The Third Man and the Authority of Chief Compliance Officers

Harry Lime is back, although he really never left us. As reported by Kristin M. Jones in a Wall Street Journal (WSJ) article, entitled “Harry Lime Reborn”, the glorious British film noir The Third Man, written by Gra ham Greene and directed by Carol Reed, has been restored in a new digital version. It opens this week at select theaters and will tour the country this summer. The screenplay was adapted from the book of the same name by the author, Greene. It is the rare movie that is at least as good as the book. Greene himself noted that the story “was never written to be read but only to be seen.”

The story revolves around protagonist Holly Martin (played by Joseph Cotton) who goes to post-war Vienna at the behest of his college buddy Harry Lime (played with aplomb by Orson Welles). Martin arrives after a funeral for Lime and finds out that Lime was dealing in the black market. Martin searches for Lime, meeting his girlfriend and assorted shady characters along the way. He ends up leading the Military Police occupying the city to Lime and there is a final noir-classic chase through the sewers of Vienna.

What’s my favorite scene? There are way too many to name but the clown’s head shadow is one of the great cinematic visions of undulated terror. The final chase through the sewers of Vienna is a classic. The dialogue is both chilling and funny. Chilling when Lime asks Martin, while they are atop the apex of a Ferris wheel, whether he would refuse money to make the dotlike figures of humans below stop moving; Funny when Lime say that in 200 years of warfare between the Borgias, the Medicis and continual conflict in Italy it produced the flowering of the Renaissance, while 500 years of peace in Switzerland produced the Cuckoo Clock. Finally, is the haunting musical score of Anton Kara’s use of the Zither . The movie definitely makes my Top 10 greatest movies of all-time.

I thought about this movie in the context of the ongoing debate in the compliance world about whether a company could or should combine or separate the role of the Chief Compliance Officer (CCO) from that of the General Counsel (GC). There has traditionally been a split in companies on whether the CCO should report into a legal function and the GC or report directly to a company’s head officer. Mike Volkov noted that “According to the last PWC Compliance Survey, only 29 percent of CCOs have made it into the C-Suite but that will increase. Only 27 percent of CCOs continue to report to the general counsel while 34 percent report directly to the CEO.” Whichever path your company employs it is imperative that the CCO speak from a position of authority.

A consistent voice for the importance of the role and voice of the CCO in any organization is noted compliance expert, Donna Boehme. She writes and speaks consistently on the characteristics for a successful CCO. Writing in the SCCE magazine, Compliance & Ethics Professional, in an article entitled “Five essential features of the Chief Ethics and Compliance Officer position”, Boehme articulated five essential features required for a CCO to be successful in an organization.

1. Independence

It is incumbent that any CCO must have “sufficient authority and independence to oversee the integrity of the compliance program.” Some indicia of independence would include a reporting line to the company’s Board of Directors and Audit/Compliance Committee but more importantly “unfiltered” access to the Board. There should also be protection of employment including an employment contract with a “nondiscretionary escalation clause” and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.

2. Empowerment

A CCO must have “the appropriate unambiguous mandate, delegation of authority, senior-level positioning, and empowerment to carry out his/her duties. Such can be accomplished through a “board resolution and a compliance charter, adopted by the board.” Additionally the CCO job description should be another manner in which to clarify the CCO “mandate, and at a minimum should encompass the single point accountability to develop, implement and oversee an effective compliance program.” All of the above should lead in practice to a “close working relationship with an independent board committee.”

3. Seat at the Table

The CCO must “have formal and informal connections into the business and functions of the organization – a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided.” She argues that, at a minimum, the CCO should participate in “budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews, and risk and crisis management meetings.”

4. Line of Sight 

The CCO should have “unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively.” This does not mean that the CCO should have veto power over functions such as safety or environmental or that such functions must report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role to allow it visibility into these areas will help the CCO coordinate compliance convergence training.

5. Resources 

It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to “get the job done.” I have worked at places where the CCO had neither and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicia, to the independence of the CCO from the GC “rather than a shared budget”. This can also bleed over to ‘headcount’ and shared or dotted line reporting resources. There should be independent resources reporting into the compliance function.

Whichever way a company decides to go on this question, it must meet Requirement No. 6 of the Department of Justice’s (DOJ’s) minimum best practices requirement for a Foreign Corrupt Practices Act (FCPA) based compliance program, which reads:

The company will assign responsibility to one or more senior corporate executives for the implementation and oversight of the company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to independent monitoring bodies, including internal audit, Company’s Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy. 

Additionally this is reiterated in the 2011 Amendments to the US Sentencing Guidelines, §8B2.1 (b)(2)(C), which states:

Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

If you have the chance to see The Third Man this summer I urge you to do so. For a schedule of its showings across the country click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Why the Compliance Function is Different Than the Legal Function

I have long been proud of my profession. I would often tell students that they ware about to join a profession which extended as far back as Demosthenes, who practiced his closing orations against crashing sea waves so that the full Greek demos might hear him when he closed a trial. Further, while thoughts of Atticus Finch are never far from a Southern lawyer’s mind, if not aspirations to emulate him, today we celebrate a real life lawyer who did the profession proud. It was on this day, 60 years ago in 1954 that Joseph Welch, then Special Counsel to the US Army, unmasked Senator Joseph McCarthy for what he and his hearings into communism were. In response to McCarthy’s charge, that Frederick G. Fisher a young associate in Welch’s law firm had been a long-time member of an organization that was a “legal arm of the Communist Party,” Welch responded, “Until this moment, Senator, I think I never really gauged your cruelty or your recklessness.” Welch then uttered these immortal lines, “Have you no sense of decency, sir, at long last?” The audience applauded Welch’s stinging comeback. The hearings closed one week later. The US Senate officially condemned McCarthy for contempt against his colleagues later that year.

