a company has a paper compliance program but whether a company is actually doing compliance. A company does compliance by moving it into the functional business units as a part of an overall business process. That is what makes a compliance program effective at the business level. There are several different parts of the Evaluation that touch upon your Code of Conduct.

Prong 2, Senior Leadership and Middle Manage states the following:

Shared CommitmentWhat specific actions have senior leaders and other stakeholders (e.g., business and operational managers, Finance, Procurement, Legal, Human Resources) taken to demonstrate their commitment to compliance, including their remediation efforts? How is information shared among different components of the company? 

The Code of Conduct process should involve these corporate disciplines. Your Code of Conduct should enshrine your company’s values. Those are set by senior management and their input and support for any Code of Conduct project, whether initial draft or update, is critical.

Prong 4, Policies and Procedures states the following:

Designing Compliance Policies and ProceduresWhat has been the company’s process for designing and implementing new policies and procedures? Who has been involved in the design of policies and procedures? Have business units/divisions been consulted prior to rolling them out? 

This question gets to the heart of operationalization and demonstrates how a Code of Conduct can work to meet the DOJ requirements. As an early part of your design and drafting process, you should assemble a cross-functional team. This is important for several reasons. First diversity in your team will help produce a more well-rounded final product. But having such team diversity will also assist in your benchmarking effort, coupled with those who are going to help you out looking at designs and maybe helping forge the design of the Code. Finally, you can use a group to help in the drafting, redrafting and editing process. This diversity will help you to answer all of the three DOJ questions from the Evaluation in a manner consistent to support operationalization.

This project team diversity will also help to operationalize your Code of Conduct after implementation. You will have various business unit members invested in your new or revised Code of Conduct. This ownership will help not only in your internal marketing but demonstrate to employees the commitment to doing business ethically and in compliance to your entire workforce.

Prong 6, Training and Communication, states:

Form/Content/Effectiveness of TrainingHas the training been offered in the form and language appropriate for the intended audience? How has the company measured the effectiveness of the training?  

There are several different types of training, including live, interactive and online training. But in addition to training, your Code of Conduct can form the basis of ongoing communications throughout the organization. Through a Code of Conduct, a company has acknowledged certain risks and it can communicate those risks through effective use of a Code of Conduct. It can also serve as a jumping off point for training and communications about more focused topics and discussions led by employees outside the compliance department.

You can measure the effectiveness of your training through a variety of mechanisms including knowledge assessments, culture surveys, focus groups, tracking your internal intranet training, reporting of trends and even hotline calls. These techniques can help to drive compliance into the very fabric of your company by operationalizing compliance. Another important consideration around effectiveness for training, and the text of the Code of Conduct, is translations, or as the DOJ stated, “Has the training been offered in the form and language appropriate for the intended audience?”

Three Key Takeaways

  1. What has been the role of senior management in the creation or update of your Code of Conduct?
  2. How have you worked with employees outside the compliance function to lay the groundwork for fully operationalizing your compliance program?
  3. How have your measured the effectiveness of your Code of Conduct training? 

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 11, 2017

In May 2014, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. It becomes effective for public entities for annual reporting periods beginning after December 15, 2017. In addition to changing things dramatically in the accounting and financial realms, this new revenue recognition standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward. In this episode, we provide an introduction to the new revenue recognition standard.

Matt Kelly and I have put together a five-part podcast series where we explore implications of this new revenue recognition standard. Each podcast is short, 11-13 minutes and deals with one topic on the new revenue recognition standard. The schedule for this week is:

Part 1: Introduction

Part 2: What the logic of your transaction price?

Part 3: Shaking up software revenue recognition.

Part 4: Auditors need to pay attention.

Part 5: What does it all mean for compliance (and everyone else)?

This standard has been a long time in coming but the go live date is here; it becomes effective on December 15, 2017. This means the financial reports your company will submit which will come out sometime in February or March will be under the new revenue recognition standard. Kelly noted that “upwards of 80 percent of filers in the United States have a year end of December 31 as their fiscal year end. For most companies, this new revenue recognition standard is here you are going to have to start worrying about it now. You are going to have to start reporting under the new standard early in the spring.” While some companies, such as Google, General Motors and Microsoft adopted the standard early, most will be doing so on the fly in Q1 2018.

The prior revenue recognition standard was rules-based, while this new revenue recognition standard is principles-based. This was done deliberately as FASB is coordinating this rollout with how revenue is recognized in other parts of the world, specifically International Financial Reporting Standards (IFRS) which are put forth by the International Accounting Standards Board. This was a joint effort to have a one global approach to how companies recognize revenue and the process involves a lot more judgment. Kelly noted, “The good news is that you can exercise a lot more judgment and if you have good judgment you can finesse things to be much more reflective of what's the economics of the deal.”

The new revenue recognition standard is really about a series of performance obligations; what a company is committing to do in delivering a good, delivering a service, or both. Next, has a company fulfilled those performance obligations. Finally, is do these actions give that obligation to a company beyond the contract language? Kelly said, “It's a sweeping standard. The philosophy of when you have a transaction and when you do not, has changed. Different types of industries will be hit by this quite a bit by this new revenue recognition standard but others will not.”

Kelly said this use of more judgment, than rules cuts, both ways. “If your judgment is not sound or if your judgment could be called into question because you have not properly documented your logic and your chain of thought, your organization is opened itself to questioning your judgment much more than might have happened under the old standard. This means a key will be the logic in determining the transaction price.” In addition to the process aspect, there is the document, document, document process which should warm the heart of every compliance practitioner. As the prior revenue recognition standard was rules based, “you went through all the contortions you come to a number that's the number.”  Now, as Kelly noted, “it's down to this is our judgment and if our judgment is good and we can document it.”

Kelly also noted the Securities and Exchange Commission (SEC) has gone to great lengths over the past two years at least about this new revenue recognition standard, giving what he termed “gentle nudges and sometimes not gentle nudges to companies that you've got to get on board with this new revenue recognition standard.” The good thing is that while the SEC may well provide a few comment letters, as companies are reporting under the new revenue recognition standards, they will probably not sanction companies for reporting errors for some period of time. Kelly believes, “as long as you are actually trying to embrace the spirit of the new revenue recognition standard” the SEC will not sanction your organization. However, if an organization is “committing accounting fraud you are still going to get nailed.”

Kelly concluding by raising the very interesting question of whether the investor community is ready for this new revenue recognition standard. This may be truer for private equity companies investing in the tech space are the rules around revenue recognition for software companies could be more greatly impacted than other organizations. (We will take up the new revenue recognition standards for software companies in Part 3.) The bottom line is that a wide variety of interests, in a multitude of organizations will be impacted by this new revenue recognition standard; including the compliance profession.

I hope you will join us for our exploration this week. Tomorrow we will ask, and hopefully answer, the question: What is the logic of your transaction price?

Dec 11, 2017

In this episode, I visit with Don Fischer, a San Francisco and Washington, based lawyer who is one of the country’s leading practices dedicated to assisting corporations, universities and research institutions with the development of comprehensive Export Control compliance. He has extensive strategic and practical experience in helping implement cost-effective, risk proportionate compliance programs. Fischer has specific export control services include risk assessments, export process development, export licenses (EAR, ITAR and OFAC), Technology Control Plans, Requests for advisory opinions, Voluntary Disclosure investigations, Data security analyses, training and web content development. 

In this episode we discuss, the following issues:
-What are export controls?

-Which government agencies regulate exports?

-What's a deemed export?

-Do these requirements only affect defense contractors?

-How do these requirements impact corporations?

-What are the consequences for getting this wrong?

-What are some of the challenges that companies face in becoming compliant?

-What is the best way for a company to implement necessary oversight of an export compliance program, in a cost-effective manner? 

It is a fascinating exploring a type of compliance which converges with anti-corruption compliance more and more in the commercial corporation setting.

Don Fischer can be reached at dfischer@fischer-associates.com. 

You can check out his law firm by clicking here.

Dec 8, 2017

What about the training on your finalized Code of Conduct? While there have been criticisms of Code of Conduct training, if you consider training as one source of your 360-degrees of compliance communications, the rollout of a new or updated Code of Conduct can be an opportunity. This rollout fits directly into the concept of 360-degrees of compliance as rollout is part of both communications and engagement. The delivery of a Code of Conduct is a key element of its effectiveness. By allowing your employees and other stakeholders to engage and interact with the Code of Conduct, through live or interactive training, the effectiveness can be better monitored and measured.

