An Inspired Choice – Ethical Leadership Under Difficult Circumstances

I am attending Compliance Week 2013 through Wednesday. As usual Matt Kelly and the Compliance Week team have put together a first rate program for the event. There have been, and will be over the next couple of days, some very informative panels, speakers, roundtables and conversations. The conference began today with a talk by Retired Major General Lewis MacKenzie, the former head of the United Nations peacekeeping forces. Although General MacKenzie’s choice as the initial keynote speaker of the conference might not seem self-obvious, I found Matt Kelly’s invitation to the General to speak and his position as the first speaker on the first day of the conference, were both inspired decisions.

The theme of his talk was how to maintain ethical leadership under difficult circumstances. Matt Kelly posed the question to the General of “how do you speak the truth to power?” The General began his remarks by giving his definition of leadership, which as he said was “getting people to do what they don’t want to do and having them enjoy it while they are doing it.” Based on that definition and his remarks below, I came to see why Matt wanted the General to speak to a gathering of compliance professionals on ethical leadership under difficult circumstances.

The General said that it all starts with a leader being him or herself, after they take the reins of leadership. He believes that people usually rise to a high level in an organization because of technical competence, coupled with the relationships they developed along the way. He believes that a leader must strive to maintain those relationships because that is the key to information flow both upwards to the top and down through the organization. A leader must take all pains not to become isolated.

The General believes that relationships work in several critical areas. The first is that a leader can utilize the talents of his subordinates to not only understand but to overcome obstacles. But equally important is that by having a relationship with someone, it may provide an avenue to resolve a matter before it blows up into a full financial reporting issue or even criminal issue. He said that he would try to find out the one thing that his troops were passionate about and he could use that information “as a window into what they think about the organization.”

He designated his next point with the acronym, LWWA, or ‘leading while walking around’. He said that to get people to do things, a leader must get out of the office and talk to people. But he cautioned that it is more than simply talking to people, as he believes a critical skill of a leader is to listen as well. To this skill, he said that rather than hear someone and think about what your response might be, you should actually listen to what they have to say. He found that by listening good ideas could come up to him and then he could implement them and get the credit.

The General talked about courage. By this he did not mean the courage to lead a charge up a hill, but rather, he meant the courage to say no and to hear someone who says no to you. He believes it is the job of a leader to set the tone for an organization. A leader must teach his subordinates to have the courage to disagree with him or as he said “disagree without being disagreeable”. If one of the first things you do in a leadership position is belittle or defame publicly someone who disagrees with you, no one will do so in the future.  For a leader to succeed, the General believes that a speak up culture must exist. To do so, a leader must make it acceptable and safe for subordinates to say no.

It is the job of a leader to accept responsibility. In an interesting exercise, the General asked the entire audience of over 500 conference participants to raise their hand if they had ever been criticized for being ‘too responsible’. He then asked anyone in the audience to raise their hand if they had criticized someone else for being ‘too responsible’. No one person raised their hand in response to either query. It is clear that the General believes a leader must take responsibility. Further, there is no ‘but’ which follows the line “I am responsible”. In other words, no ifs, ands, or buts are allowed when it comes to a leader taking responsibility.

The General said that one of the best ways he found to motivate people was to give them a job which had difficult but not impossible objectives to success. This has two benefits. The first was that most people would be motivated to try and achieve the difficult objective. However the second was more long term. By achieving the results, the person or team had something to brag about and it gave them greater confidence going forward. This is particularly true if there is a metric which can be used to demonstrate the overcoming of the obstacle. However, a leader must not set a high or unreasonable objective that it can only be achieved by “breaking the back of the organization.”

The General took some questions from the audience. One that I found applicable to the compliance arena was about resources. Specifically he was asked how to carry out missions with limited resources. He tied his answer back into his thoughts on relationship. He said that people want to contribute their ideas. If you give them a means to do so, in a speak up culture, they can be your best resource. An army has often times to do more with less and must do so on the fly. But this same concept translates to civilian employees who want their company to succeed and can stand ready with ideas to assist you moving forward toward your objective.

If you are a Chief Compliance Officer (CCO) or in a senior leadership position, you should think about the General’s remarks in the context of what you and how you do it, within your organization. Do you have relationships with other key members of senior management so that you can go to them, not only when things are going well, but more importantly when they are not going well or a crisis has arisen? Do you have a speak up culture at your company? If not why not, as that certainly is a part of any best practices compliance program under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act.

Lastly, think about the General’s remarks on resources. One never has all the resources you need or even think that you want. But use the talent that is available to you. There are other professionals in your company who do not work in the compliance department but are equally dedicated to doing business ethically and in compliance. Human Resources and Internal Audit are but two prime examples. Seek them out and ask their assistance. I think you may be well surprised at the solutions they can provide or suggest to you.

As I said, by the end of General MacKenzie’s talk, I had come to believe that Matt Kelly made an inspired decision not only to invite him to speak to the conference but to be the first speaker out of the box. It has set a great tone for the event.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Tell a Story to Drive Compliance

Sometimes a story will help you understand just what you did not understand. Did you know that the Federal Bureau of Investigation (FBI) launched a formal investigation in 1964 into the supposedly pornographic lyrics of the song “Louie, Louie.” That FBI investigation concluded that the lyrics of “Louie Louie” were officially “Unintelligible at any speed”. While this did not quite exonerate the song in the eyes of disapproving parent, it may have contributed to the song becoming one of the most-covered songs in rock-and-roll history. I thought about this oddity of history when reading an article in the most recent issue of In-House Texas, by Michael Maslanka, entitled “Tell Stories to Handle Client Frustration”. In his article he gives stories, as below, to use for 10 memorable scenarios of client frustration. They are certainly just as applicable to the Chief Compliance Officer (CCO) as they are a General Counsel (GC).

No. 1: “We’re in the right. Surely, that counts for something.” A California lawyer with whom I work tells clients, “I understand that you’re in the right. So is the pedestrian who always crosses on the green light and looks both ways. But he still can be flattened by an inattentive bus driver.”

