BNY Mellon Settles First Sons and Daughters (and Nephews) FCPA Hiring Matter – Part I

Yesterday the Securities and Exchange Commission (SEC) announced a resolution with Bank of New York Mellon Corporation (BNY Mellon) for violations of the Foreign Corrupt Practices Act (FCPA). This was the first enforcement action around the now infamous Princesslings and Princelings investigations where US companies hired the sons and daughters of foreign government officials to curry favor and obtain or retain business.

While JPMorgan Chase has garnered the most attention around this issue, probably because of its notorious spreadsheet tracking of sons and daughters hires to develop business in China, there are multiple US companies under scrutiny for similar conduct. The FCPA Blog has reported that Credit Suisse, Goldman Sachs, Morgan Stanley, Citigroup, and UBS are all under investigation by the SEC for their hiring practices around the sons and daughters of foreign government officials. BNY Mellon has the honor of being the first company to reach resolution on this issue.

This is an important issue for many companies going forward and since this is the initial enforcement action on this issue, I am going to take a deep dive into the matter over the next couple of days. Today, I will discuss the facts of the case and tomorrow I will discuss not only the lessons to be learned from this FCPA enforcement action but also how the Chief Compliance Officer (CCO) or compliance practitioner can use those facts to graft a hiring program around the sons and daughters of foreign government officials which will not violate the FCPA.

In its Press Release, the SEC noted, “The Securities and Exchange Commission today announced that BNY Mellon has agreed to pay $14.8 million to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) by providing valuable student internships to family members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund.” Andrew J. Ceresney, Director of the SEC Enforcement Division, was quoted in the Press Release as stating, “The FCPA prohibits companies from improperly influencing foreign officials with ‘anything of value,’ and therefore cash payments, gifts, internships, or anything else used in corrupt attempts to win business can expose companies to an SEC enforcement action. BNY Mellon deserved significant sanction for providing valuable student internships to family members of foreign officials to influence their actions.” Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said, “Financial services providers face unique corruption risks when seeking to win business in international markets, and we will continue to scrutinize industries that have not been vigilant about complying with the FCPA.”

The Cease and Desist Order (Order) entered found that BNY Mellon violated the anti-bribery and internal controls provisions of the Securities Exchange Act of 1934.  BNY Mellon, “Without admitting or denying the findings, the company agreed to pay $8.3 million in disgorgement, $1.5 million in prejudgment interest, and a $5 million penalty. The SEC considered the company’s remedial acts and its cooperation with the investigation when determining a settlement.”

The underlying facts and BNY Mellon’s conduct as laid out in the Order provide some clear guidance for the CCO or compliance practitioner regarding what will be a violation of the FCPA in terms of hiring sons, daughters and close family relatives going forward. It should be noted that two of the hires were sons of foreign governmental officials and one was a nephew. However, the first important lesson under this enforcement action is around the parties involved. Although not identified by country, the foreign governmental entity involved was a Middle Eastern Sovereign Wealth Fund. If there was any question as to whether foreign sovereign wealth funds were covered under the FCPA, that answer is now clear, they are covered. All corporate actions should be cloaked with this knowledge going forward.

The Order also specified how the hiring of the relatives led directly to BNY Mellon obtaining and retaining business. One foreign government official, (Official X), “made a personal and discreet request that BNY Mellon provide internships to two of his relatives: his son, Intern A, and nephew, Intern B. As a Middle Eastern Sovereign Wealth Fund department head, Official X had authority over allocations of new assets to existing managers such as the Boutique, and was viewed within BNY Mellon as a “key decision maker” at the Middle Eastern Sovereign Wealth Fund. Official X later persistently inquired of BNY Mellon employees concerning the status of his internship request, asking whether and when BNY Mellon would deliver the internships. At one point, Official X said to his primary contact at BNY Mellon that the request represented an “opportunity” for BNY Mellon, and that the official could secure internships for his family members from a competitor of BNY Mellon if it did not satisfy his personal request.”

There were clear statements by the BNY Mellon official involved that hiring this son and nephew were being done to obtain or retain business. As reported in the Order:

• BNY Mellon was “not in a position to reject the request from a commercial point of view” even though it was a “personal request” from Official X. The employee stated: “by not allowing the internships to take place, we potentially jeopardize our mandate with [the Middle Eastern Sovereign Wealth Fund].”
• Another employee was quoted as saying, ““I want more money for this. I expect more for this. . . . We’re doing [Official X] a favor.”
• Yet another employee was quoted as saying, “I am working on an expensive ‘favor’ for [Official X] – an internship for his son and cousin (don’t mention to him as this is not official).”
• Finally, to demonstrate the nefarious nature of the arrangement and lack of transparency in the entire process, this final BNY Mellon employee said, ““[W]e have to be careful about this. This is more of a personal request . . . [Official X] doesn’t want [the Middle Eastern Sovereign Wealth Fund] to know about it.” The same employee later directed his administrative assistant to refrain from sending email correspondence concerning Official X’s internship request “because it was a personal favor.”

The second foreign government official, (Official Y), “asked through a subordinate European Office employee that BNY Mellon provide an internship to the official’s son, Intern C. As a senior official at the European Office, Official Y had authority to make decisions directly impacting BNY Mellon’s business. Internal BNY Mellon documents reflected Official Y’s importance in this regard, stating that Official Y was “crucial to both retaining and gaining new business” for BNY Mellon. One or more European Office employees acting on Official Y’s behalf later inquired repeatedly about the status and details of the internship, including during discussions of the transfer of European Office assets to BNY Mellon. At the time of Official Y’s initial request, a number of recent client service issues had threatened to weaken the relationship between BNY Mellon and the European Office.”

When it came to hiring Official Y’s son there were some equally damning communications at BNY Mellon that were featured in the Order.

