FCPA Compliance and Ethics Blog

March 21, 2012

OCEG Illustrated Series: Managing Corruption Risks

How do you move off dead center? That was a question posed by my colleague Mary Jones in a recent guest blog post. She gave several concrete steps in answer to her own question. This question was further explored in the January issue of the Compliance Week magazine which began a six-part “Anti-Corruption Illustrated” series by Carol Switzer, President of the Open Compliance and Ethics Group (OCEG). OCEG is an organization which “develops standards and guidance to help organizations achieve Principled Performance”; that is, “the reliable achievement of objectives while addressing uncertainty and acting with integrity.” OCEG’s Illustrated Series is a teaching method developed to visually represent how to set up processes and procedures in various areas and disciplines. This Anti-Corruption Illustrated Series is a very useful tool for the compliance practitioner to use in explaining the components of an effective compliance program.

In the first article of her series, Switzer shares her views on how anti-corruption programs enable business agility. In addition to her own thoughts, Switzer moderated and reported on a roundtable discussion of compliance experts who shared their views on managing corruption risks. These experts included Steven Kuzma, Global Leader in Corporate Compliance at Ernst & Young, Jay Martin, Chief Compliance Officer at Baker Hughes, Mike Rost, Vice President at Thompson Reuters GRC and Jim Slavin, Senior Director at SAI Global.

  1. Assess the Risk – In this step you identify corruption risk factors that your company may face. These can be based upon several different factors including the nature and location of your company’s business activities; your company’s third party relationships; and your company’s methods for obtaining and retaining business. You should evaluate and then rank these risks based upon your company’s risk appetite and be prepared to respond to internal or external forces that might change this risk assessment.
  2. Develop the Program – You should develop “a comprehensive and balanced anti-corruption program that corresponds to the risks identified in the assessment process.” This should include written policies, procedures and internal controls for all levels within your organization. You will need to obtain Board of Directors and senior management endorsement of your strategies and communication of this support.
  3. Define and Implement Policies – In this step you should consider the written policies which map to the applicable regulations, obligations and business processes that you have created. Ownership of these requirements within the business is critical to their success and there should be communication to key stakeholders including “staff, third parties, auditors and customers.”
  4. Build and Operate Controls – Nest you will need to establish “procedures and controls to prevent, detect, correct, and mitigate the risks” which you have identified and ranked. There needs to be ownership established to monitor these controls with regular documentation, continued assessment and testing of these controls.
  5. Train and Educate – You must develop and deliver training to “raise stakeholder awareness and competence regarding anti-corruption goals, policies, procedures and [internal] controls.” This should include identification of “role-specific programs with desired outcomes” with delivery methods to get your message across to the various target audiences.
  6. Monitor and Evaluate- Here OCEG suggests a five step process to track and assess policies and controls for effectiveness.
    1. Screen – Monitor vendor, partner and customer records against trusted data sources for red flags.
    2. Identify – Establish helplines and other open channels for reporting of issues and asking questions by employees and appropriate third parties.
    3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
    4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
    5. Audit – Finally, your company should have regular internal audit reviews and inspections of your company’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.
    6. Review, Realign and Report – This step requires you to “take timely corrective and disciplinary action for violation” of your company’s program. Your program should be regularly evaluated and aligned with any new or additional corruption risks which are found. Both the Board of Directors and senior management must be informed through regular reporting. Finally, there should be a professional external review on no less than a two year basis to determine your program’s overall sufficiency.

Switzer’s article and report on the roundtable discussion are very useful tools for the compliance practitioner. Her article includes a removable copy of the OCEG Illustrated Series on managing corruption risk. I heartily recommend it to you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

March 1, 2012

Banning Beer in the Clubhouse? How to Sustain a Culture of Trust and Integrity

Continuing our sports theme this week, I was interested in my friend, Jay Rosen’s former hometown team, the Boston Red Sox move to ban alcohol from the clubhouse. I found fascinating the commentary on this move, which seemed to me to break down into two categories: (1) Pro-supporting new manager Bobby Valentine, it was a good move and needed to instill some much needed discipline in the clubhouse, which had been lost under prior manager Terry Francona; and (2) Anti-dumb and useless PR move-supporting the prior manager Terry Francona, who broke the Curse of the Bambino by leading Boston to its first two World Series wins in 86 years. We should note that Valentine did not ban Buffalo wings from the clubhouse, which were also listed as evidence by the Red Sox front office as lack of clubhouse discipline.