Like stories, analogies can do the heavy lifting of delivering bad news, thus insulating the GC from being shot as the messenger.

No. 2: “We will fight this lawsuit, no matter the cost, for as long as it takes, whatever it takes.” Sometimes C-level executives imagine themselves as Winston Churchill, fighting on the beaches and the landing grounds, never surrendering.

But sooner or later it occurs to them that it’s only a lawsuit, not the fate of western civilization. They then start looking for a way out of the proverbial painted corner. At that point, an in-house counsel can paraphrase Voltaire, who said there were only two times in his life when he went broke: when he lost a lawsuit and when he won one. Stories help clients in many different ways. Allowing them to save face is one.

No. 3: “We can’t rush this decision. We need more time to make it. Issues of integrity and ethics are at stake.” A client seeks certainty, but the law provides only probabilities. This can lead clients to anguish over a decision. The wise counsel will listen for this phrase: “We could do X or Y, but isn’t that a slippery slope?” Sometimes clients say this when they don’t want to make a tough call.

The GC who needs to jostle a client toward a final answer can invoke Oscar Wilde, who famously remarked that morality, like art, requires drawing a line somewhere.

No. 4: Client at mediation: “Their opening offer is seven figures. We’re leaving.” Sometimes storming out is an effective tactic, and sometimes it’s not. To show internal clients that the GC is willing to fight, without getting mired down in pointless chest-thumping and other macho displays, this story from Texas history can help.

In October 1835, relations between Texan colonists and Mexico were tense. The Mexican army marched to Gonzales to ask for the return of a cannon the citizens had borrowed to fight off attacks by Native Americans. The response was a raised flag with a blue cannon on a white background, emblazoned with “Come and take it.”

No. 5: “We’ll look weak if we don’t fight on X issue. We can’t afford to cave in.” A year or so ago, I was working with a GC, deciding whether to risk forcing the EEOC to subpoena some documents. Our arguments for not turning them over voluntarily were weak, so we decided not to take the chance. But the GC’s internal clients wanted to fight. The GC asked them this question: “Is this the hill we want to die on?”

The GC attributed this story to a grizzled non-commissioned officer in Vietnam, who asked it of an inexperienced lieutenant before the start of a battle. Packaging stories in the form of questions is effective and engaging, and engagement leads to better decisions.

No. 6: “We fired the plaintiff in a knee-jerk reaction because he is a jerk. But, we need a reason that sounds better. I don’t want to sound dumb.” When in doubt, resort to the truth, counseled Mark Twain.

Why don’t people use the truth more frequently? Managers want to appear as if they always act wisely and deliberately, not emotionally and in haste. But jurors understand jerks, having certainly worked with one. Embrace truth; eschew elaboration.

No. 7: “But I was so close to the plaintiff. How could she do this to me?” I defended a case that involved a manager accused of sexual harassment. He was so upset by the allegations that he would get up in the middle of the night and re-read the complaint, trying to answer this anguished question.

Sometimes, there’s no answer to find beyond the truth of who the players are. My mother said that people never change; they only reveal themselves.

No. 8: “I can’t change my position. I’ll look like a fool.” Consistency is a virtue. But any virtue, taken to its extreme, becomes a millstone, not a life vest. According to U.S. Supreme Court Justice Felix Frankfurter, upon changing his mind on a legal issue, “Wisdom too often never comes, and so one ought not to reject it merely because it comes late.”

No. 9: “XYZ is wrong. I’ve got to blow the whistle right now.” No column about stories is complete without at least one reference to the Bible. Ecclesiastes 9:4 counsels, “For to him that is joined to all the living there is hope: for a living dog is better than a dead lion.”

Yes, something may be wrong, and a time comes when a person must stand up for what is right. But, all too often, a client only will get to do so one time before facing termination and possible ostracism. So, the client needs to make it count. Ecclesiastes delivers this message better than all the bloviated advice counsel can give.

No 10: “Just tell me what to do. You’re the general counsel.” The client, through the board and the C-suite team, makes decisions — not the legal department. As the Buddha told his disciples, people must be “lights unto themselves.” Counsel only can advise, never direct.

Maslanka ends his piece by stating that “even GCs in the biggest companies, possess zero organization-chart authority to direct those outside the legal department to do things. But, like all lawyers, they have something more powerful: moral authority. Stories help lawyers leverage that authority, because they are not lectures, which are ineffective, but reminders, which are effective.” I would hold that the same is true for the CCO. So, as Maslanka says, “Here’s to stories. Tell one.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Four Keys to Compliance Leadership

One of the most divisive moments in American history occurred on this date in 1868. On this day the US Senate voted against impeaching President Andrew Johnson thereby acquitting him of having committed “high crimes and misdemeanors” as required under the US Constitution. After all the arguments had been presented for and against him, Johnson waited for his fate, which hung on one swing vote, as there is a Constitutional requirement that requires a vote of 2/3rds of the Senate for impeachment. The vote was one short, at 35-19. Johnson was acquitted and finished out his term. If Johnson had been impeached, it surely would have led to a very different political development in the US, where not liking the sitting President could have become a constitutional basis for impeachment.

The Radical Republicans who ran the Congress immediately after the conclusion of the Civil War certainly did not think much of President Johnson’s leadership style. So what about you as a compliance officer? Certainly part of your leadership is implementing and enhancing policies and procedures? In many ways it is the human element, which President Johnson sorely lacked, that you may well need to devote most of your time focusing on. I recently read an excellent article it the Corner Office section of the New York Times (NYT), entitled “We’re Family Yes, but We’re Still Accountable”, in which Adam Bryant reported on his interview with Brooke Denihan Barrett, the co-Chief Executive Officer (co-CEO) of the Denihan Hospitality Group (Denihan), a 50-year old family business which focuses on the hospitality business.

