Send in the Clowns – the NCAA and its Investigation of Johnny Football

How can you determine if an organization charged with compliance is corrupt or simply incompetent? It is hard today to answer that question when it comes to the National Collegiate Athletic Association (NCAA) and its enforcement division. For those of you do not know the story, the NCAA was investigating last year’s Heisman Trophy winner, Johnny Manziel a/k/a Johnny Football, for allegedly signing autographs for money, which is a violation of the near slavery conditions that NCAA scholarship athletes find themselves in today.

The NCAA began its investigation when ESPN’s investigative program ‘Outside the Lines’ broke a story that one (or maybe two, or three) autograph brokers paid Manziel to sign his name to memorabilia which they could resell. While the ESPN report said that Manziel had received compensation for these signings, the NCAA apparently could not confirm that Manziel received any money. Nevertheless, such an action of Manziel signing his name was apparently a violation of NCAA bylaw 12.5.2.2 which involved engaging in an “inadvertent violation regarding the signing of certain autographs.” In other words, the NCAA claimed that Manziel signed thousands of autographs without realizing someone would sell those autographed items for a profit.

For this grievous violation of NCAA rules Manziel was penalized – wait for it – for one-half of a game. Even better is the fact that this penalty will be enforced against that noted NCAA football powerhouse, the Fighting Rice Owls. Since Manziel would have only played one-half of the game anyway, as Texas A&M will no doubt stomp on the Owls, the penalty begs the question posed at the start of this post: is the NCAA corrupt or just incompetent? So instead of playing only the first half of the game, Manziel will now only play the second half. The NCAA guaranteed that the second half of this game will be the most watched half of any this weekend. Did I mention that the NCAA members are paid gazillions by ESPN to televise its games? Guess which network will be televising the Rice/Texas A&M game?

Why is this story important for the compliance practitioner? Because if you are charged with compliance, but are so incompetent that you cannot even investigate allegations laid down before you, you seriously need to get out of the compliance business. After all, it was ESPN who broke the story and gave the information to the NCAA. This is not the first time the NCAA has blown an investigation where the information was presented to them. As reported by Jim McGrath, in a blog post entitled “Not Much Heat In NCAA’s Report On Investigation of Miami”, the NCAA found that its own Enforcement Staff violated its own NCAA rules during the investigation of the Miami Hurricane football program. Oops.

When is it not incompetence but corruption? Let’s not forget that it was just a couple of weeks ago that the NCAA took down from its website the Johnny Manziel Texas A&M jersey that it was selling to profit itself. I wonder if they assessed themselves any penalty for violating their own rules? Oops again. After all this is the organization that threatened to ban a player from setting up a website to do self-employed work so that he could pay his way through college. The NCAA is the organization which banned Oklahoma State University (OSU) receiver Dez Bryant for nearly an entire year when he got confused and mis-answered a question during an interrogation. But apparently if you are the reigning Heisman Trophy winner, you are treated differently.

As pointed out by Andy Staples in an article in his Inside College Football blog for SI.com, entitled “NCAA was better off letting Manziel play than enforcing letter of law”, the entire process is a joke from the get-go. He said, “Few respected the [NCAA] enforcement process before Wednesday, and even fewer will after.” Amen, brother.

The bottom line is that your compliance program must be credible. You must treat people fairly and be consistent in your investigations and discipline. If you are working in a system which is so corrupt or incompetent that it has no credibility then you will be considered, as the NCAA compliance enforcement team is today, a bunch of clowns.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How to Build a Culture of Ethics and Compliance: the Greatest Article Ever – Part III

Today I conclude my exploration of the article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In case you missed the previous articles, or are reading Part III before Parts I or II, let me start by reiterating – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read on how to build or maintain a culture of compliance, as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. In Part I, I looked at why such ethics and compliance failures occur from an organizational perspective. In Part II, I considered how to build ethical organizations which do business in a compliant manner. For Part III, I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure in ethics and compliance.

The authors correctly note that much can be learned from an organization in how it responds to crisis. Paul McNulty often says that the key analysis to make in any assessment of a potential penalty under the Foreign Corrupt Practices Act (FCPA) is “What did you do about it?” I label this as “McNulty’s Maxim No. 3”. However, after every storm there is an opportunity for a company to rebuild a culture of ethical behavior and doing business in compliance. The authors identified what they believe to be three critical stages in any such comeback. They are (1) investigation; (2) organizational reform; and (3) evaluation.

I.                   Investigation

In order to begin the process of repairing a corrupt corporation, the authors believe that there must “credibility, rigor, independence and accuracy of the investigation.” A clear example where this was not done was in the situation where the Wal-Mart corporate office sent the investigation of allegations of bribery and corruption in its Mexican subsidiary back to the people alleged by the company’s internal whistleblower to have headed up the bribery and corruption; with predictable results. The authors believe situations like this occur when a company is “so concerned with appearance and damage control that they are unwilling to engage in the degree of examination required to root out entrenched” ethics and corruption violations.

The FCPA Guidance anticipates this prong when it advised companies to “Moreover, once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken”. Jim McGrath, among others, regularly writes about the need for companies to employ outside counsel who specialize in such investigations. McGrath’s suggestion would certainly fit with the authors’ recommendation on this point.

The authors also note that the investigation must drill down and determine “how each element of the organizational system directly or indirectly contributed” to the ethical and compliance failures. Only by such a thorough investigation can a company begin the road to recovery. So not only will an independent investigation bring a jaundiced eye to discover the facts but such a granular view will lead to the necessary “recommendations for systemic reform.”

II.                Organizational Reform

The authors begin with a single line that all compliance practitioners need to paste in front of senior management and company executives, “Since all trust [i.e. compliance] failures are systemic, the organizational reforms need to be systemic as well.” ‘Rogue’ employees exist or are created by a company culture and internal control system that either encourages such behavior or actively rewards it. Due to this, the authors recommend that “Structures, systems and processes should be the first point of intervention”. But the authors caution that this is only the start and if these are the only items addressed, they are “unlikely to produce sustainable change.” This is because the more difficult, yet more important, changes in ethics and doing business in compliance involve an organization’s “culture, strategy and leadership and management practice.” In other words, if management does not make the start at changing the culture, violations will likely continue.

To make such a universal change, the authors believe that “systemic reforms need to be reinforcing and congruent so that trustworthiness becomes embedded in the organization’s culture over time.” So not only do leaders have to change the way that they lead, but the way employees do their work must also change. A true change in company DNA may be required to move to doing business ethically and in compliance with the burgeoning world-wide regime of anti-bribery and anti-corruption legislation.

