FCPA Compliance and Ethics Blog

April 10, 2014

Asking Questions To Build Your Compliance Program

IMG_3289On this day in 1932 President Franklin D. Roosevelt (FDR) enacted the Civilian Conservation Corps (CCC) declaring a “government worthy of its name must make a fitting response” to the suffering of the unemployed. He waxed poetic when lobbying for its passage, declaring “the forests are the lungs of our land [which] purify our air and give fresh strength to our people.” Of FDR’s many New Deal policies, the CCC is considered by many to be one of the most enduring and successful. It provided the model for future state and federal conservation programs. From 1933 to 1942, the CCC employed over 3 million men.

The CCC, also known as “Roosevelt’s Tree Army,” was open to unemployed, unmarried US male citizens between the ages of 18 and 25. All recruits had to be healthy and were expected to perform hard physical labor. Enlistment in the program was for a minimum of 6 months; many re-enlisted after their first term. Participants were paid $30 a month and often given supplemental basic and vocational education while they served. Under the guidance of the Departments of the Interior and Agriculture, CCC employees fought forest fires, planted trees, cleared and maintained access roads, re-seeded grazing lands and implemented soil-erosion controls. The CCC was a solution that was right for the place and time but its effects have lasted up through this day. There are still CCC built national parks and other facilities in use. We still drive over bridges built by the CCC.

I thought about the CCC, how it was such an effective organization for its time and how the results of its efforts have lasted over 80 years, in some cases, when I read an article in the April issue of Inc. magazine, entitled “35 Great Questions”, where Paul Graham, Jim Collins and other business leaders looked at some of questions that thought business leaders should be asking of themselves and of their teams. While the focus was not on compliance and ethics, many of the questions clearly could be viewed through such a prism. The key is that by asking good questions, as listed below, it “opens people to new ideas and possibilities.”

  1. How can we become the company that would put us out of business?
  2. Are we relevant? Will we be relevant five years from now? Ten?
  3. If energy were free, what would we do differently?
  4. What is it like to work for me?
  5. If we weren’t already in this business, would we enter it today? And if not, what are we going to do about it?
  6. What trophy do we want on our mantle?
  7. Do we have bad profits?
  8. What counts that we are not counting?
  9. In the past few months, what is the smallest change we have made that has had the biggest positive result? What was it about that small change that produced the large return?
  10. Are we paying enough attention to the partners our company depends on to succeed?
  11. What prevents me from making the changes I know will make me a more effective leader?
  12. What are the implications of this decision 10 minutes, 10 months, and 10 years from now?
  13. Do I make eye contact 100 percent of the time?
  14. What is the smallest subset of the problem we can usefully solve?
  15. Are we changing as fast as the world around us?
  16. If no one would ever find out about my accomplishments, how would I lead differently?
  17. Which customers can’t participate in our market because they lack the skills, wealth, or convenient access to existing solutions?
  18. Who uses our products in ways we never expected?
  19. How likely is it that a customer would recommend our company to a friend or colleague?
  20. Is this an issue for analysis or intuition?
  21. Who, on the executive team or the board, has spoken to a customer recently?
  22. Did my employees make progress today?
  23. What one word do we want to own in the minds of our customers, employees and partners?
  24. What should we stop doing?
  25. What are the gaps in my knowledge and experience?
  26. What am I trying to prove to myself, and how might it be hijacking my life and business success?
  27. If we got kicked out and the board brought in a new CEO, what would he do?
  28. If I had to leave my organization for a year and the only communication I could have with employees was a single paragraph, what would I write?
  29. What have we, as a company, historically been when we’ve been at our best?
  30. What do we stand for – and what are we against?
  31. Is there any reason to believe the opposite of my current belief?
  32. Do we underestimate the customer’s journey?
  33. Among our stronger employees, how many see themselves at the company in three years? How many would leave for a 10 percent raise from another company?
  34. What did we miss in the interview for the worst hire we ever made?
  35. Do we have the right people on the bus?

As a Chief Compliance Officer (CCO) many of these questions could be adapted to the compliance function or directly asked of you, your leadership and your team. One of the thing that bedevils many CCOs is time to think, plan and consider what Warren Berger, the author of “A More Beautiful Question”, says is the “inquiry’s ability to trigger divergent thinking, in which the mind seeks multiple, sometimes non-obvious paths to a solution.”

I often say that a key role for a CCO is listening but equally important is asking questions. Inc.’s list of thought-provoking questions can give you some excellent ideas about areas to explore with your compliance team, your senior management and the employees in your company. So start asking questions and start listening.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

 

April 8, 2014

Mickey Rooney and The 90 Cent Solution

Mickey Rooney as PuckWe begin today with a word on the death of Mickey Rooney. Rooney’s career, spanning nearly 90 years was certainly was from a different era. He was short of stature and long in his number of marriages but as Bob Lefsetz noted in his blog post tribute to Rooney, “But they stood in front of us twenty feet tall. At the drive-in. Even when the pictures truly got small on the tiny old screens of yore they emerged triumphant, because they were so good-looking, so charismatic. And if you were big enough, a bright enough star, your legacy lived on, even if your present day circumstances bore no resemblance to fame.” But here’s why there is always a place in my heart for Mickey Rooney. When I was very young I lived with my grandparents and one night I watched the 1935 movie version of Shakespeare’s A Mid Summer Night’s Dream on television with my grandmother. Rooney’s so over the top performance of Puck began for me a life long love affair with the Bard. So here’s to the grandmother that started me off on a lifelong love affair of Shakespeare’s works and here’s to the Mickster—you did it your way.

I have often considered the role of senior management is to set a proper ‘Tone-At-The-Top” to do business ethically and in compliance with anti-corruption laws like the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. Incentives to do business ethically and in compliance are also recognized as an important part of any best practices compliance program. The flip side of incentives is disincentives, such as discipline or financial penalties for affirmatively engaging in misconduct. But how far should such disincentives go and how strong should they be? Should there be penalties for not only affirmatively engaging in misconduct but also failing to monitor risk-taking that allows misconduct to occur? If the latter becomes prevalent, how close do we come to criminalizing conduct, which is arguably negligent and not simply intentional?

I have thought about several of these questions and many others over the past few days when reading about the ongoing struggles of General Motors (GM) over its Cobalt recall issues and Citigroup in regards to its Mexican banking operations. In an article by Gretchen Morgenson in the New York Times (NYT), entitled “The Wallet as Ethics Enforcer”, where she asked “Who decided—and who agreed—that 90 cents was too much to pay for each switch that would have fixed the problem that apparently led to 13 deaths? How much did that decision add to the bottom line and add to executives’ compensation over the years? What will the company have to pay in possible regulatory penalties and legal settlements?” One of her own answers to these questions reads, “While the shareholders of G.M. will shoulder the cost of the fines, the settlements and loss of trust arising from the mess, the executives responsible for monitoring internal risks like these are unlikely to be held accountable by returning past pay.”