Unfortunately the legal profession took one in the eye last week when General Motors (GM) released its internal investigation into the company’s failure to recall millions of defective small cars, and found no evidence of a cover-up. As reported by Bill Vlasic in a New York Times (NYT) article, entitled “G.M. Lawyers Hid Fatal Flaw, From Critics and One Another”, stated the GM law department did not come out of this matter looking too well. Vlasic said that “interviews with victims, their lawyers and current and former G.M. employees, as well as evidence in the report itself, paint a more complete picture: The automaker’s legal department took actions that obscured the deadly flaw, both inside and outside the company.”

While GM’s General Counsel (GC), Michael Millikin, survived dismissal in the aftermath of the internal investigation, he certainly did not come out as a GC who was particularly engaged with what was going on in his own department. Vlasic reported, “At least three senior lawyers are among the employees who lost their jobs as a result of the investigation conducted by the former United States attorney Anton R. Valukas… One of the lawyers dismissed this week was William Kemp, who had been orchestrating G.M.’s legal strategy and in-house investigations of the defective ignition switch for more than two years before the recall. Yet it was not until early February, days after a high-level committee finally ordered the switch recall, that Mr. Kemp informed Mr. Millikin of the deadly consequences of the flawed part. G.M. has linked 13 deaths and 54 crashes to the defect.” Two other lawyers reported to have been dismissed, as a result of the internal investigation, were Lawrence Buonomo, head of product litigation, and Jennifer Sevigny.

Equally damning were the internal investigations report that during safety meetings relating to the ignition switch failure, “Mr. Valukas said employees he interviewed told him they had refrained from taking notes in safety meetings “because they believed G.M. lawyers did not want notes taken.”” Beyond this ban on note taking, Vlasic said “The secrecy factor extended to how some employees kept or discarded old emails. According to two former G.M. officials, company lawyers conducted annual audits of some employees’ emails that could be used as evidence in lawsuits against the company.” While GM euphemistically called this email deleting program “information life-cycle management,” when the purpose is to remove evidence that could be used against the company in lawsuits, it once again shines a very bad light on my legal profession brethren.

This sordid tale of the complicity of the GM legal department is all part of what GM Chief Executive Officer (CEO) Mary Barra “denounced as a “pattern of incompetence and neglect” at the company that allowed a defective part to exist in its vehicles for more than 10 years.” But more than simply causing the corpse of Atticus Finch to spin over in his fictional grave, the GM legal department’s role in the company’s debacle points to something that Donna Boehme and Mike Volkov have been articulating and writing about for some time. It is not simply that the Chief Compliance Officer (CCO) needs to be out from under the roof of the GC’s office; it is that the compliance function is different than the legal function.

When I initially went in-house, it was made clear to me that the role of the in-house department in the company I worked for was to protect the company. When I became a GC, I took that role to heart and felt like I was the company’s lawyer (even if the CEO felt like I was his lawyer). But as Boehme points out in her article in the June 2014 issue of the SCCE Magazine, entitled “Toldya. (Reason #119 why Compliance is not a subset of Legal),” there are distinct differences in approaches to doing compliance from practicing law. She said, “one thing is clear – the two functions have very different mindsets, mandates and priorities.” She notes that the legal department mandate is to “advise and protect the company.” However, Boehme believes that the compliance mandate is much broader. She writes, “Compliance, on the other hand, is tasked with detecting and preventing misconduct.” The compliance mandate includes constant vigilance on the integrity of the compliance program, protecting internal whistleblowers (in part to demonstrate to others that it is safe to come forward), and supporting a culture of accountability, especially at levels of management.

I might say that a corporate legal department’s role has traditionally been seen to protect the company from problems, while the role of the compliance function is to remedy problems. Here you can think of McNulty’s Maxim No. 3 – What did you do to fix it when you found out about it? But Boehme takes it a step further by noting, “A well-run compliance program requires hundreds of judgments, big and small, to be made on a weekly basis. The company with the political will to elevate their chief compliance officer to a “separate but equal” status in the C-suite will benefit from those judgments being made with an independent compliance mindset, and not “Always Legal but Occasionally Compliance” prism.”

I often repeat the legal truism that bad facts make bad law. Make no mistake about it; the GM ignition switch imbroglio is very bad. But the GM legal department’s role in the company’s ongoing scandal, clearly points out the difference between the roles of legal and compliance. I am sure that the GM lawyers involved, and those who were terminated, thought their job was to defend the company at all costs. But I have never met a CCO who felt that way. They believe that their job is to prevent, detect and remedy any compliance issues that arise. You cannot do that if you are instructing others not to take notes in relevant meetings, deleting potentially incriminating emails and hiding from your boss that there is a real problem out that that must be dealt with.