III.             Evaluation

The authors caution that even if systemic changes are made by an organization, they still “must be evaluated to ensure that they are working as intended and pitfalls must be addressed.” Because a true systemic change can be so difficult the most important prong in repairing a culture which has fallen short of doing business ethically and in compliance is through “ongoing assessment, learning and course correction”. The first step is “to take a systems perspective to accurately diagnose and reform the true faults in the organizational system, and then to evaluate the effectiveness of the reforms.” This aids to not only help repair a culture of ethics and compliance but to embed such values in an organization. Lastly, by embedding such values within an entity it becomes more resilient to future ethics and compliance failures by (hopefully) detecting them early and remediating the issue(s) quickly.

IV.              Three Examples

The authors concluded with examples of three well-known companies which were able to repair themselves and do business more ethically and in compliance.

A. Siemens

Siemens AG is well-known for having the highest fine, $800MM, in the history of the world to date for its FCPA violations, $800 MM, paid to the US government. It also paid the equivalent amount to the German government for a total fine in the neighborhood of $1.6 bn. Such costs do not include the investigative costs. The authors detailed the following steps that Siemens took:

• Appointment of an externally led, comprehensive and independent investigation, including some staff amnesty provisions during the investigation.
• Appointment of a respected independent expert to advise on ethics and compliance reforms.
• Revisions to the company’s Code of Conduct, reformation to policies and procedures on doing business ethically and in compliance, creation of an internal company ombudsman and compliance help desk.
• The training of more than 200,000 employees on anti-corruption practices to shift beliefs and values.
• Streamlined structures to provide clear lines of responsibility.
• There was a five-fold increase in the number of employees dedicated to doing business ethically and in compliance.
• There were high-profile departures from the company and more than 900 disciplinary actions related to anti-corruption.

B. BAE Systems

It is well-known that former British Prime Minister Tony Blair is famous for shutting down his country’s Serious Fraud Office’s investigation into bribery and corruption allegations against the UK aircraft manufacturer under UK anti-bribery and anti-corruption law. However such help from friends on high did not help the company stay out of bribery and corruption hot water as it was hit with a $400MM fine for its FCPA transgressions. The authors reported that it took the following steps in its repair of its ethics and compliance culture:

• The formation of the Woolf Committee to investigate the company and eventually make 23 recommendations regarding doing business ethically and in compliance.
• New responsible trading practices were put in place to help employees in commercial decision making going forward.
• The Code of Conduct was revised and new policies and procedures were put in place on bribes, donations, hospitality and political lobbying.
• A new corporate governance structure was put in place which allowed oversight by an independent ethical leadership group and the creation of an ethics helpline.
• A training program for all senior management in ethics and compliance was instituted.

C. Mattel Toys

The company was not faced with anti-corruption allegations as were the first two companies above. However, its sins may have been even worse because of the safety issues involved. A Chinese manufacturer for the company outsourced the production of certain toys. This allowed the use of lead-based paint by the sub in the production of millions of toys. The use of lead paints has been banned for the use of toys for many years in the US due to safety concerns. The authors reported that Mattel took the following steps:

• Production in the facilities alleged to have used lead-based paint was ceased and all products were recalled.
• There was full and proactive cooperation with regulators across the globe.
• There was an independent and thorough investigation.
• There was a second product recall, linked to faults in Mattel’s own design of a toy.
• There were coordinated sector level discussions in the company on mandatory safety regulation.
• There was a revision and strengthening of supply chain audit procedures.
• The company established a new corporate responsibility division which reports directly to the Chief Executive Officer (CEO).
• The company agreed to an audit by an independent Non-Governmental Organization (NGO) of its supply chain practices.

I have labeled the GlaxoSmithKline PLC (GSK) corruption and bribery scandal as the most significant event for compliance practitioners in 2013. This is because of the entry of the Chinese government into the investigation and possible prosecution of western companies for conduct that the Chinese government heretofore turned a blind eye towards. I do not believe it will be long before other countries begin to look at the corruption of their officials under the rubric of their own domestic anti-bribery legislation. Subsequently, companies need to have a system in place to do the three things that the FCPA Guidance suggests, that being “A well-constructed, thoughtfully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations.”

But more than simply having such a system in place to comply with anti-corruption laws, “An effective compliance program promotes “an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”” The authors have taken their concepts and wrapped them into an entire corporate culture. They believe that organizations with such commitment to doing business ethically and in compliance “tend to be high-performing, with lower employee and customer turnover, lower monitoring costs and even better financial returns.” That final sentence is the bottom line for all of this; companies committed to such conduct do better financially. It does not get much starker or clearer than that.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How to Build a Culture of Ethics and Compliance: the Greatest Article Ever – Part II

Today I continue my exploration of the article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In case you missed Part I or are reading Part II first, let me start by reiterating – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read on how to build or maintain a culture of compliance, as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. Today I will discuss how to build ethical organizations which do business in a compliant manner. In Part III, I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure.

Building an Ethical Organization

To do this the compliance practitioner needs to instill ethics and compliance into the organization. This can include “setting formal and informal constraints, incentives, expectations, values and norms” all of which influence the behaviors of employees and even third parties with whom the company does business. The authors note that employees are influenced by both formal and informal controls; which can promote either “diligence and honesty—or recklessness and malfeasance.” Lastly, positive signals, through various mechanisms, all help but if you have mixed or “deviant messages” this can lead to cynicism or unethical behavior by your company’s employees.

Near and dear to my heart is the role of such anti-corruption legislation as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act, which the authors acknowledge play an integral role in supporting a company’s ethics and compliance program. But they note the warning, as voiced in the FCPA Guidance, that such laws are only the starting point to create an effective ethics and compliance regime. Moreover, and this next statement speaks directly to those who believe that a compliance defense will lead to more companies following the prescripts of the FCPA, the authors note “Sadly, external regulation may give organizations a false sense of security that can lull them and their stakeholders into complacency” about their ethics and compliance regime. Once again, witness GlaxoSmithKline PLC (GSK) which had about the strongest paper program that a company can provide.

The authors have devised a six-step approach which they call a “Model of Organizational Trust” (Model) and I believe are six steps you can use to build up a culture of ethics and compliance. This Model is based upon their collective research and study, systems theory and strategic organizational design. The Model, which allows you to embed such a culture of ethics and compliance into your organization, weaves the six signals that employees draw upon when making decisions of trust into “their infrastructure and core processes” which the authors believe over time earns the trust of the various company stakeholders. Their Model of Organizational Trust and some key questions pertaining to each step are as follows:

• Leadership and Management. This requires leaders who embody the company values and expect the same from its employees.
  • Does management at all levels model company values?
  • Does management serve stakeholder interests before self, act with integrity and competently and predictably deliver on commitments?
  • Does management communicate openly, listen and demonstrate concern for employees?
  • Do managers hold their teams accountable for competent execution of strategy while upholding company values?

