FCPA Compliance and Ethics Blog

September 25, 2013

Getting Your Employees to Internally Market Your Compliance Program

7K0A0501It has often struck me that one of the things the compliance function must do is to internally market its role in a company. By this I do not mean the internal competition for funding that occurs annually, although that is certainly something which the compliance function must also go through. The internal marketing function of compliance is to get employees not only to understand the message of compliance but, even more so, to think about and use compliance in their day-to-day operations. I recently heard a podcast on social media marketing which had some concepts I thought applicable to the compliance function and its internal marketing role within a company.

The podcast is on the Social Media Examiner site, which brands itself as “Your Guide to the Social Media Jungle.” The podcast, entitled “Social Sharing: How to Inspire Fans to Share Your Stories” is hosted by Michael Stelzner, Chief Executive Officer (CEO) and Founder of the site. Stelzner interviews Simon Mainwaring, author of We First: How Brands and Consumers Use Social Media to Build a Better World. Mainwaring is a consultant who has worked with brands like Nike and Motorola and is hosting the upcoming “We First Social Branding Seminar” in West Hollywood in a few days.

The focus of the podcast was on the use of social media by your employees and customer base to increase market share. However, Mainwaring said something that struck me as key to building a successful compliance program. He was discussing your employee base as one of your most key marketing resources because they are your first and best line of advertising. He said that to allow them to market successfully there are three key components, (1) Let your employees know what you stand for; (2) Celebrate their efforts; and (3) Give them a tool kit of different ways to participate. I think each of these concepts can play a key role for the compliance practitioner in internally marketing their compliance program.

I.                   Let Your Employees Know What You Stand For

In the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said that the basis of any anti-corruption compliance program is the Code of Conduct as it is “often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” That well known @CodeMavencc, Catherine Choe, has said that she believes “Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.”

But more than the Code of Conduct, does your company really communicate that it stands for compliance? Obviously formal anti-corruption training under the Foreign Corrupt Practices Act (FCPA) is important but I think that more is required to reinforce that your company has a culture of compliance throughout the organization. In other words, are you communicating what you stand for and not simply the rules and regulations of a compliance program?

II.                Celebrate Their Efforts

Once again the FCPA Guidance speaks to the need to incentivize employees in the company realm. The Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many Guiding Principles of Enforcement forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But more than simply incentives, it is important that “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well.”

Mainwaring’s concept means going beyond incentivizing. To me his word ‘celebration’ means a more public display of success. Financial rewards may be given in private, such as a portion of an employee’s discretionary bonus credited to doing business ethically and in compliance with the FCPA. While it is certainly true those employees who are promoted for doing business ethically and in compliance are very visible and are public displays of an effective compliance program. I think that a company can take this concept even further through a celebration to help create, foster and acknowledge the culture of compliance for its day-to-day operations. Bobby Butler, Chief Compliance Officer (CCO) at Universal Weather and Aviation, Inc. has spoken about how his company celebrated compliance through the event of Compliance Week. He said that he and his team attended this event and used it as a springboard to internally publicize their compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

III.             Give Your Employees a Tool Kit For Compliance

Obviously a key component of any effective compliance program is an internal reporting mechanism. The FCPA Guidance states that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The Guidance goes on to also discuss the use of an ombudsman to address employee concerns about compliance and ethics. I do not think that many companies have fully explored the use of an ombudsman but it is certainly one way to help employees with their compliance concerns. Interestingly, an interview in the Wall Street Journal (WSJ) today, with Sean McKessy, Chief of the SEC’s Office of the Whistleblower, he stated that “What I hear is that companies are generally investing more in internal compliance as a result of our whistleblower program so that if they have an employee who sees something, they’ll feel incentivized to report it internally and not necessarily come to us.”

But, more than a reporting tool for compliance, there are other ways a company can help employees do business in a compliant manner. One commercial tool which immediately comes to mind is Navigator, developed by the firm of Stroz Friedberg LLC, which the firm calls “a groundbreaking mobile and desktop application that makes your compliance program come alive! It automates clear answers and approval processes, and even offers data analysis for enhanced decision-making. The Navigator “app” is custom-tailored to each client and offers an array of benefits to any organization seeking easier ways to drive a positive corporate compliance culture.” I have seen this tool and it is way cool.