• The BNY Mellon sovereign wealth fund relationship manager said, “that granting Official Y’s request was likely to “influence any future decisions taken within [the Middle Eastern Sovereign Wealth Fund].”
• The same person also worried aloud that if BNY Mellon did not hire the son, it “might well lose market share to a competitor as a result.”
• He went on to write ““Its [sic] silly things like this that help influence who ends up with more assets / retaining dominant position.”
• Finally, he noted that to accede to Official Y’s request was the “only way” to increase business share.

Added to all of this was that none of the three individuals met the BNY Mellon requirements for its internship program; they met neither the academic or professional requirement to obtain an internship. BNY Mellon not only waived its own hiring requirements, it did not even go through the pretense of meeting with them or interviewing them. Finally, these three individuals were provided with “bespoke internships were rotational in nature, meaning that Interns A, B and C had the opportunity to work in a number of different BNY Mellon business units, enhancing the value of the work experience beyond that normally provided to BNY Mellon interns.”

The penalty was also interesting. As set out in the order BNY Mellon agreed to the following penalty amount: “disgorgement of $8,300,000, prejudgment interest of $1,500,000 and a civil money penalty in the amount of $5,000,000, for a total payment of $14,800,000.” The SEC noted the cooperation efforts of the bank in stating, “Respondent acknowledges that the Commission is not imposing a civil penalty in excess of $5,000,000 based upon its cooperation in a Commission investigation.” Further, BNY Mellon engaged in extensive remediation. The Order stated, “Prior to the investigation by the Commission of the Interns, BNY Mellon had begun a process of enhancing its anti-corruption compliance program including: making changes to the Anti-Corruption Policy to explicitly address the hiring of government officials’ relatives; requiring that every application for a full-time hire or an internship be routed through a centralized HR application process; enhancing its Code of Conduct to require that every year each employee certifies that he or she is not responsible for hiring through a non-centralized channel; and requiring as part of a centralized application process that each applicant indicate whether she or a close personal associate is or has recently been a government official, and, if so, additional review by BNY Mellon’s anti-corruption office is mandated.”

Tomorrow I will look at lessons learned for the CCO and compliance practitioner and how you can avoid the missteps of BNY Mellon in your hiring program going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Georgia On My Mind – How Does Compliance Enhance Shareholder Value?

Can you get a sense of place from listening to a song? In an article in the Financial Times (FT), entitled “The Life of a Song – Georgia On My Mind”, Mike Hobart wrote that when you “combine Stuart Gorrell’s lyrics with Hoagy Carmichael’s music… the sense of place becomes palpable.” While that may be true, the piece attributed to Frank Trumbauer who said, “Nobody ever lost money writing songs about the South”. The song did not become the well-known standard it is today until Ray Charles recorded it in 1960, some 30 years after Carmichael wrote it. Hobart believes that the song works so well “not the least because ‘Georgia On My Mind’ is a brilliant piece of imaginative fiction that captures the yearnings of a homesick soul. That fact and fantasy are so out of step only adds to the pathos.”

That ultimate line from Hobart’s piece struck me around an issue that I have thought about for some time. How many Chief Compliance Officers (CCOs) and compliance practitioners out there have faced the following question from the General Counsel (GC), Chief Executive Officer (CEO), Chief Financial Officer (CFO) What does it do to enhance shareholder value? This is the question that is posed when senior management wants to deny resources to or even cut back the compliance function. At best the question is disingenuous and at worst it is simply a dodge by someone wanting to denude a corporate compliance function for their own nefarious reasons.

Michael Skapinker raised this second point, in another FT article entitled “Shareholder value is a cover for over-mighty chief executives”. Skapinker further opines that this question also presages an inquiry into whether CCOs “are using the cover of shareholder primacy to put themselves first?” While he also condemned the disparity in the growth of senior executives salaries and true shareholder value, Skapinker worries about the lack of accountability of CCOs and how their actions can damage a company’s reputation.

So how do you respond to this query? I think there is an answer with which you can always respond when faced with a clearly hostile CEO or other senior manager. It is the following. A best practices anti-corruption compliance program, whether based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law always enhances shareholder value. The reason is quite simple. It is all about tightening up the internal controls to prevent bribery and corruption.

However the part that such CEOs or other senior management may not understand is that FCPA internal controls are largely financial controls. Such controls are in place not only to comply with laws but also to provide internal oversight on how money flows out from an organization. The better the internal financial controls the better run a company will be in both the short and long term.

Most readers are familiar with Ethisphere’s annual designation of the World’s Most Ethical Companies. Many commentators deride this list because many of the companies on the list have gone through a FCPA investigation or enforcement action. Even with that factor, one of the things that Ethisphere touts about this list is that the companies on it routinely outperform the Standard & Poor’s (S&P) Index in annual performance. I thought about this seeming anomaly for a long time, wondering how ethical companies could be in the midst of FCPA investigations and be on a most ethical list.

The reason these companies are on the list is that they have better financial controls and by having better financial controls, these companies are more generally better run. Think about financial controls around employee expense reimbursement as an example. These are in place to satisfy Internal Revenue Service (IRS) rules to demonstrate the business purpose of employee travel, entertainment of customers, hospitality for potential customers and similar business expenses. Now consider this IRS requirement overlaid with a FCPA compliance requirement. Not only do you need to record the foreign government officials (or not) that you entertain, you need to document the expense incurred and the business purpose. If the expenses were predetermined to be over the amount set in your compliance policy, you may require compliance department pre-approval. When an employee submits an expense reimbursement form, there is usually a signature or self-attestation required. Then the employee’s supervisor, and perhaps one level above, must approve the reimbursement request before it even gets to Accounts Payable (AP) for a financial and procedure focused review.

All of these steps are financial controls yet they operate as internal compliance controls as well. If the controls are enforced the compliance function would have a searchable database to test employee expense reimbursement requests to see if any anomalies appear which should be set aside for further investigation. Imagine how GlaxoSmithKline PLC (GSK) might have fared if it had properly assessed its Chinese employee reimbursement requests to determine if the employees had actually put on the events for which they claimed reimbursement.