• Culture. This requires strong shared norms and beliefs that encourage all stakeholders to uphold companywide values and deter deviation from those values.
  • Are there strong cultural values and beliefs that bond people and unify subcultures to serve stakeholders?
  • Are the values of respect and fairness for stakeholders, acting with integrity, doing business with competence and predictability on delivering on expectations held deeply enough within the company that acting against them is perceived to be wrong?
  • Are company values articulated and activated such that employees support the company’s mission beyond the interests of self or subgroups?

• Systems. There must be systems in place for planning, reporting, budgeting to reinforce ethical and compliant behaviors, all linked to culture and strategy.
  • Do selection, induction, training, compensation, promotion, evaluation and succession systems reinforce the company espoused values?
  • Do communication, planning and information systems enable effective coordination, alignment of interests and meaningful mutual dialogue?
  • Are there robust mechanisms to surface and facilitate reporting of ethical violations?

• Product and Service Development, Production and Delivery. There must be processes in place which ensure that stakeholder needs and expectations are met, that company values are upheld and that relevant anti-bribery and anti-corruption laws are met.
  • Are development and production processes focused on serving both company and stakeholder interests, including those of the customers and suppliers?
  • Is there testing to ensure that production competently and predictably meets standards?
  • Is the company’s supply chain monitored to ensure that it meets the goals of respect, fairness, predictability and competence to reach stakeholder expectations?
  • Does the company listen and respond to non-company stakeholders such as the supply chain and customers?
  • Is there a robust product service recovery process?

• Structure. There must be formal organization and governance that set clear roles and accountability and provide discretion within prudent internal oversight.
  • Does the company structure provide clear roles, responsibilities, accountabilities and alignment of interests across groups?
  • Does the company structure provide adequate governance and monitoring at all levels to ensure competent execution of strategy in a manner that upholds the company’s values?
  • Does the company structure engage and facilitate open communication with stakeholders?

• Strategy. The organization must have a clear mission that it will do business ethically and in compliance and that these values accommodate stakeholder values as well.
  • Is the company clear about its mission and strategy to serve all stakeholders?
  • Is the execution of this strategy evaluated from all stakeholders’ perspectives?
  • Does the company strategy align with its values?
  • Are decisions made and resources allocated in a way that shows respect, fairness, integrity and alignment with stakeholder interests?
  • Do the stakeholders perceive that strategic trade-offs are made in a transparent and fair manner?

The authors write that all six of these concepts must be fully integrated. So an “effective organizational infrastructure (strategy; leadership and management; culture; structure and systems)” should work to generate and sustain the “effective core processes (development, production and delivery of products and services).” For the compliance practitioner, this means that elements of doing business ethically and in compliance must be woven into all elements of infrastructure and core company processes over time. If not, ethics and compliance failures are likely to occur, “when important elements are allowed to become misaligned.”

But, at the end of the day, the authors report that the “key differentiator between companies that violate trust and those that sustain it is integrity and consistency within and across the organization.” While every company says it does business with integrity, this review shows how the message from the top of an organization can be driven down through the DNA of the entity. Not to be overlooked is the second part of the phrase; that being ‘consistency’. If leadership sends out mixed signals about the values that it deems paramount, then all the talk about doing business ethically and in compliance may well be for naught.

In the final review of this article I will look at three companies which the authors believe have restored their business’ commitment to doing business ethically and in compliance. Until then…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The Most Profitable Baseball Team of All-Time and Commitment to Ethics and Compliance

Sorry to interrupt my three-part series on the greatest ethics and compliance article ever written but I just could not help myself. On Monday, forbes.com, in an article entitled “2013 Houston Astros: Baseball’s Worst Team Is The Most Profitable In History”, Dan Alexander reported that the sad sack of an alleged Major League Baseball (MLB) team, the 2013 Houston Astros are the most profitable baseball team in the entire history of professional baseball. Alexander said “The Astros are on pace to rake in an estimated $99 million in operating income this season. That is nearly as much as the estimated operating income of the previous six World Series championship teams — combined.” That is not simply the most profitable team this year, but of all time.

I guess the Astros owner, Jim “Mr. I Made a $100 Million so I must know what I am doing” Crane, does know how to make money. Too bad he does not seem to have much of a clue about putting a competitive baseball team on the field. How did Crane manage to become the most profitable owner in MLB history? Well he started out with the lowest payroll in the majors ($21MM) and then got rid of every player, save one, who is now making above the MLB minimum of $490K. The payroll now hovers around $10MM. Brilliant, simply brilliant.

But wait there is more. The Astros signed a television contract with the new sports network, Comcast SportsNet Houston, for $80MM. Too bad for Comcast they paid so much money for the rights to televise the Astros that they had to try and extract such high fees out of the cable providers in Houston and that 60% of them refused to pay the fees and carry the Astros. At least my provider is one which does not carry the Astros so I don’t have to watch their on the field product this year. But the Astros still get their $80MM. Once again, brilliant, simply brilliant.

The above monies do not even include the revenue sharing that the Astros will be eligible for. As discussed by noted baseball commentator Peter Gammons in three consecutive tweets during Spring Training:

 (Tweet 1) If I’m an ALE or ALC owner, Houston’s plan to have no payroll, lose, get the 1-2 pick 4 years in a row and still steal revenue-sharing $ (Tweet 2) –may guarantee 3 teams in the AL West win 90 games and make the playoffs, and spit on the integrity of the sport. Fellow big market teams who (Tweet 3) have payrolls under $40M should 1.not get revenue-sharing and 2. be out of the protected pick business. Rewarding trying to lose is wrong.

In other words, the Astros make even more money by being so bad and it is funded by the other owners of MLB. Of course, if you are an owner of an American League (AL) West team, you might like feasting on AA and AAA players every time you see Houston. But I doubt the rest of the American League is so pleased. But for the Astros, trying to lose and make money, brilliant, simply brilliant.

What was the Astros response to all of this? As reported in the Houston Chronicle “The Astros did not respond to Forbes’ request to discuss the team’s finances but team president Reid Ryan took issue with the numbers. Ryan was quoted as saying, “We’re going to have expenses that are higher than our revenues, and that doesn’t make (the team) profitable.” Sort of gives you lots of the warm and fuzzies right there doesn’t it.

So what is the compliance angle in all of this? I am in the midst of three posts which discuss how a company can build or rebuild a culture of ethics and doing business in compliance. One of key components is that all stakeholders’ interests must be considered and protected; specifically including customers. In their article, entitled “Designing Trustworthy Organizations”, authors Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz, found “one type of incongruence that frequently led” to breakdowns in doing business ethically and in compliance. That breakdown came when the interests of one stakeholder group was favored over another stakeholder group. The authors identified some various stakeholders as shareholders, employees, customers, suppliers and communities. The authors said that this incongruence has “been defined as letting shareholder profits take precedence over core responsibilities to other stakeholders.” But it is simply more than serving one stakeholder better than the others. It is favoring one stakeholder to the extent of “the expense of and even causing harm to” other stakeholders. I would say Crane and the Astros ticked that box of incongruence.