Training

One of the things that Barrett has learned is how to train people. She explained that “I thought the way you got things done was by telling people what to do. That’s where I learned what not to do. I spent a good portion of my time telling people what they did wrong instead of really encouraging them about what they did right.” She came to realize that was perhaps not the best way to manage people and “learned to cut people some slack.” She said that she found “that you get a lot more with the carrot routine than the stick routine. I also realized that you really needed to explain the “why” of things. You need to give people a little bit of space to come around, and say, “Yeah, that makes sense,” before you really engage them in what needed to be done.”

I found that her final point may be critical for compliance training. By explaining the why of compliance, employees can better understand what the company is trying to accomplish. So if your goal is to do business in an ethical manner, then explain this and how the company’s compliance program will help to accomplish this goal through its policies and procedures.

Accountability

One of the things that Barrett emphasized was the erroneous perception that because her company was a family business there was no accountability. She made clear that “You have to set certain standards that you want people to live up to. And if people need help, then we want to help them along the way.” However, accountability is a two-way street. Just as the employee must be held accountable, so must the company in terms of providing support to allow employees who want to do the right thing and to do their job well. Barrett said, “Sometimes organizations can fall down if they don’t also ask: How do you give people the tools they need to be successful? How do you get that person to understand what change needs to happen, and how do you help them along the way? Because people can’t always figure it out on their own, and nor should you expect them to.”

Listening

Many of the CEOs that Bryant interviews for his Corner Office section speak about the need for listening skills. Barrett was no exception. But as CEO she found that employees were sometimes reluctant to speak openly and candidly with her. So she began to meet with employees in small groups of 10 to 12 people. At Denihan they call them ‘Roundtables’. Barrett said that she will say to them ““Tell me something I don’t know.” And I’ll get comments like: “Oh, but you know everything. You’re the C.E.O.” It’s just a reminder of the perceptions that people have of the head of the company. But every time I ask that question, I learn something new.” Imagine as a compliance officer if you were to ask that question in a roundtable, what do you think you might hear back from your company’s employees?

Barrett also spoke about how to have a ‘difficult conversation’. She said that if there is a mistake made she views it as an opportunity for learning and professional growth. At Denihan, they call them ‘lessons learned conversations’ and they may occur with a group where a problem has arisen. Barrett related, “we might bring people together in a room who were involved in a project and ask: What were the things that worked? What were the things that didn’t? What could we have done differently? And we’ve had some very spirited and cathartic conversations. You have to be able to let people put something on the table without actually pointing the finger. It allows things to come out in more of a non-accusatory manner.”

Hiring and Promotion

These are two key areas in compliance that are finally beginning to receive the attention that they deserve. Barrett’s thoughts on how she views these in the context of her interviewing are instructive. She acknowledged that by the “time somebody meets me, you can assume that the skills are there. So what I interview for is fit. And I’m always very curious to know, what is it about our company that appeals to that person?” She asks specifically about culture, requesting the candidate define it and how do you think that culture is special. She also asks candidates to talk about a failure and what lessons that they learned from the experience and how they dealt with the experience. I would suggest that both of those lines of inquiries should be used when evaluating a candidate for hire or promotion.

Barrett’s interview provided some interesting insights on leadership. Moreover, her experience in professional growth has shown there are different styles and techniques that you can successfully use in your company’s compliance program. Train people on the reasons why your company is doing compliance so that they will understand how to do it. Make them accountable but also provide them with the compliance tools and support to do business the right way. If there is a problem or issue, use it as a lesson learned so that employees can profit from the experience. Lastly, make a discussion of culture a cornerstone in your hiring interview or promotion interview process.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Scam Artists from Texas and Compliance Risk Management

Billie Sol Estes died yesterday and when it comes to scam artists from the great state of Texas, before there was Allen Stanford and his magical Certificates of Deposits located in his private bank in Antigua, there was Billie Sol Estes. Before Sir Allen came along, Billie Sol had a 50 year run as the King of Texas Swindlers. He was most well-known for his scam involving phony financial statements and non-existent fertilizer tanks to loot a federal crop subsidy program. He went to jail for mail fraud over this scheme, although his conviction was later over-turned. But his lasting legacy may be the following quote by former Associated Press (AP) correspondent Mike Cochran, who recalled writing how Estes made millions of dollars in phone fertilizer tanks scam and noted “how many city slickers from New York or Chicago can make a fortune selling phantom cow manure?”

Billie Sol’s risk tolerance was quite high and his implementation of a risk management plan may have seemed, well, rather 1950ish. Hopefully your company is a tad more mature in this process. But after you have identified a compliance risk, what should the next steps be for a company’s Chief Compliance Officer (CCO)? This question was explored in an article by C. J. Rathbun, in the May/June issue of Compliance and Ethics Professional Magazine, in an article entitled “You’ve identified a corporate risk—what next?”. Rathbun believes that any consideration of such an identified risk will be in the context of three key questions:

1. The severity of the risk weighed against the company’s appetite for risk.
2. How the company has performed in the past on managing similar risks and if so, what the impact might be on the company if the risk actually occurred.
3. The probability or likelihood of the risk event occurring.

I.                   The Compliance Report

Rathbun explained that a CCO needs to consider several questions when shaping the report which will go to the management group or Chief Executive Officer (CEO) to make any decision on whether a new risk should be accepted. These questions include:

• Who is the audience for the report? Will it be the CEO, Board of Directors or some other senior management group or council? Further, what is the level of trust between the CCO and those constituent groups? Has the CCO been elevated to a C-Suite level position within the company? Could the audience be a regulatory body or perhaps even a Judge?
• What is your company’s organizational structure? In this question you need to consider how decisions of this dimension are usually made in your company.
• What reputational risk for the company should be anticipated? This is the Wall Street Journal (or New York Times) questions. How would your CEO feel if he woke up to read about your company and its decision being on the front page of the Wall Street Journal?
• What should be incorporated into the report? Should other business concerns be incorporated into the report, such as financial or other legal issues?
• How should the report be presented? In what format or with what technology should the report be presented? Will the group or person tasked with making the decision accept a written report or will it simply be a high-level PowerPoint presented to a Board of Directors?