In a white paper, entitled “Top 5 Tips for Effective Code of Conduct Revisions, Eric Morehead noted that often companies have a formal launch of the Code of Conduct where senior management and the corporate compliance function “conduct on-site activities across the organization to promote the launch of the new Code, or launch interactive activities such as video competitions that ask stakeholders to such submit short videos on Code topics.” However, this is not the sole manner to have such a rollout as other companies “keep the message more informal but use frequent touchpoints, for example, through email or cascading messages through line managers, to keep up the drumbeat on compliance topics and reinforce the role of compliance.” The key is to exploit on the opportunity a new or revised Code of Conduct gives you to communicate in a 360-degree manner on your compliance program.

One of area in 2017 Department of Justice’s Evaluation of Corporate Compliance Programs that articulated a new emphasis was in the effectiveness of training. I think everyone would understand you do need to train but now the government's talking to us about effective training. Begin with live training that can be held at the corporate headquarters with senior management and even executive involvement. Many companies will videotape a message from the CEO to help celebrate the rollout. Then there is the opportunity for localized training that gives employees an opportunity to see, meet, and speak directly with a compliance officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to the Code of Conduct. It gives employees the opportunity to interact with the compliance officer by asking questions which are relevant to markets and locations outside the United States, which can often provide employees with the opportunity to have confidential in-person discussions.

An important part of in-person training is the opportunity to interact with the audience through Q&A. There are a couple different approaches to Q&A. The first is to solicit questions from the audience. However, many employees are reluctant, for a variety of different reasons, to raise their hands and ask questions in front of others. This can be overcome by soliciting written questions on cards or note pads. A second technique is to lead the audience through hypothetical examples in which the audience is broken down into small discussion groups (up to five people) to discuss a situation and propose a response. However, with a worldwide, multi thousand-person workforce with multiple languages, an entire Code of Conduct roll-out based on live training may not be feasible.  

Not surprisingly, and one of the key themes in compliance, is to understand your company and tailor your compliance program, including your Code of Conduct training, for your audience. Companies have to consider their audience when considering drafting the Code of Conduct, the kind of tone it is going to have, how long it is going to be and topics you are going to cover in the Code of Conduct; the same analysis is true for your training.

Most organizations put together custom training for their Code of Conduct rollout. Live training is generally viewed to be the most effective with online training next in effectiveness. One technique which as gained traction is a modular approach where you might identify 10 key risk areas and train on each in 10 minute segments throughout the year, one per month. This drives engagement and lessons complaints that employees have to take an entire hour for such training.

Another mechanism is more interactive training. When audience members are required to answer questions on an ongoing basis it can foster more engagement. It can also help to meet the DOJ requirement to demonstrate the effectiveness of training. Of course, gamification which is another form of interactivity and it has become more popular over the last few years. It also has the advantage of more favor with millennial members of the workforce.

However, your Code of Conduct training should be an extension of the way you communicate compliance in your organization. If it is divorced from your 360-degrees of compliance communications style, you may well be missing an opportunity to drive better understanding of the Code of Conduct and denigrate the effectiveness of the training. Whatever approach is used, one of the critical factors is the length of time of the training session. Although lawyers and ethics and compliance professionals can (sometimes) sit through a multi-hour Code of Conduct, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation and number of PowerPoint slides must be kept to a manageable length before the attendee’s eyes start to glaze over.

Three Key Takeaways

  1. Consider a video message from your CEO to help roll out your Code of Conduct initiation or update.
  2. Tailor your Code of Conduct training to your workforce.
  3. Consider interactive and modular approaches to Code of Conduct training.

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 7, 2017

Next is the design of your Code of Conduct. Through attention to detail in the design process, you should be able to come out at the end with a Code of Conduct which will help you to more fully operationalize your compliance program. 

You must begin with a determination of what you are trying to accomplish. It does not serve you to try and list every compliance risk you might think your company may encounter. You should determine the values you want to communicate, what the expectations are for employees and how to call the hotline. Under such an approach, a Code of Conduct can be the jumping off point for training on the issues stated in it. The Code of Conduct can also form the hub of the wheel for other policies and procedures and written standards you want to communicate to relevant stakeholders. 

You should also consider how you are going to distribute your Code to your employees and stakeholders. If it is through an Adobe .pdf document, which is accessible for most stakeholders across an organization or via another method. If a significant part of your workforce does not have access to computers, online production only will not work as the primary distribution platform. 

Values 

One conundrum is whether and how to incorporate your ethical values into your Code of Conduct. You can integrate values by incorporating them into your discussion of the risk topics in your Code of Conduct. This aids in your roll out as a topic of interest in discussing your new or revised Code of Conduct. Integrity can be discussed in the context of a non-retaliation policy. 

Benchmarking 

Another tool is to benchmark other Codes of Conduct. You should consider other companies in your industry, organizations that operate in the same geographic jurisdictions as your organization does and companies with a similar employee size. Consider what they are doing, determine what appeals to you and think about what might work for your organization. 

If you have not updated your Code of Conduct for some time, there will probably be new areas that you need to incorporate into the updated version. Two obvious new areas of risk involve social media and cybersecurity. Such an exercise will help with your goal setting at the beginning of the project and allow you to move directly to the drafting of the text. 

Drafting and Redrafting 

If you are starting from scratch an outline is a good way to go. If you are working from a current version, you may want to go through a few drafts with redlining the text to eliminate confusing language and unnecessary legalization which is meaningless to anyone other than lawyers. An example here is the move from a US-centric focus on the FCPA due to the proliferation of other countries enacting anti-corruption legislation such as the UK Bribery Act and the Brazil Clean Companies Act, Chinese domestic anti-bribery laws and other standards as well.   

Operationalizing 

Although the Code of Conduct was not specifically mentioned in the Department of Justice’s 2017 Evaluation of Corporate Compliance Programs, the over-riding concept of operationalization applies equally to your Code of Conduct drafting or updating exercise. This means you need to consider how are you going to involve the operational areas of your organization in that process, as there is a clear DOJ expectation around your Code of Conduct. 

You should engage a focused group tasked with doing redlines of the text. A key is to involve employees from different parts of your company. It is just important to involve people from outside the compliance and legal functions in the process so that you get that buy-in from a wide variety of the corporate business units. This certainly can aid when the time for rollout comes. 

Using your business folks to help develop Q&As, examples or scenarios, can help to address common questions from the field and can also be useful in making your Code of Conduct training more effective. Having somebody in operations suggest to you what would be a good example or Q&A because if there are issues the business unit deals with on a daily basis can be most useful. Further there are many different parts of this process where you can include employees into your Code development. This involvement will not only make your Code of Conduct more robust but it will help to further operationalize it by making it more applicable to the business folks. Indeed, the government will probably ask you who, outside the compliance/legal function, was involved and their contributions. (Insert-Document Document Document here!) Getting different perspectives is important but you need to include non-compliance teams early in the process by helping you from the planning phase through drafting and rewriting up to implementation and rollout. 

Three Key Takeaways

  1. Get your business folks involved in your Code of Conduct from the outset.
  2. Your ethical values should be integrated into and integral to your Code of Conduct.
  3. How have you operationalized your Code of Conduct?

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 6, 2017

Next, the evolution of the structure and format of a best practices Code of Conduct. Initially, my experience with Codes of Conduct was that they were written by lawyers, largely for lawyers. This included ‘thou shalts’ and ‘thou shalt nots’ liberally sprinkled throughout a lengthy written document. This was what is now referred to as Code 1.0. The compliance community then evolved Code 2.0, where the writing was less turgid, we moved to more employee friendly language and then somewhere along the line we started putting in hyperlinks and pictures. 

There are two factors which a company should consider on the structure of Code of Conduct. The first is to consider how your organization generally communicates, overlaid with the most effective way to communicate with the various stakeholders who will read and use the Code of Conduct. These stakeholders can include such diverse groups as employees, shareholders and third parties on both the sales and supply side of your business. This may require multiple approaches. 

The second point involves considering the thinly veiled land of the future of compliance by considering how will your Code of Conduct be viewed and used going forward. A simple example is the switch to mobile devices as a mainstay of corporate communications. Think about how laptops were viewed as the primary vehicle through which most employees and stakeholders interacted with training and resources for many organizations. Now many companies are going to mobile devices. Will you're the format of your Code of Conduct work on those various platforms and perhaps some you have not yet considered? 

With a current Adobe .pdf platform for instance, you can have a .pdf document because it is the easiest thing to provide to people who are looking at it on a phone on a PC on a tablet or want to print it out and hold the pieces of paper as it is the most compatible format out there. Also, you can embed some interactivity into a .pdf document. Such technology allows you to add functionality as it becomes available to you. 