While the Astros are privately owned by Crane, they do have international operations, such as their player evaluation, scouting and development initiatives in Central, Latin and South America. I wonder how much of the $99MM in profit goes towards the Astros Foreign Corrupt Practices Act (FCPA) compliance program? If the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) ever got around to looking at the Astros compliance regime, what level of commitment to doing business ethically and in compliance do you think that they might find? Would it be commensurate with the team’s standing as “the most profitable team of all-time”?

I close with these comforting words from the Astros Press Release decrying and denying the report in forbes.com, “The Astros will continue to operate the team in a fiscally responsible manner that will make the City of Houston proud. We are very excited about our accomplishments and we remain steadfast in our commitment to this rebuilding process.”

Even if you are not a Houstonian, I am sure that you share my excitement and pride.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How to Build a Culture of Ethics and Compliance: The Greatest Article Ever – Part I

Donna Boehme and Jim McGrath continually rail against the notion that a ‘rogue employee’ causes the majority of bribery and corruption charges under such laws as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. Companies continually claim that they do business ethically and in compliance with such anti-bribery and anti-corruption legislation and that it is only one or a few of ‘them-those pesky rogue employees’ who have brought the company to grief. Even GlaxoSmithKline PLC (GSK) is now beginning to distance itself from its Chinese business unit and executives who confessed to engaging in bribery and corruption to sell GSK products in China.

The first problem with this ‘rogue employee’ claim is that it is wrong. The second problem is that by making this bogus claim and denying that it was a company failure; a company may well never correct the underlying problem which led to the compliance failure. However if a company does not recognize its role in any such compliance catastrophe, it will probably have a repeat of a similar event in the not do distance future. Once again witness GSK, which agreed, in 2012, to a $3bn fine for fraud in marketing of its products and within one year is caught up in allegations of corruption in China.

I recently read an article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In this article, the authors address the question of “How can companies recover from trust failures and create reputations for trustworthiness?” Let me put this as succinctly as possible – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. I will be discussing the article over my next three posts. Today I will look at why such ethics and compliance failures occur from an organizational perspective; in Part II I will talk about how to build ethical organizations which do business in a compliant manner, and in Part III I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure.

Signals of an Ethical Business

In the FCPA Guidance, both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) make clear that paper compliance which companies only employ to “check-the-box” on compliance with the FCPA are doomed to fail. The FCPA Guidance states, “A well-designed compliance program that is not enforced in good faith, such as when corporate management explicitly or implicitly encourages employees to engage in misconduct to achieve business objectives, will be ineffective. DOJ and SEC have often encountered companies with compliance programs that are strong on paper but that nevertheless have significant FCPA violations because management has failed to effectively implement the program even in the face of obvious signs of corruption.” This is a clear recognition that more than simply having a compliance program in place is required to make it effective. Unfortunately many companies seem to believe that simply having an ethics and compliance program in place is sufficient.

While the authors write about ‘trust’ I believe that their research, findings and framework all translate to ethics and compliance; so I will make that substitution throughout my discussion of their article. To begin their discussion, the authors believe that there are “six identifying signals” that employees consider when deciding to follow a company. They are:

1. Common values: does the company share our beliefs and values?
2. Aligned interests: do the company interests coincide, rather than conflict with ours?
3. Benevolence: does the company care about our welfare?
4. Competence: is the company capable of delivering on its commitments?
5. Predictability and integrity: does the company abide by commonly accepted ethical standards and is the company predictable in how it behaves?
6. Communication: does the company listen and engage in a dialogue or not?

Why Do Ethical and Compliance Violations Occur?

Here the authors begin with a definition. They define trust as “a judgment of confident reliance on another (a person, group, organization or system) based upon positive expectations of future behavior.” For the compliance practitioner a violation of that trust occurs and there is unethical behavior which is not in compliance with the norm, for example when “a party significantly deviates from positive expectations” by engaging in such conduct as bribery and corruption. The authors believe that they see such conduct condoned, explicitly or tacitly from management, they also lower their own personal expectations of the type of conduct they will personally engage in.

Such a failure leads to individual employees engaging in bribery and corruption. However, the authors make clear that this is not down simply to the individual or ‘rogue’ employee but such unethical conduct is “predictable in organizations which allow dysfunctional, conflicting or incongruent elements of their organizational system to take hold.” The authors cited three examples where this played out with devastating results for companies. The first was the Mattel Corporation, which had a strong reputation for quality but weak oversight of its supply chain led to production of contaminated toys and a massive toy recall. The second was BP and the Deepwater Horizon disaster, where the company’s strategy and culture of minimizing costs to enhance profitability conflicted with its stated emphasis on safety; all leading to a multi-billion dollar claim. Finally, Goldman Sachs and its role in the Abacus fund where “investigators found that Goldman’s stated values of client focus and integrity were at time overshadowed by a less formal culture that emphasized getting deals done with less than full disclosure.”

The authors noted that in all three examples they cited, each company had extensive systems processes and procedures in place to produce “trustworthy behavior”. However there were “other elements undermined the companies’ ability to deliver on their core responsibilities.” Recall that as part of its $3 billion settlement GSK agreed to a Corporate Integrity Agreement (CIA). The company had a Compliance Committee, whose job was to oversee full implementation of the CIA and all compliance functions at the company. The company had Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified.

GSK’s Code of Conduct stated, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance, whether committed by GSK employees, officers, complementary workforce or third parties acting for or on behalf of the company.” The company had a Third Party Code of Conduct, which required that third parties shall conduct their business in an ethical manner and act with integrity.

All of this was backed up by “a Global Ethics & Compliance team which is responsible for providing oversight and guidance to ensure compliance with applicable laws, regulations, and company policies, as well as fostering a positive, ethical work environment for all employees.” The Code of Conduct also stated that “GSK has an active system of internal management controls to identify company risks, issues and incidents with appropriate corrective actions taken. Our Risk Management and Compliance Policy provides the framework for these internal controls, to ensure significant risks are escalated to the proper levels of senior management.”

The authors research led them to several different areas of organizational weakness which allow for ethics and compliance violations to occur. Company leaders “focused on fundamental aspects of how the organization functioned: organizational restructuring and instability; poor support and follow-through; poor talent management; lack of communication and information; and leadership and strategies.” Interestingly, when employees were interviewed they had the following thoughts on how to improve ethics and compliance, “improve communication, enhance senior management capability, provide more accountability for performance, empower employees and enhance collaboration groups.”