 II.                Weighing the Options

Once the report is considered and the options weighed, what are some of the possible outcomes that a company may utilize? Rathbun breaks the options down to four. The first is risk avoidance, where a company decides that the risk is simply too great. The second option is risk management, where the company implements procedures to manage the risk and then monitors the risk closely. The third is risk shifting where some portion of the risk is transferred through insurance or other mechanism. Fourth, and finally, is that the company can simply accept the risk, so risk acceptance.

III.             Implementation

Rathbun believes that the risk management choice is the one which may well take the most work, particularly for a CCO. You may be required to create new policies and procedures to assist in the risk management process. Any new policies and procedures will need to be implemented with attendant training for the affected employees. There will need to be follow-up monitoring to ensure engagement and accountability.

IV.              Confirming Changes in Behavior

Rathbun articulates that are two mechanisms by which a “checkback” can be performed on policies, procedures, actions and employee accountability. These two mechanisms are monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, more aggressive approaches may be required such as the addition of follow-up assessments to confirm effective management of the new risk.

Rathbun cautions that the use of more standard tools to “checkback” should also be utilized. These include compliance by third parties, testing or otherwise gauging employee knowledge regarding the risk management program and even hotline complaints. Rathbun also suggests that relatively new tools such as transaction monitoring, relationship monitoring and real-time party monitoring of third parties should be considered.

V.                 End Goal

Rathbun believes that the end goal should be “to allow the company to identify a growing concern before it becomes an issue—before consumers are harmed or regulators become concerned.” While a well-structured program does require vigilance it also allows the opportunity for continuous improvement for your company. Rathbun concludes by stating that your goal should be to “help ensure that you and your company ‘will get the first crack’ at addressing a problem, if one occurs.”

I found the Rathbun article to provide a good method for the compliance practitioner to think through, then design and implement a risk management plan, within the context of your overall compliance program. Although she never states it, a key component that she outlined is the Document, Document, Document component of any compliance program. The Department of Justice and Securities and Exchange Commission said in their FCPA Guidance “In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.” I believe that you can achieve such a carefully designed and earnestly implemented risk management program by using Rathbun’s suggestions.

Finally, if a long, tall Texan comes to you wanting to borrow money against some fertilizer tanker; do not just turn and walk, run in the other direction.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How Much Due Diligence is Enough?

Do you really know who you are doing business with in your supply chain? How much due diligence is enough? Should you update your due diligence on a regular basis? How about on a continuous basis? What ethical considerations come into play in the manufacturing sector, in the supply chain? These questions, and perhaps more, came to me as I was reading about the recent tragedy in Bangladesh involving the collapse of Rana Plaza. At this time, there are 433 confirmed dead and police report that 149 people are still missing in what has become the worst disaster for Bangladesh’s $20 billion-a-year garment industry. The collapsed building was built and owned by Mohammed Sohel Rana, he was not the owner of the factories that operated in Rana Plaza; he was simply the building owner and landlord and, therefore, is legally required to provide a safe structure

In an article in the New York Times (NYT), entitled “The Most Hated Bangladeshi, Toppled From a Shady Empire”, reporter Jim Yardley wrote about Mr. Rana’s rise to power and the problems that companies face when trying to do the right thing regarding corporate social responsibility in general, and bribery and corruption specifically, in the supply chain. This problem has become much more public for clothing companies who purchase finished goods from countries like Bangladesh. This is because even if you know who you are directly contracting with, your company may not know the subcontractors or your direct counter-party and you probably have no chance to know who the building owner or landlord might be. Finally, how can you determine if the building where your products are being produced meets minimum building code standards or is even safe to work in at all?

Rana Plaza was originally designed as a five story building. Yardley’s article details the methods that Rana used to secure the land and the permits to construct the building. Yardley reported, “To build Rana Plaza, Mr. Rana and his father bullied adjacent landowners, the landowners themselves say, and ultimately took their property by force. His political allies gave him a construction permit, despite his dubious claims of title to the land, and a second permit later to add upper floors that may have destabilized the building.” After the building was completed Mr. Rana successfully leased “out the existing five floors and gotten a permit from the local mayor, a political ally, to build additional floors. Mr. Khan, the former mayor, said this practice created serious risks, since officials were handing out permits, often for bribes, without insisting on the necessary safeguards.”

On the day before the building collapse “Workers on the third floor were stitching clothing when they were startled by a noise that sounded like an explosion. Cracks had appeared in the building. Workers rushed outside in terror. By late morning, Mr. Rana’s representatives had brought in Abdur Razzaque Khan, an engineer. Taken to the third floor, Mr. Khan examined three support pillars, and became horrified at the cracks he found. “I became scared,” Mr. Khan said. “It was not safe to stay inside this building.” He rushed downstairs and told one of Mr. Rana’s administrators that the building needed to be closed immediately. But Mr. Rana was apparently not impressed; he was holding court with about a dozen local journalists.”

Yardley quoted another journalist, Shamim Hossain, a local newspaper reporter, who reported that Mr. Rana said, “This is not a crack. The plaster on the wall is broken, nothing more. It is not a problem.” Unfortunately the next day the building collapsed.

Rana had rammed five separate garment factories into his now eight story building. How many people were employed there? I don’t think anyone will ever know the true number. As for Mr. Rana, perhaps understanding his personal criminal exposure for these actions, he was caught trying to flee the country. He is now in police custody. He, of course, says it was the evil factory owners which caused the entire catastrophe.

If your company is a US or EU purchaser of such finished products, what should your response be? In another NYT article, entitled “Some Retailers Rethink Role in Bangladesh”, reporter Steven Greenhouse noted that the Walt Disney Company “in March ordered an end to production of branded merchandise in Bangladesh.” Greenhouse said, “Disney’s move reflects the difficult calculus that companies with operations in countries like Bangladesh are facing as they balance profit and reputation against the backdrop of a wrenching human disaster.”