I thought about those questions in the context of a presentation made that the SCCE Utilities and Energy Conference here in Houston this week. In a presentation by Duane Woods, Senior Vice President of Waste Management, entitled “Sustaining a Culture of Trust and Integrity in Challenging Times”, he talked about the efforts of Waste Management to build and sustain a culture of trust and integrity throughout the organization.

Policies and Procedures

He began with Policies and Procedures, which he described as follows: Policies are used to set the rules of conduct and the desired behavior for employees; Procedures serve to provide a detailed set of uniform processes for employees to follow and they support compliance with the policies. He said that Waste Management tries to use these tools through four disciplines:

  1. Regulatory – Those required by law, such as Sarbanes-Oxley;
  2. Performance – The financial performance of the company;
  3. Customer – They can provide guidance to the organization about customer relations particularly in the area of credit; and
  4. Brand and Reputation – Letting employees know what the company brand stands for. Woods stated that this is usually set forth in a company’s Code of Conduct.

These are things that drive loyalty. Woods acknowledged that all companies make mistakes. However, his point was that the key was to rectify the error and then recover the relationship with the customer.

Metrics

Woods next turned to metrics as he believes that if you don’t measure it, you can’t manage it. Metrics are present to help measure and track the successful implementation of policies, procedures and performance. They can also be used to help govern and reward behavior and to help support a culture of compliance. Metrics are critical to defining required and desired behavior. However, even policies, procedures, systems and metrics will not sustain Compliance or Ethics if there is not the right culture of compliance within the organization. If metrics and incentives are poorly designed and implemented they will cause undesired behavior and help to make a confused culture. He also noted that even the “best compliance programs may not ensure right decisions in tough situations.” He emphasized the following points:

  • Alignment – Metrics should align with Vital Business Functions and Values.
  • Simplicity – Keep it simple. A common problem faced by managers is overloading of metrics.
  • Good enough is perfect – Select metrics that are easy to track and easy to understand.
  • Indicators – Use metrics as indicators. Key Performance Indicators (KPIs) are metrics. A KPI does not troubleshoot anything, but rather indicates something is amiss.
  • Less is more – Use only a few good metrics as too many metrics, even if they are effective, can overwhelm a team.
  • Metrics drive both good and bad behavior.  People do what you pay them to do, so choose carefully.

Character

Woods started off this section of his presentation by noting that Warren Buffett, when hiring people, looks for three things. “The first is personal integrity, the second is intelligence, and the third is a high energy level. But, if you don’t have the first, the other two will kill you.” Woods stated that he believes you should hire leaders with demonstrated character, who are capable of inspiring trust and confidence in others. It is more important that leaders be authentic, they must be sincere. Honesty and congruent behavior must be maintained in that you have consistent behavior. Of course respect for others and holding yourself accountable for your direct employees is paramount. Lastly, Woods noted that you should be constantly assessing character talent, are your employees living the values you want?

With these, Woods believes that you can build a culture of character in your organization and to do so starts with trust, which he believes comes from living the values and delivering the results. Trust works on several levels, these include: (1) Individual; (2) Relationship; (3) Market-customer base; (4) Community; and (5) Regulatory. With trust as the base, Woods next turned to building a culture of character within your organization. He emphasized these steps as:

  • Set clear expectations.
  • Train with focus on integrity, mission and values
  • Coaching – The importance of role play circumstances for people.
  • Mentor to reinforce behavior.
  • Accountability for all employees.
  • Engage your workforce – Survey to find out who the key influencers in the company are. Not necessarily the designated leaders.
  • Communication – Here Woods emphasized that you should over communicate. The importance of using stories as teaching tools and lessons learned.

