Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2017
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: May, 2017
May 31, 2017

Day 22-10 Questions to Better Operationalized Compliance

I conclude this month’s series inspired by an article in the Harvard Business Review, entitled “Does Management Really Work?” by Nicholas Brown, Raffaella Sadun and John Van Reenen. I found the article very useful because it gave succinct advice about what a business can do to improve its management practices and determined that this advice can be applicable to a compliance program. Based upon this article I have developed 10 questions which you might want to put use as a starting point for operationalizing your compliance initiatives going forward. I would challenge you to think about some of the answers to these questions in the context of your compliance program.

  1. Interconnectedness of Targets - How are compliance goals cascaded down to individual workers? Everyone recognizes the importance of ‘tone-at-the-top’ as it is enshrined in every description of a best practices compliance program. However, operationalizing compliance means moving towards an appropriate tone in the middle and at the bottom. As stated in the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs (Evaluation), under Prong 1, “How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?”
  2. Clarity and Comparability of Goals - Does anyone complain that your compliance targets are too complex? Certainly the initial role out of a compliance program can be quite a large undertaking. Perhaps another approach might be to focus on high risk areas and remediate them by rolling out initiatives to manage those risks first and then move to other areas. Many companies have reviewed and remedied the third party sales side of their business but are only now looking at the Supply Chain or Procurement side of the equation. If you work on one such problem at a time, it can help move the overall process forward in a more orderly fashion.
  3. Consequence Management - How do you deal with repeated compliance failures in a specific business segment or compliance program area? This is certainly one question that you would want to consider carefully. Do you have problems with one business unit or one geographic area from the compliance perspective? Are gifts in China, for example, an ongoing issue for your company? What about travel and entertainment? Consider this carefully as the DOJ asks the following about accountability in the Evaluation, “What disciplinary actions did the company take in response to the misconduct and when did they occur? Were managers held accountable for misconduct that occurred under their supervision? Did the company’s response consider disciplinary actions for supervisors’ failure in oversight? What is the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the type(s) of conduct at issue?”
  4. Instilling a Mind-Set - How does your company show that attracting and developing talent who will engage in ethical business conduct is a top priority? This is a key part of operationalizing your compliance program and one where your Human Resources (HR) Department should take the lead. If top management will make a commitment to this, you should work to create the appropriate mind-set of doing business the right way throughout your organization.
  5. Removing Poor Performers - How long is compliance underperforming tolerated? The DOJ asks in the Evaluation, “Has the company ever terminated or otherwise disciplined anyone (reduced or eliminated bonuses, issued a warning letter, etc.) for the type of misconduct at issue?” I think that many companies would clearly say that they will discipline, up to and including discharge, any employee who engages in practices that violate the Foreign Corrupt Practices Act (FCPA). But this question drills deeper and forces a more rigorous analysis on not just FCPA failures by employees but poor ethical choices which may be less than full FCPA violations.
  6. Unique Employee Value Proposition - What makes it distinctive to work at your company? What is the culture of your organization? Is it to do business ethically or simply make your numbers no matter how unrealistic they are aka Wells Fargo? More pointedly, how can your compliance challenges be turned into business leadership opportunities? Ethisphere annually shows that its top list of the Most Ethical Companies out performs the Standard & Poor (S&P) 500. If you more fully operationalize your compliance program into your company, it could well make your business not only more efficient but at the end of the day, more profitable.
  7. Continuous Improvement - How do compliance programs that are not working typically get exposed and remediated? There is a difference between auditing and monitoring. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. A robust program should include separate functions for auditing and monitoring. While unique in protocol, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For example, if you notice a trend of suspicious payments in recent monitoring reports from a country in the Far East, it may be time to conduct an audit of those operations to further investigate the issue.
  8. Performance Tracking - What key compliance indicators do you use for compliance tracking? What metrics have you developed around the operationalization of compliance. A good starting point can be with your hotline or helpline. What can you determine from the calls or reports submitted through these systems? What if you have not had any reports for several years, what should that be telling you about your communication to your employee base? Or does it mean that people have not been properly and effectively trained that a hotline or helpline exists and is available for their use or, more ominously, are afraid to make any reports for fear of retaliation or even losing their jobs? This is certainly something you should consider, whichever way the metrics are going for your company.
  9. Root Cause - For a given compliance problem, how do you identify the root cause? The DOJ asked in Root Cause Analysis – “What is the company’s root cause analysis of the misconduct at issue? What systemic issues were identified? Who in the company was involved in making the analysis?”Clearly the reason is that if you do not know what the cause of a problem is, you cannot successfully work towards remedying that problem. This does not simply mean firing any persons involved in a potential FCPA violation. You need to dig down and found out what allowed this issue to arise. I once heard that the difference between Japanese and American post-incident investigations is that in the US there is an attempt to assess blame, conversely in Japan there is an attempt to find a solution to the problem. This is the approach that I believe compliance practitioners should take, to try and find a solution by determining the root cause of a compliance failure.
  10. Retaining - What are you doing to retain your top employees from the compliance perspective? This is not a question that is typically asked in the compliance department, however it fully encapsulates the entire concept of operationalization. Have you considered what your company is doing to retain, promote and take to senior management those employees who do business in an ethical manner and in compliance with your company Code of Conduct?

I found the article to be very useful when applied to the compliance practitioner by not only using the triumvirate of targets, incentives and monitoring as a management practices but also the questions that the authors posed in the context of your company’s own compliance program. Compliance practitioners continually face the challenge of keeping up with the ever-evolving compliance best practices with little or no budget increase. By asking yourself and of your compliance program these questions you may create a road map to more fully operationalize your compliance regime.

Three Key Takeaways

  1. What are the unique compliance targets you have set and how interconnected are they to your business unit goals?
  2. Use a root cause analysis to determine why compliance initiatives are not successful.
  3. Retraining employees in compliance is an under-utilized tool.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 31, 2017

In this episode Matt Kelly and I take a deep dive into the revisions to the COSO ERM Framework, which were based on comments by practitioners. We consider the role of culture and risk, the integration of the COSO ERM Framework into functional business units moving to operationalize ERM in organizations and we consider how the ERM Framework differs yet is complimentary to the COSO Internal Controls Framework. 

 

For additional information, see Matt's Blogs posts on the COSO ERM Framework:

More Details on COSO ERM Framework

Update to COSO ERM Framework Update

ERM Framework: Govt. Calls for Unity

More Clues on Draft ERM Framework

Draft ERM Framework is Here: How to Get Started

May 30, 2017


Today I have back with me James Koukios, partner and Morrison Foerster on the firm's March 2017 report on the Top Ten International Anti-Corruption Developments for the month. We highlight the 2nd Circuit Court of Appeals oral argument in the Hoskins case and the OCED Phase 4 reports on Finland and the UK. For a copy of the firm's report, click here.

May 30, 2017

How can you determine if Human Resources (HR) can meet the needs of a best practices compliance program? One place to start is with a gap analysis to determine what HR has in place that can facilitate your company’s compliance program. According to Bright Hub Project Management, a gap analysis “compares actual performance (or status) with the desired performance (or status). A gap analysis takes into account where the company is and where it wants to be. Any review of a company and its goals should include a thorough gap analysis - especially when wanting to improve productivity, processes and products.”