Yet in their examinations, the authors found “one type of incongruence that frequently led” to breakdowns in doing business ethically and in compliance. That breakdown came when the interests of one stakeholder group was favored over another stakeholder group. The authors identified some various stakeholders as shareholders, employees, customers, suppliers and communities. The authors said that this incongruence has “been defined as letting shareholder profits take precedence over core responsibilities to other stakeholders.” But it is simply more, than serving on stakeholder better than the others. It is favoring one stakeholder to the extent of “the expense of and even causing harm to” other stakeholders.

In other words, if profits are put ahead of all other measurements for an employee, that employee will get the message and make sure that he or she makes their numbers. The authors conclude this section by noting that with the current 24 hour news cycle and social media, what may have been yesterday’s event can rapidly spiral across the globe and out of control more quickly than ever. Once again witness just how quickly GSK seemed to be on notice of allegations of corruption and bribery in China to the time its Chinese employees admitted to such conduct on state TV. It was mere days.

In tomorrow’s post I will look at building high trust in organizations and how that relates to ethics and compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

An open letter from SFO Director David Green on facilitation payments that you don’t know about

Ed. Note-today I post an article that was on thebriberyact.com site yesterday. The entire post was too rich to summarize so with the kind permission of thebriberyact.com guys, I post today in its entirety.

From our deck chairs we thought we’d share this with you.  An open letter from David Green, Director of the SFO, in connection with facilitation payments.  Surprisingly, we are not aware of it having received much (if any) publicity and from our deckchairs in the sun, we thought we’d change that fact…

“Enforcement of the United Kingdom’s Bribery Act – Facilitation Payments

To Whom It May Concern

The United Kingdom’s Bribery Act 2010 provides in clear terms that it is a crime for any individual or company with a UK presence to bribe a public official. This includes “facilitation payments” – money or goods given to a public official to perform, or speed up the performance of, an existing duty.

Facilitation payments are illegal under the Bribery Act 2010 regardless of their size or frequency.

This absolute prohibition is consistent with the United Nations Convention against Corruption, which similarly does not allow any exception for the use of facilitation payments. It is also consistent with the policy of Organisation for Economic Co-operation and Development (OECD), which in 2009 agreed to prohibit or discourage the making of such payments.

The Serious Fraud Office is the lead agency for the enforcement of the Bribery Act 2010. Individuals and companies that use facilitation payments in the course of their business are at risk of criminal prosecution in the UK.

The Serious Fraud Office is working with colleagues in the Foreign and Commonwealth Office (FCO) and other UK Government departments to disseminate this message. If a UK individual or company is asked to make a facilitation payment in the course of doing business overseas, they are actively encouraged to inform the FCO via the local embassy, high commission or consulate. A report will then be sent to the Serious Fraud Office.

The Serious Fraud Office will decide on the best course of action. This may involve communicating the information to a law enforcement agency in the country where the request was made, so that appropriate measures can be taken against the relevant public official.

The UK Government and the Serious Fraud Office are committed to stamping out bribery and upholding the rule of law. The Serious Fraud Office stands ready to take effective action against the use of facilitation payments, regardless of where they are requested.

[David Green] Signature

David Green CB QC

Director of the Serious Fraud Office

6th December 2012″

Opinion

David Green revised the SFO position on facilitation payments relatively  early on in his tenure with the retraction of the earlier guidance put out by his pre-decessor Director, Richard Alderman.  The new guidance was, broadly speaking, a restatement of the Joint Prosecution Guidance when it comes to the Bribery Act jointly penned by the CPS and the SFO.

More recently David Green has spoken about the focus on facilitation payments.  In particular at a US dinner which we reported here Mr. Green emphasised his point again – leading at least one person who attended to privately express their disappointment that the Bribery Act and SFO focus might target what they perceived as the lesser evil of facilitation payments in contrast to big ticket bribery to win contracts. No doubt a sentiment shared by others.

In some ways Mr. Green’s open letter adds nothing new. For example, we have written before about what happens if business report demands for bribes to their local embassy, for example here.

Opinion

Whatever.

The various pronouncements of Mr. Green make it clear that the SFO position on facilitation payments has hardened significantly. Given the focus of the SFO on serious fraud then a few one off payments are unlikely to interest it.

But there is a big BUT. Businesses should beware. The SFO will aggregate facilitation payments made and so if, for example, a business is frequently put under pressure to pay them and does so it is at real risk of investigation and prosecution by the SFO.

We would not be at all surprised if the SFO bring prosecutions in connection with paying facilitation payments.

This may be depressing news for some. But, on the bright side – we have helped clients succesfully resist payment of facilitation payments in challenging (and others might have considered hopeless) situations!

Bon chance.

Tribute to Leonard and Hanson Wade Supply Chain Compliance Europe 2013, Part II

Yesterday I introduced my tribute to Elmore Leonard and the upcoming Hanson Wade Supply Chain Compliance Europe 2013 Conference in London on November 4-7. Today we begin with Leonard’s Ten Rules for writing.

1. Never open a book with weather.

2. Avoid prologues.

3. Never use a verb other than “said” to carry dialogue.

4. Never use an adverb to modify the verb “said” . . .

5. Keep your exclamation points under control.

6. Never use the words “suddenly” or “all hell broke loose.”

7. Use regional dialect, patois, sparingly.

8. Avoid detailed descriptions of characters.

9. Don’t go into great detail describing places and things.

10. Try to leave out the part that readers tend to skip.

Why are these important for the compliance practitioner? It is because Codes of Conduct, compliance policies and procedures are all in writing. Even if you cannot write like a novelist, you can write in plain English. Do not simply get a policies and procedures written by lawyers for lawyers. Write them so that the business folks who are trying to do the right thing, can understand the obligations they are under. And think of Elmore Leonard when you are writing. If it doesn’t inspire you, it will put a smile on your face.

Along the lines of ‘keeping it real’ we continue with the Hanson Wade the interview of Paul Zietsman, Chief Compliance Officer (CCO) at Sasol. In today’s post, he shares his insights into the development of their new internal culture and attitude towards compliance after gaining ongoing board level buy in and investment.

What advice would you give to anyone who has just received a fine in their organisation, what should be their first steps on the road to recovery?

I think the very first thing would be to make sure what you have is support from your executive management or from your most senior body in your company.  Now, usually when a company has had an incident you would have that kind of support because everybody, especially the senior managers are under stress, as there might be personal liability for them. So, you usually have some level of support from them.  I think that should be the starting point.  You should first determine that level of support, particularly because without that support, you’re not going to be successful in anything you will do going forward.

At one of the meetings with CCO’s in South Africa I have attended a colleague was struggling with a internal compliance challenge and I asked him a couple of questions all catered around the support that they have from the senior management. We eventually realized that this was exactly the issue, he did not have the support. I have even told him that before he gained this support he couldn’t expect any progress, and everything that they were doing up till now was actually in vain and that they should first establish that support.