Citigroup, which had previously indicated that it had been the victim of a huge fraud perpetrated by one of its customers in Mexico, Oceanografía. However, now Citigroup now faces both federal criminal and civil investigations over the affair. As reported in a Wall Street Journal (WSJ) article, entitled “Crime Inquiry Said to Open On Citigroup”, Ben Protess and Michael Corkery reported that both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have opened investigations “focusing in part on whether holes in the bank’s internal controls contributed to the fraud in Mexico. The question for the investigators is whether Citigroup—as other banks have been accused of doing in the context of money laundering—ignored warning signs.” For a bank to be criminally liable, “prosecutors would typically need to show that the bank willfully ignored warning signs of the fraud.” However, to show a civil violation, the threshold is lower and there may only need to be a showing that the bank lacked the proper internal controls or internal oversight.

In her article, Morgenson spoke with Scott M. Stringer, the New York City Comptroller, who is a strong advocate of corporate requirements which “make sure that insiders who engage in questionable conduct are required to pay the piper” in the form of clawback provisions. Stringer has worked with companies to expand clawback provisions beyond those mandated by Sarbanes-Oxley (SOX), which required “boards to recover some incentive pay from a chief executive and chief financial officer if a company did not comply with financial reporting requirements.” Now, clawbacks have expanded to require executives to return compensation “even if they did not commit the misconduct themselves; they run afoul of the rules by failing to monitor conduct or risk-taking by subordinates.” Stringer believes that such clawback provisions not only “speak to the issue of financial accountability but also to setting a tone at the top.”

Morgenson ends her article by noting that unless GM makes public its internal investigation, “we may never know how many G.M. executives knew about the Cobalt problems and looked the other way.” In the meantime though, this debacle shows the importance of policies that hold high-level employees accountable for conduct that, even if not illegal, can do serious damage to their companies. Directors creating such policies would be sending a clear signal that they take their duties to the company’s owners seriously.”

At this point, we do not know high up the decision went in GM not to install the 90 cent solution. But I would argue it really does not matter. Somewhere in the company, some engineer figured out a solution and indeed one was implemented without changing the part number. I am sure the GM Board would have been sufficiently shocked, just shocked, to find out that such decisions as monetary over safety were going on inside the company. What does all of the information released so far tell us about the culture inside GM when these decisions were made? While I am certainly willing to give current GM Chief Mary Barra the benefit of the doubt about her intentions for the company going forward, particularly after a grueling couple of days before Congress, what do you think the financial incentives were in the company when the 90 cent solution was rejected?

It initially appeared that Citigroup was the victim of a massive fraud perpetrated by one of its customers. However, even initially it was reported that Citigroup let its Mexican operation, Banamex run its own show with very little oversight from the corporate office in New York. Now Citigroup is not only under a civil investigation for lack of proper internal controls but also a criminal investigation for willful ignorance of Banamex’s operations. Does any of this sound far-fetched or perhaps familiar? Think about Frederick Bourke and ‘conscious indifference’. Even the judge in Burke’s criminal trial mused that she did not know if he was a perpetrator or a victim. Perhaps Citigroup is both, but if he was both it certainly did not help Bourke. While I am certainly sure that the Citigroup Board of Directors would also say that it would also simply be shocked, just shocked, to find that there were even insufficient internal controls over Banamex, let alone willful ignorance of criminal actions of its Mexico subsidiary, it does pose the question as to what is the culture at the bank?

As important as clawbacks are, until the message of compliance gets down from the top of an organization, into the middle and then to the bottom, a culture of compliance will not exist. I have worked in an industry where safety is goal number one. But in the same industry I have heard the apocryphal tale of the foreign Regional Manager who is alleged to have said, “If I violate the Code of Conduct, I may or may not get caught. If I violate the Code of Conduct and get caught, I may or may not be punished. If I miss my numbers for two quarters, I will be fired.” Clawbacks for Board members would not have influenced this apocryphal foreign Regional Manager, any more than they would have worked on the psyche of the GM engineers who proposed and then later dropped the 90 cent solution. It was clear to them what their bosses thought was important for them to keep their jobs. As long as management has that message, doing business ethically and in compliance will always take a second seat.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

April 7, 2014

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Things to ComeOn this day 126 years ago the two-day battle of Shiloh ended. On the second day, the Union troops under General Grant largely recovered the ground that the Confederate troops had taken on the first day. Grant was severely criticized for allegedly being taken by surprise by the Confederate attack but he managed to survive the firestorm. The Confederates lost their most senior commander, General Albert Sydney Johnson, on the first day of the fighting.

With the successful Union counter-attack on the second day the battle is generally viewed as a tactical victory for the North. However, for me the thing that is most significant about this battle is that it was the first horrific slaughter of the Civil War. There were over 23,000 casualties on both sides. Unfortunately it presaged more to come. I will never forget Shelby Foote’s comments in Ken Burn’s documentary The Civil War. Shiloh was not an aberration but there were 25 more Shiloh’s to come. It truly was a sign of things to come.

The recent events in Ukraine have had a variety of interpretations, results and predictions. But one thing is clear, the government of Ukraine allowed systemic corruption to occur. One can look to the Archer-Daniels-Midland Corp. (ADM) Foreign Corrupt Practices Act (FPCA) enforcement action to see the effects in play. In that matter, ADM paid bribes to obtain tax rebates to which it was legally entitled. Unfortunately for ADM it developed opaque schemes to fund bribery payments and then hid them on its books and records. Not good for FPCA compliance.

Or consider the case of Ikea. In an article in Bloomberg, entitled “Dashed Ikea Dreams Show Decades Lost to Bribery in Ukraine”, Agnes Lovasz wrote that Ikea has tried for over a decade to open a store in the country but has been unable to do so because it refuses to pay bribes to do so. She wrote that according to Transparency International’s (TI’s) Corruptions Perceptions Index (CPI), “Stuck between the European Union and its former imperial master Russia, Ukraine has emerged as the most corrupt country on the continent.” She quoted Erik Nielsen, chief global economist at UniCredit SpA in London, for the following, “Even before this latest crisis, Ukraine was a mess beyond description”. How about this recommendation from Lennart Dahlgren, a retired Ikea executive who led the company’s entry into Russia, who said in an interview with Russkiy Reporter magazine in 2010, that compared with Ukraine, Russia, the most corrupt major economy, “is whiter than snow”. Faint praise indeed.

While a US, UK, EU or other western government response is certainly appropriate, I thought about a business led response to such a situation when I read a recent article in the April issue of the Harvard Business Review (HBR), entitled “The Collaboration Imperative”, by authors Ram Nidumolu, Jib Ellison, John Whalen and Erin Billman. In this article they discussed business collaborations in the context of sustainability. I found their concepts should be considered by companies or industry groups when trying to develop strategies to fight corruption. As Jason Poblete continually reminds us, the marketplace is one important place to look for solutions to problems and this article certainly provides some starting points for such an analysis.