From the HR and compliance perspective the four steps to undertaking a gap analysis are: (1) understanding the compliance and HR environment in your organization; (2) taking a holistic approach to understanding the compliance and HR environment; (3) determining a framework for analysis, and (4) compiling supportive data to test the program. Yet before beginning this exercise it is incumbent to understand that the first element of an effective compliance program under the U.S. Sentencing Guidelines is to have Established Policies and Procedures to protect and detect non-compliance with regulations. While the US Sentencing Guidelines specifically target “criminal conduct”, companies would be wise not to limit their “risk assessment” or “gap analysis” to only criminal conduct.

Most, if not all, companies possess several corporate policies that govern employee behaviors.  The person in charge of corporate compliance function should first identify the policies in place by utilizing a gap analysis to catalog the existence of corporate policies across the company, noting policy gaps and inconsistent application of policies across various locations. The business units and functional disciplines should be tasked with filling the gaps and standardizing conflicting polices.

This exercise allows you to move forward to what is required to operationalize compliance as you have to know what you must be compliant with going forward. So how does one work with the business units and the functional disciplines to structure the identification of legal and compliance risks in a way that can be managed and utilized with some degree of ease? Here are a few questions that a compliance practitioner may pose to the HR department to perform a gap analysis regarding policies and procedures:

  • Does the HR department have an inventory of policies, procedures, laws and regulations covering employees and employment related matters applicable to the company’s business?
  • If yes, do you have a specified person who is in charge of updating the inventory?
  • If no, what system does the HR department utilize to ensure that it is aware of the various compliance laws and regulations and has a process to comply with them?
  • What evidence would the HR department be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
  • What types of compliance training are mandatory for all employees, which are optional and how does HR track and document completion? How is the training performed? Is it provided in the native language of the employee or only in English?
  • What types of enforcement actions predominate in the compliance arena for your industry or where your organization does business? How is such data tracked in your company?
  • Are employees within the HR department specifically trained to understand compliance requirements applicable to your organization?
  • Does the HR department provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within HR?
  • Has the HR department established some type of escalation criteria to ensure that high-risk compliance issues are reviewed at the corporate level?
  • Does the HR department have compliance monitoring standards in place?
  • Does the HR department perform periodic audits to ensure that the policies and procedures are being complied with?

These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company. 

My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and document, document, and document.

Three Key Takeaways

  1. A gap analysis is a key component in the risk assessment process.
  2. The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
  3. The role of the compliance department is to oversee, provide subject matter expertise and coordinate.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

 

May 26, 2017

The key concept from the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Program (Evaluation) is operationalization. For instance, under the query Shared Commitment is the following question - “How is information shared among different components of the company?” Under the Prong relating to Policies and Procedures the Designing Compliance Policies and Procedures asks, “What has been the company’s process for designing and implementing new policies and procedures? Who has been involved in the design of policies and procedures? Have business units/divisions been consulted prior to rolling them out?” Lastly, under the same Prong is Responsibility for Integration, with the following question “Who has been responsible for integrating policies and procedures?”

These questions point to a Chief Compliance Officer (CCO) or compliance practitioner demonstrating how compliance is being burned into the fabric of an organization. While leadership at and from the top has long been considered by both the DOJ and compliance professionals as a key element to move compliance forward, the Evaluation has also crystalized thinking around compliance leadership from the middle and the bottom. I thought about these concepts when reading a recent Financial Times (FT) article by Andrew Hill, entitled “Leadership from the bottom up”. I was particularly struck by a quote from Shlomo Ben-Hur, a professor at IMD business school, who said, “We teach the top 5 per cent — but the majority of this work is carried out by the other 95 per cent.” 

In Ben-Hur’s work he found that many executives came from the middle management ranks. They tended to be persons “with a determination to “take what I have responsibility for and make it truly great.”” Anecdotally, he related “They typically said, ‘I’ve responsibility for the minibus,’ and people then asked them to drive bigger and bigger buses until one day they drove the whole business.”” Think of the military and the responsibility given to front line commanders and how that “is increasingly reflected at large companies.” 

The key for companies is that senior management must “find ways to transmit leadership skills to people who do not have ‘leader’ in their job description and will probably never attend a top-level leadership program.” Hill noted, “Ben-Hur’s work has focused on ensuring that managers understand how to assign the right jobs to their team members and motivate them to perform well, using theories of behavioural change that senior executives have typically never learnt on their way to the top. Dedicated managers well below the executive board need to know how to use these tools.” 

For the CCO or compliance practitioner, this provides a clear path to help in the operationalizing of compliance by providing the tools to persons far down the organization to put compliance into the operations of a business. One thing Hill writes about is a company should nuture such learning because by doing so, it will both teach practical skills around compliance but also foster a strong internal network of compliance advocates who can move initiatives up and down and organization. Moreover, as these individuals progress through the company ranks, they can take their compliance message with them at each new level. 

Building on the writings of Hill and the work of Professor Ben-Hur, my suggestion is to build a Compliance Excellence Center in your company. Bring in middle-managers to focus on understanding not only their roles in compliance but also how to assign the right team members to a compliance initiative and motivate employees going forward. Hill wrote that Airbus has recently established a corporate ‘university’ to spread leadership ideas through the company. Airbus’ theory behind this push is “being a leader isn’t just about being a vice-president; it’s about being able to push the company towards new ways of doing things and executing the things we have to execute. That could [apply to] a blue-collar worker on the shop floor or a VP.” 

A key is not simply to train such middle and front line managers on compliance but getting them to consider rollout, effectiveness, testing and improvement. In other words, as Jay Martin would say, it is all about execution. One way to help facilitate this is through exercises using incentives to “make leadership insights stick and change workplace behavior.” Hill also writes that concepts from entrepreneurship can assist in such learning by encouraging managers to “think and act independently” to operationalize compliance. Finally, never forget mentoring as a manner to spread good compliance practices throughout a company if a more formal approach is not possible. 

Too often, strategies to move a compliance program or even an initiative come from the top of an organization and are pushed down. To fully operationalize compliance, you must have leadership in compliance further down the organization which (hopefully) has been a part of the design process and can lead the implementation throughout an organization. 

Three Key Takeaways

  1. While tone at the top is critical, the tone at the bottom can actually work to more fully operationalize compliance.
  2. 95% of the work is done at this bottom level.
  3. Use HR to come up with a strategy to move compliance into the bottom for more complete operationalization. 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 26, 2017

This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss: 

  1. Tom reports on Compliance Week 2017. See his articles in Compliance Week, here and here.
  2. If the DOJ releases new information in the form of the Evaluation of Corporate Compliance Programs, does anyone read it. See article in GIR (sub req’d).
  3. Jay discusses the SCCE event he attended last week in San Francisco. See Jay’s recap in his article I Left My #SCCE Heart in San Francisco or I Love It When A Plan Comes Together!
  4. Was the individual enforcement against the MoneyGram CCO significant or much ado about nothing? See article by Dick Cassin in the FCPA Blog and by Sara Kropt in her Grand Jury Blog.
  5. DOJ will embed prosecutors overseas. See article by Sam Rubenfeld in WSJ Risk and Compliance Journal. See full text of speech by Deputy AG Trevor McFadden by clicking here.
  6. Warriors and Cavs meet in the first time, three consecutive title match run. Tom and Jay consider from the compliance perspective.
  7. Tom announces the release of his new book 2016 – The Year in Corporate FCPA Enforcement. For more information and to purchase, click here.

 Jay Rosen can be reached:

 Mobile (310) 729-6746

Toll Free (866)-201-0903

JRosen@affiliatedmonitors.com

 

Tom Fox can be reached:

       Phone: 832-744-0264

       Email: tfox@tfoxlaw.com

May 25, 2017

 

One of the ways that Human Resources (HR) can help to operationalize compliance is to assist each level of an organization to have a proper tone. While the top of an organization rightly gets much of attention, the tone about doing business ethically and in in compliance is equally important in the middle of an organization. 