For the rest of you out there who are lawyers and reading this, remember Joseph Welch today as a far better example of our historical brethren.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Commitment to Compliance: the Compliance Committee

Sunday was the 69th anniversary the most iconic photo of World War II, at least from the American perspective. Of course it was the raising of the American flag at Mt. Suribachi on Iwo Jima. To say that one photo cannot change the lives of those pictured is belied by this image. The photographer, Joe Rosenthal, won a Pulitzer Prize for the photograph. While three of the six flag-raisers died fighting on Iwo Jima, one survivor, Rene Gagnon appeared during half time at the 1969 Orange Bowl; Ira Hayes was immortalized songs both by Johnny Cash and Bob Dylan and the last remaining flag-raiser, John Bradley, died in 1994.

I once tried a lawsuit in Harlingen County, Texas, where the name of one of the flag-raisers, Harlon Block, is inscribed in the Memorial to the county’s deceased war veterans on the courthouse square. The Judge of the trial used it as an example of civic duty and, years later, when I read James Bradley’s book, “Flags of Our Fathers”, about his father John Bradley and the men who raised this flag, I learned that the Judge in my trial was one of 16 high school seniors from Harlingen High School who all volunteered for enlistment on the same day. Harlon Block was one of the Judge’s classmates and they volunteered together. I am still moved when I think of that story.

One of the commitments I believe can enhance a compliance program is the creation of a compliance committee. As far back as in the 2005 Monsanto Corporation Deferred Prosecution Agreement (DPA) the compliance committee concept appears to have found favor with the Department of Justice (DOJ). In Appendix B to the DPA, Monsanto agreed to, among other things, “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or a Compliance Committee. Later, this concept was used in the settlement of Halliburton’s shareholder action around its Foreign Corrupt Practices Act (FPCA) enforcement action.

The Monsanto DPA provides guidance on this point by stating “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction;” this would indicate that senior management should be involved in the Compliance Committee. It would also indicate that more than one department should be represented on the Compliance Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations.

The Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual suggests the following language in its proposed form of Compliance Committee Charter:

The compliance officer shall have ultimate responsibility for operating the compliance program, with the support and assistance of the compliance committee. The committee shall consist of ### members, representative of each major department or area. The committee may appoint ad hoc members, each to serve at the pleasure of the committee, to assist and advise the committee in carrying out this charter. While the ad hoc members of the committee are not entitled to vote on matters formally considered by the committee, the ad hoc members shall be entitled to call a meeting of the committee and, further, to have any matter included on the agenda of any meeting of the committee. The committee shall designate the proper manner for calling meetings and the setting of agendas thereto.

 The compliance officer and committee shall retain a direct line of communication with and a direct reporting responsibility to the board of directors, executive committee, and CEO.

In the November/December issue of the SCCE Compliance & Ethics Professional magazine, Donna Boehme wrote an article entitled “Building a horse and not a camel: The compliance committee”. Where she cautioned that “More often than not, a [compliance] committee that is conceived with all best intentions evolves into something less that ideal: (a) a team of micromanagers that routinely substitutes its judgment for that of the CCO; (b) a source of unnecessary red-tape and ‘make-work’ for the compliance function, (c) a filter between the CCO and the governing body.”

To remedy these potential pitfalls, Boehme recommends three rules for building an effective compliance committee.

1. The compliance committee should have a clear, written charter that sets out the functionality, goals, and parameters of the group, along the lines discussed above.
2. The CCO should chair a committee of her peers-senior level officers in a position to make decisions and marshal resources.
3. The compliance committee should be periodically reviewed for effectiveness and adjusted as necessary to meet the stated goals of the charter.

One of the things  Boehme makes clear is that “every compliance structure should be fit-for-purpose.” In other words, if your company’s highest compliance risk is third party relationships, I think you should focus your compliance committee resources on that issue. The scope of this was not fleshed out in the Monsanto DPA. However, it suggested that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with any third party. While this would most necessarily focus on FCPA compliance, there should also be a commercial component to this function.

To this end, a compliance committee should review all documents relating the full panoply of a third party’s relationship with a US company. This would begin with a review of any initial requests to engage a new third party. The information presented to the compliance committee would include a Business Unit’s request to engage the third party, the costs and benefits. The next step would be to review the due diligence and all background investigative materials on the prospective third party.

The compliance committee should receive copies of, and approve, all due diligence and background investigative materials before a contract is executed with a third party. Particular attention should be paid to the form of the contract. If there are deviations from the company’s standard form of agreement, with regard to the FCPA compliance issues, there should be a full explanation by the third party or Business Unit. The compliance committee should determine if the company is taking on any unwarranted FCPA compliance risk if non-standard FCPA compliance terms and conditions are used.

After the commercial relationship has begun the compliance committee should monitor this relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations on the third party with at least a minimum of a Level One Due Diligence and higher levels of Due Diligence based upon an appropriate risk rating. There should be an evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third parties. All FCPA compliance training should be reviewed and certifications confirmed. The compliance committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. As with all things FCPA the three most important words here are Document, Document and Document. If you cannot produce documentary evidence to the DOJ of your annual review and its findings, it is of no use to your company.