The same financial control analogy is true for the other key steps in any best practices compliance program. Management must communicate the message regarding doing business in compliance down to the troops. This message should be formalized in policies and procedures to set expectations of behavior. Then there should training on these educations and a person or function sufficiently resourced to run it. Next there should be incentives to do business in compliance and sanctions for those who fail to meet the set expectations and an appropriate reporting mechanism for internal reporting of compliance violations. Any best practices FCPA compliance program would also have a risk assessment, management of third parties and a mergers and acquisition (M&A) component. Finally, all of these concepts should be memorialized through internal controls that are designed, implemented and tested for effectiveness.

So the next time one of those senior management types asks you what the compliance function does or even what an expenditure that you want to incur will do to increase shareholder value, you can not only point him (or her) to the Ethisphere Most Ethical Company list but you can dive down to the specific level of your company and point directly to one of the above concepts around internal controls, which are really financial controls, to make your company not only run more efficiently but also provide appropriate levels of oversight.

So just as Hoagy Carmichael may indeed have written Georgia On My Mind because no one “ever lost money writing songs about the South”; no company was worse run because it had effective internal controls. Quite the contrary, the more effective your compliance controls are the better run your company will be and that will most certainly enhance shareholder value.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Why Is It So Hard to Hire People in Compliance?

Ed. Note-I recently asked Maurice Gilbert, founder and CEO of Conselium Executive Search if he would share some thoughts as to why and how a company should use an executive search firm when recruiting a C-Suite level executive, specifically a Chief Compliance Officer. Maurice graciously responded with the below post on how his company can assist in such a search and more importantly why companies should use a professional search firm in such situations. 

 

As managing partner of an executive search firm, I’m often asked how the sluggish economy affects our business.  Truth?  Not at all.  We place compliance officers, and our business is booming.

The demand for top-notch compliance pros is high, and the supply low. Hunting heads takes time, talent and chutzpah.  If it were easy, companies wouldn’t need us.

Here’s an example of a typical search:

The phone rings.  It’s the senior vice president of HR at a prominent medical device company.  Would we entertain a search for an EVP Chief Compliance Officer?

“Certainly,” I tell her. “When do you need to have this job filled?”

“Yesterday.”

She goes on to explain they posted the job on their website five months ago and also added it to a few major online job boards.  When responses were sluggish, their internal recruiter joined the hunt (more on this later.) She had reviewed 17 CV’s before calling me – not one of which warranted an interview.

Our search began by calling and emailing compliance officers in our (vast) network.  We’ve spent a decade compiling contact info and building relationships with Compliance Officers.

Next step: Screening candidates.  We typically screen 100 professionals for every qualified candidate we present to a client.  In this case, we identified 5 candidates – so you can do the math there.  We screened over 500 applicants in this stage of the process.

One candidate in particular stood out.  So we called and left a message.  Then we called again.  Then we left another message.  Another call, another message.  Finally – his wife phoned us. Remember I told you this process takes diplomacy and chutzpah?  Turns out the candidate was working in a town his wife thought was unfit for raising their children.  The job we were offering was in a town she thought would be great for the family. Could we help get his career (and maybe the marriage) back on track?

Long story short, we got him the interview.  The candidate got the job, and my client got the compliance department problem solved.  Another happy ending.

It took three months, start to finish.  Should a busy C-suite executive or HR manager rely on a specialty search firm to get the job done?  Yes. We applied three full time dedicated employees to this search for the three-month period – that amounts to 360 hours.  So why was our client unable to hire the CCO by their own efforts?

Well, consider these facts:

• The client posted the job to all the job boards, but only 15 percent of qualified professionals are actively looking for a job.  Most of them are too busy working.  They’re not scouring job boards.  That means 85 percent of qualified candidates aren’t actively looking for a new job — but they may be receptive if they’re personally contacted…in the right way.
• The client did assign the job opening to an internal recruiter. But does the internal recruiter have a massive database of compliance professionals to tap and the personal relationship with them?  No way.  He had to start identifying candidates from scratch.
• Does the internal recruiter have hundreds of hours to devote to one search?  No, an internal recruiter is assigned as many as 20 open requisitions to fill at any given time.
• Does the internal recruiter have the expertise required to evaluate a compliance officer?   Typically not; most are generalists.
• Does the internal recruiter have the resources to put together a compelling presentation to entice a candidate to listen to the opportunity?   Typically no.  A dynamic presentation to highly sought-after professionals requires a presentation that speaks to the positives of the company, the job, the culture, the career growth options, the community, etc.

So why do companies that want top compliance professionals retain our firm?  It’s just like retaining a law firm for litigation purposes. You’d never attempt to represent yourself in court without an attorney, right?

Hiring authorities work with Conselium to tap its vast network of top talent. It works to match a company’s needs with the right professional. For Candidates, those who work with Conselium get access to a “hidden” ’ job market of unadvertised positions. Finally, Conselium focuses on compliance, audit and regulatory counsel positions. To check out the company and get in touch with Maurice for your compliance search needs, click here.

Social Media Week Part IV – Telling a Story About Honey

I continue my exploration of the use of social media in doing compliance by taking a look at a very innovative social media solution to a difficult compliance issue around, of all things, honey. This example shows how creative thinking by a lawyer, in the field of import compliance, led to the development of a software application, using some of the concepts that I discussed earlier in the week around social media. Once again demonstrating the maxim that lawyers (and compliance practitioners) are only limited by their imagination, the use of this software tool demonstrates the power of what social media can bring to your compliance program.

This innovation contrasts with a reader’s comment earlier this week when I began my series on the use of social media in doing compliance. The comment was that this reader’s company, while actively using social media to reach, communicate with and receive information back from its customer base; did not allow employees to access Facebook, Twitter, Pinterest, Snapchat and a whole host of other social media sites on company purchased computers. While the company’s stated reason was security, the true reason is that they simply did not trust their employees not to “waste time” by accessing such sites during work hours.