A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.

Adam Bryant, in a NYT article, entitled “If Supervisors Respect The Values, So Will Everyone Else”, explored this topic when he interviewed Victoria Ransom, the Chief Executive of Wildfire, a company which provides social media marketing software. Ransom spoke about the role of senior management in communicating ethical values when she was quoted as saying “Another lesson I’ve learned as the company grows is that you’re only as good as the leaders you have underneath you. And that was sometimes a painful lesson. You might think that because you’re projecting our values, then the rest of the company is experiencing the values.” These senior managers communicate what the company’s ethics and values are to middle management. So while tone at the top is certainly important in setting a standard, she came to appreciate that it must move downward through the entire organization. Bryant wrote that Ransom came to realize “that the direct supervisors become the most important influence on people in the company. Therefore, a big part of leading becomes your ability to pick and guide the right people.” 

Ransom said that when the company was young and small they tried to codify their company values but they did not get far in the process “because it felt forced.” As the company grew she realized that their values needed to be formalized and stated for a couple of reasons. The first was because they wanted to make it clear what was expected of everyone and “particularly because you want the new people who are also hiring to really know the values.” Another important reason was that they had to terminate “a few people because they didn’t live up to the values. If we’re going to be doing that, it’s really important to be clear about what the values are. I think that some of the biggest ways we showed that we lived up to our values were when we made tough decisions about people, especially when it was a high performer who somehow really violated our values, and we took action.” These actions to terminate had a very large effect on the workforce. Ransom said, “it made employees feel like, “Yeah, this company actually puts its money where its mouth is.”” 

Ransom sought to ensure that everyone knew what senior management considered when determining whether employees were “living up to the company culture.” The process started when she and her co-founder spent a weekend writing down what they believed the company’s values were. Then they sat down with the employees in small groups to elicit feedback. Her approach was to look for what they wanted in their employees. They came up with six. 

  • Passion: Do you really have a thirst and appetite for your work?
  • Humility and Integrity: Treat your co-workers with respect and dignity.
  • Courage: Speak up - if you have a great idea, tell us, and if you disagree with people in the room, speak up.
  • Curiosity: They wanted folks who would constantly question and learn, not only about the company but about the industry.
  • Impact: Are you having an impact at the company?
  • Be outward-looking: Do good and do right by each other. 

Ransom had an equally valuable insight when she talked about senior management and ethical values. She believes that “the best way to undermine a company’s values is to put people in leadership positions who are not adhering to the values. Then it completely starts to fall flat until you take action and move those people out, and then everyone gets faith in the values again. It can be restored so quickly. You just see that people are happier.” 

What should the tone in the middle be? Put another way, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and, consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore your organization should train middle managers to enhance listening skills in the overall context of providing training for what she termed their ‘Manager’s Toolkit’. This can be particularly true if there is a compliance violation or other incident that requires some form of employee discipline. Ransom believes that most employees think it important that there be “organizational justice” so that people believe they will be treated fairly. Ransom further explained that without organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness that an employee is more likely accept a decision that they may not like or disagree with. 

So think about your lines of communication and your communication skills when conveying your message of compliance down from the top into the middle of your organization. 

Three Key Takeaways

  1. While tone at the top is critical, the tone in the middle can actually work to more fully operationalize compliance.
  2. How do you train middle managers?
  3. What compliance tool kit do you provide to middle managers?

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

 

 

May 25, 2017

Episode 18 Show Notes

 I. Compensation, Incentive and Compliance

In this episode, Roy Snell and myself discuss how incentives are integral to the compensation plans of a wide range of workers. Many experts point to their value in rewarding behavior that is in the interest of the organization and for keeping workers focused on activities that help the bottom line. At the same time, however, the incentives can pose great risks. 

Many corporate scandals have shown that workers and corporate leaders may give in to the temptation to cheat to make their numbers, doing whatever they can to achieve their goals and reap the rewards. As a consequence, incentive plans may turn out to be a roadmap for compliance risk. 

This danger argues for the compliance department having a role in reviewing incentive plans, if nothing else than to develop controls that ensure the numbers are hit properly, without violating policies, procedures, the law, and ethical norms. 

To better assess the role of the compliance team in reviewing incentive plans, in April 2017 the Society of Corporate Compliance and Ethics and the Health Care Compliance Association fielded a survey among compliance professionals. The results indicate that, despite the risks, compliance rarely plays a role in evaluating incentive programs. For the recent SCCE/HCCA survey on this issue, click here.

For additional writings by Tom see the following blog posts: 

Incentivizing Compliance

Executives and Compliance Compensation Incentives

Sales Incentives and Compliance

II. Compliance and the Board of Directors

On a second topic, Roy and I discuss the need that a true compliance expert sit on a company’s Board of Directors. The presence of a such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.

Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such compliance subject matter expertise at the Board level? 

Roy sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. 

For Roy’s further thoughts on this issues, see his blog post, Compliance Expertise Needed on Your Board”. 

For Tom’s writing on the subject see his blog post, “Compliance Expertise Needed on the Board”.

 

 

 

May 24, 2017

The role of Human Resources (HR) in anti-corruption compliance programs, is often underestimated. If your company has a culture where compliance is perceived to be in competition or worse yet antithetical to HR, the company certainly is not hitting on all cylinders and maybe moving towards dysfunction. Another way you can operationalize compliance is in HR’s involvement of employee promotion. In Prong 8 of the Evaluation of Corporate Compliance Programs it asks the following question, Have there been any examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations? 

The 2012 FCPA Guidance expounded further, “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record. In other words make compliance significant for professional growth in your organization and it will help to drive the message of doing business in compliance. 

I thought about these concepts when I read an article in the Corner Office column of the Sunday New York Times (NYT), where columnist Adam Bryant interviewed Sally Smith, the Chief Executive of Buffalo Wild Wings, the restaurant chain. She had some interesting concepts not only around leadership but thoughts on the hiring and promotion functions, which are useful for any Chief Compliance Officer (CCO) or compliance practitioner striving to drive compliance into the DNA of a company. 

Here Smith had some thoughts put in a manner on promotions not often articulated. One of her cornerstones is to search out the best person for any open position, whether through an external hire or internal promotion. Bryant stated that Smith said “We use the phrase “wait for great” in hiring. When you have an open position, don’t settle for someone who doesn’t quite have the cultural match or skill set you want. It’s better to wait for the right person.” 

Smith articulated some different skills that she uses to help make such a determination. Once a potential hire or promotion gets to her level for an interview, she will assume that person is technically competent but “I assume that you’re competent, but I’ll probe a bit to make sure you know what you’re talking about. And then I’ll say, “If I asked the person in the office next to you about you, what would they say?”” 

Passion and curiosity are other areas that Smith believes is important to probe during the hiring or promotion process. In the area of passion, Smith will “Often ask, “What do you do in your free time?” If they’re passionate about something, I know they’re going to bring that passion to the workplace.” Smith believes curiosity is important because it helps to determine whether a prospective hire will fit into the Buffalo Wild Wings culture. Bryant wrote, “I look for curiosity too, because if you’re curious and thinking about how things work, you’ll fit well in our culture. So I’ll ask about the last book they read, or the book that had the greatest impact on them.” Smith also inquires about jobs or assignments that went well and “ones that went off the tracks. You ask enough questions around those and you can determine whether they’re going to need a huge support team.”