The next step is to clean out your house, it is important to have an investigation and to spend enough time really going through your business and making sure that there are no similar noncompliance or contradictions even in any part of your business.

Especially from a compliance officer’s perspective, it is important because we are in a constant battle to demonstrate value in our business, and we do not have a direct contribution to the bottom-line.  It is always difficult to show that value.

Now if you have another incident shortly after you’ve established or after you’ve started to improve your compliance function, when you are finding your feet, it could be detrimental to the compliance function. The company may feel that now operations are under way this should not occur again.

So therefore, I think that it is important to start on a clean slate and you can only start in a clean slate if you have done a thorough investigation, if you have really identified any further issues that might be in your business.

Then another thing is to also strengthen your government relationships by centralizing your reporting lines for you insurance providers. I know many of my colleagues would crucify me for saying that, because there is a certain belief that you can add more value by being present in the business and therefore you have to have a decentralized system.  But let me explain, when I say centralized, I don’t mean that you pull all your compliance officers who have identified issues back to the head office so there is no engagement with the business units.  All I am mean is that the reporting lines should be central and the incentives and the bonuses should not be determined by the business that they serve.

So for instance, at Sasol, all my compliance officers report through various managers into me, so they don’t report to the business at all.  But, they spend 80% of their time in the businesses.  So they’re really involved.  They know their businesses, and they can add just as much value to the business as other compliance officer that work in a decentralised model.

Here though, I have the benefit of ultimate control, and I have the benefit of my compliance officers not being influenced by objectives within the business units; which might not always be in line with good governance, but works for Sasol.

Then the last point for me here is not to lose balance.  We have seen that with quite a few companies and initially even at our company we’ve experienced this as just a natural reaction.  The moment you have an issue on something you need to focus all your attention just on that issue. For example, if you take a company that has had an incident with regards to bribery laws, they would mainly focus their compliance programme around bribery.  Quite often, they lose sight of the other risks and expose themselves because of this resulting in a great compliance programme focusing on one particular risk where they had an issue in the past, but leaving the guard open in other areas.  I think it is important to keep a balance here.  Do your investigation in the area in which you had an issue, but also improve strength in your compliance programme in general.

This way you will have a well-balanced programme that would include proper recertification up front so you will know what risks you are facing. Then you can design and implement a compliance programme that will deal with all of the risks going forward, not only the area on which you had an issue.

Sasol has operations in Africa, what would you say is the most challenging aspect of operating in Africa vs other regions?

You know if you ask this question to 90% of my colleagues, I think they would say that it’s bribery because bribery is the major issue in Africa, and I would to some extent, agree with them.  I am quite passionate about Africa.  So I do a lot of reading about Africa and I am quite knowledgeable about Africa based on that. I would agree with them that certainly one of Africa’s biggest challenges is bribery and corruption.

If only Africa could deal with that, it could be one of the most prominent continents in the world.  However, I would say from the compliance perspective it’s not that easy.  You can’t just say its bribery.  I think there is something deeper and that is really challenging.  To me it varies to extremes within Africa.  In the sense that, in one country, you will have some of the most sophisticated and refined laws dealing with a specific area while in the same country just in a another area will have absolutely no laws at all.

Then you also have a situation where you have certain countries with the most sophisticated laws but they just are not enforced, because they don’t have the skills and we don’t have the manpower to enforce them.  So it’s a matter of dealing with the unknown and I know a lot of companies entering Africa deal with these challenges, they feel as long as they are just managing the anti-bribery risk they should be okay.  The reality is that they are exposed to a number of other risks. It might not be as risky in the recent world because there is no guarantee of an enforcement, but you never know.  Anything can happen so it is really dealing with that unknown factor that is the most challenging.

What advice would you give to companies looking to open new operations in Africa?

Well based on what I just said, I think it is important not to underestimate Africa.  Yes, you might not have the kind of enforcement there that you would see in the rest of the developed world but I think you need to be prepared for that.  So I would say, implement your whole compliance programme, the same as you have in other locations in the world and launch that into Africa.  Then at the same time, while implementing the whole of your programme, put a specific emphasis on bribery because bribery is a major concern in Africa.  I think there are quite a few unique challenges regarding bribery in Africa.  For instance, the involvement of the government in business, even sometimes the government being involved, will be the catalyst to the payment of bribes in Africa.  That creates a lot of new challenges and you need to have a specially devised program dealing with that.

We had an incident recently in one of the African countries we were operating in, where the government itself requested us to make cash payments, per diem payments to the officials because they just didn’t have the kind of systems in place to support these payments themselves.  Now of course we couldn’t do that so we refused that and we had further discussions with them to see how we could get the money to them. That was initiated because of a specific requirement in terms of a particular law, but knew we couldn’t pay directly to the officials.  So you will certainly end up in situations like that and you need to have robust controls dealing with those kind of challenges which is fairly unique to developing countries like Africa.

Readers of this blog can receive a discount to the event. Use the code, FOXLAW10 when registering. For details and more information about the event, click here, or go directly to the HansonWade website.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Tribute to Leonard and Hanson Wade Supply Chain Compliance Europe 2013, Part I

Elmore Leonard died this week. He was certainly one of the most prolific authors of the second half of the 20^th Century, turning out a book a year for almost 60 years. Although he began his writing career penning short stories for Western fiction magazines, he gravitated to crime novels. But he was more than just a crime novelist. In his New York Times (NYT) obituary, entitled “A Novelist Who Made Crime and Art, and His Bad Guys ‘Fun’”, reporter Marilyn Stasio quoted from his recognition by the American Chapter of PEN, which said “his books are “not only classics of the crime genre, but some of the best writing of the last half-century.””

For me, reading Leonard was akin to reading Hemmingway, sparse and taut, direct clean writing. Leonard’s writing style is an instructive way to think about compliance so I considered Leonard and his ability to communicate in connection with the upcoming Hanson Wade Supply Chain Compliance Europe 2013 Conference in London on November 4-7. I have attended several HansonWade conferences and they have all been first rate. But one thing that stands out for me is that each conference has speakers which provide you with direct information that you can use in your compliance program.

Over the next two days I will write about an interview Hanson Wade conducted with one of the speakers, Paul Zietsman, who is the Chief Compliance Officer (CCO) at Sasol Ltd (SSL). In today’s post, he shares his insights into the company’s compliance journey since their fine 6 years ago and the lessons they have learned. In tomorrow’s post we will continue our tribute to Elmore Leonard and learn from Paul about the development of their new internal culture and attitude towards compliance after gaining ongoing board level buy in and investment.

Paul, can you start by telling us about your recent compliance experience?