The authors posit that collaboration models should be divided into two categories: (1) coordinated processes and (2) coordinated outcomes. Adapting these to anti-corruption/anti-bribery programs, this means that under the ‘coordinated processes’ prong businesses should identify and share industry-wide operational processes that prevent and detect bribery and corruption. Under the ‘coordinated outcomes’ prong, the authors work translates into developing industry benchmarks and standardized systems for measuring anti-corruption/anti-bribery performance across the value chain.

The authors had some specific steps in their article which I thought also provided insightful for implementing their ideas in the anti-corruption/anti-bribery context. First you should being this journey “with a small, committed group.” The reason to do so is “to prevent the logjams that can occur when many stakeholders with conflicting goals try to work together, start by convening a small “founding circle” of participants. The members must have a common motivation and have mutual trust at the outset. This group develops the project vision and selectively invites subsequent tiers of participants into the project as it develops.” Next you should try to “link self-interest to shared interest.” This is because to help facilitate success, “collaboration initiatives must ensure that each participant recognize at the outset the compelling business value that it stands to gain when shared interests are met.” The participants need to then try to monetize the system value by “linking self-interest and shared interest is to quantify how the collaboration reduces costs or generates revenue for each participant.” It helps to build a direct path to some early successes because it is important “to generate momentum and commitment, the action plan must also emphasize quick wins. Business thrives on visible and immediate results, and sustainability collaborations are no exception. Even if these wins are small initially, the cost savings or incremental revenues provide proof to other executives inside participants’ organizations that the investment is worthwhile.”

As many in such a collaborative group will have conflicting priorities, the authors believe it is important to have “independent project-management specialists with demonstrated competence in trust building among diverse stakeholders. Additionally, the project management function must be seen by all participants as neutral and committed to the success of the project, rather than to any individual stakeholder.” Interestingly, the authors note that there should be built in competition which should be “structured to support shared goals.” Finally, and perhaps most obviously, any such group must have a culture of trust. Fortunately, in the anti-corruption/anti-bribery world there are very few trade secrets but beyond this, the “building and maintaining trust is an ongoing practice foundational to every other practice during the collaboration project.”

Perhaps the people or the leadership of Ukraine may at some point realize that the perceived endemic nature of corruption in their economic system, helped lead in part to its current problems. Maybe the citizens in Crimea thought the Russian government less corrupt. While I do not pretend to know the answers to these questions, the collaboration model that the authors have detailed for sustainability initiatives is certainly one that US companies might wish to consider on some type of industry wide basis.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 20, 2014

Something is Rotten in Denmark or Is It the Banking Industry?

Rotten Denmark“Something is rotten in the state of Denmark” is one of the signature lines from Shakespeare’s play Hamlet. I thought about that when I read a couple of recent articles in the New York Times (NYT), entitled “Questions Are Asked of Rot in Banking Culture”, by Peter Eavis and the Wall Street Journal (WSJ), entitled “Lawmakers Tell Justice Dept. to Seek Swiss Banker Extraditions”, by Joel Schectman. Eavis wrote that banks have been accused of money laundering, tax dodging, market rigging and rampant risk-taking; all of which I would add could lead to potential Foreign Corrupt Practices Act (FCPA) violations.

Banks would seem to have a different relationship with the public than energy companies. Eavis said that the “At the heart of the issue is an inviolate social contract that bankers are supposed to honor. The government agrees to protect banks from collapse, and in return, bankers are meant to uphold the highest ethics when handling other people’s money. But when law-breaking and other missteps proliferate at banks, it is a sign that the industry has stopped cleaving to the special contract, endangering taxpayers. And bad management can be a leading indicator of future financial problems at an institution.”

But more than this ‘social contract’ is regulators. The Department of Justice (DOJ) has never been shy about enforcing the FCPA against energy companies who violate the law. “Too Big To Fail” still resonates as an excuse for regulators who didn’t regulate so that they “may find it hard to convince the public that they mean business” this time around and on this issue. Eavis noted that William C. Dudley, president of the New York Fed and Thomas J. Curry, Comptroller of the Currency, have both recently spoken out about banks and their culture. But Eavis notes, “each had a reputation for being too soft on the banks.”

The regulators told Eavis that they are indeed ‘ratcheting up the pressure’ on banks. Curry was quoted as saying, “We are ratcheting up the potential consequences. This is something new.” Eavis properly asks that with some of the best legal talent money can buy for defense, who deploy strategies like refusing to turn over potential evidence to regulators” and simply having such large profits “they can easily absorb the financial penalties the government throws at them”.

Eavis notes that one continuing area of concern and an area of potential change is compensation. He states “compensation is one area where bank regulators may need to do more if they want to do more to clean up bank culture, according to critics of the industry.” This is because bank compensation practices “can reward unhealthy levels of short-term risk-taking and entice bankers into ethical lapses.”

While it is doubtful that banks would ever make changes similar to those made by GlaxoSmithKline PLC (GSK) to move away from compensation variably based upon sales to a straight salary; Eavis reports that regulators outside the US “agreed after the crisis to overhaul bankers’ pay, in part by requiring them to wait several years before they receive all of their bonuses. The hope is that bankers will behave better if they know their employers can easily take back the deferred part of their pay.”

The problem regarding compensation in US banks is that they “are still deferring much less pay than their European peers. The Fed is in charge of regulating compensation at American banks. When asked whether the pay overhaul at American banks had gone far enough, Mr. Dudley said, “There is potential to defer more compensation for longer periods of time.””

However, banks need more than simply a change in compensation to address their cultures. It really is about ethics. Interestingly this is where ‘Too Big To Fail’ comes into play. But Eavis also writes “Some banks may be so large and complex that it would be difficult for managers to maintain a clean culture across all of their operations.” Dudley was quoted as saying, “Either the firm is not too complex, you can manage it, you do know what’s going on,” he said. “Or, if you don’t know, that’s sort of raising the question whether the firm is too complex to manage.” This means “he would not allow size or complexity to be an excuse for ethical breaches.”

Although not directed at US banks and bankers, Senators Carl Levine and John McCain, who jointly lead the Senate’s Permanent Subcommittee on Investigations, channeled their inner Howard Sklar when they wrote a letter to the DOJ and urged them to “at least attempt” extradition proceedings against indicted Swiss bankers. They jointly said “Even if the extradition request is denied, it will inform both Switzerland and its citizens that the United States is ready to make full use of available legal tools to stop facilitation of U.S. tax evasion and hold alleged wrongdoers accountable.”

I felt the DOJ response was well reasoned when a spokesman said, “extradition proceedings would be a poor use of resources. Because aiding tax evasion is not considered a crime in Switzerland, the country is unlikely to honor U.S. extradition requests.” But John Carney, a former federal prosecutor who is now a partner at Baker & Hostetler LLP, believes that “an extradition request from U.S. authorities would be a powerful signal”. He was quoted as saying “It’s a shot across the bow for folks who think it could never happen,” Further, “The unsettling part for a potential defendant is the request is there and if the [Swiss] government ever changes its view, it’s one step closer to actually happening.””