But is this the right response? In an article in the Financial Times (FT), entitled “Business must lead in Bangladesh”, John Grapper wrote “The first thing western companies need to do is the simplest: to stay in the country and to keep providing jobs for women, not to withdraw because they fear being tainted by association. Despite everything, the industry provides better-paid jobs than the alternative – working on rural farms – and has helped to emancipate women.”

Gapper further argues that US and EU retailer collective action is the only thing which will force change upon a corrupt Bangladeshi government. He said, “The second thing brands and retailers must do is band together. The factories they directly oversee in export zones tend to be better run. But they exert weak influence over the contractors and subcontractors that comprise most of the industry. Retailers use auditors to inspect suppliers but lack the information or power to stop abuses. Rana Plaza shows the difficulties. Planning and building controls are lax in Bangladesh and there is no simple way to check whether a factory is properly built. Raising building standards is beyond the power of any single company – it needs concerted action.”

Many have argued that the US government in particular has no place in enforcing its version of morality, in the form of the US Foreign Corrupt Practices Act (FCPA). But rarely is the flip side of this argument discussed, that being where a business solution can help to end corruption. Gapper notes this reality with the following, “Collectively, companies could push the government to overcome the obstacles of corruption, hidden army influence and factory owners who double as politicians. They hold the buying power in a sector that makes up 13 per cent of gross domestic product.”

What is the cost of bribery and corruption? I think that we are seeing it played out daily in Bangladesh as each body is pulled out of the rubble of the Rana Plaza. As a US company, how can you manage your FCPA risk? Should you perform due diligence on your landlord? I do not think any US company would think more than a nano-second when answering that question if they were leasing office space for their own employees. But the tragedy at Rana Plaza does beg the question, how much due diligence is enough and how far is far enough down the supply chain?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Get Out of the Ivory Tower – Using Internal Corporate Resources to Facilitate the Compliance Function

The second day of Hanson Wade Oil and Gas Supply Chain Compliance conference in Houston packed as much solid information into it as did the first day. One of the sessions dealt with utilizing other corporate functions to assist a compliance department in implementing or enhancing a compliance program. There are many resources which currently exist inside your organization and if you are in the position where you must use internal rather than external resources, this post will detail some of the functions which you may be able to call upon inside your organization.

You should start with a basic approach which the speaker termed “Get Out of the Ivory Tower”. He explained that the compliance department must obtain realistic input from geographies, cultures, business units and corporate functions within the company. As he rather succinctly put it to the audience “A procedure which may work in Texas may not work in Indonesia.” He also counseled to train in local languages. This may mean more than translating your talk into one language. He gave the example of his training in Spain where he had dual translations going, from English into Spanish and Catalan.

Part of this translation issue led to his next point, which was not to believe your own story or even worse, your own propaganda. Simply because a Country Manager says something is true means does not mean that it is true. Internal controls, monitoring and auditing are important to test that you are actually doing compliance rather than simply saying you are in compliance.

In determining what other departments might be able to assist the compliance function, the speaker suggested that you should start with three inquiries. They were:

1. What can yours do? This is the initial assessment that you need to make about what your compliance department can do. What are your resources and budget? Start with this question.
2. What can theirs do? In looking around your company, next ask this question. What are the functions of the departments? Are there things that they are currently doing which can supplement the compliance function? Are there functions in that department’s core function which can assist the company in the doing of compliance?
3. How many employees does each of you have? An obvious concern is the number of employees that are available to assist the compliance function.

What are some of the other corporate functions that might assist the compliance department going forward? An obvious starting place is Human Resources (HR). The speaker listed several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touch every site in the company, globally. HR is generally seen as more approachable than many other organizations in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

Obviously, HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert so you can turn to them for any of your compliance program requirements which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If you company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

There are many ways to implement or enhance a compliance program in a company. If you do not have the luxury of creating an entire compliance department with an unlimited budget, you may be able to call upon other areas of corporate expertise to facilitate your role. Do not be an Ivory Tower.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Remedies of FCPA Violations – Lessons Learned from the Boeing 787 Lithium-ion Battery Issue

Over the past three months, the aircraft manufacturer Boeing has gone through a public relations nightmare and financial disaster over the failure of lithium-ion batteries in its new flagship aircraft, the 787. This Boeing case study can provide some interesting lessons for the compliance professional who is working under a Foreign Corrupt Practices Act (FCPA) or Bribery Act compliance program.

One of the issues raised over this matter was the use of third party supplier and subcontractors to third party suppliers for the design and manufacturing of the batteries. As reported in a New York Times (NYT) article by James B. Stewart, entitled Japan’s Role in Making Batteries for Boeing, the construction of the batteries at issue was outsourced by Boeing to a Japanese company called GS Yuasa. Stewart’s article points out the need for close review of suppliers and what can happen if the quality does not meet the standards required for the project. In an article entitled, “Boeing and the Conduct of Due Diligence on Sub-Suppliers”, I considered the use of sub-suppliers from the anti-corruption/anti-bribery compliance program perspective. In this post, I will consider Boeing’s response to the problem of the failure of the lithium-ion batteries.

In a Wall Street Journal (WSJ) article, entitled “How Boeing Rescued the 787”, reporter Andy Pasztor discussed the background to Boeing’s problems and the company’s response. The planes, which have been grounded since mid-January due to “The images of the burned batteries—one of which prompted an emergency landing and passenger evacuation of a Dreamliner in Japan—tarnished a plane that Boeing executives have said is key to its future.” While the company has not “disclosed the cost of the 787′s grounding, but analysts say the company could have to pay penalties to customers. The grounding also halted new Dreamliner deliveries, delaying hundreds of millions of dollars in revenue.” Further, the public relations disaster was palatable.