In addition to the above remedial review, the compliance committee should review all payments requested by the third party to assure such payments are within the company guidelines and are warranted by the contractual relationship with the third party. Lastly, the compliance committee should review any request to provide the third party with any type of non-monetary compensation and, as appropriate, approve such requests.

The compliance of a third party is one of the key tools that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the FCPA. The proper structure of the compliance committee and its full engagement with all aspects of a company’s relationship with a third party is one of the areas that the DOJ will look for in a successful FCPA compliance program.

A compliance committee is a key tool, which can be utilized by a company to manage its relationships with its third parties. Its use has been commented upon favorably by the DOJ through its citation in the Monsanto DPA. A Compliance Committee does not replace any of the other key components of an effective FCPA compliance program but it does provide an additional level of protection, back-up and transparency for all deals with a third party. It should be employed by US companies as an additional protection against any type of FCPA compliance and ethics violation “slipping through the cracks” to become a much larger problem down the road.

But take Boehme’s cautionary words to heart, that the guiding principles of a compliance committee should be that it helps and does not hurt your overall compliance efforts going forward. And then use the raising of the flag on Iwo Jima to think about commitment.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

How to Build a Culture of Ethics and Compliance: The Greatest Article Ever – Part I

Donna Boehme and Jim McGrath continually rail against the notion that a ‘rogue employee’ causes the majority of bribery and corruption charges under such laws as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. Companies continually claim that they do business ethically and in compliance with such anti-bribery and anti-corruption legislation and that it is only one or a few of ‘them-those pesky rogue employees’ who have brought the company to grief. Even GlaxoSmithKline PLC (GSK) is now beginning to distance itself from its Chinese business unit and executives who confessed to engaging in bribery and corruption to sell GSK products in China.

The first problem with this ‘rogue employee’ claim is that it is wrong. The second problem is that by making this bogus claim and denying that it was a company failure; a company may well never correct the underlying problem which led to the compliance failure. However if a company does not recognize its role in any such compliance catastrophe, it will probably have a repeat of a similar event in the not do distance future. Once again witness GSK, which agreed, in 2012, to a $3bn fine for fraud in marketing of its products and within one year is caught up in allegations of corruption in China.

I recently read an article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In this article, the authors address the question of “How can companies recover from trust failures and create reputations for trustworthiness?” Let me put this as succinctly as possible – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. I will be discussing the article over my next three posts. Today I will look at why such ethics and compliance failures occur from an organizational perspective; in Part II I will talk about how to build ethical organizations which do business in a compliant manner, and in Part III I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure.

Signals of an Ethical Business

In the FCPA Guidance, both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) make clear that paper compliance which companies only employ to “check-the-box” on compliance with the FCPA are doomed to fail. The FCPA Guidance states, “A well-designed compliance program that is not enforced in good faith, such as when corporate management explicitly or implicitly encourages employees to engage in misconduct to achieve business objectives, will be ineffective. DOJ and SEC have often encountered companies with compliance programs that are strong on paper but that nevertheless have significant FCPA violations because management has failed to effectively implement the program even in the face of obvious signs of corruption.” This is a clear recognition that more than simply having a compliance program in place is required to make it effective. Unfortunately many companies seem to believe that simply having an ethics and compliance program in place is sufficient.

While the authors write about ‘trust’ I believe that their research, findings and framework all translate to ethics and compliance; so I will make that substitution throughout my discussion of their article. To begin their discussion, the authors believe that there are “six identifying signals” that employees consider when deciding to follow a company. They are:

1. Common values: does the company share our beliefs and values?
2. Aligned interests: do the company interests coincide, rather than conflict with ours?
3. Benevolence: does the company care about our welfare?
4. Competence: is the company capable of delivering on its commitments?
5. Predictability and integrity: does the company abide by commonly accepted ethical standards and is the company predictable in how it behaves?
6. Communication: does the company listen and engage in a dialogue or not?

Why Do Ethical and Compliance Violations Occur?

Here the authors begin with a definition. They define trust as “a judgment of confident reliance on another (a person, group, organization or system) based upon positive expectations of future behavior.” For the compliance practitioner a violation of that trust occurs and there is unethical behavior which is not in compliance with the norm, for example when “a party significantly deviates from positive expectations” by engaging in such conduct as bribery and corruption. The authors believe that they see such conduct condoned, explicitly or tacitly from management, they also lower their own personal expectations of the type of conduct they will personally engage in.

Such a failure leads to individual employees engaging in bribery and corruption. However, the authors make clear that this is not down simply to the individual or ‘rogue’ employee but such unethical conduct is “predictable in organizations which allow dysfunctional, conflicting or incongruent elements of their organizational system to take hold.” The authors cited three examples where this played out with devastating results for companies. The first was the Mattel Corporation, which had a strong reputation for quality but weak oversight of its supply chain led to production of contaminated toys and a massive toy recall. The second was BP and the Deepwater Horizon disaster, where the company’s strategy and culture of minimizing costs to enhance profitability conflicted with its stated emphasis on safety; all leading to a multi-billion dollar claim. Finally, Goldman Sachs and its role in the Abacus fund where “investigators found that Goldman’s stated values of client focus and integrity were at time overshadowed by a less formal culture that emphasized getting deals done with less than full disclosure.”