If your organization is one where communication is more free flowing and there is more free-wheeling internal communications, that should be reflected in your Code of Conduct form. This means if your organization is a startup in Silicon Valley or in a well-known fun-loving organization such as Southwest Airlines; there may well be more playful attitude and a more playful way to communicate Code of Conduct topics. Conversely if you work for a hierarchical energy services company, which communicates in a top down strategy, such playfulness is not appropriate. What you should strive for is a consistent communications strategy. If your employees and other stakeholders are accustomed to receiving communications in a certain style it would appropriate to maintain that style in your Code of Conduct. The key is to consider not just how the internal communication at your company occurs. Consider how does HR ops and marketing and other other corporate disciplines communicate. You should strive for a consistent communication strategy in your Code of Conduct. 

Think about the evolution of the Code of Conduct from the type of document that was akin to an annual report to one that now addresses corporate culture. A Code of Conduct must speak to the typical important concepts such as values that define the ethical culture or should define the ethical culture of the company. Some Code of Conducts have been as long as 12,000 to 14,000 words but others can be quite short, only four to five thousand words. It all means there is no set length and the style of writing can vary. But it must ring true with your employees, stakeholder and shareholders.                  

Be sure to make your Code of Conduct readable. This is beyond simply eliminating legalese. It is writing English at a grade level that is sufficient for your employee population. It may be that an eighth-grade language level is appropriate for your work force. However, if you have a population consisting primarily of professionals, translating it into the appropriate languages it might be appropriate to aim for a higher level of language. Finally, you do not have to say the same thing, in multiple different ways. 

Three Key Takeaways

  1. Companies have moved past having a Code of Conduct in by lawyers for lawyers to a fully interactive Code for all employees.
  2. Consider how information is distributed at your organization as a basis for communication in your Code of Conduct.
  3. Your Code of Conduct must be readable, in both in English and native language for non-English speaking employees. 

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 5, 2017

What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action by using it to claim we are an ethical company. Is such a legalistic code effective? Is a Code of Conduct more than simply, your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?

In the 2012 FCPA Guidance, the DOJ and Securities and Exchange Commission stated, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

In the Society for Corporate Compliance and Ethics (SCCE) 2017 Complete Compliance and Ethics Manual, article, entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “First and foremost, the standards of conduct demonstrate the organization’s overarching ethical attitude and its “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” They go on to state, “The code is meant for all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. This includes management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.” From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.”

There are several purposes which should be communicated in your Code of Conduct. The overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating those requirements, to providing a process for proper decision-making and then requiring that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. Your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands it. The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed your Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United Airlines to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United Airlines operations at the company’s huge east coast hub at Newark, NJ.

The actions of United’s former Chief Executive Officer, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to the Non-Prosecution Agreement settlement with the Department of Justice, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.

Three Key Takeaways

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity
  3. Document Document Documents your training and communication efforts.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 4, 2017

The cornerstone of a best practices compliance program is its written standards. These include a Code of Conduct, policies and procedures. These requirements have long been memorialized in the US Federal Sentencing Guidelines (FSG), which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements, the DOJ has crafted its minimum best practices compliance program, which is now attached to every Deferred Prosecution Agreement and Non-Prosecution Agreement. These requirements were incorporated into the 2012 FCPA Guidance. The FSG assumes that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct? The starting point, as per the FSG, reads as follows:

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)

An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws. 

In the 2012 FCPA Guidance, the DOJ and Securities and Exchange Commission stated, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

In each DPA and NPA since that time, the DOJ has said the following as item No. 1 for a minimum best practices compliance program.

  1. Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the "anti-corruption laws"), which policy shall be memorialized in a written compliance code.

Your Code of Conduct, policies and procedures should be grouped under the general classification of written standards, comprising three levels of written standards. First, every company should have a Code of Conduct, which should, most generally express its ethical principles. But simply having a Code of Conduct is not enough. A second step mandates that every company should have policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. From the base of a Code of Conduct and policies, every company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

Best practices now require companies to have additional written standards, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective written standards is to demonstrate that your compliance program is more than just words on a piece of paper.

Policies and Procedures

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the 2012 FCPA Guidance, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and procedures are the documents that implement these standards of conduct.

The role of compliance policies is to provide guidance and to protect companies, despite an occasional hick-up. Policies provide a basic set of guidelines for employees to follow. They can include general dos and don'ts, work process flows, specific issue guidelines. By establishing what is and is not acceptable compliance behavior, a company cans mitigate the compliance risks posed by employees who might make foolish decisions or otherwise engage in unethical behavior.

While policies are not a guarantee that things will not go sideways, they are a line of defense if they do. The effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating ethically and proactively for the benefit of its stakeholders, its employees and the community it serves. If it is a company subject to the FCPA, it is an international company so that can be quite a wide community.

The 2012 FCPA Guidance ended its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” It is important that policies are applied fairly and consistently across your company for if compliance policies are applied inconsistently, there is a greater chance for employee dissatisfaction. This point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

There are numerous reasons to put some serious work into your Code of Conduct, policies and procedure. They are certainly a first line of defense when the government comes knocking. This means the regulators will take a strong view against a company that does not have well thought out and articulated policies, procedures or Code of Conduct; all of which are systematically reviewed and updated. Written policies, signed by employees provide a vital layer of communication. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the ‘Document, Document and Document’ mantra applies just as strongly to this area of anti-corruption compliance.

Three Key Takeaways

  1. A Code of Conduct, together with policies and procedures have long been recognized as cornerstones of a best practices compliance policy.
  2. Each level of written standards builds upon one and other so you need to consider this integration step.
  3. The Fair Process Doctrine applies to your written standards.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Dec 2, 2017

The cornerstone of any best practices compliance program is written protocols. This includes a code of conduct policies and procedures. These elements have long been memorialized in the U.S. sentencing guidelines. The Department of Justice’s Opinion Releases regarding compliance programs, the 2012 FCPA Guidance, 2017 Evaluation of Corporate Compliance Programs and 2017 FCPA Corporate Enforcement Policy all emphasize this key concept. 

There are three levels of standards and controls code of conduct standards and policies and procedures. Every company should have a code of conduct which expresses its ethical principles. But a code of conduct is not enough. In the 2012 FCPA Guidance, the DOJ and Securities and Exchange Commission stated, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf. Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.

The Department of Justice has presented us with several questions you can ask around your policies and procedures and your code of conduct. For instance, what has been the company's process for designing and implementing the code of conduct and policies and procedures. Other questions include, who has been involved in the design of the code of conduct and policies and procedures have the business units been consulted prior to rolling them out. Another area of inquiry is whether the company has implemented policies and procedures which called out the illegal conduct; has the company assessed what are the policies and procedures have been effectively implemented. Any area for consideration is whether the corporate functions with ownership over the policies and procedures been held accountable for their implementation and oversight. Finally, are they accessible to company employees. How is the company communicated the policies and procedures relevant to bribery and anticorruption compliance programs and how is the company evaluated the usefulness of these policies procedures and code of conduct. These are just some of the questions we will explore throughout the month of December. 

We are going to consider the basis for your code of conduct and written standards through a deep dive into the code of conduct, the structure, form design and training on the code of conduct of course with operationalization. The same consideration will be given to policies and procedures; revising policies and procedure. We will conclude with a deep dive into policies that the Department of Justice has mandated you have. This will include gifts travel entertainment charitable donations political contributions internal controls facilitation payments and extortion payments third parties and we're going to have one on cyber security because that's become such an incredibly important topic. 

At the end of this month you will have a very detailed grounding on better written standards for your compliance program. You will be able to utilize the information presented to implement a more effective compliance program for your organization.

Three Key Takeaways

  1. The cornerstone of any best practices compliance program is written protocols.
  2. Written standards work to prevent, detect and remediate.
  3. What are the specific written protocols you should have in your compliance program.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on compliance training. Look for dates of one of the top compliance related training going forward.

Nov 30, 2017

I entitled this month’s podcast series as “360-degrees of communication in compliance” because it has occurred to me that you can have an ongoing discussion about compliance at all times. Previously, I had thought of communications really as a two-way street upward and downward inbound and outbound side to side. However, you might choose to phrase it, a 360-degree approach is something different. I do not think you communicate in just two ways any longer. I think you communicate in multiple ways. If you are just thinking about communications in the classic form you're missing something that is happening around you. 

360-degrees of communication and compliance is not just a classic form of communication but rather it's a communication in the concept of every interaction whether they be planned interactions or whether they be into or accidental interactions. It is all a form of communication. This is particularly true if you're a compliant professional a chief compliance officer or a compliant practitioner. The things you do the way people see you you're always communicating and it's not just communicating to one another often you're communicating to a group across group boundaries to the constituencies you had not even planned to initially communicate with. 