I am a Chief Compliance Officer of Sasol since 2009.  Sasol is a multinational petrochemical company with listings in both Johannesburg and New York with at least 32,000 employees and we operate in 38 jurisdictions.  I initially started off at Sasol in the commercial department and eventually after the major incident we had on competition law, I was requested to head up a new project in the compliance area. Which involved improving our compliance function at the time.

Now, and over the past few years I have been exposed to various, interesting scenarios and certainly learned to manage compliance in the developing worlds. Since our head office is based in Johannesburg and we have quite a few businesses in Africa. At the same time I also have been exposed to fairly good global based practices, due to my interaction with other multinational companies in Europe and America as well as Australia. This interaction has involved discussions and key benchmarking exercises with my fellow chiefs of compliance at a number of multinational companies.

Paul, Sasol was one of the companies that, due to compliance issues, received a fine six years ago.  Could you tell about the journey since that fine for Sasol?

It’s a long journey and I do not think one will ever really reach the spot where you would say “that everything is perfect now” That said, we would certainly not have a similar incident again, moving forward it’s an ever evolving journey and we are always challenged to improve on what we have.  It was a very interesting journey, but we have come through it.

When I start off here in the compliance team we had only a small number of compliance officers who were not centralized or centrally based.  They operated within the business units. We’ve changed that around to a well skilled global compliance team with 22 resources, all reporting centrally into the compliance function core at head office.

This gives a general overview, but our plan also entailed specific actions that we have taken. For instance, a following clean-up investigation took place,  where we had to find out if there was any similar instances lurking somewhere in our business.  We also had to look at more robust compliance structures and specifically look at compliance in our various business units as well as our corporate structure.  We reviewed our former compliance framework and adopt a new one , which involved benchmarking our practices against others. I am pleased to have regularly interacted with my colleagues at various other multinational companies on a regular basis.  So I had something to measure our framework against.

I must say in my experience talking to these people at these other companies was totally positive and really surprising. I know that some companies are usually not that willing to share but, when it comes to compliance and it comes to doing the right thing, most of the compliance people are very willing to share.

The last point in our journey but a very important point; was to ensure we were effective in cementing our compliance program as a standing item on our board’s agenda.  It is important that the senior leadership of a company takes charge of the compliance program and that is exactly what we have done at Sasol.

The Hanson Wade event will have some of the top compliance practitioners from the US, Europe and Africa to speak on some of the biggest compliance challenges and solutions that you can implement to meet these challenges. For instance you will learn how to identify how to build and update a robust, real world global compliance program and embed it effectively from ConocoPhillips. You can hear about Shell’s perspective on how to move from theory to reality in implementing a practical risk-based compliance program. You will pick up tips on how to work effectively to ensure compliance in the world’s most complex operating environments. Other topics will include how to mitigate compliance risks when working with third parties through tight contract controls and specific information on how GE Oil & Gas rolled out their compliance program effectively, to achieve truly global compliance.

Readers of this blog can receive a discount to the event. Use the code, FOXLAW10 when registering. For details and more information about the event, click here, or go directly to the HansonWade website.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Loyalty v. Fairness?

Ed. Note-today we have a guest post by that well known Code of Conduct maven, Catherine Choe.

It’s been years since I had a subscription for paper delivery of the news.  I read the news either on my computer or on my phone, and I tend to skim the headlines until I see one that interests me (usually an article on the most recent compliance & ethics failure).  A few weekends ago, I visited friends who still have the Sunday New York Times delivered to their home, and as I sipped coffee, leafing through their paper, I stumbled across an item I would have missed electronically:  “The Whistle-Blower’s Quandary.”

The authors of this piece, found in the Opinion section, are a trio of professors who did a series of studies on why and when people blow the whistle.  The article starts with an obligatory mention of Edward Snowden, and I almost moved onto the next item in the paper, but their definition of whistleblower caught my attention:  “research participants… [who] witnessed unethical behavior and reported it.”  This is the behavior we in C&E try to encourage among our employees, and so, intrigued, I kept reading.

In one of the studies, the participants were asked to describe a time that they witnessed an ethical failure, reported it, and why; they were also asked to describe a time that they witnessed an ethical failure, did not report it, and why.  In analyzing these responses, the authors found something interesting.  When the participants who reported ethical failures described their actions, they “use[d] ten times as many terms related to fairness and justice, whereas non-whistle-blowers [sic] use[d] twice as many terms related to loyalty.”  The short piece concludes that if we want our employees to come forward and report the ethical failures that they witness, we need to be emphasizing fairness and justice in our Codes of Conduct, communications, and training, as those are the concepts that encourage speaking up, where emphasizing loyalty will encourage silence.

This reminded me of one of Matt Kelly’s blog posts at Compliance Week, when Kelly reported the conversations that he facilitated with a group of CCEOs on the topic of cultivating C&E leadership. One of the CCEOs at the roundtable said, “The reward for good conduct is keeping your job.”  But as Kelly correctly notes, “That approach can convince an individual employee not to violate your Code of Conduct, to be sure. But it does not necessarily inspire him to call out other misconduct, when that is exactly what compliance officers desperately need.”  Kelly framed his post with the concept of allegiance, that what CCEOs need are employees who are allegiant, or loyal, to our companies, “people who will act as advocates for the company’s best interests.”

In his blog post, Kelly noted that expecting this level of loyalty from our employees may be a hard sell.  Modern companies exist to make money for their shareholders.  This has caused a situation where we’re all focused on hitting quarterly goals so that we don’t spook Wall Street.  It creates situations where companies don’t, or maybe can’t, exhibit any behaviors that would inspire the kind of loyalty we’re looking for in our employees.  We operate in a business culture where companies that prioritize the satisfaction of their employees are studied and celebrated like the rarities they are, but then we don’t emulate them.

Does the piece in the Times mean that we can stop worrying about loyalty and that we should instead focus on fairness and justice?  Nothing in life is ever that simple.

A few years ago, the Compliance and Ethics Leadership Council did research into what the leading indicators of misconduct are, i.e., the signs that tell us in advance that we’re more likely to find misconduct at our companies.  CELC found that that one of the top leading indicators of misconduct is when employees identify more closely with their individual work groups or departments than they do with the company as a whole.  (You can see versions of this at play in many Sales departments and in one of the justifications for violating the Foreign Corrupt Practices Act:  “this is how WE do business [insert relevant region here.]”)  In follow up research, CELC also found that one of the primary reasons employees don’t report the misconduct that they witness is because they don’t think that the company will do anything about it.  Employees don’t believe that there will be what CELC calls “organizational justice,” where wrongdoers get punished.