Somewhat naively, after the initial grounding, Boeing executives “told FAA officials that a few easy changes in cockpit checklists, some enhanced battery inspections, and stepped-up surveillance of battery health during flights would be enough to solve the problem.” But that was not good enough for Transportation Secretary Ray LaHood who said at “a news conference the planes wouldn’t resume flying until regulators were “1,000% sure” they were safe.” Based on this statement, it became clear to Boeing that “the FAA would insist on more extensive and time-consuming changes.”

Yet, even in the face of Secretary LaHood’s pronouncement, Boeing’s engineers were frustrated in all their attempts to determine the cause of the batteries’ failures. As reported by Pasztor, “By the end of the first week on the ground, Boeing “had 500 engineers dedicated to understanding” the complex technical issues, Mike Sinnett, the 787′s chief engineer, said last month. Their next focus was to try to pinpoint the specific cause of internal battery short circuits, and develop a targeted engineering solution. Boeing teamed up with government investigators from the U.S. and Japan, but the goal remained elusive.”

From these initial frustrations, Boeing engineers turned to the concept of a “containment box.” The containment “box serves several purposes: withstanding higher temperatures than the old design, and keeping dangerous chemicals from leaking. It also vents smoke outside the plane, and in the event of overheating automatically sucks oxygen from the battery. That is intended to snuff out any fire in a fraction of a second.”

I think that Secretary LaHood was on to something when he said that the 787 would not fly again until “regulators were “1000% sure” they were safe.” It is not simply a fix on a specific issue, although that is a part of any solution. But the solution must be reviewed with a holistic approach in mind. There must be additional protections in place so that if there is another failure, that failure will be contained. For Boeing this would prevent a replay of the scene on the Japan Airlines 787 where a fire in the lithium-ion batteries spread outside the battery itself.

From the anti-corruption/anti-bribery compliance program perspective what I found interesting was the final solution which Boeing hit upon, even if forced to by Secretary LaHood. Since Boeing was not able to determine the specific cause of the lithium-ion batteries failures, it took a more systemic approach to the remedy. The company “shifted to wide-ranging internal battery fixes aimed at combating a variety of potential causes.” This is the type of response which we saw highlighted in the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance released last year. In the section on ‘Declinations’ the Guidance had information on six declinations to prosecute companies who self-disclosed FCPA violations. Two of the common factors to each declination were that (1) each company remedied the specific matter which gave rise to the FCPA violation but equally importantly (2) each company made their overall compliance program more robust.

In other words, do not simply remedy the conduct at issue; make sure you catch it quickly before it spreads. This would also equate to McNutly Maxim’s One and Two. 1-What did you do to prevent it?and 2-What did you do to detect it? Or as my process oriented wife might say, ‘you need a second set of eyes on it’ to validate the process and prevent failure in the process.

Perhaps the most interesting thing about this entire Boeing 787 episode is to show the intersection of anti-corruption/anti-bribery compliance and safety. I have often pondered how closely these disciplines seem to interact and overlap. I think that this Boeing situation shows that we in compliance can learn quite a bit from our colleagues in safety.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

In the Limelight-the Theater, Lady Gaga and Compliance

What is your favorite Canadian group? For my money it is the band Rush. My favorite Rush song is probably “Limelight”. How many times have you heard about ‘being in the limelight’? The phrase comes from the British theater where lights in the theater used quicklime. Although long since replaced, lighting in the British theater is still called ‘limes’.

I thought about Rush and their hit song when I recently read a couple of articles on leadership in the theater. I found that some of the insights in these articles could be applied in a compliance program for a multi-national company. In an article in the New York Times (NYT) Corner Office Section, entitled “First, Make Sure Your Idea Works On a Small Stage”, reporter Adam Bryant interviewed Francesca Zambello who is both the general and artistic director of the Glimmerglass Festival and the artistic director of the Washington National Opera.

Think Small

Zambello had a very interesting point that I do not consider often. She said that one of the most memorable lessons that she ever learned from a mentor was to make sure that your creative idea will work on the small stage. By this she did not mean that you cannot have a big idea or large concept. Instead “The most important thing he ever taught me was that if you don’t make sure the show is right in a small room, it will never be right in a big space, on a big stage.”

I found this comment particularly insightful in the context of the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance. The FCPA Guidance makes clear that a company should design a compliance program which is appropriate for its size, markets and risks. There is no one standard and the FCPA Guidance states: “DOJ and SEC have no formulaic requirements regarding compliance programs. Rather, they employ a common-sense and pragmatic approach to evaluating compliance programs, making inquiries related to three basic questions: • Is the company’s compliance program well designed? • Is it being applied in good faith? • Does it work?”

I have seen many instances where a company will try and implement a compliance regime which is appropriate for a company many times its size. It becomes a top down exercise but as noted in the Zambello interview, it does not work well in the smaller setting because it is not assessing and managing the risks appropriate to a small company. Here a bottom up approach can be much more effective. Certainly this could be accomplished through a formal risk assessment but it may also come through talking and meeting with your internal business units or partners. Such informal assessments can provide valuable information which may work on a ‘smaller stage’ than a compliance program designed for a multi-billion, multi-national company.

Learn How to Fail

Another insight I garnered from the Zambello interview for the compliance practitioner was what she termed “You have to learn how to fail.” She believes that in any position you are in, that you are going to fail. But the real key is that “if you don’t fail, you are probably not that good.” Lastly, if you fail you have to learn to pick yourself up, “The more you get knocked down, the more you learn to pick yourself up.”

In the context of the FCPA Guidance, “DOJ and SEC understand that “no compliance program can ever prevent all criminal activity by a corporation’s employees,” and they do not hold companies to a standard of perfection. An assessment of a company’s compliance program, including its design and good faith implementation and enforcement, is an important part of the government’s assessment of whether a violation occurred, and if so, what action should be taken.” Clearly how a company handles any Foreign Corrupt Practices Act (FCPA) violation is an important key to any DOJ or SEC analysis regarding enforcement.