Such corporate attitudes, while clearly from the time of the dinosaurs, unfortunately still exist. Companies need to understand that social media is a tool which can and should be used affirmatively. Like any tool, it can be abused but if you cannot trust your employees not to goof off (1) they probably should not be your employees and (2) the company is a lousy manager; so there is lots of opportunity for growth. It reminds of when I was working for a corporation back in 2004 and they did not want employees to have company issued cell phones, because you know they might use them for personal use. The bottom line is that social media is here to stay. Millennials and others are only going to communicate through that medium so if companies want to stay relevant, not only with products and services but also with their employee base, they need to understand that social media is an important and significant tool of the future. But enough of my mini-Howard Sklar rant.

Gar Hurst, a partner in the law firm of Givens and Johnston PLLC in Houston, faced an issue around US anti-dumping laws for honey that originated in China. The US Government applies anti-dumping trade sanctions to goods from a particular country. They do this when a domestic interest group alleges and proves, at least theoretically, that the producers in a foreign country are selling their goods into the US market at below fair-market value. By doing this, they are harming the US domestic industry. The dumping duties, which can result from this, can easily be 100, 200, even up to 500 % of import duties. To get around the anti-dumping laws, importers would ship Chinese originated honey to Indonesia, Vietnam or some other country and pass it off as originating from one of those locations.

The problem that Hurst’s client faced was how to prove the honey did not originate from China. In an interview, Hurst said, “We were working with a Southeast Asian honey producer. They were in this situation where Customs was essentially treating them as though they were a Chinese producer. We’ve provided them documents. We’ve provided them invoices. We’ve provided them production docs. We’ve provided them all sorts of documents but there was nothing that we could give them documentary that they didn’t believed could be fake. That was the problem, documents on their face are just a form of testimonial evidence. Meaning, somebody somewhere said, this stuff is actually from the Philippines. It’s only as good as the word of the person who wrote it on. We needed something that would get beyond that problem.”

So using awareness around communications through a smart phone, Hurst and his team came up with an idea “that with the explosion of smartphone technology which is in the hands of basically everybody in the United States and soon to be everyone in the world, these devices basically allow a person to take a picture that is geo-tagged and time and date stamped and then upload that picture to a database in the cloud. Effectively, that’s what we did.” As Hurst explained the process which they came up it was amazingly simply, “We basically created an app that resided on Android phone that they could then go around and document the collection of all these various barrels of honey and its processing. Every time they take a picture, it would be time and date stamped with geo-tagging as well. You know when and where a picture of a particular barrel of honey which we would label with some special labels so you could identify it when and where that was taken.” The product they came up with is called CoVouch.

From there the information is uploaded into a secure database that Hurst and his team created in the cloud. His firm then took all of the evidence they had documented that the honey originated in Indonesia, not China, and presented it to the US Customs service to show his client had not sourced its honey in China. In version 2.0 Hurst and his development team are creating a searchable database which US Customs can use to make spot checks and other determinations.

Recognizing the level of technical sophistication of honey farmers in Asia, CoVouch is amazingly simply to use. It takes pictures, puts time stamps on them and puts geo-tags that show the location where the picture was taken and with glued or pasted on bar codes, you can trace the shipment of honey throughout its journey. But it does so in a way that tells a story. Hurst said, “you’re telling the story but the provenance, if you will, of one imported barrel of honey and how did it get to where it’s at. It’s different. Yeah, that’s right. That’s exactly what we’re trying to do and trying to do it in a way that is easy enough so that, as you put it, a fairly, uneducated farmer in Indonesia can do it and a busy Customs agent in the United States can review it.”

Such a software system uses the concepts around social media to make a honey farmer a provider of documents evidence, through photographs, to meet US anti-dumping laws. But I see the application as a much broader tool that could be used by anyone who needs to verify information on delivery, delivery amounts, delivery times and delivery locations. This could be a field hand who is delivering chemicals even West Africa and does not know how to speak English. Hurst pointed to uses around whether something might be eligible for special import or export regulations due to NAFTA, whether restricted trade goods, such as those used in the oilfield industry, worked their way into Iran and even applicability under the Buy American Act around the US content in goods.

For the anti-corruption compliance practitioner, you could use such a tool to not only receive information, and more importantly photographic evidence, but you could also deliver information. But the key is that you are only limited by your imagination. CoVouch could be a tool that you use internally for delivery of information and receipt of information inside your company.

Tomorrow I will end my weeklong exploration of the use of social media in your compliance program by discussing some of the more common social media applications and how you might use them.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.

To check out the CoVouch website, click here.

To listen to my podcast with Gar Hurst, go to the FCPA Compliance and Ethics Report, Episode 181, by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Social Media Week Part III – Twitter and Innovation in Your Compliance Program

I continue my exploration of the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program today. One of the ways that Chief Compliance Officers (CCOs) and compliance practitioners can communicate about their compliance programs is through the use of the social media tool Twitter. In an article in the Summer issue of the MIT Sloan Management Review, entitled “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd postulated that “New research suggests that employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) “Overall, employees who used Twitter had better ideas than those who didn’t.”; (2) In particular, there was a link between the amount of diversity in employees’ “Twitter networks and the quality of their ideas.”; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative.

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly straightforward, as the authors note, “Good ideas emerge when new information received is combined with what a person already knows.” In today’s digitally connected world, the amount of information in almost any area is significant. What the authors were able to conclude is that through the use of Twitter, “the potential for accessing a divergent set of ideas is greater.”