I have written about Bankers Behaving Badly more than once. The litany of financial crimes they have admitted to goes on almost monthly. But when the government regulators start talking about a rotten culture; that seems to take things up a notch or two. Remember, I come from Houston, which is the epicenter of FCPA enforcement. I do not remember any government official or regulator talking about “deep-seated cultural and ethical failures” at energy companies in Houston. These public comments should certainly be a wake up call for senior management at these institutions. My advice would be to get your Chief Compliance Officer (CCO) in for a meeting ASAP and while you are at it, you may want to consider hiring a Chief Ethic’s Officer as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 13, 2014

Harriet Tubman and Navigating to Become an Ethical Company

Harriet TubmanMarch 10th was the 101st anniversary of the death of Harriet Tubman. She was one of the greatest conductors on the Underground Railroad, which took slaves out of the old south and up to freedom in the north and into Canada. I read about her as a child and her story always moved me. The one thing I remembered is that when traveling at night in the pitched darkness, she would feel for the moss growing on trees so that she would always know which way to travel. Moss grows on the north side of a tree so she would always be able to move her way north and to freedom for those she helped escape.

I thought about Harriet Tubman and her story of how she could determine which way to travel in pitch darkness when I recently read an article in the Ethisphere Magazine, entitled “Ethics By Example”, by Gary E. McCullough. In his article he gave some specific steps that a company can engage in to help foster and create an ethical culture which he has learned over the past 25 years from working for companies as varied as Proctor and Gamble, Career Education Company and serving as an infantry officer in the US Army. 

1.    Implement structure and clear expectations. 

McCullough suggests that you should create a mechanism that allows employees to address issues. In doing so, you should also be able to demonstrate both senior management and the company’s commitment to ethics and compliance. He recommends the following steps:

  • Set clear policies and expectations through your vision statement;
  • There must be strong education and training programs;
  • Metrics and measurement systems are a must;
  • A visible compliance structure within your company;
  • A confidential helpline for reporting issues with a stout no retaliation policy; and
  • A method to investigate and resolve complaints. 

2.    Ignoring infractions is not an option.

McCullough recognizes that company leaders face ongoing struggles to balance being too harsh or too lenient. If the former occurs, a leader can run the risk of demoralizing his team. If it is the latter, a leader can simply be run over by his or her troops. But a company leader must address infractions of your internal Code of Conduct, or other similar policies, or no employee will take it seriously. 

3.    Make ruthless decisions, but execute them with compassion. 

Leaders have to make tough decisions. McCullough counsels that no matter how difficult a decision might be, it should be delivered with compassion. In other words, no termination communicated by email. Tell people in person and then give them the assistance to help moving forward. 

4.    Focus on the work. 

Channeling his inner Paul McNulty (he of McNulty’s Maxims), McCullough intones that the most critical thing is what you do after a problem arises. As McNulty might say, “What did you do after you found out about it?” Do not defend your past practices or say that everyone else does it but move forward to remediate the situation, fulfill your obligations and move forward. In the world of Foreign Corrupt Practices Act (FCPA) prosecution, it is clear from 2013 corporate enforcement actions that a company should remediate during the pendency of any FCPA investigation or enforcement action. Such remediation will go a long way in reducing the overall penalty, enhancing your credibility with the Department of Justice (DOJ) and helping to avoid the appointment of a corporate monitor.

5.    Be in alignment with your Board. 

McCullough believes that Boards share ownership of a company’s compliance function with the Chief Executive Officer (CEO), senior management and the compliance function. As such the best accomplishments in compliance comes when the Board, or a committee thereof, can bring a sustained outside perspective, methods and best practices to a company’s overall compliance regime.

6.    Instill it in the culture.   

I once explained a CEO’s role in compliance to a company executive and as I was going through various strategies, he looked at me and said, “You want me to be the ambassador for compliance.” I said that was exactly what I wanted him to do and it was the best description I have ever heard of what both McCullough and I believe a CEO can bring to the table. McCullough writes, “leaders must model the behavior expected from others. And when engaging with individuals, never let an opportunity pass to remind them of the company’s obligations to its stakeholders to always “do the right thing””. I could not have said it better myself.

McCullough’s points, while general in nature, are a good starting point for any compliance practitioner to review the overall nature of a company’s ethical and compliance health. For the compliance practitioner it provides some general, yet important points that they can discuss with a CEO or senior management about the company’s ethical direction. Much like Harriet Tubman’s ability to continue to move north on the Underground Railroad in pitch darkness, these guideposts will help your compliance program to move forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 4, 2014

How Does the 20th Amendment Inform Your Compliance Program Incentives?

FDR InagurationOn this date in 1933, FDR held his first inauguration. It was also the final inauguration held in March before the passage of the 20th Amendment to the US Constitution that moved the inauguration date to January 20th. What was the reason the Constitution originally set an inauguration date in March, some six months after the November election? It is because a Roman Tribune’s annual term of office began in March, rather than in January. During this six month period, the old administration did not have much incentive to do anything, which could benefit the incoming Presidential administration, if they were from different parties. That was the driving force for the 20th Amendment.

I thought about this dis-incentive when considering the question of how could you incentivize your senior management team so that they will integrate compliance into their business routine? Put another way, how can you measure compliance in senior management or evaluate it for the purposes of a bonus calculation? This issue has often been difficult to sustain in a company because the compliance evaluation of whether a senior manager or company leader is often viewed as too subjective. However, in a recent article in the Compliance Insider magazine, put out by the Red Flag Group, I came across an article that directly addresses these issues and concerns.

The article was entitled, “Integrating Your Compliance Programme Into the Variable Compensation of Executives”. The article was built around a case study of the Sorin Group, which is a healthcare multinational and the company’s incentive program for its compliance regime. Interestingly, the reason the company created such an incentive program in the first place was to “influence actual behaviors, and not merely the consequences of any wrong doing that may occur.” With this premise, at the Sorin Group, compliance has been made an integral part of each manager’s performance objectives. Members on the company’s Executive Leadership Team (ELT) and the other leaders of all of its corporate functions and “business units are directly responsible for the culture, understanding, observance and adoption of the Sorin Code of Conduct, the Sorin United States and international compliance policies and procedures” and their respective health industry codes of practice.

Further, each of the different functions within the Sorin Group has adopted individual performance objectives specifically regarding compliance. The individualized “compliance objectives are agreed and documented every year for each function and senior manager, and form part of the process of continuous performance review (written reviews twice yearly) managed by Sorin’s human resources team. The responsible executive of each function or group is required to cascade each of the compliance obligations to those employees under them. This ensures that the whole company has compliance integrated into their variable remuneration.”