However, the other point for the compliance practitioner is that not everything should always go right under your compliance regime. Not every third party business representative you look at should pass muster under your process for approval. If everyone does, your process may not be robust enough. Not all of your employees do everything right all the time. If you have never disciplined an employee for a violation of your company’s Code of Conduct or compliance program, you should look to determine if this area needs to be explored as not every expense report is always correct. Lastly, if there has never been a substantial tip to your anonymous reporting line, this is an area which should also be explored. You may need to conduct more, or better, training so that employees understand that they can report incidents in confidence, without fear of retribution.

Be Courteous

Another interesting topic that Zambello discussed was the following, “I think that good manners matter a lot…Some of those are old fashioned things, but manners don’t cost anything.” Think about it – when was the last time you had a discussion of manners or even courtesy? This point is not something which is discussed much in the compliance arena but I think that courtesy is something that compliance practitioners need to be aware of when involved in a multi-national compliance program. Be sensitive to cultural norms in other countries and be respectful of them. As my very southern grandmother used to say, you are never wrong being courteous. Lastly, do not forget the cost for being courteous, nothing. But the benefits can be quite great.

From Lady Gaga to Compliance

For a different type of theater and how it relates to your compliance program, I recently came across an article in the Financial Times (FT), entitled “In need management tips? Try Lady Gagahttp://www.ft.com/intl/cms/s/2/da6559ce-a289-11e2-9b70-00144feabdc0.html#axzz2Qcpc6zzT”, by reporter Miles Johnson. (While some might suggest that Lady Gaga is a musician, I certainly think she is all about theater so it ties in with the above, really.) Johnson’s article reviews the work of Salvador Lopéz, a marketing and research professor at Spain’s ESADE business school. Lopéz believes that the world of business can learn quite a bit from the Lady Gaga’s of the world and I found that a couple of them apply to the compliance arena.

The first is that Lady Gaga generates emotions in her fans. Lopéz likened this to Steve Jobs who created “an entire style at Apple and made people feel things through his products.” Here I think that this applies to compliance because most employees want to do the right thing and will feel better about themselves if they conduct business in an ethical manner. The key for the compliance professional is not only to provide the processes and procedures for them to do so but to also acknowledge those employees who follow a company’s ethical business values. This can occur through financial incentives such as part of an employee’s discretionary bonus awards; promotion of employees who conduct business in accord with a company’s ethical practices or even something as simple as a companywide acknowledgement. The point is to make people feel that something positive for doing compliance the right way.

The second point that Lopéz gleans from performance artists like Lady Gaga is that they are much better in the use of technology than most companies. There are now a plethora of technological tools available to assist the compliance practitioner. I firmly believe that the DOJ and SEC have communicated that transaction monitoring will become a standard best practice quite soon, but certainly within the next 18 months. There are companies, such as Oversight Systems to name but one, which have technological tools to help move to this standard. But that is only one of many tools available to assist in your compliance program. So take a clue from Lady Gaga and ‘keep it fresh’.

These two articles demonstrate that the compliance practitioner can draw from a wide variety of sources and disciplines for inspiration to incorporate into a FCPA or UK Bribery Act compliance program. Further, the tools are out there to help you. I hope that this article has given you some ideas while drumming your fingers along to Rush or Lady Gaga for that matter.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How To Demonstrate Ethics and Compliance – Earn It, Re-Earn It and Re-Evaluate It

What should your company do if it finds itself in a situation where some of its senior leadership has engaged in conduct which violates its own ethical standards or external legal standard such as the Foreign Corrupt Practices Act (FCPA)? Assume your company is now in McNulty Maxim No. 3 of “What did you do about it?” as you have investigated the conduct and disciplined the senior management in question. However, you want to go further and try to take steps that will detect and prevent the conduct in the future.

A current example of this is going on in the US military. In reaction to recent scandals involving lapses of personal character, the US military has instituted a series of changes to help military commanders to focus on ethical standards. In an article in the New York Times (NYT), entitled “Conduct at Issue as Military Officers Face a New Review”, Thom Shanker discussed a range of responses that the military will pursue. He reported that “The new effort is being led by Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, as part of a broad overhaul of training and development programs for generals and admirals. It will include new courses to train the security detail, executive staffs and even the spouses of senior officers.” The article quoted General Dempsey as saying, “Conversely, you can have someone who is intensely competent, who is steeped in the skills of the profession, but doesn’t live a life of character. And that doesn’t do me any good.”

The military has initiated three broad responses. The first is a “regularly scheduled professional reviews would be transformed from top-down assessments to the kind of “360-degree performance evaluation” often seen in corporate settings.” A 360-degree review is one which comes from members of an employee’s immediate work circle. Most often, 360-degree feedback will include direct feedback from an employee’s subordinates, peers, and supervisor(s), as well as a self-evaluation. It can also include, in some cases, feedback from external sources, such as customers and suppliers or other interested stakeholders. The results from a 360-degree evaluation are often used by the person receiving the feedback to plan and map specific paths in their development.

While acknowledging the challenges from that comes from a subordinate review in a top-down hierarchical structure, such as the military, General Dempsey stated that “we’ve developed some bad habits” and that “It’s those bad habits we are seeking to overcome.” The article quoted Richard H. Kohn, a professor emeritus at the University of North Carolina, Chapel Hill, who specializes in military culture who said “he thought the 360-degree evaluation would have a positive effect on the leadership styles of many officers. He also stated that “It will reduce what the military calls ‘toxic leadership,’ elevating those who are highly competent but also fair and less brusque and peremptory.”

The second response was increased training on values. “General Dempsey said the demands of combat deployments in the past decade had prevented officers from attending the academic programs that historically had been integrated into an officer’s career every few years, and he pledged to rebalance that.” I found this quote very fascinating as it showed the extent that the military uses outside resources, I.E. civilian academic programs to supplement training on military values. Due to the increased deployments since 9/11, these traditional academic rotations have been less ongoing. Dr. Kohn found that these new training programs are a good enhancement to military training as “most officers need to be reminded of the rules and regulations on a routine basis.” But this training will go past simply the senior officers as “new programs will be instituted to ensure that a commander’s staff, and a spouse, are fully aware of military regulations.”