However it was the third finding that I thought could positively impact the compliance profession, the role of the Idea Scout and the Idea Connector. An idea scout is “an employee who looks outside the organization to bring in new ideas. An idea connector, meanwhile, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” For the compliance practitioner, the ability to “identify, assimilate and exploit new [compliance] ideas” is the key takeaway. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter can be “described as a ‘gateway to solution options’ and a way to obtain different perspectives and to challenge one’s current thinking.” Interestingly the authors found that “It’s not the number of people you follow on Twitter that matters; it’s the diversity within your Twitter network.” The authors go on to state, “Diversity of employee’s Twitter network is conductive to innovation.” Typically an Idea Scout will “identify external ideas from experts and resources on Twitter.” Clearly the compliance practitioner can take advantage of experts with the anti-corruption compliance field but there is perhaps an equally rich source of innovation from those outside this arena.

An interesting approach was what the authors called the “breadcrumb” approach to finding innovation leaders and thought-provokers. It entailed a “period of “listening” to colleagues and industry leaders who are on the platform – including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”. So with most good leadership techniques the first key is to listen.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from Twitter’s 140 character tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

Here the authors listed a variety of ways an Idea Connector can use Twitter. One user said, “I try to sift through all the Twitter content from my network and look for trends and relationships between topics. I put my analysis and interpretation on it. I feel that’s where my value-add is.” Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional information through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. However the authors also point to the use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques listed herein to help you burn compliance into the DNA fabric of your organization.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Social Media Week Part I – Using Social Media In Your Compliance Program

Welcome to Part I of Social Media Week. I recently did a webinar, hosted by The Network, on the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program. The response was as great as almost any other webinar in which I have participated. Based upon the overwhelming feedback, this week I will post a series of blogs on the use of social media in your compliance program. In Part I, I begin with a discussion of why you should integrate social media into your compliance program.

I have been studying the business side of social media for some time now as a way to help understand how I might more effectively and more creatively bring the message of doing compliance to my readers and podcast listeners. This led me to think about the message of compliance inside of a corporation and how it is distributed. In a compliance program, a large portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.

On the Social Media Examiner site, which brands itself as “Your Guide to the Social Media Jungle”, is a podcast entitled “Social Sharing: How to Inspire Fans to Share Your Stories”, hosted by Michael Stelzner, Chief Executive Officer (CEO) and Founder of the site. In the podcast Stelzner interviews Simon Mainwaring, author of “We First: How Brands and Consumers Use Social Media to Build a Better World”, who said that to allow them to market successfully there are three key components, (1) Let your employees know what you stand for; (2) Celebrate their efforts; and (3) Give them a tool kit of different ways to participate. I think each of these concepts can play a key role for the compliance practitioner in internally marketing their compliance program.

Let Your Employees Know What You Stand For

In the FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) said that the basis of any anti-corruption compliance program is the Code of Conduct as it is “often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” That well known @CodeMavencc, Catherine Choe, has said that she believes “Two of the primary goals of any Code are first, to document and clarify minimum expectations of acceptable behavior at a company, and second, to encourage employees to speak up when they have questions or witness misconduct.”

But more than the Code of Conduct, does your company really communicate that it stands for compliance? Obviously formal anti-corruption training under the FCPA is important but I think that more is required to reinforce that your company has a culture of compliance throughout the organization. In other words, are you communicating what you stand for and not simply the rules and regulations of a compliance program?

Celebrate Their Efforts

Once again the FCPA Guidance speaks to the need to incentivize employees in the company realm. The Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many Guiding Principles of Enforcement forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But more than simply incentives, it is important to “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well.”

Mainwaring’s concept means going beyond incentivizing. To me his word ‘celebrate’ means a more public display of success. Financial rewards may be given in private, such as a portion of an employee’s discretionary bonus credited to doing business ethically and in compliance with the FCPA. While it is certainly true those employees who are promoted for doing business ethically and in compliance are very visible and are public displays of an effective compliance program. I think that a company can take this concept even further through a celebration to help create, foster and acknowledge the culture of compliance for its day-to-day operations. Bobby Butler, at Universal Weather and Aviation, Inc., has spoken about how his company celebrated compliance through the event of Compliance Week. He said that he and his team attended this event and used it as a springboard to internally publicize their compliance program. Their efforts included three separate prongs: they were hosting inter-company events to highlight the company’s compliance program; providing employees with a Brochure highlighting the company’s compliance philosophy and circulating a Booklet which provided information on the company’s compliance hotline and Compliance Department personnel.

Give Your Employees a Tool Kit For Compliance

Obviously a key component of any effective compliance program is an internal reporting mechanism. The FCPA Guidance states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The Guidance goes on to also discuss the use of an ombudsman to address employee concerns about compliance and ethics. I do not think that many companies have fully explored the use of an ombudsman but it is certainly one way to help employees with their compliance concerns. Interestingly, in an interview in the Wall Street Journal (WSJ) with Sean McKessy, Chief of the SEC’s Office of the Whistleblower, he stated, “What I hear is that companies are generally investing more in internal compliance as a result of our whistleblower program so that if they have an employee who sees something, they’ll feel incentivized to report it internally and not necessarily come to us.”

Two of the newest and perhaps coolest tools a Chief Compliance Officer (CCO) or compliance practitioner can utilize in the realm of social media are Meerkat and Periscope. Both tools allow you to tell a compliance story in real time, throughout your organization and beyond. They are both live streaming apps that enable you to create a video and open the portal to anyone who wants to use it. Anybody in your Twitter community can click on that link and watch whatever you’re showing on your phone. The big piece is the mobile aspect. It’s as simple as a basic tweet and hitting the “stream” button.

However, there are a wide variety of social media tools available that you can incorporate into your compliance program. Apps like Pinterest, Snapchat, Instagram and others may seem like tools that are solely suited to personal use. However their application is much broader. Over the next week, I will be exploring some of these apps and tools and how they might be used in doing compliance. As with many ideas in the compliance space, a CCO or compliance practitioner is only limited by their imagination. For these apps, they can be most useful when you tell the story of compliance in your company. Hootsuite did a campaign called “Follow the Sun” using Periscope. They decided to let their employees showcase what they called #HootsuiteLife. They gave access to different people in every company office around the globe. Throughout the day, it would “Follow the Sun,” and people in different offices would log into the Hootsuite account and walk around and show off their culture, interviewing their friends, etc. They talk about the importance of culture and now they are proving it. The number of inbound applications drastically increased after people got that sneak peek into their company.

