Welcome to Day 2 of 30 Days to a Better Compliance Program. Today I consider written protocols, which are the foundation upon which an effective compliance program is built. Written protocols consist of a Code of Conduct, policies and procedures and internal controls.”

Code of Conduct

The substance of your Code of Conduct should be tailored to your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

Policies, Procedures and Controls

The written policies and procedures required for a best practices compliance program are well known and long established. You should include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Internal Controls

They are an interrelated set of compliance control mechanisms, designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records, the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Three Key Takeaways

  1. The United Airlines domestic corruption enforcement action makes a Code of Conduct an internal control.
  2. Translate your Code of Conduct and key policies into local languages.
  3. Document, Document, Document

For more information check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, by clicking here.

Many compliance professionals in the corporate world work long and hard to rise up to the senior management level in their organizations. It takes subject matter expertise, hard work and sometime propitious good fortune to get to the C-Suite level in a large company. However, many of the skills which work to get you there do not always serve you in a senior management roll. I recently read a couple of articles which took a look at this subject and offered some remedies.

One thing many compliance practitioners, particularly those who grew up professionally, have in common is self-reliance. Not every lawyer and compliance practitioner is a Type A driven personality but many of us are. In many ways it is what makes us a success. However, in the corporate world, just like any other, there are limits to self-reliance. I was reminded of this in a New York Times (NYT) Corner Office column by Adam Bryant where he interviewed Lori Dickerson Fouché, the Chief Executive Officer (CEO) of Prudential Group Insurance.

Not simply surviving but also performing under pressure is the mark of a successful Chief Compliance Officer (CCO). In a Financial Times (FT) article, entitled “A CEO’s primer on how to manage under pressure”, Andrew Hill wrote about a CEO but I found many of his concepts applicable to any senior corporate leader, specifically including a CCO.

Driven is one of the words which spring to mind when discussing Fouché. As she noted a favorite expression she heard growing up was that “To whom much is given, much is required.” This was often paired with “Mediocrity is not a good place to be.” She went to add that around the dinner table, her parents would tell her that she needed to work harder than most other people.

Fortunately for Fouché, one of her early lessons in the corporate world was to ask for help. She said it “stemmed from the fact that I had been used to thinking, “I can get through the brick wall. I can make this happen.” I was very self-reliant, and I figured that if I could do it, so could the team. So I overworked some teams early on, and that led to an early lesson around asking for help. It’s O.K. not to have all the answers and not to be able to do everything and to put your hand up and say, “I need help.” I was so surprised by how people really wanted to help. They loved being invited into the process.”

From these experience she also learned to prioritize. She noted, “You simply can’t do everything. There were times I would walk into a new job, and my eyes would be huge and I would feel like a kid in a candy shop. I’d think, “Let’s just get after it,” instead of, “O.K., let’s pause. What’s the most important thing to really get after?” Being able to say “No” or “Not now” were important lessons for me.”

Another interesting lesson (and one far different than the corporate world I grew up in) was transparency. Fouché related “to share my thoughts so that other people could follow them. I learned an important lesson from a colleague when I was C.E.O. at another company, who said: “Lori, this is a little bit like being on the train and you’re in the front of the train and we’re in the dark. You can see the light at the end of the tunnel. But there are people who are toiling in the back, and they’re throwing coal in the engine, and they’re working the cars, and that’s all they know. You should be at the front of the train, but your job is to shorten the distance between you and the back of the train so that we can all see what you see at the front.””

These points tie most interestingly into Hill’s piece. He said the ability to handle pressure is a key component for a C-Suiter. He wrote, “One way CEOs can offset potentially overwhelming pressure is by finding small ways to exercise control. When the job’s demands threaten to swamp her, Ms Sapone tries to “deal with whatever it is point by point, and look for the controllable things”.”

In other words, prioritize and start the slogging work of going through the issues in front of you. It not only gives you some semblance of control but also helps you to focus on doing the next right thing. As a business leader, others in your team and cascading down will take their clues from you and begin to operate in the same analytical manner. This also ties into one of Fouché’s key points about her leadership style.

Not only does she strive for personal transparency, she expects it from others. She said, “I expect my leaders to listen. I expect them to ask questions. I expect them to understand what’s going on. I am somewhat infamous for saying, “So how’s it going?” And they’ll say, “Great.” Then I’ll say, “How do you know?” It’s one thing when people start telling you anecdotes and it’s another thing when they can say, “Well, because we track this and we measure that.” We make sure we’re analytical in our approaches.”