The third component will be more internal audits. The articled noted that “Under General Dempsey’s plan teams of inspectors will observe and review the procedures of commanders and their staffs. The inspections will not be punitive, but will provide a “periodic opportunity for general officers and flag officers to understand whether, from an institutional perspective, we think they are inside or outside the white lines.”” I found this component to be similar to the ‘Mock Audit’ concept that is used in the power industry that I recently wrote about in the post “In Praise of the Mock Audit”. A ‘Mock Audit’ is a mechanism by which a compliance team can go into a facility and not only try to determine what might need remediation but, equally importantly, help the employees in that facility to move towards greater compliance.

For the FCPA compliance practitioner, this response by the US military has some very interesting parallels to what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) say should be in your FCPA compliance program. The DOJ/SEC FCPA Guidance demonstrates that a company should strengthen and supplement its compliance program on causes underlying the compliance issues which arose. The Guidance states, “An effective compliance program promotes “an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” Such a program protects a company’s reputation, ensures investor value and confidence, reduces uncertainty in business transactions, and secures a company’s assets. A well-constructed, thoughtfully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations. [emphasis supplied] Further, in its section on Declinations, one of the six common elements which companies that received declinations engaged in was to make their compliance program more robust around the FCPA violation which arose. Clearly the DOJ and SEC believe that a company with a strong compliance system and culture will not only be in better position to comply with the FCPA but will be a better company.

General Dempsey clearly believes that the military has high ethical values. Shanker wrote that “He said the issue of understanding the military as a profession, and not just an occupation, had fascinated him since his days as a junior officer; he would be subject to the same rules, regulations and assessments he now is championing.” Shanker ended his article with the following quote from General Dempsey, “In my 39 years in the military, I have learned that you are not a profession just because you say you are,” he said. “You have to earn it and re-earn it and re-evaluate it from time to time.”

To me that sounds something like the following-you are not an ethical company because you say you are but because you do compliance by putting in the policies and procedures to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

March Madness and Discipline Under the FCPA

Tonight is the finals of the NCAA Men’s Basketball Tournament, known as March Madness. As I went to law school at the University of Michigan, I will be pulling for the Wolverines to win the big game. If you are not a Louisville or Big East fan I hope that you can pull for us or at least throw some good mojo UM’s way as we may need all the help we can get. Go Blue!

One of the things made clear in the FCPA Guidance is that employees who engage in violations of the Foreign Corrupt Practices Act (FCPA) must be disciplined. One of the Ten Hallmarks of an Effective Compliance Program is discipline. The Guidance says that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. But what if an employee’s conduct is something less than a clear violation of the FCPA? What if an employee goes right up to the line, stands next to it and kicks dirt on that line but never (seems) to go over. What should you do?

Imagine a scenario like the following. Your company is engaged in delicate negotiations to merge with another entity which will greatly increase the scope of your brand. You obviously do not want any negative information to leak out into the public sphere that your company does not follow its own Code of Conduct or the ethical values that it publicly espouses. You are brought information that one of your top sales people has engaged in a pattern of conduct that would appear not to meet your own company standards. Further, it turns out that there are videos showing the conduct in question. Not only do you see it but the company’s head of Human Resources (HR), Chief Financial Officer (CFO) and General Counsel (GC) see it as well. An internal investigation commences and it is determined that no laws are broken so you privately discipline the employee in question.

The merger goes through and thereafter it is decided that an outside law firm should conduct a more thorough investigation. This outside counsel interviews a full range of company employees and reviews internal company communications. Other company employees say that the employee in question is just very passionate about his job. However, it turns out that the focus of this outside law firm’s investigation was to determine if firing the employee in question would give that employee a basis to sue the company for wrongful termination. (The company in question is not located in the great state of Texas where you can fire anyone for a good reason, bad reason or no reason.) But even the outside law firm’s report does note that the employee in question did ‘cross the line.’ Yet you decide that no further discipline or even a follow up on the employee in question is warranted.

Now assume that the videos in question become public. There is outrage. Even the company President says that after reviewing the video it only took him “five minutes” to decide to fire the employee in question. The employee is fired and questions are being asked why you did not fire the President as well?

The above fictional scenario was based on the New York Times (NYT) article, entitled “Rutgers Officials Long Knew of Coach’s Actions”, by reporter Steve Eder. In his piece Eder details the long trail of evidence that Rutgers had been made aware of regarding the abusive behavior of its men’s basketball coach Mike Rice. Even after two investigations and presentation of a video showing Rice throwing basketballs at players, kicking them and taunting them with “homophobic slurs” Rice was not fired. Rice was reprimanded, fined and the University assigned its “sports psychologist to work with the team”. It was not until this video went viral and the whole world saw the abuse that Rice meted out to his team at practices did the outrage become sufficient enough for Rice’s termination. The Athletic Director, who had been made aware of all of the above, had requested the internal and external law firm investigations,  yet did not terminate Rice, was required to resign from all the fallout.

So just how much does it take for an entity to follow its own values? What about the employee who does ‘cross the line’ and does business in an unethical manner? Is that someone who can be trusted to follow the rules and laws like the FCPA? The FCPA Guidance makes clear that appropriate discipline should be “fairly and consistently applied across the organization. No executive should be above compliance, no employee below compliance, and no person within an organization deemed too valuable to be disciplined, if warranted. Rewarding good behavior and sanctioning bad behavior reinforces a culture of compliance and ethics throughout an organization.”

I often talk about the Fair Process Doctrine and how it behooves company’s to treat employees fairly. However, there is also a responsibility for a company to act appropriately when its employees engage in conduct that is not illegal but is so far outside the acceptable norms that it cannot be condoned. Remember what is true for Rutgers is also true for businesses in the private sector.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013