A 360-degree approach takes a much more holistic approach as opposed to just you and me; up and down inbound and outbound; side to side communication. Over this month, we have explored multiple forms of 360-degrees of communication, looked at social media, considered the concept of sharing. We have explored the clash of cultures and how communication a 360-degree approach to communication can help overcome that. We have discussed storytelling in compliance and teaching lawyers how to communicate and compliance. We have reviewed such leadership topics as persuasion, self-reliance and then multiplying the influence of compliance. 

We have also considered communicating across cultural boundaries how you can use social media tools such as Twitter even things that you might not consider a communication tool such as the supply chain and how innovation in your supply chain around communication can be used for your organization. You probably have not considered crowdsourcing as a form of 360-degrees of communication so. It has been a fascinating exploration and some of the things that I think he may not have considered as communication. 

Concepts such as utilizing communications to see around hard walls that because of a 360-degree approach you can certainly allow you to obtain more information. Communications can not only enhance your training but expand your training. If you think of all forms of communication as training you can quickly begin to see that your interactions with your employees are not only a form of training but they are really a form of ongoing communications and if you take the 360-degree approach you are continually communicating about your culture you're continually communicating about your values and your modeling for your employees the behaviors you want to see. So, think about expanding your training repertoire by making it not training but a 360-degree approach. 

Always remember that the Department of Justice looks at your training. But more importantly they look at your compliance communications. Never forget the 2012 Morgan Stanley declaration where they specifically pointed out 35 compliant reminders emailed to a recalcitrant employee over seven years. What if your communications is a 360-degree approach which allows you to document a continual form of communication and a continual stream of communication to your employee base. The government ever comes knocking. You have that record every time you utilize a social media tactic or technique, within behind your firewall or any other form of communication whether it be video, audio, e-mail, written document, or other. 

It is a very powerful way for you not only to get your message across but also for you to protect yourself and protect your organization. When you can utilize a tool or technique which not only helps you get your message out but also helps you to further protect the company that's a tool that I think is of high value to you.

I would like to end this month with a story that was told to me by Louis Sapirman, the CCO at Dunn & Bradstreet. And it happened to him in Argentina. Argentina has an interesting form of illegal conduct, which is an open black market for the changing of currency. Sapirman was with a colleague who was one of the leaders from the company's South American operations and they went into a convenience store. The person who was going to sell him the product suggested that he go just around the corner and change money on the black market where he could get a much better rate was almost a 100 percent difference in the exchange rate; he declined to do so. Sapirman paid and received the established bank right in the small transaction. 

He had not considered role modeling that compliance. About six months later one of his team members was in Mexico speaking to the leader of the Dunn and Bradstreet operation there. The non-compliance function employee said that he was the person who had been with Sapirman. He recounted the story of doing the right thing, when literally no one was watching. That is the power of 360-degrees in communication.   

Three Key Takeaways 

  1. 360-degrees of communication is a much broader manner of thinking about communications.
  2. You can use 360-degrees of communication to both see around walls and expand your training regime.  
  3. You are always communicating compliance. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 29, 2017

If there is one truism from the practices of law which translates to the practice of compliance it is that you are only limited by your own imagination. This holds true in the 360-degree realm of communication in compliance, as communications obviously comes in many forms. Many compliance practitioners will well remember the 2012 Morgan Stanley declination. In this first declination made public, the Justice Department recognized Morgan Stanley for emailing out 35 compliance reminders to Garth Peterson over seven years. Think about the power of 360-degrees of communications in the context of compliance reminders. Now imagine the power of these short ethics and compliance video training clips going out over the same period of time and the effect it would have both on your employees and the regulators.

Marc Havener is the founder and Chief Executive Officer (CEO) of Resonate Pictures, and Bryan Belknap, is the Creative Director. They jointly created a series of video shorts for a consulting company on compliance. Rather than the traditional legal approach of telling employees what the corporate policy about compliance, they wanted to tell a story about compliance through the art of movie based storytelling and that wove messaging into characters to tell a story.

They created a video training series using employees telling real stories which resonated with the workforce. Once these videos started getting released the employees who starred in the videos, became minor celebrities within the company. More importantly the episodes started becoming so popular that employees figured out how to view them in the system before the training videos were officially released. Employees would start watching these over the weekend before they were officially released internally because they wanted to know what was going to happen.

From this beginning these two gents built Resonate Pictures a supplier of movie clip based ethics and training videos which are widely popular. They recently released an eBook, entitled “How to Teach Ethics and Compliance with Hollywood Movie Clips”, in which they explain how and why ethics and compliance training using movie clips to get the concepts across can be a powerful training tool in the toolkit of the compliance practitioner. The eBook notes, “Movie clips will turn your surly team – the one that has reverted into eye-rolling teenagers when forced to sit through a lecture -- into alert, emotionally and intellectually engaged employees. Better yet, they’ll enjoy learning about ethics and compliance!” They list five reasons that this form of communication works and I believe creates another mechanism for you to think about 360-degrees of communication for your compliance program.

Create unforgettable teachable moments. Instead of having lawyers drone on, giving forgettable instructions on ethics, culture and honesty; they will clearly enjoy a scene of a star like Leonardo DiCaprio bluffing his way through his job as a medical doctor.

Place ethics and compliance training in tangible situations.Some people just do not understand concepts until they see them in action. For some employees, a clear directive like, “Don’t take bribes” might raise other questions such as “What if it’s non-monetary compensation? Or a gift? What if there’s no expectation of quid pro quo?”

Create a common language among employees. This means a cultural language across your employee base. By showing your employees the same movie clips, they will begin to create a shared language, a shorthand for ethical behavior that references the clips they’ve seen, where they hum the “Batman” theme when someone’s invading privacy or warn someone not to “pull a Clooney” with their expense reports. 

Provide a vicarious learning experience. This simply means people can learn by watching someone else and it is crucial because it means people can learn to avoid the bad/incorrect behavior they witness by another person and make the ethical move when they personally face a similar real life choice.

Create mental markers. Whatever ethics and compliance lesson you communicate with a movie clip it will live on beyond your classroom. If your employees ever see that clip again, your compliance lesson will pop back into their minds, reinforcing your point. Sprinkling in movie clips helps move your training outside the classroom and into employees’ everyday lives; so much so that eventually, they won’t be able to watch Television without spotting all the ethics and compliance moments in their favorite shows.

I have urged compliance practitioners to bring more storytelling into their compliance messaging. If you put the employee in the shoes of the person they’re watching, they will remember it, because will see how it applies to their lives. Havener noted the training experience will last “exponentially longer than if you just go over a written policy or show a PowerPoint”. He called it “expanding your classroom”. The next time they see George Clooney they’re going to remember the training, the next time they watch that movie that you showed a clip from they’re going to be reminded of the training and so it becomes a great drift method of training.”

Three Key Takeaways

  1. Storytelling is another form of 360-degrees of communication.
  2. Movie clips in compliance training can provide useful touchstones that employees can relate to for compliance lessons.  
  3. The Morgan Stanley declination gave credit for annual compliance reminders. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 28, 2017

Planes, trains and automobiles can be three of the most important tools for any compliance professional. For it is through these transportation methods that you get out of the office and into the field to meet and talk with your stakeholders, both internal and external. This greatly facilitates a 360-degree use of communication. 360-degrees of communication considers not just that classic form of communication one person to another but rather the concept of every interaction as a form of communication. If you are out of your office, your internal and external stakeholder will see not only what you are communicating but how you are communicating. It is in these interactions, you are literally always communicating. It may be that you are communicating to a group across group boundaries to the constituencies which you had not even planned to communicate to or with. This means that a 360-degree approach to communication is much more holistic approach to communication. 

When you tie a 360-degree approach to ethical leadership you have a power tool to create a successful compliance program. But it is more than your commitment as a CCO or compliance practitioner. Senior management must not only be committed to doing business in compliance with these laws but they must communicate these commitments down to the organization. But leadership is not limited to only to senior management within an organization. Tone at the Top begets Tone in the Middle; which begets Tone at the Bottom. At each rung, there is the need for 360-degrees of compliance communications. In “Leadership is a Conversation”, authors Boris Groysberg and Michael Slind discuss how to improve employee engagement in today’s “flatter, more networked organizations.”  

It is the how leaders handle communications within their organizations that is as important as the message itself. The process should be more dynamic and more nuanced and should be conversational. It is a model of leadership which uses “organizational conversation” resembling ordinary person-to-person conversations. This model has several advantages, including that it allows a large company to function like a small one and it can enable leaders to “retain or recapture some of the qualities…that enable start-ups to out-perform better established rivals.” There are four elements of organizational conversation: intimacy, interactivity, inclusion and intentionality.  