Yet there are other tools available, at no cost, and can be downloaded onto a mobile device such as a smartphone or iPad. These include the O’Melveny & Myers LLP Foreign Corrupt Practices Act Handbook; which concentrates solely on the FCPA and is primarily a new vehicle to distribute content it already makes available upon request. This content includes O’Melveny’s FCPA Handbook and In-House Counsel’s Guide to Conducting Internal Investigations. In addition, the app features five resource sections that serve as an interactive, illustrative directory with titles ranging from ‘O’Melveny Authored Client Alerts’ to ‘DOJ Opinion Releases’.

Another approach is found in the Latham & Watkins LLP’s AB&C Laws app which takes an international approach to anti-corruption and anti-bribery laws, with the content focused on organizing and easing access to statutes and regulatory guidance according to specific fields of interest, from legislative frameworks to extra-territorial application to enforcement and potential penalties. It also includes official guidance such as steps (where available) that can be taken to reduce the risk of liability for bribery and corruption.

There is much to be learned by the CCO and compliance practitioner from the disciplines of marketing and social media. These concepts are useful to companies in getting their sales pitches out and can be of great help to you, the CCO or compliance practitioner, in collaborating and marketing throughout your company. I hope you will follow this week’s Use of Social Media series as I will endeavor to provide to you not only with a discussion of some new tools which you can incorporate into your compliance program going forward but also a different way to think about who your customers are and how you are reaching them with your message of doing compliance.

Finally, I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

The Trait of Empathy in Compliance

Can you empathize with those who work for you, around you and those you report to? While many leaders, particularly those who might be labeled the ‘command and control’ type seem to think that empathy is a negative; I think that it is an important habit for any Chief Compliance Officer (CCO) or compliance practitioner to not only practice but also master. Recently there were a couple of articles in the New York Times (NYT) that discussed this character trait and I found them useful to consider for the leadership toolkit of the CCO or compliance profession.

The first was by Daryl Cameron, Michael Inzlicht and William A. Cunningham, entitled “Empathy is Actually a Choice” and the second was in the Corner Office section by Adam Bryant, entitled “Is Empathy on Your Résumé?”, in which Bryant profiled Stewart Butterfield, the co-founder and chief executive of Slack, a communication service for businesses. The first piece focused on research by the authors and the second was Bryant’s weekly piece on business leadership.

The researchers noted, “While we concede the exercise of empathy is, in practice, often far too limited in scope, we dispute the idea that this shortcoming is inherent, a permanent flaw in the emotion itself…we believe that empathy is a choice that we make to extend ourselves to others. The “limits” to our empathy are merely apparent, and can change, sometimes drastically, depending on what we want to feel.” The authors ended by stating, “Arguments against empathy rely on an outdated view of emotion as a capricious beast that needs to yield to sober reason. Yes, there are many situations in which empathy appears to be limited in its scope, but this is not a deficiency in the emotion itself. In our view, empathy is only as limited as we choose it to be.”

Bryant’s article on Butterfield and his leadership style brought these concepts home. Most interestingly, Butterfield began by self-disclosing, “I’m good at the leadership part. But I’ve always said that I’m a terrible manager. I’m not good at giving feedback. People are like horses — they can smell fear. If you have a lot of apprehension going into a difficult conversation, they’ll pick up on that. And that’s going to make them nervous, and then the whole conversation is more difficult.”

Another insight on leadership was something as simple as meetings. Butterfield said that “if you’re going to call a meeting, you’re responsible for it, and you have to be clear what you want out of it. Have a synopsis and present well. At the same time, if you’re going to attend a meeting, then you owe it your full attention. And if it’s not worth your attention, then say so — but don’t be a jerk about it — and leave the meeting.” So more than simply taking responsibility for one’s own time, he put out the empathy to allow you to consider how your agenda (or lack thereof) may have negative repercussions on others on your team or in your organization.

Another interesting insight from Butterfield were his thoughts on empathy as it related to leadership. This is a sought out trait for employees, as early as in the interview process. He said, “When we talk about the qualities we want in people, empathy is a big one. If you can empathize with people, then you can do a good job. If you have no ability to empathize, then it’s difficult to give people feedback, and it’s difficult to help people improve. Everything becomes harder.”

Similarly to his examples around meetings, Butterfield believes that empathy can express itself as courtesy. He said, “One way that empathy manifests itself is courtesy. Respecting people’s time is important. Don’t let your colleagues down; if you say you’re going to do something, do it. A lot of the standard traits that you would look for in any kind of organization come down to courteousness. It’s not just about having a veneer of politeness, but actually trying to anticipate someone else’s needs and meeting them in advance.”

I found it interesting that on the same day in the same newspaper, theory not only met practice but the practice had a business application. For those out there who feel leadership skills are ingrained into your DNA, the authors pointed out “Likewise, in another recent study, the psychologists Karina Schumann, Jamil Zaki and Carol S. Dweck found that when people learned that empathy was a skill that could be improved — as opposed to a fixed personality trait — they engaged in more effort to experience empathy for racial groups other than their own. Empathy for people unlike us can be expanded, it seems, just by modifying our views about empathy.”