If you couple this with two characteristics Fouché looks for when hiring: resilience and perseverance; it gives you a hint on some key characteristics. This is because she believes that when “working in big companies, and you have to find a way to navigate and negotiate to an end result. It could be a winding path. So I make sure that people feel like they know how to do that, and do it in a way that is respectful of the system.”

Aesop noted many eons ago that the race is not always won by the fastest but often the strongest and the steadiest. Many of the characteristics which allow you to rise within a corporation may need to ameliorated somewhat at the C-Suite.  Fouché’s lessons and Hill’s piece give you some  good starting points.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Welcome to Day 1 of 30 days to a better compliance program. Together with a podcast each day, I will be giving you tips to help you create a best practices compliance program in 2017. At the end of January, you will not only have a good summary of the basics of a best practices compliance program but information that you can incorporate into your compliance regime.

Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. Any compliance program starts at the top and flows down throughout the company. The reason all of these guidelines incorporate it into their respective practices is that all employees look to the top of the company to see what is important.

At the Top

So how can a company overcome these employee attitudes and set, or re-set, its “Tone at the Top”? I once had a Chief Executive Officer (CEO) of a client who described his role at the company as “the ambassador for compliance.” I can think of no better description of the role of a CEO for a best practices compliance program.

In the Middle

A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.

What should the tone in the middle be? Put another way, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore, your organization should train middle managers to enhance listening skills. This can be particularly true if there is a compliance violation or other incident which requires some form of employee discipline. Most employees think it important that there be organizational justice so that people believe they will be treated fairly. Without this organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness then an employee is more likely accept a decision that they may not like or disagree with the final result.

Tone at the Bottom

Even with a great ‘Tone-at-the-Top’ and in the middle, you cannot stop. One of the greatest challenges for a compliance practitioner is how to affect the ‘tone at the bottom’. To do so, you must work to engage those at the front lines, including training, communication and the tools to accomplish these tasks. A key question is how to tap into this belief system? I think the answer is to engage employees in a manner which allows you to not only find out what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. It is my belief that employees want to do business in an ethical manner. Given the chance to engage in business the right way, as opposed to cheating; will win the hearts and minds of your employees almost all of the time.

The bottom line is that not only must a company ‘talk-the-talk’ of compliance but it must also ‘walk-the-walk’ of compliance. It really is about the culture of compliance in your organization because the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that are exhibited throughout your company. You must find a way to articulate and then drive the message of ethical values and doing business in compliance with such anti-corruption laws such as the FCPA from the top down, throughout your organization.

For more information on this Hallmark, check out my book Anti-Bribery Leadership, which is available through Amazon.com by clicking here.

Last summer I ran a two-week, combined blog and podcast series on the Ten Hallmarks of an Effective Compliance Program. The series was quite well received. As I fancy myself the Nuts and Bolts compliance guy and inspired an Aussie blogging and podcasting maven named Darren Rowse and his 31 days to a better blog series, this month I am running a 30-day program on how to create and implement a better compliance program. My plan is to run similar series during 2017 where I focus on one issue which the Chief Compliance Officer (CCO) or compliance practitioner can use immediately going forward.

Each day this month, I will present one issue which you can incorporate into your compliance program. The podcasts will be shorter than my normal podcasts, coming in (usually) at 10-15 minutes. I will present a short written text for you and three key takeaways which you can utilize to help create a better compliance program. At the end of the 30 days, you will have a wealth of information which you can use to create not only a better compliance program but a more effective compliance program as well.

The podcasts will be available here, on YouTube, my Libsyn podcast site and on iTunes. Do not worry, I will continue to maintain my other podcasts as well but I wanted start 2017 providing something that no other person or company is providing to the compliance community, short solid tips which you can use to make your compliance program more effective, more efficient and better run.

To give you a taste of what each day in January will look like, I have placed below the text which accompanies today’s post entitled Tones in an Organization.

Welcome to Day 1 of 30 days to a better compliance program. Together with a podcast each day, I will be giving you tip to help you create a best practices compliance program in 2017. At the end of January, you will not only have a good summary of the basics of a best practices compliance program but information that you can incorporate into your compliance regime. Today I consider the various Tones in an organization. Any compliance program starts at the top and flows down throughout the company, which sets the proper character for each level of your organization.