Intimacy: Getting Close 

You should focus on two skills: listening and authenticity, because physical proximity may not always be feasible but emotional or mental proximity is required. As a corporate leader, a CCO should “step down from their corporate perches and then step up to the challenge of communicating personally and transparently with their people.” This technique shifts the focus of change from a top-down hierarchical model to a “bottom-up exchange of ideas.” 

Interactivity: Promoting Dialogue 

Interactivity should make a conversation open and more fluid. You can obtain this by talking with and not just talking to an employee. The purpose of interactivity builds upon the first prong of intimacy. The efforts to close the gap between employees will founder if both tools are not in place along with institutional support that gives employees the freedom and courage to speak up. Here social media can be a useful tool to help foster such interactivity, but take care not to simply use social media as another megaphone. It is more than just social media, it requires social thinking. 

Inclusion: Expanding Employees Roles 

Following on from intimacy is inclusion as intimacy should force a leader to get closer to employees while inclusion challenges the employee to play a greater role in the communication process. Inclusion expands on interactivity by enabling employees to put forward their ideas rather than simply batting the ideas to others who might be a part of the conversation. This brings employee engagement into the 360-degree process by calling on employees to generate the content that validates a company’s value. Employees who become committed to a message can become the best brand ambassadors that a company can ever hope to have on its payroll. 

Intentionality: Pursuing an Agenda 

While the first three prongs of this model focus on opening the flow of communication, intentionality is designed to bring a measure of closure to the process. The goal here is to have voices merge into a single vision of what the company’s communication stands for. In other words, the conversation should reflect a “shared agenda that aligns with the company’s strategic objectives” that will allow employees to “derive a strategically relevant action from the push and pull of discussion and debate.” The role here for leaders is to “generate consent rather than commanding assent” for a strategic objective. This enables employees at the top, middle and bottom to gain a 30,000-foot view of where their company stands on any issue which has gone through the process. 

The 360-degree approach requires you to be cognizant of how communications works wherever you are and in whatever medium you are communicating. It also focuses on the cultural differences that exist across borders, recognizing that cultural differences sometimes they exist within the same office or across a team. It is having as much awareness as possible of the audience you are communicating to so that you ensure the messages that you are trying to get through and the information you are trying to gain from that audience is gained in the most effective way possible. You need to be comfortable changing the way you approach different people with different cultures. 

Three Key Takeaways 

  1. Planes, trains and automobiles.
  2. Use a 360-degree approach to open the flow of communications.
  3. A 360-degree approach allows all company stakeholders to get the big picture.

 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 27, 2017

In this episode, I visit Jonathan Benson, Vice President of Product Development at ShoCard. Businesses must adopt solutions which keep information secure. Moreover, there is an ongoing need to ensure they are still in compliance. This episode provides a fascinating exploration of how innovation in one sector can impact the greater compliance profession. 

We discuss ShoCard’s use of blockchain to facilitate identity management. We begin with a brief explanation of is blockchain. Benson explains how blockchain can help commercial businesses with identity management and help financial institutions in their KYC obligations. We explore how can it help to reduce fraud and improve overall AML management and the scalability of the ShoCard solution. Finally, Benson explains that when large databases of personal information need to be maintained, they are vulnerable to attacks.

For more information on ShoCard’s solution, go to their website, by clicking here.

Nov 27, 2017

One area which most particularly lends itself to a 360-degree approach to communications is in the area of corporate culture. The more you can operationalize compliance, the more it works to operationalize culture in your organization. It works for all levels of a company, literally from the Boardroom to the shop floor. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) recognized this when they noted in their 2012 FCPA Guidance that “A compliance program should apply from the board room to the supply room—no one should be beyond its reach.” Yet culture can provide more than simply an ethical foundation, it is also a part of the business foundation of an entity.

In “Corey E. Thomas of Rapid7 on Why Companies Succeed or Fail”,  Adam Bryant interviewed Corey Thomas of the national security firm Rapid7. They considered why companies with smart, dedicated and motivated employees still fail. Unsurprisingly it all starts with culture. Thomas noted, “the culture of a company can make a huge difference. The culture can accentuate the collective, or it can be a distraction. If it’s a distraction, it can make everyone worse than they would be, either individually or in small groups.” Thomas believes this is because “smart and talented people have the capability to do some really phenomenal things or some really destructive things. And so culture ends up mattering to a huge degree.”

Yet it is even more sophisticated, as part of culture includes cohesiveness. Thomas noted, “Do the culture and the people and the company’s business line up and make sense? Sometimes you find significant inconsistencies. You might have a group of hard-charging, goal-oriented people, but what if their job is to figure out a market solution? Maybe they can’t do it because they’re better at executing than at being creative. So the teams need to be cohesive, but they can’t be monolithic, because teams with the same kind of people miss more. More diverse teams can see around corners because they have different perspectives.”

Using such a 360-degree approach to communication, allows a CCO to “see around corners” and can be one of the greatest strengths of a best practices compliance program. The reason is listening. Listening is a key leadership component and there are certainly many ways to listen. You can sit in your office and wait for a call or report on the hotline or you can go out into the field and find out what challenges employees are facing. From this you can work with them to craft a solution that works for the company and holds to the company’s ethical and compliance values.

Dun & Bradstreet CCO Louis Sapirman has often discussed his innovative use of a tool called Chatter, which he uses to engage D&B employees in a manner similar to Twitter in a virtual worldwide Tweet-up. He has created an internal company brand in the compliance space, using the moniker #dotherightthing, which trends in the company’s Chatter environment. He also uses this hashtag when he facilitates a Chatter Jam, which is a real-time social media discussion. He puts his compliance team into the event and they hold it at various times during the day so it can be accessed by D&B employees anywhere in the world.

He said that he ‘seeds’ Chatter Jam so that employees are aware of the expectations and to engage in the discussion respectfully of others. When they began these sessions he reminded employees that if they had specific or individual concerns they should bring them to Sapirman directly or through the hotline. However, he does not have to make this admonition any more, as everyone seems to understand the ground rules. Now this seeding only relates to the topics that each Chatter Jam begins with going forward. Sapirman emphasized that these events allow employees the opportunity to express their opinions about the compliance function and what compliance means to them in their organization. One of these discussions was around the company’s Code of Conduct. He said that employees wanted to see the words “Do The Right Thing” as the name of the Code of Conduct.

Using such tools a CCO can move towards Thomas’ next key ingredient of a successful corporate culture; which is trust. Thomas said, “I’m obsessive about the culture that we create specifically around trust, and this is an adjustment for some people when they come here. If you join our team, there’s trust by default here. That means you trust in the competence of your teammates. You trust in their intentions and what they’re saying. At some companies, the culture is that trust is earned over time, but that means if everyone in the organization says you have to earn trust, the amount of energy that actually goes into the trust-earning process is a distraction from our mission.”

This part dovetails into what Barbara Brooks Kimmel, Chief Executive Officer and Cofounder of Trust Across America - Trust Around the World, continually reminds us of from her site. Moreover, Kimmel finds that trust is good for the bottom line. As reported in, “Return on Trust: The “State of Trust” 2016”, Trust Across America found “During the three-year period from February 2013-February 2016 America’s most trustworthy public companies outperformed the S&P 500 according to the actual composite audited performance shown below and reprinted with permission of Facts Asset Management, LLC. This was not a “test” but rather “real” money under management, followed by an independent audit verifying the returns. Trust works as a business strategy.”

I found the Thomas interview fascinating as it moved corporate culture to the forefront of the business of an organization. A CCO can help to facilitate this moving forward by working to inculcate the right type of culture in their organization, which follows the DOJ’s Evaluation of Corporate Compliance Programs discussion of how operationalization of compliance is a further way of thinking about moving compliance and culture more deeply into a company.

Three Key Takeaways

  1. Business crisis almost always begin with a culture failure.
  2. Use a 360-degree approach to communication to see around the corners.
  3. Trust works as a business strategy. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 22, 2017

One of the greatest things about the compliance profession is that it is only limited by its collective imagination. If you can think it up, you can probably do it. This has led not only continuing evolution of compliance programs but continuing innovation in the compliance function. As compliance programs evolve and innovate, regulators take note and the cycle becomes almost a continuous feedback loop. One technique new to compliance but squarely in the 360-degree view of communication is internal crowdsourcing, to enlist new ideas from employees, to open new sources of compliance innovation.

Internal corporate crowdsourcing was explored in  “Developing Innovative Solutions through Internal Crowdsourcing, where the authors noted, “It allows employees to interact dynamically with coworkers in other locations, propose new ideas, and suggest new directions to management. Because many large companies have pockets of expertise and knowledge scattered across different locations, we have found that harnessing the cognitive diversity within organizations can open up rich, new sources of innovation. Internal crowdsourcing is a particularly effective way for companies to engage younger employees and people working on the front lines.” They came up with seven key elements companies should use to aid in moving such an effort forward, which apply forcefully to the CCO and compliance practitioner.