The authors noted that in all three examples they cited, each company had extensive systems processes and procedures in place to produce “trustworthy behavior”. However there were “other elements undermined the companies’ ability to deliver on their core responsibilities.” Recall that as part of its $3 billion settlement GSK agreed to a Corporate Integrity Agreement (CIA). The company had a Compliance Committee, whose job was to oversee full implementation of the CIA and all compliance functions at the company. The company had Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified.

GSK’s Code of Conduct stated, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance, whether committed by GSK employees, officers, complementary workforce or third parties acting for or on behalf of the company.” The company had a Third Party Code of Conduct, which required that third parties shall conduct their business in an ethical manner and act with integrity.

All of this was backed up by “a Global Ethics & Compliance team which is responsible for providing oversight and guidance to ensure compliance with applicable laws, regulations, and company policies, as well as fostering a positive, ethical work environment for all employees.” The Code of Conduct also stated that “GSK has an active system of internal management controls to identify company risks, issues and incidents with appropriate corrective actions taken. Our Risk Management and Compliance Policy provides the framework for these internal controls, to ensure significant risks are escalated to the proper levels of senior management.”

The authors research led them to several different areas of organizational weakness which allow for ethics and compliance violations to occur. Company leaders “focused on fundamental aspects of how the organization functioned: organizational restructuring and instability; poor support and follow-through; poor talent management; lack of communication and information; and leadership and strategies.” Interestingly, when employees were interviewed they had the following thoughts on how to improve ethics and compliance, “improve communication, enhance senior management capability, provide more accountability for performance, empower employees and enhance collaboration groups.”

Yet in their examinations, the authors found “one type of incongruence that frequently led” to breakdowns in doing business ethically and in compliance. That breakdown came when the interests of one stakeholder group was favored over another stakeholder group. The authors identified some various stakeholders as shareholders, employees, customers, suppliers and communities. The authors said that this incongruence has “been defined as letting shareholder profits take precedence over core responsibilities to other stakeholders.” But it is simply more, than serving on stakeholder better than the others. It is favoring one stakeholder to the extent of “the expense of and even causing harm to” other stakeholders.

In other words, if profits are put ahead of all other measurements for an employee, that employee will get the message and make sure that he or she makes their numbers. The authors conclude this section by noting that with the current 24 hour news cycle and social media, what may have been yesterday’s event can rapidly spiral across the globe and out of control more quickly than ever. Once again witness just how quickly GSK seemed to be on notice of allegations of corruption and bribery in China to the time its Chinese employees admitted to such conduct on state TV. It was mere days.

In tomorrow’s post I will look at building high trust in organizations and how that relates to ethics and compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Pope Francis and the Chief Compliance Officer Position

Leadership can take as many forms and can be as varied as the number of leaders. But whatever form it takes leadership in a company’s compliance function does matter. A recent On Management article in the Financial Times (FT) by Phillip Delves Broughton, entitled “Leadership lessons from the pontiff”, looked at what is being termed by Catholics as ““the Francis effect”, the way the new pope is paring down the inherited pomp of his office to become more accessible.” Broughton noted that not only has the Pope made himself more accessible but that he seems to be intent on opening up the Church more to the needs of its flock, rather than simply as an existence unto itself. Broughton wrote that not only does the Pope’s more modest style reflect “a new set of priorities for the Vatican” but the Pontiff has also “set up a commission to reform the Vatican’s administration, notably its bank”. Getting out of the Ivory Tower (or Vatican) is always a good sign for a leader and it is no different for a Chief Compliance Officer (CCO). While I am not sure what criteria the newly invested Pope was judged on during the recent papal election, I thought about the criteria that could guide the selection of a CCO for a corporation.

An article in the SCCE Complete Compliance and Ethics Manual, 2nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, author Donna Boehme laid out what she believes to be the five elements that should be “carefully considered by boards and senior management who are serious about structuring (or updating)” the CCO position for success.

1.      Empowerment

Boehme believes that a CCO must have “the appropriate unambiguous mandate, delegation of authority, senior-level positioning, and empowerment to carry out his/her duties.” Such can be accomplished through a “board resolution and a compliance charter, adopted by the board.” Additionally, the CCO job description should be another manner in which to clarify the CCO “mandate, and at a minimum should encompass the single point accountability to “develop, implement and oversee an effective compliance program.”” All of the above should lead in practice to a “close working relationship with an independent board committee.”

2.      Independence

It is incumbent that any CCO must have “sufficient authority and independence to oversee the integrity of the compliance program.” Some indicia of independence would include a reporting line to the company’s Board of Directors and Audit/Compliance Committee but, more importantly, “unfiltered” access to the Board. There should also be protection of employment including an employment contract with a “nondiscretionary escalation clause” and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.

3.      Seat at the Table

Boehme believes that the CCO must “have formal and informal connections into the business and functions of the organization – a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided.” She argues that, at a minimum, the CCO should participate in “budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews, and risk and crisis management meetings.”

4.      Line of Sight

Here the author urges that the CCO should have “unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively.” This does not mean that the CCO should have veto power over functions such as safety or environmental nor that such functions report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role, to allow it visibility into these areas, will help the CCO coordinate compliance convergence training.