The company’s evaluation process includes the staff that report to each senior executive who are interviewed by the General Counsel (GC) or other member of the compliance function “to determine their adherence to the compliance objectives.” Additionally, “An assessment is performed alongside line managers and a member of the human resources team to determine whether the obligations have been met, and to what extent.” Lastly, this same system applies to the company’s Board of Directors and Chief Executive Officer (CEO).

The variable compensation awarded at the end of each year can be affected in two ways by his or her compliance evaluation. The first is for an entire group and “If a group fails to meet expectations for the specific objectives the executive and their whole team will miss out on the entire variable pay for that year.” But “If a group meets some expectations for the compliance objectives they will receive payment of the variable, with the amount dependant on the amount of objectives that have been met.” The same holds true for the individual within the group so that “if an employee fails to meet his or her compliance objectives, the whole bonus for that employee will remain unpaid.”

The article also gave some specific examples of compliance obligations that are measured and evaluated. This is an excellent list for the compliance practitioner to use in benchmarking a company’s compliance program in this area or instituting such an incentive compensation system for your company. They include the following.

For the ELT

  • Lead from the top – in your own conduct (lead by example) and in the decisions you take, to the resources and time you commit to compliance
  • Facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally
  • Support specific initiatives from the CEO, legal and compliance functions. 

For Department Heads

  • Demonstrate, facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally
  • Support specific initiatives from the legal and compliance functions
  • Ensure that all employees, agents and contractors directly or indirectly reporting to you fully complete all required training and communications in a timely manner
  • Provide full cooperation with investigations conducted by the compliance or legal functions of any alleged violation of compliance policies
  • Include the Chief Compliance Officer or another legal or compliance function representative in your management meetings at least twice per year, per geography
  • Identify instances of non-compliance and support compliance monitoring and reporting systems
    • Partner with compliance in resolving compliance issues.

For Country Heads of Sales

  • Certify that all employees, agents and contractors directly or indirectly reporting to you have fully reported all sales and marketing interactions with all HCPs (Health Care Professional) in a timely manner
  • Certify that all employees, agents and contractors directly or indirectly reporting to you have fully, promptly and accurately reported all expenses with HCPs on Concur. 

The article also speaks of five things to consider when developing such a compliance incentive program.  (1) The program needs to be cascaded down the organization so that it applies to all levels in the company. (2) Include both a 360 degree review and mid-year review. (3) To truly incentive senior management, the compliance objectives should be at least 25% of the overall discretionary bonus program. (4) Do not have simply ‘tick-the-box’ incentives but include subject incentives.

As the final item to consider, the article says that you need to have SMART compliance objectives, which are defined as:

  • Specific: A specific objective has a much greater chance of being accomplished than a general objective (e.g don’t just say “ensure training has been completed by your team”, say;
    • Who: who needs to be trained?
    • What: what training objectives do you want to accomplish?
    • Where: identify a location for the training
    • When: establish a time frame for the training to be completed
    • Which: identify requirements and constraints for any training
    • Why: provide specific reasons, purpose or benefits of accomplishing the training objective.
  • Measurable: Establish concrete criteria for measuring progress toward the attainment of each objective you set.
  • Aggressive but attainable: When you identify objectives that are most important to the compliance function and the relevant business, employees are more likely to see the value in making them come true.
  • Realistic: To be realistic, an objective must represent something which you are both willing and able to work toward.
  • Timely: An objective should be grounded within a timeframe. 

The article ends with some insights into lessons learned by the Sorin Group in its role of the compliance incentive program. These lessons included the following:

  • Top down: If your ELT is truly on board you can make big leaps and not limit your compliance ambitions to incremental steps.
  • Personalize: The objectives should be more personal to each function and more granular.
  • Balance: Have qualitative judgments but couple them with concrete and – most importantly – objective and measurable key performance indicators.
  • Publicize: Talking about the real company examples of its people make the difference.
  • Be positive: Focus your company’s efforts on positive incentive behaviors. In other words, use both the stick and carrot.
  • Just do it: Stop talking the talk and start walking the walk.

The FCPA Guidance made clear that the Department of Justice and Securities and Exchange Commission expect that incentives to be built into your best practices compliance program. The Sorin Group case study in Compliance Insider provides solid tips for the compliance practitioner on steps to take for his or her company’s compliance program. Is some of this subjective? Yes it is but that does not mean financial incentives cannot be written into the evaluation of any senior management to help guide ethical business practices.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 26, 2014

The Alchemist of Comedy and Utility Industry Compliance

Harold Ramis as Dr. SpenglerHarold Ramis died on Monday. For a generation of comedians and fans of comedy he was one of the driving lights of that genre. He was one of the screenwriters of Animal House and wrote the screenplays for both of the Ghostbuster movies, in addition to starring in them. His New York Times (NYT) obituary called him the “Alchemist of Comedy” and quoted from Paul Weingarten, who wrote, in The Chicago Tribune Magazine in 1983, “More than anyone else, “Harold Ramis has shaped this generation’s ideas of what is funny.”” So thanks Harold Ramis for Blutto, Otter, Founder, D-Day, Dr. Spengler and all the rest.

I am currently attending the Society of Corporate Compliance & Ethics (SCCE), 2014 Utilities & Energy Conference. As usual, it is an excellent event for the compliance practitioner. One of the things that I find not only intriguing but also extremely useful about this conference is the pairing of compliance practitioners from the fields of energy and utility. I did not attend the utility focused sessions for the first couple of years but now prefer those sessions because they focus so much on the process of compliance. While the actual compliance issues are not anti-bribery or anti-corruption, the process-oriented approach utilized in the utility energy can be a great set of lessons for the energy industry compliance practitioner to consider when looking at an energy company compliance regime.

On Monday there was a presentation by David Douglass, Federal Energy Regulatory Commission (FERC) Compliance at Kansas City Power & Light Company. Initially, Douglass presented several different compliance models, which the anti-corruption compliance practitioner can use to benchmark or evaluate your company’s compliance program. The first one Douglass termed the Compliance Maturity Model – Compliance at Every Level. It included:

  • Step 1 – Reacting only and engaging in panic. The elements of this level of maturity include the admonition to “Get it done”. Typically under this step compliance is operating in isolation and can only marshal resources as necessary and where ever they might be found.
  • Step 2 – Anticipating and acceptance of compliance. This increased maturity can help to bring about some efficiency, usually through the accepted use of automation. This allows a compliance practitioner to see connections between multiple programs and take steps to plan future approaches to ongoing and ad hoc compliance challenges as they might arise.
  • Step 3 – Collaborating. Under this step, compliance moves to being seen as a collaborative partner with the business units. This allows the identification of risks, the assessment of the company’s exposure to those risks and to prioritizing actions to meet those assessed risk. Finally, the collaboration step can allow for the re-use of technological components for multiple purposes, thus reinforcing great cost savings and value.
  • Step 4 – Orchestrating through and with the rest of the company. Under this ultimate step in the model, compliance works to help set enterprise wide objectives to help to coordinate enterprise wide risk analysis and response. The corporate wide visibility to risk analysis, management and remediation as well as compliance performance.