  1. Keep the focus on innovation. You should use this technique for long-term initiatives and not short-term improvements. Establish the grounds for employee creativity with criteria such as (1) ability to meet employees’ unmet needs, (2) delighting the employee, (3) the solution’s newness, (4) marketability, (5) commercial viability, and (6) scalability.
  2. Give internal crowdsourcing participants slack time. If your company wants you focused solely and only on your day job, it will, by definition, limit your participation in a company crowdsourcing project to nights and weekends. This may not be when and where you do your best work. Companies must arrange to allow employees the time and space during working hours to participate meaningfully.
  3. Allow for anonymous participation. Trust is always a key issue in these types of project. Anonymous participation can help build and maintain that trust because when organizational identities are revealed in an internal crowdsourcing project, “some individuals may feel compelled to defend their formal positions.” Companies need to ensure participants “feel safe about contributing knowledge, regardless of their seniority or role in the company.”
  4. Take steps to ensure that company experts don’t exert their influence too heavily. Internal company experts will have their ideas given additional heft if their identities are known. This can have the unintended effect of intimidating others or lessening their voices in the process. Yet you must work to keep the process open to diverse perspectives, for internal crowdsourcing to produce innovative outcomes. You should have the company’s compliance experts operate as moderators and to do what they can to encourage others to come up with compliance innovations.
  5. Use a collaborative process for internal crowdsourcing. Much like Louis Sapirman’s use of social media to communicate with and obtain information from D&B’s employee base, use of an internal crowdsourcing project has the positive by-product of engagement, stating, “It’s also to build a system through which people within the organization share knowledge, learn from one another, and offer pertinent knowledge for use in new solutions.” If you can engage your employees in compliance, you will not only have a better chance of keeping them engaged, but you will also more fully burn compliance into the fabric of your organization or operationalize compliance in your organization.
  6. Design platforms that facilitate shared development and evolution of solutions. A key to internal crowdsourcing success draws inspiration from open source software. It is that employees need to see what other employees have contributed so they can build upon it. You must find a way to share knowledge among the employee base on an ongoing basis. The authors found three major benefits to such an approach: “(1) knowledge sharing among the crowd across a variety of knowledge types (not just ideas); (2) the opportunity for coevolution of solutions by the crowd; and (3) the degree to which feedback from the crowd helps to refine ideas.”
  7. Be transparent about plans for follow-up post-crowdsourcing. Not surprisingly, one major defect around internal crowdsourcing projects is lack of follow-up and lack of transparency for the employee participants. Simply put, employees not only want to know the results but they also want to know if their ideas were used. This can be a powerful motivator for future participation or the opposite. Companies need to make the process open and fair.

By internally outsourcing compliance function enhancements, a CCO can increase employee engagement in compliance. The entire process draws from your diverse employee base which brings both organizational learning and knowledge diffusion into the continuous improvement of your compliance program. Just as the data in your organization is your data, so you should not only utilize it but monetize it; your employee base can be a large and untapped source of information which can more readily be implemented and have a more rapid impact on your compliance program going forward.

Three Key Takeaways

  1. In compliance, you are only limited by your imagination.
  2. Build trust and be transparent in your process.
  3. Through internally outsourcing compliance function enhancements, a CCO can increase employee engagement in compliance. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 20, 2017

One of the ways that CCOs and compliance practitioners can better use 360-degrees of communication is through Twitter. In “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd found “employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) Employees who used Twitter had better ideas than those who did not do so; (2) There was a link between the amount of diversity in employees’ twitter networks and the quality of their ideas; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative. 

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly-straightforward, good ideas emerge when new information received is shared with what a person already knows. In today’s digitally connected world, the amount of information in almost any area is significant. Yet by using Twitter, “the potential for accessing a divergent set of ideas is greater.”

The key concept for the compliance profession are the roles of Idea Scout and Idea Connector. An idea scout is an employee who looks outside the organization to bring in new ideas. An idea connector, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” It is the ability to identify, assimilate and exploit new compliance ideas, which makes this concept so powerful. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter is a gateway to solution and a way to obtain different perspectives and to challenge the status quo in one’s thinking. The key is not your number of followers on Twitter but rather the diversity within your Twitter network, as “Diversity of employee’s Twitter network is conductive to innovation.” An Idea Scout will “identify external ideas from experts and resources on Twitter.” The compliance practitioner can take advantage of experts within the anti-corruption compliance field, but there is an equally rich source of innovation from those outside this arena.

Even with modern social media tools, the first key to good leadership is to listen. Listening can be enhanced, through the “breadcrumb” approach of finding innovation leaders and thought-provokers. This entails listening to colleagues and industry leaders who are Twitter “including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

There are a variety of ways an Idea Connector can use Twitter. One is to try to sift through your Twitter feed and look for trends and relationships between topics. You bring value when you stamp your own analysis and interpretation on it. Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional communication through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. The use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques to help you burn compliance into the DNA fabric of your organization.

 Three Key Takeaways

  1. Twitter can be powerful tool for the compliance practitioner.
  2. Data mine twitter for not only best practices but see what the regulators may be saying.
  3. Curiosity may have killed the cat but it makes for a far better and more effective compliance practitioner.

 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 17, 2017

Other than the skill of listening, asking questions is about as important to the compliance practitioner as any other that can be employed. Yet, equally critical is to ask the right question, which is an issue explored Brian Grazer and Charles Fishman explored this concept in their book “From a Curious Mind: The Secret to a Bigger Life.

Grazer is a well-known and successful Hollywood director who has directed such movies as Splash, A Beautiful Mind and Cinderella Man. He believes that much of the success he has achieved is because he asks lots of questions and that “Questions are a great management tool.” This is because “Asking questions elicits information” and it also “creates the space for people to raise issues they are worried about that a boss, or colleagues, may not know about.” By asking questions, you allow “people to tell a different story than the one you’re expecting.” Finally, and perhaps most significantly, “asking questions means people have to make their case for the way they want a decision to go.”

Getting your employees to not simply talk to you but tell you the truth about how they feel or what they may be thinking is a key skill for any leader. As a CCO, you may find this particularly difficult in far-flung reaches of an international company, which is subject to the FCPA, UK Bribery Act or other anti-bribery/anti-corruption law. Whether you are performing a risk assessment or simply getting out of the corporate home office, you need to be able to engage employees across the globe and from a variety of cultures.

Ask open-ended questions so you will not receive back a simple Yes/No answer. Some key foundational questions include, “What are you focused on? Why are you focused on that? What are you worried about? What is your plan?” By asking these or other questions, such as “What are you hoping for? What are you expecting? What’s the most important part of this for you?” as a CCO, you can get much more engagement from the people with whom you work.

Consider pursuit of a high profit deal in a high-risk geographic area. You might want to sit down with the business unit person in charge of the project and ask them, what is your plan to sign this contract and execute it, consistent with your obligations within the company’s compliance program? In doing so you are communicating two key concepts, using a 360-degree approach. First, you make clear there should be a plan in place. Second, you are make clear the employee is in charge of that plan. Therefore, by simply asking the question, you are communicating the employee has both the responsibility for the problem and the authority to come up with the solution. This type of approach allows those who so desire to step up to do so, as “It’s a simple quality of human nature that people prefer to choose to do things rather than be ordered to do them.”

Equally important are the values you can transmit by asking questions. If you do have to fly to China or some other local office, you do not want to be seen as the US corporate executive coming to deliver some bad news or that costs need to be cut. By asking questions you can solicit ideas to help solve problems. This is because asking questions creates the authority in people to come up with ideas, coupled with the responsibility for moving things forward. Questions create space for all kinds of ideas and the sparks to come up with those ideas. Most important, questions send a very clear message: We’re willing to listen, even to ideas or suggestions or problems we weren’t expecting.” This is not about being warm or fuzzy, it is demonstrating curiosity in the employee.

You should also consider asking questions in the context of 360-degrees of communication. Louis Sapirman has made clear this concept is more than simply a two-way; up and down approach. It really demonstrates not only a level of knowledge but the communication itself important in every other direction in the workplace. People should ask their bosses questions. If employees feel comfortable enough to ask these questions, it allows CCO to be clear about things that they think are clear, but more importantly which may not be clear at all. Finally, if a person asks a question, they most usually listen to the answer. This is because “People are more likely to consider a piece of advice, or a flat-out instruction, if they’ve asked for it in the first place.”

