Welcome to Day 3 of 30 Days to a Better Compliance Program. Today I want to consider the Chief Compliance Officer (CCO) in your organization, through three prisms: access, resources and opportunities. 


What access does your CCO have to the top decision makers in your organization? While it really does not matter whether the CCO reports to the CEO, Board or GC; it does matter that the CCO have direct access to corporate decision maker.


This means both head count of personnel to operate your compliance function and the money available to implement the appropriate technology to sustain an effective compliance program. If your compliance team is run on a shoestring, you will likely be downgraded for your overall commitment to doing business in compliance with the FCPA. Put another way, if you spend more on paper clips than on your compliance program, your compliance program may well be under-funded.

CCO Pay, Opportunity and Expertise 

In the Pilot Program, the DOJ laid out another important element for every compliance program, which is expertise of your CCO and compliance function. I think the clear implication is that the DOJ will even look at salaries. Once again if a company tries to get by on the cheap, it may certainly come back to bite them in the end. Finally the DOJ has made clear that compliance is part of the corporate family by even requiring that the CCO have opportunities for advancement with the corporation at the senior management level and that the compliance function shall be afforded similar opportunities.

Three Key Takeaways

  1. The CCO must have access to the highest levels of your organization.
  2. The CCO must have adequate money and personnel resources to perform the function.
  3. The CCO must be qualified, appropriately compensated and have opportunity for advancement within the organization.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.


Show Notes for Episode 4, Year End Review, Part I

We turn to the 2016 year in review, in this Part I of a two-part series.

  1. Jonathan Armstrong leads a discussion on a very interesting UK Bribery Act enforcement action out of Scotland involving the Braid Group Ltd. It has some very significant implications for Bribery Act enforcement actions going forward. He also discusses the continued evolution of the UK DPA process and who it all works into the burgeoning global anti-corruption enforcement we saw in 2016.

For Cordery’s piece on the Braid case, click here.

For Cordery’s piece on the continued evolution of the UK DPA practice, click here.

  1. Jay Rosen takes us through a Paul Krugman NYT post on some of the invidiousness of corruption, focusing on the corrupting nature of compliance around undue influence. Rosen explains incentives more than anything else and how such incentives skew the marketplace. He asks a couple of provocative questions. First are there too many FCPA, ethics and compliance conferences? Second, even with the robust FCPA enforcement and maturation of compliance programs, why does corruption still exist? For a link Krugman post, click here.

Rants will return in a couple of weeks.

The members of the Everything Compliance panel include:

  • Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at rosen@ulgroup.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.




Welcome to Day 2 of 30 Days to a Better Compliance Program. Today I consider written protocols, which are the foundation upon which an effective compliance program is built. Written protocols consist of a Code of Conduct, policies and procedures and internal controls.”

Code of Conduct

The substance of your Code of Conduct should be tailored to your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

Policies, Procedures and Controls

The written policies and procedures required for a best practices compliance program are well known and long established. You should include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Internal Controls

They are an interrelated set of compliance control mechanisms, designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records, the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Three Key Takeaways

  1. The United Airlines domestic corruption enforcement action makes a Code of Conduct an internal control.
  2. Translate your Code of Conduct and key policies into local languages.
  3. Document, Document, Document

For more information check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, by clicking here.

n this episode, I visit with noted FCPA compliance practitioner Mike Volkov on some of his top highlights from 2016 and what he sees into 2017 going forward.

Welcome to Day 1 of 30 days to a better compliance program. Together with a podcast each day, I will be giving you tips to help you create a best practices compliance program in 2017. At the end of January, you will not only have a good summary of the basics of a best practices compliance program but information that you can incorporate into your compliance regime.

Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. Any compliance program starts at the top and flows down throughout the company. The reason all of these guidelines incorporate it into their respective practices is that all employees look to the top of the company to see what is important.

At the Top

So how can a company overcome these employee attitudes and set, or re-set, its “Tone at the Top”? I once had a Chief Executive Officer (CEO) of a client who described his role at the company as “the ambassador for compliance.” I can think of no better description of the role of a CEO for a best practices compliance program.

In the Middle

A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.

What should the tone in the middle be? Put another way, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore, your organization should train middle managers to enhance listening skills. This can be particularly true if there is a compliance violation or other incident which requires some form of employee discipline. Most employees think it important that there be organizational justice so that people believe they will be treated fairly. Without this organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness then an employee is more likely accept a decision that they may not like or disagree with the final result.

Tone at the Bottom

Even with a great ‘Tone-at-the-Top’ and in the middle, you cannot stop. One of the greatest challenges for a compliance practitioner is how to affect the ‘tone at the bottom’. To do so, you must work to engage those at the front lines, including training, communication and the tools to accomplish these tasks. A key question is how to tap into this belief system? I think the answer is to engage employees in a manner which allows you to not only find out what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. It is my belief that employees want to do business in an ethical manner. Given the chance to engage in business the right way, as opposed to cheating; will win the hearts and minds of your employees almost all of the time.

The bottom line is that not only must a company ‘talk-the-talk’ of compliance but it must also ‘walk-the-walk’ of compliance. It really is about the culture of compliance in your organization because the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that are exhibited throughout your company. You must find a way to articulate and then drive the message of ethical values and doing business in compliance with such anti-corruption laws such as the FCPA from the top down, throughout your organization.

For more information on this Hallmark, check out my book Anti-Bribery Leadership, which is available through Amazon.com by clicking here.