Yet there are other tools which are available, at no cost, and can be downloaded onto a mobile device such as a smartphone or iPad. These include the O’Melveny & Myers LLP Foreign Corrupt Practices Act Resource Guide; which concentrates solely on the FCPA and is primarily a new vehicle to distribute content it already makes available upon request. This content includes O’Melveny’s FCPA Handbook and O’Melveny’s In-House Counsel’s Guide to Conducting Internal Investigations. In addition, the app features five resource sections that serve as an interactive, illustrative directory with titles ranging from ‘O’Melveny Authored Client Alerts’ to ‘DOJ Opinion Releases.’

Another approach is found in the Latham & Watkins LLP’s AB&C Laws app which takes an international approach to anti-corruption and anti-bribery laws and its scope is international, with the content focused on organizing and easing access to statutes and regulatory guidance according to specific fields of interest, from legislative frameworks to extra-territorial application to enforcement and potential penalties. It also includes official guidance such as steps (where available) that can be taken to reduce the risk of liability for bribery and corruption.

There is much to be learned by the compliance practitioner from the disciplines of marketing and social media. These three concepts are useful to aiding companies in getting their sales pitches out and can be of great help to you, the compliance practitioner, in communicating marketing throughout your company as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

August 21, 2013

Loyalty v. Fairness?

Ed. Note-today we have a guest post by that well known Code of Conduct maven, Catherine Choe.

It’s been years since I had a subscription for paper delivery of the news.  I read the news either on my computer or on my phone, and I tend to skim the headlines until I see one that interests me (usually an article on the most recent compliance & ethics failure).  A few weekends ago, I visited friends who still have the Sunday New York Times delivered to their home, and as I sipped coffee, leafing through their paper, I stumbled across an item I would have missed electronically:  “The Whistle-Blower’s Quandary.”

The authors of this piece, found in the Opinion section, are a trio of professors who did a series of studies on why and when people blow the whistle.  The article starts with an obligatory mention of Edward Snowden, and I almost moved onto the next item in the paper, but their definition of whistleblower caught my attention:  “research participants… [who] witnessed unethical behavior and reported it.”  This is the behavior we in C&E try to encourage among our employees, and so, intrigued, I kept reading.

In one of the studies, the participants were asked to describe a time that they witnessed an ethical failure, reported it, and why; they were also asked to describe a time that they witnessed an ethical failure, did not report it, and why.  In analyzing these responses, the authors found something interesting.  When the participants who reported ethical failures described their actions, they “use[d] ten times as many terms related to fairness and justice, whereas non-whistle-blowers [sic] use[d] twice as many terms related to loyalty.”  The short piece concludes that if we want our employees to come forward and report the ethical failures that they witness, we need to be emphasizing fairness and justice in our Codes of Conduct, communications, and training, as those are the concepts that encourage speaking up, where emphasizing loyalty will encourage silence.

This reminded me of one of Matt Kelly’s blog posts at Compliance Week, when Kelly reported the conversations that he facilitated with a group of CCEOs on the topic of cultivating C&E leadership. One of the CCEOs at the roundtable said, “The reward for good conduct is keeping your job.”  But as Kelly correctly notes, “That approach can convince an individual employee not to violate your Code of Conduct, to be sure. But it does not necessarily inspire him to call out other misconduct, when that is exactly what compliance officers desperately need.”  Kelly framed his post with the concept of allegiance, that what CCEOs need are employees who are allegiant, or loyal, to our companies, “people who will act as advocates for the company’s best interests.”

In his blog post, Kelly noted that expecting this level of loyalty from our employees may be a hard sell.  Modern companies exist to make money for their shareholders.  This has caused a situation where we’re all focused on hitting quarterly goals so that we don’t spook Wall Street.  It creates situations where companies don’t, or maybe can’t, exhibit any behaviors that would inspire the kind of loyalty we’re looking for in our employees.  We operate in a business culture where companies that prioritize the satisfaction of their employees are studied and celebrated like the rarities they are, but then we don’t emulate them.

Does the piece in the Times mean that we can stop worrying about loyalty and that we should instead focus on fairness and justice?  Nothing in life is ever that simple.