Woods concluded by listing the primary benefits that he sees from having the right culture at your company. They include that your organization will become more self-governing, with less need for management intervention in this area. There will be less employee misconduct and greater employee innovation. There will be not only be more customer loyalty but great employee satisfaction, and when a real crisis arises, the employee base should work together to resolve it.

So now on to question time: How about those Red Sox and their banning of beer in the clubhouse? Do you think that is evidence of a culture of compliance or should people, who are old enough to legally drink, be allowed to make that choice on their own? Does the move strengthen the Red Sox in any of their communities: themselves, their fans, the American League East Division or in the eyes of Major League Baseball? What about some of the benefits that Woods listed: will the Red Sox players be more productive or indeed even have greater employee satisfaction? Will the employees become more self-governing and impose discipline among themselves? What about those pesky Buffalo wings that were NOT banned; what role do they play in all of this? Alas, I do not have answers for the above, only questions, questions, and more questions…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

March 8, 2011

FCPA and Bribery Act Best Practices- Written Compliance Policies and Procedures

One of the areas which is universally listed as a component of a best practices compliance policy under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and OECD Good Practices is that of a written compliance code. However this is not an area that most compliance practitioners spend much time thinking about in the implementation, assessment or updating of their company’s compliance program. This article will discuss some suggestions to aid your efforts to create effective written compliance policies and procedures.

The following language for each of the above laws or policies sets out what is expected in the area of a written compliance policy and procedures:

  • US Sentencing Guidelines-written standards and procedures to prevent and deter criminal conduct.
  • UK Bribery Act-clear, practical and assessable written policies and procedures.
  • OECD-written policy that clearly states that bribery is prohibited.
  • Recent DPAs (IE, Panalpina Settlements)-clearly articulated and visible policy.

In his book entitled, “Achieving 100% Compliance of Policies and Proceduresauthor Stephen Page lists five key areas which he believes should be addressed in writing effective compliance policies and procedures. He believes that if a compliance practitioner follows these pointers in drafting and implementing compliance policies and procedures, the “highest degree of success” can be achieved. His five suggestions are as follows.

  1. Management Commitment- A Key to Success or Failure. While it is true that without top management commitment, any compliance program will not succeed. However Page defines this as more than simply “Tone at the Top”. Here Page suggests have at least one senior management be a sponsor of written policies and procedures. This not only demonstrates commitment but also provides the compliance practitioner a liaison to other senior managers.
  2. Importance of Writing “Effective” Policies and Procedures. Here Page focuses on the word “effective” and he defines this as “producing a decided, decisive, or desired effect.” He also suggests that the policies and procedures be well coordinated throughout and each written document should be “convincing, proficient and competent.”
  3. Plan of Action for Writing Effective Policies and Procedures. In his book, Page lists out a very detailed 40-step plan of action for writing effective. This 40-step plan is broken down into four general areas. They include: (1) research and analyze; (2) publish and communicate; (3) check and audit; and (4) report and improve. The delineation of the 40-step plan into these four phases allows the work to be segmented, if appropriate into a group project.
  4. Flow Chart. Page believes that by the use of a flow chart in the writing process, can show the author(s) where “fuzzy processes and procedures disrupt quality and productivity.” Such a technique allows the person or group involved in the drafting process to both “define the boundaries” of each policy and procedure and to assist in the final output.
  5. Writing Format. Page defines this term as providing “a structure for information collected during the research and analysis phase of writing.” He notes that any reader of policies and procedures is there to find information quickly and efficiently. The writing format should be clearly understood and obvious to the reader. Headings should direct the reader’s attention and the content should be clear and concise. Lastly, any changes or revisions made to policies and procedures should be clearly set out so it is communicated to the reader.

As noted above, written compliance policies and procedures is a key to any best practices compliance program. Stephen Page has provided thoughtful, yet concrete guidelines to assist the FCPA or Bribery Act compliance practitioner to create written policies and procedures which are understandable and accessible to your company’s employees. We commend his book to you as a valuable resource.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,201 other followers