5.      Resources

It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to “get the job done.” I have worked at places where the CCO had neither and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicia, to the independence of the CCO from the General Counsel (GC), “rather than a shared budget”. This can also bleed over to ‘headcount’ and shared or dotted line reporting resources. There should be independent resources reporting into the compliance function.

One thing that Boehme has consistently advocated is that the CCO should not report to the company’s GC. She believes that a CCO should have unfiltered access to a company’s Board of Directors and should report to a company’s Chief Executive Officer (CEO). She points to the “long line of companies forced to separate their” CCO positions from their corporate legal department; both under “corporate integrity agreements, and headlines such as the very public Wal-Mart scandal”. She also writes that the 2010 Amendments to the US Sentencing Guidelines, give support for the independence of the CCO from the legal department.

Boehme’s article reflects the structure and support that she believes a CCO should have in a corporate function. Broughton’s article on the new Pope points out that how a leader positions himself can be critical to an organizations overall success. Further, he writes that over-centralization can stifle out growth but if there is a decentralization of authority, to get it closer to those doing the day-to-day work, they will not only be more empowered but that they can help transform a culture more quickly and effectively. Broughton ends his article with the following, “After years of bad news from the Vatican, the crowds welcomed a man willing to travel fast and light along a new course.” I think that is consistent with the guidance that Boehme provides for the structure and requirements of a CCO position.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Board of Directors and Doing Business in China Under the FCPA

The case of GlaxoSmithKline PLC (GSK) is still resonating across the corporate globe. While many questions are still unanswered, one that seems to be at the forefront of the inquiry was where was the GSK Board of Directors? The role of a Board of Directors is becoming more important and more of a critical part of any effective compliance program. Indeed Board involvement is listed as one of the ten hallmarks of an effective compliance program, set out in last year’s FCPA Guidance. In addition to helping to set the proper tone in an organization, the Board has a specific oversight role in any Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program.

In addition to the pronouncements set out in the FCPA Guidance, other commentators have discussed the legal duties set out for Board members regarding compliance. Donna Boehme, writing in the SCCE Complete Compliance and Ethics Manual, 2nd Ed., entitled “Board Engagement, Training and Reporting: Strategies for the Chief Ethics and Compliance Officer”, said that a Board’s responsibility for compliance and ethics can be traced back to the Caremark decision (1996), which was later augmented by Stone v. Ritter (2006). She believes that these state court decisions establish the parameters of Board duty of care for corporate compliance activities. Moreover, this case law on the duty of a Board member, read in conjunction with the US Sentencing Guidelines, sets out the elements of an effective program to be overseen by the Board. The US Sentencing Guidelines also require that a Board “be “knowledgeable” about the content and operation of the company program and exercise “reasonable oversight” over its implementation and effectiveness.”

A timely article in the July/August issue of the NACD Directorship, entitled “Corruption in China and Elsewhere Demands Board Oversight”, by Eric Zwisler and Dean Yoost notes that as “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? The authors report that “20 percent of FCPA enforcement actions in the past five years have involved business conduct in China. The reputational and economic ramifications of misinterpreting these duties and responsibilities can have a long-lasting impact on the economic and reputation of the company.” You can certainly ask GSK that right about now.

The authors understand that corruption can be endemic in China. They write that “Local organizations in China are exceedingly adept at appearing compliant while hiding unacceptable business practices. The board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just documentation.” Further, “the management cadence of monitoring and auditing should be visible to the board.” Echoing one of the Board’s roles, as articulated in the FCPA Guidance, the authors believe that a “board must ensure that the human resources committed to compliance management and reporting relationships are commensurate with the level of compliance risk.” So if that risk is perceived to be high in a country, such as China, the Board should follow the prescription in the Guidance which states “the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

To help achieve these goals, the authors suggest a list of questions that they believe every director should ask about a company’s business in China.

• How is “tone at the top” established and communicated?
• How are business practice risks assessed?
• Are effective standards, policies and procedures in place to address these risks?
• What procedures are in place to identify and mitigate fraud, theft, corruption?
• What local training is conducted on business practices and is it effective?
• Are incentives provided to promote the correct behaviors?
• How is the detection of improper behavior monitored and audited?
• How is the effectiveness of the compliance program reviewed and initiated?
• If a problem is identified, how is an independent and thorough investigation assured?

The authors correctly point out that third parties generally present the most risk under a FCPA compliance program and that “more than 90 percent of reported FCPA cases involve the use of third-party intermediaries such as agents or consultants.” However, they also point out that “all potential opportunities in China will have some level of compliance related issues.” As joint ventures (JV) and the acquisition of Chinese entities are an important component of many organizations’ strategic plans in China, it is important to have Board oversight in the mergers and acquisition (M&A) process.

The authors understand that “non-compliant business practices and how to bring these into compliance is often a major and defining deal risk.” But, more importantly, it is a company’s “inability to understand actual business practices, the impact of those practices on the core business, and effectively dealing with a transition plan is one of the main reasons why joint ventures and acquisitions fail.” So even if the conduct of an acquisition target was legal or tolerated in its home country, once that target is acquired and subject to the FCPA or Bribery Act, such conduct must stop. However, if such conduct ends, it may so devalue the core assets of the acquired entity so as to ruin the business basis for the transaction. The authors cite back to the FCPA Guidance and its prescribed due diligence in the pre-acquisition stage as a key to this dilemma. But those guidelines also make clear that post-acquisition integration is a must to avoid FCPA liability if the illegal conduct continues after the transaction is completed.