You too can use this simple and straight-forward technique to improve not only your leadership qualities in the compliance function but your organization’s compliance function as well. The reason that asking questions is so much better than simply giving orders is that you have a vast talented workforce you can tap into it help you do business in compliance. But the how of doing a business process that is, or should be, burned into your company can be facilitated by possibilities that are out there in your employees’ minds.  360-degrees of communications allows you to create an atmosphere where nobody is afraid to ask a question. Perhaps equally importantly no one is afraid to answer a question.

Three Key Takeaways

  1. Asking questions is a great technique to elicit information.
  2. Asking questions creates the authority in people to come up with ideas, coupled with the responsibility for moving things forward.
  3. Create an atmosphere where no employee is afraid to ask or answer a question. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 16, 2017

A 360-degree approach to communications entails looking at all forms of interactions as a way to interconnect. This means both verbal and non-verbal and in clues, hints in addition to directly. This concept can be particularly helpful in relating to and with cultures outside the United States as one of the things most critical issues to a compliance function is breaking through a company’s internal cultural boundaries. In “Getting to Si, Ja, Oui, Hai and Da; How to negotiate across cultures”, Erin Meyer explained that “managers often discover that perfectly rational deals fall apart when their [business] counterparts make what seem to be unreasonable demands or don’t respect their commitments.” She laid out a five-point solution that I have adapted for the CCO or compliance practitioner in communicating a compliance program across a multi-national organization.

Initially look for as many cultural bridges as you can find as it will help you understand what your international audience is communicating to you, in both verbal and non-verbal formats, during a wide variety of activities familiar to any compliance professional such as training, investigations or simple meetings where the compliance perspective must be articulated in any business setting. If you fail to have an understanding or even a person who can navigate these signs for you, here are five steps to help you out: (1) Adapt the way you express disagreement; (2) Know when to bottle it up and let it all pour out; (3) Learn how the other culture builds trust; (4) Avoid yes or no questions; and (5) Be careful about putting it in writing.

Adapt the way you express disagreement

Simply because someone disagrees with you, it is not a sign that the discussion is going poorly but that it is an invitation to engage in a lively talk. The key is to listen for verbal cues when interacting. These sources are “what linguistics experts call “upgraders” and “downgraders.” Upgraders are words you might use to strengthen your disagreement, such as “totally,” “completely,” “absolutely.” Downgraders - such as “partially,” “a little bit,” “maybe” - soften the disagreement.” It is incumbent to understand upgraders and downgraders within their own cultural context.

Know when to bottle it up and let it all pour out

Some cultures have very demonstrative ways of speaking and gesturing. However other cultures are not comfortable with such displays. You need to understand this key difference. Meyer writes, “So the second rule of international negotiations is to recognize what an emotional outpouring (whether yours or theirs) signifies in the culture you are negotiating with, and to adapt your reaction accordingly. Was it a bad sign that the Swedish negotiators sat calmly across the table from you, never entered open debate, and showed little passion during the discussion? Not at all. But if you encountered the same behavior while negotiating in Israel, it might be a sign that the deal was about to die an early death.”

Learn how the other culture builds trust

Most Americans think that building trust in a business setting is gained by demonstrating your usefulness and competency in providing solid information. However, this type of approach is not always the most effective across the globe. There are two different approaches to building trust:  cognitive and affective.

In the cognitive approach, you gain trust by “the confidence you feel in someone’s accomplishments, skills and reliability.” In short, you know your stuff and for the compliance practitioner there is usually not much higher a compliment. This type of trust is more valued by Americans, Germans, Australians and Brits. Meyer says this is the trust that comes from the head. Conversely, affective trust may be termed to come from the heart. But it is not simply emotive. It derives from “emotional closeness, empathy, or friendship.” It means that you see each other on a personal level. In the BRIC countries, Southeast Asia, trust of this type is not likely to be achieved until this type of connection can be made.

Some of the techniques you can employ to build trust are to, “Invest time in meals and drinks (or tea, karaoke, golf, whatever it may be), and don’t talk about the deal during these activities. Let your guard down and show your human side, including your weaknesses. Demonstrate genuine interest in the other party and make a friend. Be patient: In China, for example, this type of bond may take a long time to build. Eventually, you won’t have just a friend; you’ll have a deal.”

Avoid yes or no questions

This is something Americans have an innate amount of trouble getting our heads around. Most generally when we ask a direct question requiring a direct Yes-or-No answer; we expect that whichever the answer is, it will be adhered to going forward. In many other cultures that may not always be correct. In some cultures, it is rude to tell someone you respect and have trust for ‘No’ directly. While they may say ‘Yes’, they may really mean ‘No’. Conversely, even when the verbal response is a strong or even a multiple ‘No’ answer, it may simply mean that the party needs more time to respond.

This means you should try to avoid a simple Yes-or-No response, by asking a more open question that elicits additional information that will help provide the context for the answer. You should also watch body language and other signals more closely, “Even if something is affirmative, something may feel like no: an extra beat of silence, a strong sucking of breath” or a muttering. Be watchful and listen closely.

Be careful about putting it in writing

This last point may be the most difficult for the CCO and compliance practitioner, especially if you accept my mantra to Document, Document, and Document. In many cultures, even the follow up to a conversation with something in writing could well seem like a slap in the face, the lack of trust or even communicating that the listener did not comprehend what you were communicating. You may need to do some additional amount of explanation around your written compliance documentation. Do not be dogmatic about it, but emphasize the need for written materials in the appropriate situation.

Communications in compliance must be largely drawn around trust. For any compliance practitioner, this is a key to working with your employee base across the globe. Implicit in building trust is that you get out of your home office and travel to your other office locations. While you can build cognitive trust through demonstrating your usefulness to an overseas business unit from your home office in America, you will never build affective trust sitting in the corporate office. Get out and about and meet your employees and build the trust that will allow a successful a 360-degree approach to communication.

Three Key Takeaways

  1. Communications in compliance must be largely drawn around trust.
  2. Look for as many cultural bridges as you can find as it will help you understand what your international audience is communicating to you.
  3. One of the things most critical issues to a compliance function is breaking through a company’s internal cultural boundaries. 

 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 15, 2017

What if you could multiple the impact and effectiveness of your compliance program throughout your company? That would be a great boon to any compliance practitioner and compliance program. It is also something that is very possible by considering a 360-degree view of communications in compliance using multipliers. 

Liz Wiseman is the co-author with Greg McKeown of Multipliers: How the Best Leaders Make Everyone Smarter, which is a book about the various types of leaders. They focus two different types of leaders, Diminishers and Multipliers. Multipliers are leaders who encourage growth and creativity from their workers, while Diminishers are those who hinder and otherwise keep their employees’ productivity at a minimum. 

These techniques not only beneficial for every Chief Compliance Officer to use as a business leader within your organization, but also for every compliance practitioner to more fully operationalize corporate compliance programs. The also help you to understand more fully the concept of 360-degrees of communication because in every interaction you can multiply the power of your communication by using a variety of simple and even straight-forward tools and techniques. 

Multipliers increase, often exponentially, the intelligence of the people around them through communication. They lead organizations or groups that can understand and solve hard problems rapidly, achieve their goals, and adapt and increase their capacity over time. On the other hand, diminishers literally drain the intelligence, energy and capability from the employees or team members around them. They lead groups that operate in silos, find it hard to get things done, seem unable to do what’s needed to reach their goals. 

Multipliers break down into five disciplines in which they differentiate themselves from diminishers. The first is the Talent Magnet, who attracts and optimizes talent; the second is the Liberator, who creates intensity that requires an employee’s best thinking; next is the Challenger who extends challenges by having others do the hard lifting so that they can stretch themselves; next is the Debate Maker who facilitates a debate between his or her team which leads to a decision improving a process or issue; and finally is the Investor, who instills ownership and accountability with his/her employee base. Interestingly Wiseman believes that multipliers increase efficiency and productivity by two times. 

Diminishers also break down into five different prototypes. They are the Empire Builder, who is only interested in collecting very talented people around themselves so that they look good; next is the Tyrant, whose name is almost self-disclosing but ruins all those around them with their insistent criticisms; next is the Know-it-all who give directives simply to showcase how much they know limiting what their teams can achieve to what they themselves know how to do. This means the team must try to deduce, literally in the dark, the soundness of the decision instead of executing it; and finally, there is Micromanager, who generally believes they are only person who can figure something out and approach execution by maintaining ownership, jumping in and out of a project and reclaiming responsibility for problems which they have delegated. Diminishers usually reduce efficiencies by up to 50%. 

Wiseman presented several ways that a leader could use multiplier effects and I found many of them would work particularly well for the compliance practitioner who is working to operationalize a best practices compliance program. This is particularly true because it is through persuasion that compliance works best by getting other corporate disciplines to embrace compliance. 