I found these insights by Smith very useful for a compliance practitioner and the hiring and promotion functions in a compliance program. By asking questions about compliance you can not only find out the candidates thoughts on compliance but you will also begin to communicate the importance of such precepts to them in this process. Now further imagine how powerful such a technique could be if a Chief Executive asked such questions around compliance when they were involved in the hiring or promotion process. Talk about setting a tone at the top from the start of someone’s career at that company. But the most important single item I gleaned from Bryant’s interview of Smith was the “Wait for great” phrase. If this were a part of the compliance discussion during promotion or hiring that could lead to having a workforce committed to doing business in the right way.

Three Key Takeaways

  1. Denying a promotion or award due to an employee’s ethical lapses.
  2. Use promotions to reinforce your company’s commitment to compliance and ethics.
  3. Should you wait for great? 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 24, 2017

In this episode Matt Kelly and I take a deep dive into the question of whether a company has a duty to disclose ransomware attacks. We consider it from the regulatory, legal, ethical, law enforcement, business, PR and some other angles. What may seem to be a straight-forward answer to a regulatory obligations turns out to be anything but. 

For additional research, see Matt Kelly's blogpost, "Ransomware: To Disclose or Not".

May 23, 2017

The Evaluation of Corporate Compliance Programs document makes clear that operationalization of compliance into an organization should be done at multiple levels in a company. Creating an ethical culture is an important step for any company to burn compliance into the DNA of a business. It must be done at every level of an organization on a continuous basis. 

In an article in the Harvard Business Journal (HBJ) online publication by Christopher McLaverty and Annie McKee, entitled “What You Can Do to Improve Ethics at Your Company”, the authors surveyed C-suite executives and noted, “More often the dilemmas were the result of competing interests, misaligned incentives, clashing cultures.” Based on this study and their prior work, the authors noted three major obstacles to ethical behavior. 

Initially was the issue of corporate change. The authors stated, “Companies can warp their own ethical climate by pushing too much change from the top, too quickly and too frequently. Leaders in the study reported having to implement staff reduction targets, dispose of big businesses in major markets, and lead mergers and acquisitions. Some of these activities included inherent conflicts of interest; others simply caused leaders to have to act counter to their values. Many leaders felt poorly prepared for the dilemmas they faced and felt compelled to take decisions they later regretted.” 

The second was the age old dilemma of compensation where incentives tended to drive certain behaviors or, as the authors stated, “People do what they are rewarded to do, and most leaders are rewarded for hitting targets.” Of course the most recent example is Wells Fargo where employee compensation was based solely on the number of accounts they opened. Yet such incentive based behavior was not limited to front line employees as the authors stated, “The lure of incentives are a problem in boardrooms too: Bonus payments and executive share schemes are often based on short-term business metrics, which can be counter to long-term success.” 

Finally, was an area which may require a Chief Compliance Officer (CCO) or compliance practitioner to think through several different calculi; cross cultural differences. Obviously some countries have gift giving cultures but this is more than simply the value of a gift to give at Christmas, it involves cultures where gift giving may be a part of the overall business relationship. The authors cited examples such as “closing a sales office in Japan, breaking a verbal promise made during after-work drinks in China, or ignoring “sleeping” business partners in a Saudi Arabian deal, all of which have cultural and ethical components.” 

An interesting insight was teaching employees how to understand what matters in an organization. This is not simply the written Codes but how things really work. The authors posited three questions: (1) How are employees paid? Obviously a compensation plan is a critical benchmark. If it is solely based on ‘eat what you kill’, focusing on the short term, it may presage problems down the road. (2) Who gets promoted and why? This is not simply whether the high producer gets promoted but how about those who speak up and raise ethical issues. Are they subtly (or not so subtly) discriminated against or held back from promotion? (3) How do employees feel about their organization? Although it seems straight-forward, if your employees are disengaged or worse yet, ashamed about your company, you might be an ethical time bomb waiting to happen. 

The authors then turned to initiatives that the interviewees had successfully used in their own organizations to improve the ethical climate. While noting that there is some importance in the corporate governance documents, such as a Code of Conduct and policies and procedures, the authors averred “Companies become ethical one person at a time, one decision at a time.” This means employees need to understand their organizations underlying culture. They stated, “Self-awareness enables you to build and strengthen that inner compass. Organizational awareness enables you to identify the forces in your company’s culture and processes that could drive you and others to do the wrong thing. You also need emotional self-control: it takes courage to step away from the crowd and do the right thing.” 

To have such courage, the authors noted many employees who did speak up had a personal network which operates as “an informal sounding board and can highlight options and choices that the leader may not have considered. When making ethical decisions, it’s important to recognize that your way isn’t the only way, and that even mandated choices will have consequences that you must deal with.” This is yet another reason for the breaking down of silos in a corporate organization because “The challenge is that most leaders have networks full of people who think and act like them and many fail to seek out diverse opinions, especially in highly charged situations. Instead, they hunker down with people who have similar beliefs and values. This can lead to particularly dire consequences in cross-cultural environments.” 

Finally, and perhaps most intuitively, is speaking up. Here business leaders must encourage not only a speak up culture but also one of no retaliation. But it is more than this as Vanessa Rossi, FCPA Due Diligence Counsel at Baker Hughes Inc. noted in a panel discussion to the Greater Houston Business and Ethics Roundtable, it is more tones at the tops as for many employee’s senior leadership resides in the form of their direct manager. The authors phrase it as “If you find you need to speak up, there will be a number of choices to be made. Do you talk to the boss? Consult with peers? Work with advisory functions such as legal, compliance or human resources? You can draw on your personal network for support and guidance on the right way forward within the context of your unique situation.”

 

Ethics and compliance blend together in the corporate world. It is not just the responsibility of CCOs and compliance practitioners but of senior managers to support those employees who want to do the right thing. While written protocols are significant in both detection and prevention, one should never lose sight of a corporate culture as a way to positively impact your workforce and company going forward.

Three Key Takeaways

  1. Beware of the three obstacles to creating an ethical culture.
  2. What really matters in your company?
  3. A speak up culture will improve the operational performance of your business.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 23, 2017

In this episode I visit with Chris McNett, SSGA Head of Environmental, Social and Governance on SSGA's ESG Institutional Investor Survey. Topics include:

  1. What was the reason for the State Street ESG Institutional Investor Survey?;
  2. What were the key findings?;
  3. ESG Adoption;
  4. Challenges to Adoption;
  5. How ESG pathways are evolving;
  6. Why is accelerating ESG so important?;
  7. What steps can a company take, from Ambition to Action; and
  8. How can interested parties learn more about SSGA and the State Street ESG Institutional Investor Survey.

You can download a summary of the report by clicking here

May 22, 2017

The exit interview can be a further mechanism to operationalize compliance. This type of interview is used when someone voluntarily departs from a company, as opposed to a lay-off or reduction in force exercise. Typically departing employees are more willing to share about their experiences, concerns and issues which led to their employment departure.

In an article in the Harvard Business Review, entitled “Making Exit Interviews Count, authors Everett Spain and Boris Groysberg demonstrate that exit interviews, when conducted with care, can be a very useful tool in two important areas: to increase employee engagement, to reveal what may not be working in the organization. These points speak directly to operationalizing compliance through Human Resources (HR). Exit interviews can provide insight into what employees are thinking, reveal problems in the organization, and shed light on the competitive landscape. They believe that companies should focus on six goals in their exit interviews, that there must be an emphasis in both “tactics and techniques” and, finally, that the process is a continuing conversation.