In addition to the above Compliance Maturity Model, Dougalss discussed two of the programs were set out by federal utility regulators. The first was the FERC’s Effective Compliance Program, which has the following seven standards:

  1.  Internal standards and procedures to prevent and detect violations;
  2. High-level management knowledge and oversight of internal compliance programs;
  3. Reasonable (due diligence) efforts to screen out “poor performers”;
  4. Reasonable internal communications and training efforts;
  5. Reasonable steps to evaluate program effectiveness, including confidential reporting options for employees;
  6. Creating and enforcing compliance incentives and noncompliance sanctions;
  7. After detection of a violation, companies shall take reasonable, responsive steps.

He then cited to the North American Electric Reliability Corporation’s (NERC’s) four hallmarks of effective compliance programs, which included the following:

1.    Senior management / leadership

  • Compliance Program is established in the company.
  • Compliance Program is formally documented and widely disseminated throughout the organization.
  • The Compliance Program is supervised by a high ranking company representative.
  • The head of the compliance function has access to President / CEO and Board.
  • The Compliance Program is designed and managed with independence.
  • There are sufficient resources dedicated to implement Compliance Program.
  • The Compliance Program has the full support of all company leadership

2.    Preventive measures are in place

  • A sufficient frequency of review of compliance program occurs.
  • There is sufficient frequency of training of employees on compliance program.
  • There is sufficiency of subject matter training of employees on compliance program.

3.    Prompt detection, cessation, and self-reporting

  • There is a sustainable process to internally assess compliance with regulations.
  • There is a sufficient response to identification of wrong-doing or misconduct.

4.    Effective remediation

  • There are effective internal controls and procedures present to prevent recurrence of misconduct.

Douglass also discussed the ‘3-lines of defense concept” for a best practices compliance program. Under this concept a properly constructed compliance program has three lines of defense to prevent a compliance incident. These three lines of defense are identified as (1) the Risk Content Owners line of defense; (2) the Risk Process Owners line of defense; and (3) the Risk Content and Content Monitoring Owners line of defense.

 I.                Risk Content Owners

This first line of defense is the business owner(s) who are on the front lines for any company. Their roles include management of day-to-day business risks and to recommend actions to manage and treat that risk. This group also is tasked with complying with the company’s risk management process. Where appropriate, this group will implement risk management processes where applicable and this group will execute risk assessments and identify emerging risk.

 II.             Risk Process Owners

This second line of defense is typically the company legal and compliance departments. Not only are these the standard setters in an organization but they may also be charged with certain monitoring tasks. This group should establish policy and process for risk management. This group is the strategic link for a company in terms of risk. It should provide guidance and coordination among constituencies. It should identify enterprise trends, synergies, and opportunities for change. This group should also initiate change, integration and operationalization of new compliance best practices. Typically this group is the liaison between the third and first lines of defense. Lastly, this group will oversee certain risk areas and in terms of certain enterprise objectives such as compliance with regulations such as Foreign Corrupt Practices Act (FCPA), Export Control, etc.

III.           Risk Content and Monitoring Owners

This third, and final, line of defense is generally thought of as the Assurance Providers and consists of senior management, Internal Audit and up to the Board of Directors. Its roles include either working with or through senior management and/or the Board of Directors. This line of defense is tasked to rationalize and systematize risk assessment and governance reporting so that it is not only transparent but useful and stored in a manner that can be retrieved if a regulator comes calling. It will provide oversight on risk management content/processes, followed by the second line of defense. Finally, it will provide assurance that risk management processes are adequate and appropriate.

This tripartite model is an excellent way for a company to not only think through how to design an overall structure but as an outline to assess how well it may be doing in any one specific compliance area such as anti-corruption compliance under the FCPA. The first line of defense should be driven down to the Business Unit level. This will allow, indeed require, the Business Unit to buy into the overall compliance program. The legal and compliance departments are the key bridge that writes and leads implementation of the overall compliance program through training but also assesses whether the compliance program is effective and remains robust. The role of senior management is to provide overall leadership and deployment of resources throughout this entire process.

I have found that the anti-corruption compliance, or indeed the anti-money laundering (AML) or export-control practitioner can learn quite a bit from their peers in the utility industry. While they may not rise to the level of “Alchemist of Comedy”, as did Harold Ramis, you might want to listen to what they have to say.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 25, 2014

Tales From the Crypt: Tale 2-Tough Choices for Tough Cookies

Tales from the CryptEd. Note-today we continue our ‘Tales from the Crypt” series, which is penned by a couple of anonymous compliance practitioners who will write about some of the real world experiences that they have encountered. I hope that you will not only enjoy but find useful in addressing some compliance and ethics issues that you may face in your job.

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone… 

Do As You’re Told

Rule # 2 in the integrity and compliance field is that “Management Override is alive and kicking,” and all you worker bees better “do what the boss says” or else. Of course, those of us senior level professionals see it for what it really is – “Management Override” is the world’s oldest risk and is the Achilles ’ Heel of Fraud Prevention due to its cycle of dysfunction:

  1. Economic conditions cloak poor management decisions;
  2. Staff competency is suppressed in favor of “executive decision-making;” and
  3. “At will” employment rules rescue dysfunctional managers from accountability.

Tales from the Cryot.Tale 2

Even the strongest corporate or personal codes of ethics oftentimes cannot penetrate this bubble of deception without the backing of  strong, courageous leadership and a rock solid culture of integrity.

On her first day on the job for a small,  privately-held freight trucking company (The Company), the controller was invited to a meeting between the owners of the Company and their bankers.  Surprise!  The Company had been planning to factor their accounts receivable as a cash flow stop gap and meetings with the bankers were well on the way to closing the arrangement.  While factoring can be a savvy way to tighten the cash flow cycle, it is not a panacea for businesses that do not have strong cash management.  The invitation for “Management Override” to come calling was firmly in the Company’s grasp. As the days and weeks went on, the controller realized that this small trucking company was undergoing significant expansion, adding warehouse and dock locations, backed with additional equipment and administrative staffing.  They were also adding more drivers, mostly owner-operators, and company-owned trailers.  The growth was financed with the Company’s receivables because it did not require a personal guarantee from the owners.

As with most receivables financing contracts, terms provide the lender with the most favorable accounts receivable.  The business was quickly running out of available cash to borrow.

The controller also identified another problem, collections on the accounts receivable.  The receivables aging reflected many old, unpaid invoices that were excluded from the borrowing base and the Company had no experienced collections staff.  Customers were mainly small “mom & pop shops” who did not feel compelled to pay for freight on merchandise they had already received.  The controller pressed the owners for a new customer approval process based on a credit review and received approval to hire an experienced collections clerk, and we began to see cash flow in from the efforts.