Some of the specific multiplier techniques are to identify not only what the skills are for those on your team, but also what comes easily and natural to them. By doing so you can more effectively utilize their talents in implementing a compliance regime. Interestingly you can get employees to stretch through a technique called ‘supersizing’ where you give someone a task that may be “one size too big” for them, but allows them to grow into it. This is certainly applicable when working to operationalize compliance in business units outside the United States which may only have been dictated to previously but where not involving in doing compliance. 

As the CCO or compliance leader working to more fully operationalize your compliance program, you should work to limit your direct comments to a minimum going forward. This will allow the non-compliance team members to not only stretch themselves but also allows for more impactful intervention when necessary but the simple fact is you are intervening less. Louis Sapirman, the CCO at Dun & Bradstreet said that while he holds the office, he is not the face of compliance at the company. It is him employee base. He has literally multiplied the influence of the compliance function both inside and outside the company in this manner. 

Mistakes are going to happen in any implementation. The same is true when you are operationalizing your compliance program. To overcome this there are a couple of strategies. The first is to talk up your mistakes within the team for debriefing and analysis. The second is to actually make room for mistakes (think of a sandbox) where your team can experiment, take some risks and recover from the mistakes. 

I found her next point fascinating, which was to lead by asking questions. Every question is answered by another question. Her technique of leading with questions works with all five categories of multipliers. The reason it is so successful is that people are smart, the not only want to get things right but they want to build and eventually they will figure out how to do it. It is not simply a case of getting out of their way. It is about guiding them with your compliance expertise to come up with not only the right answer but a solution which will work. 

Now imagine applying this leadership technique as you are trying to more fully operationalize your compliance program. If you take this approach of leading by asking questions, you not only guidance the functional unit but you get greater buy-in to the entire concept and process as it becomes their process. The non-compliance team may design it and have ownership over it. 

Wiseman concluded by challenging each of us to multiply our influence to make those with work with and even work for better. You can use these skills to more fully operationalize your compliance program. If you do so, you will not only fulfill the requirements of the Department of Justice, laid out in the Evaluation of Corporate Compliance Programs, you will bake compliance into the DNA of your company by making it a part of the way you conduct your business. 

Three Key Takeaways 

  1. Multipliers are leaders who encourage growth and creativity from their workers.
  2. Diminishers are those who hinder and otherwise keep their employees’ productivity at a minimum.
  3. Multiply the influence of the compliance function both inside and outside the company in this manner.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 14, 2017

Many compliance professionals in the corporate world work long and hard to rise to the senior management level in their organizations. It takes subject matter expertise, hard work and sometime propitious good fortune to get to the C-Suite level in a large company. However, many of the skills which work to get you there do not always serve you in the context of a 360-degree view of communication at the senior management level. 

One thing many compliance practitioners have in common is self-reliance. Not every lawyer and compliance practitioner is a Type A driven personality but many are. In many ways, it is what makes us a success. However, in the corporate world, just like any other, there are limits to self-reliance. Put another way, if you do not have a culture where everybody appreciates the importance of their role in showing the type of behavior that is expected within your organization; then you are probably not doing a very good job of driving culture.  Adam Bryant explored this theme in a New York Times (NYT) Corner Office column where he interviewed Lori Dickerson Fouché, the Chief Executive Officer (CEO) of Prudential Group Insurance. 

A key lesson is to ask for help. Fouché said it “stemmed from the fact that I had been used to thinking, “I can get through the brick wall. I can make this happen.” I was very self-reliant, and I figured that if I could do it, so could the team. So, I overworked some teams early on, and that led to an early lesson around asking for help. It’s O.K. not to have all the answers and not to be able to do everything and to put your hand up and say, “I need help.” I was so surprised by how people really wanted to help. They loved being invited into the process.” Building on the Wiseman concept of multipliers, you see how you can expand the influence only yourself and your corporate compliance function. 

From these experience, Fouché also learned to prioritize. She noted, “You simply can’t do everything. There were times I would walk into a new job, and my eyes would be huge and I would feel like a kid in a candy shop. I’d think, “Let’s just get after it,” instead of, “O.K., let’s pause. What’s the most important thing to really get after?” Being able to say “No” or “Not now” were important lessons for me.” 

Another interesting lesson concerns transparency. Fouché related “to share my thoughts so that other people could follow them. I learned an important lesson from a colleague when I was C.E.O. at another company, who said: “Lori, this is a little bit like being on the train and you’re in the front of the train and we’re in the dark. You can see the light at the end of the tunnel. But there are people who are toiling in the back, and they’re throwing coal in the engine, and they’re working the cars, and that’s all they know. You should be at the front of the train, but your job is to shorten the distance between you and the back of the train so that we can all see what you see at the front.”” 

In other words, prioritize and start the slogging work of going through the issues in front of you. It not only gives you some semblance of control but also helps you to focus on doing the next right thing. As a business leader, others in your team and cascading down will take their clues from you and begin to operate in the same analytical manner. This also ties into one of Fouché’s key points about her leadership style. 

Not only does she strive for personal transparency, she expects it from others. She said, “I expect my leaders to listen. I expect them to ask questions. I expect them to understand what’s going on. I am somewhat infamous for saying, “So how’s it going?” And they’ll say, “Great.” Then I’ll say, “How do you know?” It’s one thing when people start telling you anecdotes and it’s another thing when they can say, “Well, because we track this and we measure that.” We make sure we’re analytical in our approaches.” 

If you couple this with two characteristics Fouché looks for when hiring: resilience and perseverance; it gives you a hint on some key characteristics. This is because she believes that when “working in big companies, and you have to find a way to navigate and negotiate to an end result. It could be a winding path. Make sure that people feel like they know how to do that, and do it in a way that is respectful of the system.” You will have more success in communications and in use of social media if you first start with a relationship, particularly in getting to know the leaders in a given geographic market within your organization.

Aesop noted many eons ago that the race is not always won by the fastest but often the strongest and the steadiest. Many of the characteristics which allow you to rise within a corporation may need to be ameliorated somewhat at the C-Suite.  Fouché’s lessons around a 360-degree approach to both leadership and communications give you some good starting points.

Three Key Takeaways 

  1. Learn to ask for help.
  2. As a CCO share your thoughts so others can follow them.
  3. Leadership often involves taking employees on a winding path. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

Nov 13, 2017

The life of a Chief Compliance Officer (CCO) can be intense and the one of the most powerful tools you have is persuasion. Jenny O’Brien, CCO at United Health Care, has talked about the techniques that a CCO can use to influence decision making in a company to do business in ethically and in compliance. She has called these techniques of persuasion “Seven Steps of Influence” and advocates a CCO employ them help influence decision-making within an organization. 

  1. Collaboration. As a CCO you need to know your company’s business. If you are new to an organization you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling your inner Atticus Finch, you must walk in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team faces out in the world.
  2. You must work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak, be prepared to make the case for the compliance proposition that you are trying to get across. As a CCO, strive to be relevant in every interaction you have with your peers in senior management. This sometimes it means speaking up at meetings or other forums but sometimes it means listening. Develop a rapport with your business team and this rapport can lead to trust building.
  3. Relationships. This is relationships between the compliance function and other corporate functions in an organization, through a CCO or compliance practitioner can bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization with which you want to work and with those with whom you desire to build relationships. The key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications.
  4. Humility. Humility is important because it empowers. It can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. Echoing the DOJ Evaluation of Corporate Compliance Programs requirement that compliance should be operationalized, business units should solve compliance issues, as compliance is just another business process. Through such influence you can get business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. It is not about being right but about moving the compliance ball forward in the right direction.
  5. Negotiation. A compliance practitioner you need to learn the art of compromise. Negotiation is not about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. When faced with such a confrontation, try to determine what both sides wanted then give them something else in addition to what they thought they wanted. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No.
  6. Triple 'C'. Keep calm, cool and collected because all company employees, up and down the chain, are watching the CCO. For this reason, a compliance practitioner should channel their inner Harry Dean Stanton and have a laconic face, at all times. The Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
  7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? As a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. A CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board. 

Influencing and using persuasion is not a one-time activity. It is ongoing. If you consider it within the context of the 360-degree approach to communication, it means calibrating every which manner of influence and with all your stakeholders, both inside and outside your organization. Persuasion touches all forms of communications whether those are formal communications, informal communications, or simply accidental communications. It includes using all the right methods of communications to maximize the influence you can bring to bear. 

Three Key Takeaways 

  1. Persuasion is probably the key tool for any CCO.
  2. Persuasion touches all forms of communications.
  3. Influencing, using persuasion is not a one-time activity; t is ongoing as in literally all the time. 

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to dnb.com/compliance.

1 « Previous 2 3 4 5 6 7 8 Next » 16