A few years ago, the Compliance and Ethics Leadership Council did research into what the leading indicators of misconduct are, i.e., the signs that tell us in advance that we’re more likely to find misconduct at our companies.  CELC found that that one of the top leading indicators of misconduct is when employees identify more closely with their individual work groups or departments than they do with the company as a whole.  (You can see versions of this at play in many Sales departments and in one of the justifications for violating the Foreign Corrupt Practices Act:  “this is how WE do business [insert relevant region here.]”)  In follow up research, CELC also found that one of the primary reasons employees don’t report the misconduct that they witness is because they don’t think that the company will do anything about it.  Employees don’t believe that there will be what CELC calls “organizational justice,” where wrongdoers get punished.

What all of this boils down to for me is that fairness and loyalty don’t oppose each other, as the professors posited.  Loyalty reflects fairness, is an accurate measure of how fair we are.  If we consistently enforce our own rules and standards of business conduct, employees will exhibit loyalty by speaking up when they see misconduct.  If they see evidence that the company takes its own rules seriously, employees will exhibit loyalty by following the company’s lead and also take the rules seriously.  If, however, we make exceptions in how we enforce our rules and standards of business conduct (e.g., we can’t fire John because he’s our top performer even though we know he’s unethical; we’re not going to dig deeper into why we were able to penetrate a new market so quickly because we only care about being successful and not how we were successful), employees will exhibit loyalty by keeping silent and enabling the misconduct.

If we can’t back them up with visible action, sprinkling the words “fairness” and “justice” instead of “loyalty” into our Codes and communications and training won’t inspire the kind of loyalty Kelly and his roundtable of CCEOs want.  “Actions speak louder than words” is a cliché for a reason.  It may be overused, but ignoring it or discounting it won’t make the underlying wisdom go away.

————————————————————————————————————————————————————————————————————

My eBook on the GSK bribery and corruption affair in China is out. You can purchase it for reading on your Kindle by clicking here.

————————————————————————————————————————————————————————————————————

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at cchoe@tflcompass.com

June 7, 2013

Codes of Conduct: what are they good for?

Ed. Note-today we have a guest post from Catherine Choe, a well known Code of Conduct maven. 

I had an interesting and frustrating conversation with a relative about the work that I do, which includes working with companies on refreshing their Codes of Business Conduct.  Despite working at a large, publicly traded, multinational corporation, I had to describe the Code twice before he recalled having certified reading the one at his company.  It got me thinking about why we have Codes and whether they’re doing an adequate job serving their purposes.

Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.  There have been some very compelling articles discussing how important it is to teach employees that even actions that seem like minor misconduct should be reported.  I agree with this, of course, but I think that those of us in compliance & ethics should not lose sight of how difficult the decision to report major misconduct can be for many employees.

I recently heard a story about this that drove home how much anxiety the decision to report can cause.  I was having drinks with Sara, a friend I hadn’t seen in over a year.  Sara and I used to work together, and as we were catching up (i.e., gossiping) about former colleagues and mutual friends, she told me about something that happened to her a couple of weeks earlier.

Sara was attending a happy hour and chatting with Tracy.  Sara and Tracy started at the company on the same day and were in the same orientation group, where they bonded over their shared love of celebrity tabloids and became fast friends.  Over the years, Tracy worked her way up in the sales department to become a senior manager.  At the happy hour, Tracy shared details from the latest bonus trip that she had been selected to attend along with other top sales employees as a reward for outstanding performance.

It seems that in addition to her reputation for exceeding nearly every sales goal put in front of her, Tracy had also developed a habit of dating her colleagues.  In some instances, her partners were at her level, but most of the time, they were junior to her, although not in her reporting line.  All of her relationships were consensual, and she never exerted influence, positive or negative, over their careers.  Tracy simply found that it was more convenient, given the number of hours she worked and the days that she traveled, to find romance at work.  Management turned a blind eye to these activities, despite them being in contravention of company policy.  This was in part because of her performance and in part because nobody ever complained.

Tracy became involved with a junior colleague on the bonus trip and, as friends often do, was starting to share juicy details.  Tracy, wanting to show Sara what the junior colleague looked like, pulled out her phone to show Sara a picture.  Sara expected to see a head shot.  What she saw instead was a picture of the gentleman in question in the shower, with no idea that Tracy was snapping a photograph.

Sara shared the story with her boyfriend as an example of Tracy’s continuing refusal to grow up and a reason for the growing distance between the two friends.  Sara expressed discomfort at having been shown the picture and some sympathy for the gentleman who’d had his picture taken in an intimate moment without his consent.  Her plan for the future was to minimize contact and avoid spending time with Tracy.