The authors conclude by articulating that many Boards are not engaged enough to understand the way that their company is conducting business, particularly in a business environment as challenging as China. They believe that a Board should have a “detailed understanding of the business if it is to be an effective safeguard against fraud or corrupt practices.” They remind us that not only should a Board understand the specific financial risks to a company if a FCPA violation is uncovered; but perhaps more importantly the “potential impact on the corporate culture and the risk to the company’s reputation, including the reputations of individual board members.” Finally, the authors believe that “effective oversight of corruption in China will only become increasingly more important”. That may be the most important lesson for any Board collective or Board member individually to take away from the ongoing GSK corruption and bribery scandal.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Some Thoughts on What Makes a Good CCO

There are several prominent commentators who frequently discuss the role a Chief Compliance Officer (CCO). One such commentator is Donna Boehme, who regularly writes articles, speaks about, and even tweets on this subject. But what type of mindset does a CCO need to be successful? What are some of the skills? I thought about those questions when I read three very different articles on unrelated topics recently.

I.                   A General Principle of Action

The first was found in this past week’s issue of the New Yorker Magazine, in a piece entitled “The Gift of Doubt”, where author Malcolm Gladwell reviewed the rather extraordinary life of Albert O. Hirschman, in the context of a new biography of Hirschman titled “Worldly Philosopher: The Odyssey of Albert O. Hirschman” by Jeremy Adelman. In Gladwell’s piece, he discussed one of Hirschman’s essays, which was entitled “The Principle of the Guiding Hand.” In this essay, Hirschman reviewed large commercial enterprises which did not turn out as designed but where Hirschman was impressed with the response to the crisis.

Gladwell wrote that Hirschman had studied the “Karnaphuli Paper Mills, in what was then East Pakistan. The mill was built to exploit the vast bamboo forests of the Chittagong Hill Tracts. But not long after the mill came online the bamboo unexpectedly flowered and then died, a phenomenon now known to recur every fifty years or so. Dead bamboo was useless for pulping; it fell apart as it was floated down the river. Because of ignorance and bad planning, a new, multimillion-dollar industrial plant was suddenly without the raw material it needed to function.” It was the mill’s response to the crisis which so impressed Hirschman. Gladwell reported that Hirschman noted that the mill owners “quickly found ways to bring in bamboo from villages throughout East Pakistan, building a new supply chain using the country’s many waterways. They started a research program to find faster-growing species of bamboo to replace the dead forests, and planted an experimental tract. They found other kinds of lumber that worked just as well. The result was that the plant was blessed with a far more diversified base of raw materials than had ever been imagined.”

From this, and other examples, Hirschman opined in his essay what he termed the “general principle of action.” He defined this principle as the following; “Creativity always comes as a surprise to us; therefore we can never count on it and we dare not believe in it until it has happened. In other words, we would not consciously engage upon tasks whose success clearly requires that creativity be forthcoming. Hence, the only way in which we can bring our creative resources fully into play is by misjudging the nature of the task, by presenting it to ourselves as more routine, simple, undemanding of genuine creativity than it will turn out to be.”

II.                Using Mindsets

I thought about Hirschman’s general principle of action as it might apply to a CCO when I read an article by Michael Maslanka in the June 10 issue of the Texas Lawyer, entitled “Seven Mindsets of Effective General Counsel”. I thought that Maslanka had some interesting insight into the mindset a CCO needs. So adapting Maslanka’s seven mindsets from his list of those required by a General Counsel (GC) to those required by an effective CCO, I submit the following for your consideration.

No. 1: All news is good news. What should you do during a Foreign Corrupt Practices Act (FCPA) enforcement action, when the Department of Justice (DOJ) lawyers suggest something that you might view as negative or not warranted? Maslanka suggests that you remember the maxim that “All news is good news, because then you know where you stand.” Further he suggests that you follow these prescripts:

• Observe: The DOJ gave us new requests for information, which gave us a chance to gauge their thinking.
• Orient: This closed off an option, but did others remain?
• Decide: Pick another option.
• Act: Do it. Repeat until resolution.

No. 2: Pick the hill you want to die on. Make a stand where it matters, not on a useless cul-de-sac. Effective CCOs create political capital, bank it with the C-level executives and make wise withdrawals. Don’t sweat the small stuff but more particularly do not ask senior management to sweat the small stuff.

No. 3: ABR: Always be re-framing. CCO’s can’t change the facts, but can change the story. Reframing can transform a potential violation of the FCPA into an opportunity to improve your company’s compliance program. It can awaken leaders to the need for manager training. Adopting an “always be reframing” mindset creates bias towards effective action, realistic optimism and caring candor.

No 4: Fight the fight, not the plan. A CCO should never get stuck on the original plan and should always deal with what is occurring now, in real time. Survival goes not to the fittest but to the most adaptable. An adaptability mindset propels a CCO ahead of a burgeoning crisis. It’s a fluid compliance and legal world out there, so “be prepared to surf the waves.”

No 5: A CCO is not a conscience for hire. When it all hits the fan and when someone must speak compliance truth to power, it is the CCO who does so. A CCO is not a mouthpiece but a voice of reason.