Uncover issues. Organizations “that conduct exit interviews almost always pursue this goal but often focus too narrowly on salary and benefits.” The problem with this approach is that salary concerns are not usually what drives employees to seek employment elsewhere. It is almost always something else. The article stated, “One leader from a food and beverage company told us that exit interviews inform his company’s succession planning and talent management process.”

Understand employees’ perceptions of the work itself. The person conducting the exit interview understand the departing employee’s job design, working conditions, culture, and peers. By understanding and questioning the employee on this information, the exit interview “can help managers improve employee motivation, efficiency, coordination, and effectiveness.”

Gain insight into managers’ leadership styles and effectiveness. Leadership style is an important reason many employees depart for greener pastures. By inquiring into and understanding this dynamic, an organization can begin to “reinforce positive managers and identify toxic ones. One executive at a major restaurant chain told us that several exit interviews she’d recently conducted revealed that micromanagement was a big problem. The conversations, she said, “led to some very tangible outcomes,”” such as establishing training and development initiatives to create better managers.”

Learn about HR benchmarks (salary, benefits) at competing organizations. While salaries and compensation packages are usually not the driver of departures, they certainly do play a role. You should use the exit interview to do some benchmarking. The authors cited to a HR executive at a global food and beverage who noted, “We use exit interviews to see how competitive we are against other employers: time off, ability to advance, different benefits, and pay packages. And we want to see who is poaching our people.”

Foster innovation by soliciting ideas for improving the organization. The authors believe that exit interviews should go beyond the departing employee’s “immediate experience to cover broader areas, such as company strategy, marketing, operations, systems, competition, and the structure of his or her division.” They cite as one “emerging best practice is to ask every departing employee something along the lines of “Please complete the sentence ‘I don’t know why the company doesn’t just ____.’” This approach may reveal trends which can be incorporated into future innovations.”

Create lifelong advocates for the organization. This is perhaps the most innovative, yet in many ways the most basic, which is of course to treat departing employees with dignity, respect and gratitude. Such treatment at departure may well encourage departing employees to recommend their former companies to potential employees, to use and recommend the companies’ products and services, and to create business alliances between their former and new employers. The authors cite to one North American financial services executive for the following, “You want [a departing employee] to leave as an ambassador and customer.”

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However, it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before the employee layoff, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

 Three Key Takeaways

  1. The exit interview is an excellent opportunity to obtain information to inform your compliance program.
  2. Use the exit interview to create advocates from departing employees.
  3. Use the exit interview for probing and insight questions around compliance.

 This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 19, 2017

Employment separation and layoffs can present some unique challenges for the compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several ways that operationalization will help to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the Securities and Exchange Commission (SEC) requirement regarding Confidentiality Agreement and Separation Agreement language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. Such documents must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the appropriate language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possible. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the SEC, identifying bribery and corruption. 

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC or Department of Justice comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously, a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally, are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming. 

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Three Key Takeaways

  1. Treat departing employees with dignity.
  2. Make sure your separation documents meet SEC requirements regarding disclosures re: whistleblowing.
  3. You must check your hotline and anonymous reporting systems to make sure you do not lay off a whistleblower.

 This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 19, 2017

This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss: 

  1. Brazilian President Temer comes under corruption fire? See article in the New York Times.
  2. The turmoil at FIFA continues as FIFA’s ethics watchdogs quit in protest after their chairman was fired. See article in Bloomberg.
  3. Should compliance and ethics be wedded? New report by Institute of Business Ethics and the Ethics Institute considers the issues. See article in WSJ Risk and Compliance Journal.
  4. The Fat Leonard scandal lands U.S. Navy Rear Admiral Robert Gilbeau with a prison sentence of 18 months. See article in the FCPA Blog.
  5. Almost one-third of all open FCPA investigations involve Brazil. Only 17% involve China. See article in the FCPA Blog.
  6. Astros lead the MLB with the best record in baseball. Will they regress to the mean?
  7. ComTech is here. Are you ready? See Tom’s article in the FCPA Compliance and Ethics Blog.
  8. Jay previews his Weekend Report.
  9. It is not too late to join me at Compliance Week 2017. Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.
May 18, 2017

What should a company do when it desires to hire a Chief Compliance Officer (CCO).  I sat down and visited with Maurice Gilbert, the Managing Partner at Conselium Partners LP. Gilbert believes that it behooves any company to find the right CCO or compliance practitioner for the right position. But to do so, a company needs to fully understand and appreciate what it needs from such a position going forward. Unfortunately, many companies do not have this insight at the beginning of the recruitment process. 

The process often begins with the company supplied job description, which Gilbert noted is “typically a legacy of various things that are not even updated. It's a hodgepodge of things that maybe began a few years ago, but it needs to be updated to reflect what’s going on in the company at that particular moment. You have certain business risks. You have certain regulatory risks.... You need to be attentive to those risks so that you could build your profile about what those risks need to be addressed presently.” Moreover, “what you’re going to get in a company job description is just a litany of things that actually could be quite disjointed and may not necessarily make sense for what you’re going to be asking the person to do.” 

Gilbert will bring the key company stakeholders into an initial meeting to help them understand the process. Obviously, this will include Human Resources (HR) and others involved in the internal hiring process for the company. Gilbert gets them to rethink their approach to focus on what they will ask the new hire to accomplish because typically there is a disconnect between what the company thinks it needs and what it really needs. 

The next step is developing an appropriate job profile. Gilbert will ask the key stakeholders to give him a list of four things they would like the new hire to accomplish in the first year of employment. By limiting to this to four, Gilbert not only ends unrealistic expectations but helps winnow down the inevitable “laundry list of, “We'd like the professional to accomplish 30 things within the first year.” Many of which, are inconceivable. They have to be done in the course of several years. When we’re listening to the response, we, again, are counseling our client as to whether that makes sense or if that’s an unreasonable, let’s say, expectation.” 

Gilbert gave an example of a recent search he headed for a client. One of the things he was able to develop at this initial meeting was that the company wanted the CCO “to spend the first two, three months evaluating her staff, to see if she has the appropriate team in place for the rest of the journey. By the way, she’s traveling all over the world doing just that. Evaluating her staff.” However that task alone could take several months. The company also wanted the CCO to perform a comprehensive risk assessment immediately upon starting the position. It is simply not realistic to expect such disparate and time consuming tasks to be performed so quickly, all the while the new CCO would be expected to travel to company locations across the globe. 

Another important issue in this initial meeting is the professional growth opportunities that the company will present to any candidate. Gilbert explained that this is something companies do not always appreciate in the hiring process. Yet, as he explained, a company is trying to get a seasoned executive to leave a position so they need to have an attractive package ready to present. It is more than simply salary and benefits. Gilbert said, “we have to capture data such as, “What are career growth options once a person steps in and does a good job for three, whatever, years?” We have to capture data. “What is the culture of the company? What is the culture of the compliance department? What are the hot buttons and the management strategy, if you will, of the hiring authority? How does that person like to interface with the individuals?”

A final query to the company is around the sourcing of candidates. Gilbert needs to know if there are any particular competitors, or companies, which the client feels are hands off for sourcing candidates from and before he leaves this meeting he needs to know the companies that his client does not want Conselium to recruit from. 