At The Top 

Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. So how can a company overcome employee attitudes and set, or re-set, its “Tone at the Top”? I once had a Chief Executive Officer (CEO) of a client who described his role at the company as “the ambassador for compliance” and I can think of no better description of the role of a CEO for a best practices compliance program.

In the Middle 

A company must have more than simply a good ‘Tone at the Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.

Tone at the Bottom 

Even with a great ‘Tone at the Top’ and in the middle, you cannot stop. One of the greatest challenges for a compliance practitioner is how to affect the ‘tone at the bottom’. To do so, you must work to engage those at the front lines, including training, communication and the tools to accomplish these tasks. A key question is how to tap into this belief system? The answer is to engage employees in a manner which allows you to not only find out what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program.

Three Key Takeaways

  1. What is your tone at the top?
  2. What is your tone in the middle?
  3. What is your tone at the bottom?

For more information on how to set, maintain and evaluate the different tones in an organization, check out my book Anti-Bribery Leadership, co-authored with Jon Rydberg, which is available through Amazon.com by clicking here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

This week I have been exploring the different types compliance committee’s which an organization can utilize to help effect a best practices compliance program. I have written about compliance committee’s at the Board of Director’s level; at the junction between the Chief Compliance Officer (CCO) and Board, the Oversight Committee; and at the business unit level and the Baker Hughes Inc. (BHI) GeoMarket Compliance Committee. Today I want to change this focus from the committee concept and structure to a role on the Compliance Committee at the Board of Directors level.

Every Board of Directors need a true compliance expert sitting on their Board. Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance based issues. So why is there not such subject matter expertise at the Board level from the compliance profession?

One Board of Directors that has been in the news quite a bit recently is the Wells Fargo Board. I reviewed the 15-member Board and found the following backgrounds, in addition to the current CEO: two former Cabinet secretaries, one retired General, two University Deans, one partner at a Big 3 audit firm and 8 current or former Chief Executive Officers (CEOs). In short none of these Board members, from a $230bn company, had any demonstrable subject matter expertise in compliance. Is it really any wonder that it took more than two years, with knowledge about the fraudulent accounts scandal, for the Board to act when it accepted the resignation of former CEO John Stumpf?

An arm of the US government has recognized the need for such expertise at the Board level. In 2015 the Office of Inspector General (OIG), in a publication entitled “Practical Guidance for Health Care Governing Boards”, called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, a compliance member. The presence of a such a compliance professional with subject matter expertise “on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.”

Mike Volkov looked at it from both a practical and business perspective. In a blog post on Corporate Compliance Insights (CCI), entitled “Compliance Expertise in the Boardroom”, he said, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” He went on to note, “Companies spend time and resources to nominate board members who bring a real value to the boardroom. The mix of board members reflects the company’s overall strategic priorities and focus for governance. For example, the nominating committee will locate a board candidate with financial reporting, audit and SOX expertise to manage the audit committee. Each board member should be considered for a strategic purpose and benefit.”

Roy Snell sees it through the prism of the compliance profession. In a post, entitled “Compliance Expertise on Your Board”, he said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties. You would not have a tax attorney negotiate a bribery settlement. Likewise you would not have just any lawyer provide compliance expertise.”

He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Ethicists help build ethical cultures, but if they have never held the job of a compliance officer it’s difficult to hold them out as compliance experts. The same is true for risk managers and auditors. Law, ethics, risk, and audit are all elements of a compliance program, but experience in those professions is not enough to claim expertise in the compliance profession as a whole.”

There are professionals dedicated to the practice of compliance who have senior management experience. Moreover, as the compliance profession has matured, not only have we moved to Compliance 2.0 and beyond, we have a new generation of leadership in the field of compliance. But that also means those persons who helped create the compliance profession in the 1990s and the 2000s are now older and have gone on to the most senior levels of their organization. Roy Snell, Joe Murphy, Odell Guyton, Debbie Troklus and Marjorie Doyle are all names well known in the compliance field who have worked at senior levels of corporate America and would make excellent Directors who could head a Board of Directors’ Compliance Committee.

Hui Chen, the Department of Justice (DOJ) Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise, heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and Securities and Exchange Commission (SEC) begin to require this step in any Foreign Corrupt Practices Act (FCPA) enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016