Yet for the CCO or compliance practitioner, Butterfield pointed out specific areas where the trait of empathy can yield great respect for you and your position in any corporation. People rarely think of courtesy and respect as leadership skills but if you can bring these to bear in your compliance practice, you can garner greater influence as not only someone who cares but someone who cares and gets things accomplished. For any corporate disciple which relies on influence to succeed these simple tools can go a long way to providing to you a wider manner to impact corporate culture, become a trusted partner and be a part of any significant business conversation earlier rather than later in the game.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

How to Succeed In Compliance – The Compliance Retreat

In 1961, one of my favorite Broadway musical comedies appeared How to Succeed in Business Without Really Trying. It ran for over 1400 performances in its original Broadway run and was based on the 1952 book by Shepherd Mead, entitled “How to Succeed in Business Without Really Trying: The Dastard’s Guide to Fame and Fortune”. The book is a satire of an instructional manual and pokes fun at (then) contemporary office life in the United States in the guise of a self-help book. It details the rise of one J. Pierrepont Finch, from window washer to Chairman of the Board in only two weeks.

The play was later adapted into a movie in 1967. Robert Morse played the lead role in both the original theatrical run and the movie, with Matthew Broderick and Daniel Radcliff taking the role in 2000 era revivals. My favorite song from the movie is I Believe in You, which Finch sings to himself in front a Men’s Room mirror immediately before going to a big meeting. Most interestingly when Mead’s book was re-released in 1995, in connection with a revival of the play, the Library of Congress cataloged it as non-fiction under “business books”, with the subject headings “Success in business”, “Management”, and “Career development”.

I wondered how I could help corporate compliance departments better succeed in compliance? So inspired by Finch to help all corporate compliance departments, Chief Compliance Officers (CCOs) and compliance practitioners succeed, today I am announcing a new service offering: the Compliance Retreat. Why a strategic retreat? It is unlikely you can explore the wide range of issues that you might need to consider by simply performing a risk assessment and going forward. While a risk assessment is a key tool, it is only one tool. The Compliance Retreat will allow you to work through a wide range of compliance issues specific to your company, your risk profile, your industry and your culture. Taking time to discuss compliance issues large and small in a one day Compliance Retreat will allow you to think differently about your compliance program, all facilitated by one of the top Nuts and Bolts compliance practitioners around.

The role of facilitator is crucial for several reasons. First, and foremost, you should have a neutral party, one with no stake in the outcome. This means that you should not bring in your regular counsel or compliance advisors because they will have a vested interest in projects moving forward. Further, the facilitator needs to be well versed in not only the anti-corruption compliance field but also someone who has seen a wide variety of best practices in compliance in multiple businesses and industries. In the compliance field many practitioners want to know what other companies are doing and how they are facing unique challenges in many areas. Only an expert in the compliance arena can bring all of these skills to bear.

What should the Compliance Retreat look like? A visual representation would be the following:

 

It starts with a Facilitator prepared to discuss your compliance program; the current structure, risk assessments, audits and outstanding issues at this time. A Facilitator could then help lead a discussion based on wide compliance discipline knowledge for steps to consider in building your program. From there, you can move towards building out and enhancing your own compliance program. It would end with actions and steps that can be measured moving forward.

The Compliance Retreat is more than simply getting away for one day to discuss the specifics of your compliance program. Sarah Kessler, writing in an Inc.com article, entitled “How to Plan a Company Retreat”, listed some of the key principles of a strategic retreat that I have adapted for the Compliance Retreat. They include:

• Collaborate. Make certain that all participants have the ability to collaborate.
• Make discussion introvert-friendly. Ask the participants to write down answers to questions instead of blurting them out, and ask every person in the room to give their opinion in an organized manner.
• Encourage people to express themselves. It is important that all opinions are heard and make certain that minority opinions have a way to be heard.
• Combine team building with work. Compliance is always about teamwork so your compliance team should decide their next steps in the future, versus just experiencing a task together and deciding that the group can simply work well together.
• Stay on topic. It is important to stay focused on compliance issues.
• Diverge, converge. You should break up your group for more focused discussions then bring them back to the larger group for discussion.
• Document your next steps. Assign a champion for each step that the compliance team has agreed on, making those steps as specific as possible. You should document who does what, when they will accomplish the task and how, at the end of the day, you will measure it.

Through my new service offering the FCPA Master Class Training I will be bringing the most current best practices on the nuts and bolts of FCPA compliance to a wide variety of compliance practitioners across the US. With the Compliance Retreat I will be able to offer the best practices to any compliance department or similar corporate function that wants to have a facilitated, focused retreat on its compliance program. Imagine you could focus for one day on your compliance program and be able to pick the brain of the one of the tops Nuts and Bolts compliance practitioners around. Now you have the chance. What will it cost to have such a service? You will have to contact me, via email at tfox@tfoxlaw.com, for that information but it will be a fixed fee service so you know what your cost is going in with no surprises of hourly rate or multiple lawyers and support personnel showing up on the invoice.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Hemingway and Trust and Respect for Compliance Leadership

On this day in 1899, Ernest Hemingway was born. To me, he was the greatest Man of Letters the US has produced. Probably like most of you all, I was introduced to Hemingway in high school through The Son Also Rises. It remains my favorite of his works but I have enjoyed many more of his novels, short stories and non-fiction work. I particularly enjoyed his Nick Adams short stories as I found them crisply written and with a conciseness of language that is not often found today, or perhaps in any other time. Hemingway was awarded the Pulitzer Prize in 1953 and the Nobel Prize for Literature in 1954. He died via suicide in 1962.

I thought about Hemingway and his writing style when reading the most recent Corner Office column by Adam Bryant in the New York Times (NYT), entitled “To Work Here, Win the ‘Nice’ Vote”, where he profiled Peter Miller, the Chief Executive Officer (CEO) of Optinose, a pharmaceutical company. Miller has some interesting leadership concepts that are applicable to the position of Chief Compliance Officer (CCO) 2.0 and how a CCO 2.0 could use influence to lead, not only in the compliance function but also across an organization.

Miller talked about one thing you rarely hear in the corporate world, which is to be nice. He garnered this concept because as a “young sales manager at Procter & Gamble. I had five salespeople working for me, and one of the guys was 55 and another guy was 48. They were really successful salespeople, so I realized that I couldn’t teach these guys anything about selling. Since I couldn’t teach them anything, I tried to cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way.”