I found these points quite illuminating for several reasons. First, the company was not clear on what it wanted the new CCO to accomplish and had not thought through what it would need to commit to in terms of resources to have these goals accomplished. The second demonstrated the communications flow facilitated learning on the part of both parties, i.e. for the client this was to have a realistic expectation of the new role and for Gilbert it was to help develop an appropriate Job Profile. It also demonstrated the collaborative nature of the relationship. By engaging in this process Gilbert is able to move from simply a third party executive search firm to a trusted advisor to the client. By having such a relationship Gilbert and his company, Conselium, are able to deliver a much more focused and valuable service beyond the typical generalist experience available inside a corporation in the hiring process. 

From these discussions, Gilbert will develop a Job Profile and present to the company to have them sign off on not only the package of what they are looking for in a candidate, but also the package they will be willing to present. Gilbert related that through the capture of and agreement with these points, he is ready to begin the next step, which is to tell the compelling story about the job position on behalf of his client.  

Three Key Takeaways

  1. Bring in your key stakeholders to flesh out the job description.
  2. Consider the top four things you would like a new CCO to accomplish in the first year.
  3. For a new CCO to succeed, the company must have a realistic expectation developed before the process begins.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 18, 2017

In this second of a two-part series, we conclude the panel’s discussion of the first 100 days of the Trump administration as it relates to compliance. This episode concludes with the panelists’ rants.

  1. Matt Kelly opens with a discussion of regulatory enforcement under the Trump administration, how the ‘Trump Effect’ is negatively impacting corporations, industry responses to deregulation issues and lays down some markers around compliance issues under the new administration.

For Matt Kelly’s posts see the following:

Compliance in the Trump Era: More Markers Placed

Trump Administration Whacks Telco Firm for $892 Million

Drone Industry Pan Trump’s Regulatory

Trump Risk Disclosures Start Rolling In

First SEC Whistleblower Award of Trump Era

Sessions Dodges, Weaves, Promises on FCPA

 

  1. Mike Volkov rounds out the discussion with a review of where the DOJ is currently under AG Sessions, remarks by DOJ officials on FCPA enforcement, the future of the Pilot Program and DOJ Compliance Counsel, Hui Chen. 

For Mike Volkov’s posts see the following:

Yates, AG Sessions and Individual Criminal Prosecutions

New E-Book — Moving the Goalposts: The Justice Department Redefines Effective Compliance

FCPA Remediation Focus on Supervisory Personnel

FPCA Pilot Program Motors On

 

For the Cordery Compliance client alerts see the following:

EU conflicts minerals compliance legislation 

DOJ Evaluation of Corporate Compliance: how does it compare to UK Bribery Act 2010?

 

For Jay Rosen’s posts see the following:

 Still in the Enforcement Business and Evaluation of Corporate Compliance Programs

“It Was the Best of Times, It was the Worst of Times,” or “Ignorance is Strength”

 

For Tom Fox’s posts see the following:

The Trump Administration-Kaos is Bad for Business

The Trump Administration-Failures in Leadership and Management

The Trump Administration-Preparing for a Catastrophe

The Trump Administration-the Business Response

DOJ Enforcement of the FCPA and the International Fight against Corruption in the Trump Administration

 The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
May 17, 2017

One of the ways to operationalize compliance and to drive it into the DNA of an organization is through a performance review. Indeed, the 2012 FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”

Most HR experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year's worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.

In an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive”; provided six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal.

  1. Prioritize reviews in your schedule - You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
  2. Review the entire year's performance - You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
  3. Do not hesitate to critique - Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee's compliance shortcomings is a disservice to both the company and the employee.
  4. Do not dominate the conversation - Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
  5. Understand the employee's role - You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
  6. Anticipate reprisal - Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.

The article ends by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. The potential upside can be significant from your overall compliance program perspective.

Three Key Takeaways

  1. To incentivize compliance, you must be able to accurately appraise senior managers and employees around compliance.
  2. Clearly communicate your compliance expectations, then fairly evaluate employees on them.
  3. Consider an ongoing review as well.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 17, 2017

In this episode Matt Kelly and I take a deep dive into the cutting edge topic of artificial intelligence in many areas, including compliance. We discuss the uses of Artificial Intelligence in compliance. We consider how AI has progressed and what it means now for the compliance practitioner and what it will mean in the future.

For Matt's blog post on the topic go to Don't Outsmart Yourself: AI and Compliance

For Tom's blog post on the topic go to AI for Risk Management: A New Business Advantage 

May 16, 2017

Another area where compliance can play a key role is in succession planning. A.G. Lafley and Noel M. Tichy, writing in the Harvard Business Review, in an article entitled The Art and Science of Finding the Right CEO”, discussed the issue of succession planning during his tenure as the Chief Executive Officer of Procter & Gamble (P&G). Many of the concepts and issues that Lafley discusses within the context of succession planning in general are applicable to the concern of compliance within this area.

Lafley makes clear that succession planning is just as important as governance, enterprise risk and strategic oversight. In other words, it is just as important. Sadly, many companies fail to give it the attention it requires. Indeed, in a PricewaterhouseCoopers survey, cited in the foreword, nearly one-half of the more than 1,000 directors gauged reported dissatisfaction with their companies’ succession plans. Imagine what that number would be if they took into account the compliance aspect of succession planning. 

Borrowing from Lafley, I have adapted his box for an analysis of some of the characteristics that should be considered in succession planning from the compliance perspective. 

 

Personal Judgment

Team Judgment

Organizational Judgment

Stakeholder Judgment

People

Personal judgments about overall compliance goals

Judgments regarding your team members regarding compliance

Judgments on organizational systems for assessing compliance with the organization

Judgments about how to engage stakeholders regarding compliance

Strategy

Personal judgments regarding compliance in your career

Judgments about how your team evolves in its compliance approaches as new compliance challenges arise

Judgments about how to engage and align all organization levels in compliance

Judgments in leading stakeholders to execute compliance strategies

Crisis

Personal judgments regarding compliance in times of crisis

Judgments in how your team operates regarding compliance in times of crisis

Judgments about how to work with your overall organization in compliance in times of crisis

Judgments about dealing with key stakeholders regarding compliance in times of crisis

 Lafley makes clear that succession planning does not begin at the time a CEO decides to retire. It should being at the time that a CEO is hired. This is to prevent a decision at the last minute or, worse yet, “to be left with effectively no decision.” As well as the process being started at the time of the hiring of a new CEO it must also fully engage the Board of Directors. Lafley provides several key points, all of which are applicable to the compliance component of succession.

Lafley defines the criteria that the evaluation process is an ongoing, not episodic process. In addition to a “broad and deep pipeline of qualified leaders” the candidates should be put through a variety of roles. In the compliance context, this would provide an opportunity to review the initiatives and responses in several different areas. In addition to running large and small business units, such candidates should oversee several different functions, as broadly as the Chief Financial Officer  to HR. 

In many ways, evaluating a compliance criterion is as much an art as it is science. However, Lafley states that a specific list of “must-haves” is appropriate. It is not as simple as whether there was a violation or not. It is broader than that calculus. Paul McNulty’s three Maxims for evaluating a corporate compliance program are: (1) what did you do to prevent it; (2) what did you do to detect it; and (3) what did you do when you found out about it? Compliance for the CEO candidate is more than the third prong. How did you inculcate compliance into the business unit that you are managing? What controls did you put in place? And then what did you do when you found out about it? Indeed Department of Justice Compliance Counsel Hui Chen, recently remarked about the importance of ‘facetime’ by a Chief Compliance Officer with a President or Chief Executive.