Some customers did not appreciate the outstanding debt reminders and complained to the sales team.  Concerned with growth and freight tonnage rather than cash, the owners directed the controller to cease collection activities and lay off the collections clerk (“at will” to the rescue!).

Uncontrolled spending continued until the borrowing base was at a maximum with invoices and payroll pending.  The owner approached the controller one morning and asked her to make changes to the accounts receivable ledger, changing names of customers that were an “excluded” class in the borrowing base so that they would appear to be valid within the borrowing base.  “For example,” the owner said, “change Yellow Freight to Yellow Mining and Manufacturing.” Refusing to compromise her integrity, the controller declined to follow the owner’s instructions, advising that the change was “unethical and illegal.”  Later that week, the Company used the “at will” provisions to relieve the controller of her duties for having “insufficient experience.”

Needless to say, the cycle of deception self-destructed, and approximately a year later, the Company filed Chapter 11 bankruptcy, and eventually Chapter 7.

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

February 14, 2014

Tales from the Crypt-Rule No. 1 ‘Nothing is as it Seems’

Tales from the CryptEd. Note-today we begin a series by a couple of anonymous compliance practitioners who will write about some of the real world experiences that they have encountered. I hope that you will not only enjoy but find useful in addressing some compliance and ethics issues that you may face in your job.

Tales From the Crypt: Tough Choices for Tough Cookies

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Our series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

Nothing is as it Seems

Fans of the hit show NCIS know that Agent Gibbs has countless “rules of engagement” from “Rule # 11 – let it go when the case is closed” to “Rule #5 – don’t get personally involved.”  The following scenario  leverages Rule #1 in the Integrity & Compliance field – Nothing, absolutely nothing, is as it seems.

Whether new to the field (a “probie”) or a seasoned veteran to Integrity & Compliance, you’ll agree that you quickly learn that there are at least three sides to every story (even if there are only 2 “players”), and it is your job to be politically savvy enough to uncover hidden agendas, and rapidly become not only a highly skilled listener, but also be part cop, part advocate, part HR professional, all rolled into one.  I often tell people that 80-90% of what I do boils down to common sense paired with great communication skills. Good communicators understand the needs of and cater their communications to their audience.

The following tale from our crypt is about harassment, and how good communication skills are critical to avoiding harassment in the workplace.  Simplified to its basest element, harassment truly is in the eye of the beholder – what might offend one person won’t offend another.  It’s the actor’s duty to ensure that he or she is aware of their audience, and doesn’t cross the line in word or deed to offend or cause undue stress.  In other words, cater your words and deeds to your audience, intended or otherwise, with sincerity and respect, and the battle is nearly won.  In the legal sense of harassment, the “eggshell plaintiff” rule is the perfect analogy   – it doesn’t matter if the kick to the leg (conduct) was a mere tap that wouldn’t even bruise someone else.  If the person receiving the kick has a weakness in their leg (perceives harassment) that causes it to break (feels victimized – the eggshell plaintiff), the kicker has a duty to make amends.  In the corporate world, it’s also the supervisor’s duty to take proactive steps to prevent reoccurrence if someone does cross the line, and cultivate a sincere desire to respect others in the workplace.

I recall an incident that took place at a factory – the helpline call came in, indicating that a certain fellow was “incessantly harassing” the caller during her shift (second), and she was requesting that his shift be changed to third shift so she could avoid being harassed any further.

Fact 1: the caller was a woman (side 1)

Fact 2: the implicated party was a man (side 2)

Fact 3: the two parties worked second shift (undisputed common ground)

Everything else in the call gives rise to the “third” side of the story.  We proceeded with our investigation, as the caller was “generous” enough to provide her identity as well as the alleged harasser’s identity.  Our first order of business, of course, was to interview both parties.  The caller was interviewed first. Her story was one of his relentless harassment, from daily cat calls to interrupt her work, leaving suggestive notes at her work station, removing and not replacing her critical tools, and spoiling her lunch by pouring soda in her lunch box.  We asked her if there was anyone who could verify her claims, witnesses to the incidents she described.  Her response was “no, he always does things to me when no one else is around to witness them.”

We then interviewed the implicated party – the man.  We first asked him to describe, in his own words, his “relationship” with the caller, after advising him that a helpline call came in implicating himself and the caller (without telling him the nature of the complaints).  His proceeded to break down in front of us, visibly relieved at the opportunity to speak, and commenced to reveal a story of a whole year of terrorization by the caller against him, since the day he started working at the factory.  We learned from him that the caller had applied for his job but was passed over as unqualified.    He believed that she had been making his life miserable as an act of revenge for the job she coveted and felt she deserved as a tenured employee.  When asked why he never brought it to our attention, he said he felt he had no recourse, since her hostility did not precisely fit the harassment definition in the training he had received in the past year.  He was also embarrassed that he hadn’t been able to handle it quietly on his own.

As we did with the caller, we asked him if there were any witnesses to this behavior, and he referred us to several co-workers who had work stations near his.  We interviewed them as well, and his claims of bullying and hostility were confirmed by every single one, with specific incidents instigated by the caller provided freely by the witnesses.   We advised our victim to make us immediately aware of any subsequent incidents following our interviews.

The challenge is that harassment is usually thought of in terms of prohibited workplace behaviors related to legally “protected classes,” such as race, gender, sexual orientation, ethnicity, religion and the like.  In this case, the gray area is bullying – where a co-worker creates a hostile work environment not based on any protected class under the law or a colleague does and says things interpreted as demeaning and demoralizing without giving rise to legal recourse.  This is where harassment training often falls short, and absolutely needs to rise above the letter of the law and address the spirit of the code of conduct for your organization.  You have to consider the types of behaviors being demonstrated and what they “communicate” to the audience.  If your company values statement includes “respect for people,” as many do, any behaviors that give rise to a hostile work environment, regardless of a protected class or not, are a violation of your company standards and you need to address them as a Key Performance Indicator (“KPI”) for the people involved without delay.  If your values statement does not include “respect for people” and your harassment training does not include situations and scenarios of bullying and hostility, perhaps it’s time you thought about updating them.

Ending workplace bullying is an urgent matter, and the work is never done – you must continually address bullying and hostility on a frequent basis to sensitize your people to your expected standards.  In this instance, the caller clearly was in the wrong, and the implicated party was a victim.  We put the caller on probation, advising her that a repeat occurrence would not be tolerated.  We changed the equipment that she was working on to another station that was on the opposite end of the factory floor, and modified shift breaks and lunchtimes so that neither party would have occasion to cross paths unless done so intentionally.  We refreshed our communications on workplace conduct and respect to include sessions on bullying and hostility that does not fall under a protected class, and we asked the plant manager to speak to it at his next line meeting with all his managers.   We urged our employees to “speak up” and “make the call” if they witnessed activities that they believed demonstrated a lack of respect.  We did everything we thought we needed to do to correct the situation, and validated our response with our more than ample resources, guidelines and legal counsel. 