Yet this apparent inability to lead in precisely the area he was tasked in leading led Miller to formulate “a very important core value of mine, which is that you can and should try to create friends at your company.” But more than simply becoming friends, Miller came to the understanding that underlying the friendship “is this concept of trust and respect. When you get that as a team, that’s when great things happen. And that comes from creating a culture of openness, of authenticity, of being willing to have fearless conversations. It’s about being yourself, not being afraid to say what’s on your mind.”

As a CCO, you need to be able to have that type of conversation with those both up and down your chain of command. Certainly it is always beneficial to have type of relationship with your team that allows the full flow of communication. Miller said, “Think about how people are with their best friends. You want them to succeed. And sometimes that means having really hard conversations. If that’s what’s motivating you — and you’re really trying to help everybody around you in a company as if they were great friends of yours — that’s really powerful.”

I was interested in using some of Miller’s insights in the managing up role for any CCO. You have to be able to have some very frank conversations with your CEO and Board members about your compliance program and any issues that may arise under it. As CCO if you “cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way” as Miller used with his more senior sales team members, it should certainly help you going forward when you have to manage up your chain.

I also thought about this somewhat enlightened approach as contrasted with another style that I read about in a recent On Work column by Lucy Kellaway in the Financial Times (FT) entitled, “Wrong skillset excuse masks coup at the top of Barclays”, where she discussed the recent termination of Antony Jenkins from Barclays Bank. The newly installed chairman of the company’s Board, John McFarlane, who simultaneously promoted himself to CEO, Jenkins former position, fired Jenkins. The reason Jenkins was fired; he no longer had the right “set of skills” for the organization. Chairman McFarlane explained to Kellaway that there were four skills going forward which (apparently) were lacking in Jenkins: “a) strategic vision; b) charisma; c) the ability to put plans in place that deliver shareholder value; and d) ability to ensure results were delivered.” Ironically, Kellaway noted that lawyers for Kleiner Perkins had said that Ellen Pao “was an employee who never had a skillset.”

Kellaway noted the obvious when she wrote “To invoke skillsets in hiring is not only ugly, but dangerous. Find the right person to run a very big bank is very hard, and having a list of skills that you are matching an applicant against is not necessarily the best way of going about it.” More ominously, she noted that the head of such bank would have to be able to reign in the traders and investment banker types who brought Barclays its unwanted regulatory scrutiny. More critically from the compliance perspective, I think it says much more about Chairman McFarlane that he did not say anything about a new CEO running the business ethically, in compliance or in any other manner which could help to prevent Barclays from another very large fine or penalty from the regulators.

McFarlane’s dictum is one that will certainly be noted by regulators on both sides of the Atlantic going forward. After the disastrous run by former Barclays’ head Bob Diamond, the bank was moving in the direction of regulatory compliance while securing the profits demanded by shareholders. However, McFarlane’s sacking of Jenkins could well derail the bank’s focus on ethics and compliance and engender the former attitude which led to the bank’s fine in the LIBOR scandal.

Unlike Peter Miller at Optinose, it does not appear that Chairman McFarlane appreciates the trust and respect style of leadership. I fear things may well turn out badly for Barclay’s yet again with the newly found emphasis on profits, profits and profits.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Great Structures Week III – The Roman Arch and Resourcing Your Compliance Program

I continue my Great Structures Week with focus on structural engineering innovations from ancient Rome. I am drawing these posts from The Teaching Company course, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler who said “When I think of Rome, the first image that comes to mind is an arch.” It is present in aqueducts, in the triumphal arches that adorn the city of Rome, in the city gates and even in the Coliseum.

The arch was a major engineering advancement because the prior method for traversing horizontal distance was the beam, which was limited in its use. Ressler notes “because the arch carries its load entirely in compression, its span isn’t limited by the tensile strength of the material, the size of its stones, and it can span greater distances which might be conceived of with stone beams”. The arch itself has two essential characteristics. First it carries an entire load in compression, that is it counter-balances against itself, which allows for construction using the most basic building materials known in the ancient world: stone, brick and concrete.

Yet the second characteristic of the arch is equally significant. An arch requires “both vertical and horizontal reactions to carry a load. The downward load of the arch is balanced by an upward reaction from the base”. Both the Arch of Titus and Pont du Gard aqueduct are still standing and can be seen today as magnificent examples of this Roman innovation.

I wanted to use the dual load system whereby an arch supports not only great weight but also esthetic engineering designs to discuss how a Chief Compliance Officer (CCO) or compliance practitioner might develop resources to implement a best practice anti-corruption compliance program under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law. Funding of a compliance program is always one of the biggest challenges. Short of being in the middle of a worldwide FCPA, UK Bribery Act or other anti-corruption investigation, you are never going to receive all the funding you want or even think that you are going to need.

However, this corporate reality is not going to save you if the government comes knocking. The FCPA Guidance provides the following, “Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

Stephen Martin often says that an inquiry a prosecutor might make is along the lines of the following. First what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), the next inquiry would be, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. Then the KO punch question would be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, most companies spent far more on Post-It Notes than they were willing to invest into their compliance program.

However this corporate reality will allow you to look to other areas to assist the compliance function. An obvious starting place is Human Resources (HR). There are several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touches every site in the company, globally. HR is generally seen as more approachable than many other departments in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document, and Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert (SME) so you can turn to them for any of your compliance program requirements, which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If your company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

All of these other corporate functions can greatly assist you in the actual doing of compliance. Moreover, in a resource-constrained environment, these other corporate disciplines can be used to strengthen your compliance program, in a manner similar to vertical and transverse integration of structural integrity presented in an arch. Finally, just as the arch utilized some of the most basic construction elements in existence, by using the other corporate disciplines, engaging in precisely their corporate functions, you can create a strong foundation in your compliance program going forward.

For a more detailed discussion of how you can internally resource your FCPA compliance program, I would suggest you check my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week. You can review the book and obtain a copy by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015