Moreover the 2015, BNY Mellon’s FCPA enforcement action points towards the need to follow establish protocols, even in HR. If you have a process in HR for evaluation around succession planning, that process should be followed. If any exception is made, it is encumbent the exception be documented, justified, then reviewed and approved by an appropriate level of management. 

Lafley defines this as “how the future might look”. You might explore a new geographic market with a candidate or a new product line, either of which might bring new compliance challenges. Being a part of a team to perform a risk assessment might indicate that new or different compliance safeguards need to be considered. Should monitoring, through continuous controls monitoring or other more sophisticated tools, be utilized as the compliance program evolves be considered? 

Lafley points out that the choice of “a successor isn’t a done deal until the votes are cast and the announcement is made.” He advocates continuing to provide challenging projects, which would include those in the compliance arena, which can continue to provide feedback and guidance from the compliance perspective. As one division President told me “You are always being evaluated.” And so it should be. The selection of a new CEO is a substantial investment by a large company. Having the right person in the position from the compliance perspective is an important element in an overall evaluation. Remember - it all starts with the “Tone from the Top”. 

Every time I perform a risk assessment and speak the company’s HR lead, they immediately understand the role than can play in moving forward a company’s compliance program. Even if the HR role is limited in the hiring process, they can ask potential candidates their views to determine underlying business ethics. HR can also begin the compliance inculcation process, even pre-hiring, by talking about the company’s values in the interview process. This sets an expectation that can be built upon if a candidate is selected and in every HR touch point going forward, including looking at employees in the succession planning process. 

Three Key Takeaways

  1. Succession planning is just as important as governance, enterprise risk and strategic oversight
  2. Do not begin your succession planning when a senior manager announces their retirement.
  3. You are always being evaluated (or you should be). 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 16, 2017

In this episode, I visit with Pat Harned, Chief Executive Officer of the Ethics and Compliance Initiative on the recently concluded annual conference. She discusses the speech of Attorney General Jeff Sessions and the panel of former Deputy Attorney Generals, as well as some of the other Key Note speaking session highlights. She also details some of the upcoming ECI events for 2017. 

May 15, 2017

In the Department of Justice’s Evaluation of Corporate Compliance Programs, Prong 8 Incentive and Disciplinary Measures it states: Incentive System Consistent Application – Have the disciplinary actions and incentives been fairly and consistently applied across the organization? 

In the Department of Justice’s (DOJ) 13 point minimum best practices compliance program, Item 10 states:

  1. Discipline. A Company should have appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and the Company's anti-corruption compliance code, policies, and procedures by the Company's directors, officers, and employees. A Company should implement procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that appropriate steps are taken to prevent further similar misconduct, including assessing the internal controls, ethics, and compliance program and making modifications necessary to ensure the program is effective.

However, I believe that the DOJ best practices are more active than the ‘stick’ of employee discipline to make a compliance program effective and I believe that it also requires a ‘carrot’. This requirement is codified in the US Sentencing Guidelines with the following language, “The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”

One of the areas which Human Resources (HR) can operationalize your compliance program is to ensure that discipline is handed out fairly across an organization and to those employees who integrate such ethical and compliant behavior into their individual work practices going forward.

Procedural fairness is one of the things that will bring credibility to your Compliance Program. Today it is called the Fair Process Doctrine and this Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in processes involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce. Finally, it is yet another way to more fully operationalize your compliance program.

Internal Investigations

The first area is that of internal company investigations. If your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Further, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.

Administration of Discipline and Employee Promotions

However, as important as the Fair Process Doctrine is with internal investigations, I have come to believe it is more important in another area. That area is in the administration of discipline after any compliance related incident. Discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

In addition to the area of discipline which may be administered after the completion of any compliance investigation, you must also place compliance firmly as a part of ongoing employee evaluations and promotions. If your company is seen to advance and only reward employees who achieve their numbers by whatever means necessary, other employees will certainly take note and it will be understood what management evaluates, and rewards, employees upon. I have often heard the (anecdotal) tale about some Far East Region Manager which goes along the following lines “If I violated the Code of Conduct I may or may not get caught. If I get caught I may or may not be disciplined. If I miss my numbers for two quarters, I will be fired”. If this is what other employees believe about how they are evaluated and the basis for promotion, you have lost the compliance battle.

Three Key Takeaways

  1. The DOJ and SEC have long called for consistent application in both incentives and discipline.
  2. The Fair Process Doctrine ensures employees will accept results they may not like.
  3. Inconsistent application of discipline will destroy your compliance program credibility.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 12, 2017

This week, Jay and I have a wide-ranging discussion on some of the week’s top compliance related stories. We discuss: 

  1. What is the real risk in a FCPA enforcement action? See Mike Volkov’s post in Corruption, Crime and Compliance.
  2. FIFA fires its lead internal investigators for doing their job investigating. See Tom’s article in Compliance Week.
  3. ECI Report Finds Use of Corporate Monitors is on the Rise. For a copy of report, click here. For a webinar replay with Affiliated Monitors’ Eric Feldman and Nasdaq’s Michael Kallens click here.
  4. Why the judgment of CEOs and their actions really do matter. See James Stewart considers Barclays’ Jes Staley in his Common Sense column in the New York Times.
  5. What role do incentives play in a compliance program? See Tom’s two podcasts on the issue, incentives for executives and incentives in sales programs.
  6. Astros lead the MLB with the best record in baseball. The Rockets gag on the big one.
  7. Jay previews his Weekend Report, compliance lessons from a trip to the zoo.
  8. Listeners to this podcast can received a discount to Compliance Week 2017. Go to registrationand enter discount code CW17TOMFOX.

 Jay Rosen can be reached:

 Mobile (310) 729-6746

Toll Free (866)-201-0903

JRosen@affiliatedmonitors.com

 

Tom Fox can be reached:

       Phone: 832-744-0264

       Email: tfox@tfoxlaw.com

May 12, 2017

In the Department of Justice’s Evaluation of Corporate Compliance Programs, Prong 8 Incentive and Disciplinary Measures it states: Incentive SystemHow has the company considered the potential negative compliance implications of its incentives and rewards? 

This week I have been considering how a company could use incentives to further a compliance program and the role of HR in this process. I want to consider how incentives might lead to the converse but looking at the intersection of sales incentives and compliance which led to the problems at Wells Fargo. When you misalignment these two concepts with a faulty sales strategy it can lead to a catastrophic failure, literally costing a company millions of dollars in fines, loss of business and depreciation of shareholder value. 

The sales incentives under which Wells Fargo came to such grief is simple and even benign, cross-selling of products. As noted by Rachel Louise Ensign, writing in a Wall Street Journal (WSJ) article entitled “Banks Simple Strategy Gets Tangled”, “the concept sounds simple enough. If a customer has a checking account, why not sell him a mortgage, wealth management services and credit card as well?” She went on to write, “with banks becoming larger over the past two decades, cross-selling has become a mantra.” You can also think of the cross-selling McDonalds engages in every time you buy a Big Mac when the representative asks you “Would you like french fries with that?” 

Yet there are other reasons for engaging in this type of business practice. Each and every time a company has a touchpoint, particularly a commercial touchpoint with a business, it strengthens the relationship. According to Gary Silverman, writing in the Financial Times (FT) in an article entitled “John Stumpf, the Labrador of Main Street, Wells Fargo’s Chief Executive Officer (CEO) “Mr Stumpf’s take on traditional Wells teaching was to promote deeper, more frequent contact with the people it serves. “If there’s one word to describe this company, it’s ‘relationship,’” he told the Financial Times in May. “What we’re trying to do is make sure that every team member, in every interaction with a customer, gets it right. If we don’t get it right, we try to make it right, really quickly.”” 