What all of this boils down to for me is that fairness and loyalty don’t oppose each other, as the professors posited.  Loyalty reflects fairness, is an accurate measure of how fair we are.  If we consistently enforce our own rules and standards of business conduct, employees will exhibit loyalty by speaking up when they see misconduct.  If they see evidence that the company takes its own rules seriously, employees will exhibit loyalty by following the company’s lead and also take the rules seriously.  If, however, we make exceptions in how we enforce our rules and standards of business conduct (e.g., we can’t fire John because he’s our top performer even though we know he’s unethical; we’re not going to dig deeper into why we were able to penetrate a new market so quickly because we only care about being successful and not how we were successful), employees will exhibit loyalty by keeping silent and enabling the misconduct.

If we can’t back them up with visible action, sprinkling the words “fairness” and “justice” instead of “loyalty” into our Codes and communications and training won’t inspire the kind of loyalty Kelly and his roundtable of CCEOs want.  “Actions speak louder than words” is a cliché for a reason.  It may be overused, but ignoring it or discounting it won’t make the underlying wisdom go away.

————————————————————————————————————————————————————————————————————

My eBook on the GSK bribery and corruption affair in China is out. You can purchase it for reading on your Kindle by clicking here.

————————————————————————————————————————————————————————————————————

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at cchoe@tflcompass.com

News Corp as Corporate Suspect – Between Scylla and Charybdis?

Yesterday I used the lyrics from Emerson, Lake and Palmer’s song Karn Evil No. 9, First Impression, Pt. 2 – “Welcome Back My Friends, To The Show That Never Ends” as an entrée into the topic of the investigation of JP Morgan’s hiring practices in China and possible Foreign Corrupt Practices Act (FCPA) violations. These lyrics seem doubly relevant with the news report from The Independent that “Scotland Yard is investigating News International as a “corporate suspect” over hacking and bribing offences.” But as a ‘corporate suspect’ News Corp might liken its position to be similar to the Greek sailors in the Odyssey; that being between Scylla and Charybdis.

In an exclusive report, entitled “Exclusive: Met investigating Rupert Murdoch firm News International as ‘corporate suspect’ over hacking and bribing offences”, Tom Harper reported that “The Independent has learnt the Metropolitan Police has opened an “active investigation” into the corporate liabilities of the UK newspaper group – recently rebranded News UK.” Harper wrote that “One of Rupert Murdoch’s most senior lawyers has been interviewed under caution on behalf of the company and two other very senior figures have been officially cautioned for corporate offences. John Turnbull, who works on News Corp’s Management and Standards Committee (MSC) which co-ordinates the company’s interactions with the Metropolitan Police, answered formal questions from detectives earlier this year.”

Apparently, News Corp was not “aware of its status as a potential “corporate defendant” until April 2012 when Met detectives asked the MSC for “minutes of board meetings”. The request triggered behind-the-scenes negotiations which eventually led to former Deputy Assistant Commissioner Sue Akers writing to the MSC a month later. In a letter to the chairman Lord Grabiner, she said there was “an active investigation into the corporate liability of News International”. The company immediately changed the terms of its co-operation with the police.”

News Corp Responses

News Corp’s responses were quite interesting. Lord Grabiner, responding to Ms. Akers “outlined the position of the company. He indicated it would be a “dereliction of duty” to continue co-operating with Scotland Yard if the police were planning a “corporate charge” against News International.” Harper reported that this communication also said, “Later he added: “A suspect which is being asked to provide material for use in the investigation into its own liability is entitled to be advised that it is under suspicion in order that it can be advised of its rights and make informed decisions.””  Harper apparently queried “A senior Scotland Yard source said that after Ms Akers’ letter there was a “suspension in co-operation” whilst the UK lawyers “took advice” from the board directors in New York.”

Roy Greenslade, writing in his Greenslade Blog, in an article entitled, “Rubert Murdoch’s company under investigation on ‘corporate charge‘ ” in the online edition of The Guardian said that “Police interest in bringing corporate charges was revealed when the former Met police deputy assistant commissioner, Sue Akers – then heading the investigation – appeared at the Leveson inquiry in July 2012. Greenslade quoted Akers as saying at the time, “We’ve sought legal advice… in respect of both individual and corporate offences.” Shortly after this appearance, Greenslade noted that “The Guardian’s Nick Davies and David Leigh reported that News Corp lawyers had protested to the police about the possibility of company directors being prosecuted “for neglect of their duties.””

News Corp also requested that the UK authorities consider the effects of any corporate indictments. Harper said that “Gerson Zweifach, the group general counsel of News Corp, flew in to London for emergency talks with the Met last year. According to Scotland Yard, he told police: “Crappy governance is not a crime. The downstream effects of a prosecution would be apocalyptic. The US authorities’ reaction would put the whole business at risk, as licences would be at risk.”” This avenue has continued as “Lawyers for News Corp then continued to plead with the police not to pursue the company.”

Unlike US prosecution guidelines, where the Department of Justice (DOJ) can consider the effect of wiping out a company through an indictment and conviction, apparently there is no similar provision in UK law. Harper explained that the “Crown Prosecution Service can treat a company as a “legal person” who is “capable of being prosecuted”. And any organisation at the centre of a criminal investigation “should not be treated differently from an individual because of its artificial personality”.” He cited the latest Crown Prosecution Service (CPS) guideline on the issue which states, “A thorough enforcement of the criminal law against corporate offenders, where appropriate, will have a deterrent effect, protect the public and support ethical business practices.

FCPA Implications

As noted the DOJ can take into account such collateral damage as the destruction of a company when bringing charges under laws such as the FCPA. This is based on Arthur Anderson going out of business after sustaining a guilty verdict in an Enron related trial. But what about the fear that News Corp could lose valuable licenses which allow it to operate various media such as Fox News in the US? Tom Watson, British MP and long-time critic of Murdoch, was quoted in The Independent article with the following response, “The doom-laden internal analysis that the thousands of people who actually add value to the company may lose their jobs is bogus. If News Corp wants to clean up its act, it can easily do so by replacing the Murdochs with people who understand corporate social responsibility.”

More critically for News Corp will be the decision on cooperation with the British authorities and the US DOJ in any ongoing Bribery Act or FCPA investigation. Corporate cooperation is viewed as one of the cornerstones of current FCPA enforcements. If a company truly fears that it may be indicted for its actions based upon it turning over such information to the authorities it may decide it is not in its best interest to do so. But not to cooperate could well be taken into account in any fine or penalty assessed by the DOJ and could considerably raise the cost of any monetary settlement.

However, I am reasonably certain that the US government can obtain such company information through standard investigative tools available to it under US criminal procedures. While it is not clear what the level of cooperation between the relevant US and UK authorities has been today, I would certainly opine that there has been a high level of cooperation. If I were advising News Corp, I would certainly suggest that such cooperation between governments is usually forthcoming. I would also advise them that cooperation is better than non-cooperation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013