Sara’s boyfriend, a lawyer, told her she had a responsibility to report Tracy’s behavior.  Sara disagreed, saying that the relationship was a consensual one between two adults.  In addition, Sara was concerned that Tracy might lose her job at a time when jobs were hard to find; Sara didn’t think it was right to interfere with Tracy’s livelihood

Sara’s boyfriend insisted that Sara report the incident, going so far as to say that if she didn’t tell someone in authority at the company, that he would call the company’s General Counsel to report the behavior himself.  He also noted that she might not have been as reluctant to raise her hand if the genders of the parties involved had been reversed.

Sara felt trapped.  Despite the egregious nature of Tracy’s behavior, Sara was torn between loyalty to her friend and doing what she knew in her heart was the right thing.  After several sleepless nights, she asked her boyfriend to consider calling the helpline rather than calling the GC, which she hoped would make it harder to trace the report back to her.  Out of sympathy for her distress, he agreed but told her she should check to see what her responsibilities were in the company’s Code of Conduct.

Sara downloaded the Code of Business Conduct from the company’s website and checked the Table of Contents and the index.  Both places directed her to the first section of the Code, which stated that employees, officers, and directors had a duty to report misconduct.  Defeated, Sara called the HR business partner for her department the next day.

Two things stood out to me when Sara told me this story:  (1) Sara’s reluctance to report the misconduct despite its egregiousness and (2) the role of the Code of Business Conduct in the resolution.  It’s true that if someone had reported Tracy when she first started dating her colleagues, she might not have reached the point of nonconsensual pictures in the shower, and then Sara would not have faced the dilemma she did.  Despite the existence of HR policies either forbidding romantic relationships at work or requiring their disclosure, workplace romances continue to occur.  As adults, we spend most of our time at the office with our coworkers.  Personal relationships are inevitable.

In addition, we often feel more loyalty to our coworkers than we do to the companies that employ us.  Our colleagues are people.  We work on projects together, we celebrate successes with each other, and we console each other when there are failures.  The collegiality that we build can improve productivity for the company.

Companies employ us.  They provide us with the money we need to shelter and feed ourselves and our families, but companies are not people.  The relationships we have with them are not personal.  What this means for C&E practitioners is that when we tell employees to report misconduct, no matter how small, the choice we are presenting is to be loyal to our coworkers or be loyal to the company.  Respect the teamwork and collegiality we’ve built, or “tattle” on our teammates for minor infractions of a Code that most employees skim once a year.  The decision to report, even in the face of serious misconduct, is gut-wrenching, especially if the bad actor is a friend or simply likeable.

Luckily for Sara’s company, the Code specifically cited a duty to report.  Companies often struggle with the decision as to whether to make reporting a duty or something more voluntary.  Making reporting a duty puts a burden on the company to ensure there are consequences for those who do not report misconduct.  Some decide that the administrative burden is too great or that they are uncomfortable with the potential impact it will have on the company culture.  After the conversation I had with Sara, I believe that the benefits outweigh those potential drawbacks.

We all know that our companies need Codes, so that our expectations around appropriate behavior are written down for employees.  We all know the general topics that should be covered in our Codes.  The level of sophistication in interactivity often depends on the level of technology sophistication of the employee base.  Many of us have gotten savvier about adding specific examples in our Codes to provide additional guidance.  We seem to take it for granted that employees will read the Code with the same attention and focus that we do.

The reality is that employees read the Code when forced to, either because of an annual certification campaign or because they face a dilemma.  In the former situation, employees skim, then sign; in the latter situation, employees look for an answer to a specific question.  Everyone in C&E has a checklist in mind of things that the Code should have and do.  At the top of my checklist is how quickly people like Sara can find the topic of her question and how clearly the Code answers it.  If employees are unable to find clear answers to their dilemmas quickly, the Code is not serving its purpose.

———————————————————————————————————————————————————————-

Catherine Choe  is Managing Member at TFL Compass (www.tflcompass.com), a compliance and ethics consultancy.  She is an authority on the business impact of C&E programs and has lectured widely on harmonizing C&E practices with business processes. Catherine is also an experienced and talented speaker with exceptional communication and presentation skills. She tweets regularly as the Code Maven (@CodeMavencc). She can be reached by phone at  408-337-2463  or email at cchoe@tflcompass.com. 

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. 

Blog at WordPress.com.