So what starts off as a legitimate, legal and beneficial business strategy becomes not only high risk but illegal because of the manner in which Wells Fargo administered its approach to cross-selling. As with any sales initiative, if a company wants to push it, it will set up incentives for the sales team to engage in such behavior. This can be done by increasing commissions around the service or product being emphasized, such as the banks products. Ensign noted, “Banks have tried to create incentives for cross-selling.” At some banks, “Branch employees can get bonuses—sometimes 10% or more of their salaries—when they sell additional products.” Companies can also increase sales by making clear that you will be evaluated on how much you sell a product or service. In other words, whether you receive a bonus, pay raise or even keep your job will be evaluated, in some part, on how much you cross-sell. 

You can even have a hybrid of the above, which may be the worst of all worlds. At Wells Fargo, employees were evaluated for continuing employment by supervisors on cross-selling. Yet they did not receive the same financial incentives to make such cross-selling. Branch managers and supervisors could receive bonuses of up to $10,000 per month for meeting cross-selling quotas when employees who hit their monthly quotas, received, in addition to continued employment, $25 gift cards. 

A panel at Compliance Week 2016, entitled “The Unsolvable Problem: Performance, Pay, Pressure and Misconduct”, contained an academic type, Marc Hodak, adjunct Professor of Business at New York University, Alexander Proels, Compliance Head Americas at Siemens, and Michael Weisman, Chief Ethics and Compliance Officer at The Kraft Heinz Company. They had some interesting thoughts around compensation, which I think you should consider in your role as a Chief Compliance Officer (CCO) going forward. One key area is the amount of your variable compensation relative to risk? What does your discretionary bonus program consist of? Is it corporate performance based? Group performance based? Only personal, i.e. eat what you kill? Or is it some combination of all of the above? 

What are some of the indicia that your compensation structure might be off the rails from the compliance perspectives? Weisman gave three examples: (1) Lofty goals but no direction for employees on how to get there; (2) that is a paucity of communication between management and line employees, meaning there was raw fear from employees to inform their immediate supervisor of bad news. Conversely, it could be the supervisors who do not want to hear such bad news; and (3) if your company has singular focus on numbers, meaning that is the single judge of your worth as an employee. 

Tied directly into this concept is that for every incentive there is an offsetting risk. Managing that risk must be done on an ongoing basis. As a CCO or compliance practitioner, you need to know your business and be a trusted business partner. You will need to understand the design of incentive plans and finally to be able to monitor incentive plans to identify underlying links that may arise through compliance violations. 

Hill ended his piece by citing to Oxford Saïd Business School Professor, Jonathan Trevor, for the following “whether the strategy, purpose and structure of companies are aligned often makes the difference between a good organisation and a bad one. Expunging phantasms is essential, but not enough. Leaders also need to make new truces, lest the dead hand of past behaviour strangles new ways of working.” This is particularly true in the convergence of compensation and compliance. Whatever the structure, there will be employees who try to game the system. Some will do it with the tacit or explicit approval of management. You, as the CCO, may be required to act. 

Three Key Takeaways

  1. Even a benign sales incentive program came become skewed.
  2. A sales incentive program can become high risk or illegal if not properly monitored.
  3. If there is alignment between the strategy, purpose and structure of an incentive system, it often makes the difference between a good and a bad one.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

May 11, 2017

Today I want to focus on incentives, looking at senior management and compensation. I thought about this inter-connectedness of compensation in a compliance program, focusing up the corporate ladder when I read a recent article in the New York Times (NYT) by Gretchen Morgenson, in her Fair Game column, entitled “Ways to Put the Boss’s Skin In the Game”. Her piece dealt with a long-standing question about how to make senior executives more responsible for corporate malfeasance? Her article had some direct application to anti-corruption compliance programs such as those based on the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Morgenson said the issue was “Whenever a big corporation settles an enforcement matter with prosecutors, penalties levied in the case – and they can be enormous – are usually paid by the company’s shareholders. Yet the people who actually did the deeds or oversaw the operations rarely so much as open their wallets.” 

She went on to explain that it is an economic phenomenon called “perverse incentive” which is one where “corporate executives are encouraged to take outsized risks because they can earn princely amounts from their actions. At the same time, they know that they rarely have to pay any fines or face other costly consequences from their actions.” To help remedy this situation, the idea has come to the fore about senior managers putting some ‘skin in the game’. Her article discussed three different sources for this initiative. 

The first was a proxy proposal in front of Citigroup shareholders which “would require that top executives at the company contribute a substantial portion of their compensation each year to a pool of money that would be available to pay penalties if legal violations were uncovered at the bank.” Further, “To ensure that the money would be available for a long enough period – investigations into wrongdoing take years to develop  -  the proposal would require that the executives keep their pay in the pool for 10 years.” 

The second came from William Dudley, the President of the Federal Reserve Bank of New York, who made a similar suggestion. His proscription involved a performance bond for the actions of bank executives. Morgenson quoted Dudley from his speech, “In the case of a large fine, the senior management and material risk takes would forfeit their performance bond. Not only would this deferred debt compensation discipline individual behavior and decision-making, but it would provide strong incentives for individuals to flag issues when problems develop.” 

Morgenson reported on a third approach which was delineated in an article in the Michigan State Journal of Business and Securities Law by Greg Zipes, “a trial lawyer for the Office of the United States Trustee, the nation’s watchdog over the bankruptcy system, who also teaches at the New York University School for Professional Studies.” The article is entitled, “Ties that Bind: Codes of Conduct That Require Automatic Reductions to the Pay of Directors, Officers and Their Advisors for Failures of Corporate Governance”. Zipes proposal is to create a “contract to be signed by a company’s top executives that could be enforced after a significant corporate governance failure. Executives would agree to pay back 25 percent of their gross compensation for the three years before the beginning of improprieties. The agreement would be in effect whether or not the executives knew about the misdeeds inside their company.” 

As you might guess, corporate leaders are somewhat less than thrilled at the prospect of being held accountable. Zipes was cited for the following, “Corporate executives are unlikely to sign such codes of conduct of their own volition.” Indeed Citibank went so far as to petition the Securities and Exchange Commission (SEC) “for permission to exclude the policy from its 2015 shareholder proxy.” But the SEC declined to do and at least Citibank shareholders will have the chance to vote on the proposal.

 

In the compliance context, these types of proposals are exactly the type of response that a company or its Board of Directors should want to put in place. Moreover, they all have the benefit of a business solution to a legal problem. In an interview for her piece, Morgenson quoted Zipes as noting, “This idea doesn’t require regulation and its doesn’t require new laws. Executives can sign the binding code of conduct or not, but the idea is that the marketplace would reward those who do.” For those who might argue that senior executives can not or should not be responsible for the nefarious actions of other; they readily take credit for “positive corporate activities in which they had little role or knew nothing about.” Moreover, under Sarbanes-Oxley (SOX), corporate executives must make certain certifications about financial statement and reporting so there is currently some obligations along these lines. 

Finally, perhaps shareholders will simply become tired of senior executives claiming they could not know what was happening in their businesses; have their fill of hearing about some rogue employee(s) who went off the rails by engaging in bribery and corruption to obtain or retain business; and not accept that leaders should not be held responsible. 

Three Key Takeaways

  1. Perverse incentives are named that for a reason, they really are bad.
  2. How can you create positive incentives in your organization?
  3. There is a business response to the legal issue. Employ it. 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

1 2 Next »