No 6: Generate options, lots of them. A CCO cannot direct executives to take actions; they can only guide them by producing options — the more, the better.

No. 7: “Am I adding value?” How does the CCO metric measure value? Effective CCOs understand that they work daily with those who have built a company and strive to sustain it. Adding compliance value is not a “No, you can’t do XYZ.” It’s not even a “Yes, but” mindset. It’s one of “Yes, and.”

III.             Listening

The final article was in the June 17 issue of the Texas Lawyer, by Joey Asher, entitled “Four Keys to Better Listening”. While Asher clearly believes that everyone can benefit by being a better listener, I think that this is particularly incumbent for a CCO.

Be genuinely interested. Asher believes that “There are no tips that will help you if you aren’t actually interested in the other person. The author Truman Capote was said to have been interested even in “boring” people. When stuck in a conversation with a bore, he would try to discover what makes the person so boring.” It is your attitude that makes a CCO a great listener.

Ask good questions. Here Asher quotes the intrepid interviewer Larry King who said, “The absolute best question in the whole world is “Why?” “Why did you choose to become a lawyer? Why does your business want to merge with a competitor? Why do have I have to hold the club this way? Why do you go by Joey instead of Joe? Why do you enjoy shopping? “Why” makes people think and reflect. It shows a depth of interest and requires a deeper answer.” Asher does understand that “there are many great questions that don’t start with “why.”” But his experience tells him that the best questions involve asking for an explanation or an opinion.

Be patient. Asher believes that a listener can hear very good information if you are willing to wait for it. He wrote about a story where he met a corporate psychologist at a cocktail party. This corporate psychologist told him “that his job was to screen high-level job candidates for major corporations to ensure that they’re not secretly racist.  “How can you tell if someone is a secret racist?” I asked. He explained that he asks the subject to talk about himself and his life. Over the course of long interviews (the interviews can last days) a pattern of racism will emerge.”

Have a good listening face. Asher concluded his piece with his belief that “learning to listen is important to me.” One of the ways he has done so is by looking not only interested in the people he is talking too but even fascinated with what they had to tell him. He actively tries not to be intimidating in any way while listening.

I am sure that there are other traits that will go into the makeup of an effective CCO. If you have some others, I hope that you will post them as comments to this article.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Five Essentials of a Chief Compliance Officer Position

Most of Shakespeare’s histories involve issues relating to kingship and how a king might reign. In some of the plays, such as Henry V, the example is of a positive nature. In others, such as Richard III, you may need to draw from the inverse to see how one should decidedly not govern. The tragedies tend to emphasize a tragic flaw which brings down someone who is not necessarily a king, such as Hamlet or Coriolanus.

What are some of the characteristics of the position of a Chief Compliance Officer (CCO) for a company subject to the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other international anti-bribery and anti-corruption laws? That question was recently explored in an article in the Society of Corporate Compliance and Ethics (SCCE) bi-monthly magazine, Compliance & Ethics Professional, in an article entitled “Five essential features of the Chief Ethics and Compliance Officer position”, by author Donna Boehme. She believes that while all CCO positions should be “fit-for-purpose” there are five essential features which are consistent to all such positions. They are as follows:

1.      Independence

It is incumbent that any CCO must have “sufficient authority and independence to oversee the integrity of the compliance program.” Some indicia of independence would include a reporting line to the company’s Board of Directors and Audit/Compliance Committee but more importantly “unfiltered” access to the Board. There should also be protection of employment including an employment contract with a “nondiscretionary escalation clause” and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.

2.      Empowerment

Boehme believes that a CCO must have “the appropriate unambiguous mandate, delegation of authority, senior-level positioning, and empowerment to carry out his/her duties. Such can be accomplished through a “board resolution and a compliance charter, adopted by the board.” Additionally the CCO job description should be another manner in which to clarify the CCO “mandate, and at a minimum should encompass the single point accountability to develop, implement and oversee an effective compliance program.” All of the above should lead in practice to a “close working relationship with an independent board committee.”

3.      Seat at the Table

Boehme believes that the CCO must “have formal and informal connections into the business and functions of the organization – a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided.” She argues that, at a minimum, the CCO should participate in “budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews, and risk and crisis management meetings.”

4.      Line of Sight

Here the author urges that the CCO should have “unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively.” This does not mean that the CCO should have veto power over functions such as safety or environmental or that such functions must report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role to allow it visibility into these areas will help the CCO coordinate compliance convergence training.

5.      Resources

It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to “get the job done.” I have worked at places where the CCO had neither and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicia, to the independence of the CCO from the General Counsel (GC), “rather than a shared budget”. This can also bleed over to ‘headcount’ and shared or dotted line reporting resources. There should be independent resources reporting into the compliance function.

Unlike Shakespeare’s histories or tragedies, the author gives you her opinion on what the role of the CCO should consist of in today’s compliance arena. Boehme’s article is an excellent guide for the CCO or Compliance Professional to use in reviewing the situation in his or her company. Her five essential features are based on the Department of Justice’s (DOJ) thinking on the issue in the form of the US Sentencing Guidelines, FCPA enforcement actions and evolving best practices. If your company is not following these it may well not be deemed to have a commitment to compliance or meet the minimum best practices standards.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012