Done and done? Hardly…  A few weeks later, I saw the HR manager and asked how things were going between the caller and her “victim.”  I was shocked to learn that the victim committed suicide two weeks earlier, apparently because our caller had renewed her bullying with fevered intensity, incensed that she had to learn a new piece of equipment, and couldn’t have her lunchtime with her buddies, “because of him.”   The day following the fellow’s suicide, the caller did not return to work, and our efforts to find her were fruitless as she had moved out of town, with no forwarding address.   I was, to say the least, devastated.  Regardless of the letter of the law, bullying and workplace hostility is something you cannot ignore, and must be addressed without delay.

This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The authors shall not be responsible for any loss sustained by any person or entity that relies on this publication. 

© Thomas R. Fox, 2014

February 5, 2014

Compliance Defense– The Movie

OscarsIn honor of The Movie Channel’s annual 28 days of Oscar, the upcoming Academy Awards and inspired by Jay Rosen’s prior career and the FCPA Professors hypothetical discussion between a Chief Compliance Officer (CCO) and his Chief Executive Officer (CEO) last week, in a post entitled “It’s More Like Bronze Dust”; I thought I might write about Compliance Defense- The Movie. So starting with the Professor’s fictional Scenario B

Compliance Officer: Boss, I need more money and resources to devote to FCPA compliance.

Executive: Why?

Compliance Officer: Well, boss, an effective FCPA compliance program can reduce our legal exposure as a matter of law.

Executive: What do you mean?

Compliance Officer: Well, the money we spend on investing in FCPA best practices will be relevant as a matter of law.  In other words, if we make good faith efforts to comply with the FCPA when doing business in the international marketplace, we will not face any legal exposure when a non-executive employee or agent acts contrary to our compliance policies and/or circumvents our policies.

SIX MONTHS LATER…

 FADE IN

INTERIOR-OFFICE OF EXECUTIVE

In the heart of the energy capital of the world, in a darkened office, CEO reads a letter from the US Department of Justice (DOJ), which informs him that his company is under investigation for payments to third parties that may have violated the Foreign Corrupt Practices Act (FCPA).

CEO

(screaming) Ms. Pepper – what is this letter about?

MS. PEPPER – the long time admin for the CEO comes hurriedly comes into CEO’s massive office.

MS. PEPPER

It is a letter from the DOJ saying we’re under investigation for allegedly paying some bribes.

CEO

Well get me that Compliance Officer, what’s his name?

MS. PEPPER

Don’t you remember you let him go 3 months ago, after he installed that compliance program software you saw advertised at Office Depot?

CEO

Well then take a letter to the DOJ and tell them that we have a compliance program and that should be an absolute defense to any claims against us. They obviously don’t know how seriously we take compliance around here.

MS. PEPPER

I am not sure that is enough sir, I think that the program has to be effective.

CEO

What do you mean effective? After the CCO installed the compliance program on our computer server, everyone knew they had to follow it. The people who work here follow the law and I won the “Mr. Ethical Award” from the Chamber of Commerce last year. Everyone around here knows to follow the law.

MS. PEPPER

Sir, I think that the CCO said that it is more than having a compliance program in place; you actually have to do compliance. He might even have said you need to put some resources into it to show you were serious.

CEO

I spent $5,000 on that software program, which is pretty serious. Do you mean to say I have to do something else?

MS. PEPPER

Yes sir, I think that he said that not only does the program have to be effective, you have to be able to show it is effective.

CEO

Well that is about the stupidest thing I have ever heard, how are we supposed to compete if we can’t help out our friends so they stay our friends? And besides if any bribes were paid it’s because those greedy foreigners have their hands out. Surely we can’t be responsible for that?

The above dialogue is (hopefully) fictional. Unfortunately it may well be more close to the truth than we like to think. Those who have worked in the corporate world will know any costs which are indirect costs, such as compliance, are viewed as something to be avoided. This means spending money and providing personnel for compliance will be kept to the barest minimum. This is the major problem I see with thinking that a compliance defense is or should be a magic bullet for any corporation to use in a FCPA matter. Every compliance professional I have spoken with on this subject understands that your company will receive a free pass by having a written compliance program, then many companies will install such a paper program. For it is not having a program that is the critical factor but it is the doing of compliance, which makes a program effective.

Equally important is that for a compliance program to be effective, it has to evolve because both the sophistication of compliance and the risks in business evolve. Ten years ago, having a paper program was in the running to make your company an industry leader. Today, having only a paper program is a recipe for disaster. Just as risks evolve, so does the management of those risks. Continuous monitoring was not even considered 10 years ago. It has gone from an enhanced compliance solution, to a best practice, to a standard practice. Five years ago, most lawyers thought that distributors would not be subject to the FCPA because in a distributor sales model, they took title and risk of loss for the products they purchased. But it turns out that bribery and corruption can occur through a distributor sales model, just as it can through a sales agent model.

The clear model for all of this is the dramatic change that companies made in how they viewed safety on the job. Many point to the Exxon Valdez shipwreck as the seminal moment to see the shift in how safety was viewed by corporate America. Certainly after this event, Exxon made safety priority Number 1 in its corporate culture. As a trial lawyer defending corporations, I saw the shift to make safety ingrained into corporate culture in the energy industry, driven in large part by massive jury awards and high insurance premiums paid by corporations to cover those costs. The business solution was not only to put safety programs in place but also to run the business safely. This was drilled down even to those of us in corporate legal departments, not just the guys out on the drilling rigs or in the petrochemical plants.

In the corporate world there existed no magic bullet in the form of safety programs as an absolute defense to a company that violated its own or federal safety laws. Companies invested more money in safety because the costs of not doing so were greater. Under the FCPA, there currently is credit given for companies who have an effective compliance program. It is set out in the US Federal Sentencing Guidelines and discussed at some length in the FCPA Guidance. Such credit is given in the form of declinations to prosecute. While I wish that there was more public information made available on why the DOJ gives declinations, this lack of public information does not diminish the fact that they exist or that companies are clearly given credit for having an effective compliance program in place or simply doing compliance.

I began this post with a (hopefully) fictional dialogue. One thing I am not certain about though is what category it should sit in, comedy; drama or perhaps even tragedy. Enjoy the Oscar season.

==============================================================================================================================================================================================================================

Although I do disagree with the FCPA Professor on the need for a compliance defense under the FCPA, one thing I do agree with him about is his creation of a best in class compliance training video, which he announced Monday. I have had the opportunity to view the full version and it is excellent recap of the FCPA and the obligations under the law. It has an interactive aspect that allows learning and practice with situations that is both instructive and enjoyable. As you would expect from the FCPA Professor, it has the text to drive greater understanding for those who might wish to do so. So if your company needs a first-rate FCPA training module, you should check this one out. You can do so by clicking here.

==============================================================================================================================================================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

Customized Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,228 other followers