FCPA Compliance and Ethics Blog

August 18, 2015

Georgia On My Mind – How Does Compliance Enhance Shareholder Value?

Georgia On My MindCan you get a sense of place from listening to a song? In an article in the Financial Times (FT), entitled “The Life of a Song – Georgia On My Mind”, Mike Hobart wrote that when you “combine Stuart Gorrell’s lyrics with Hoagy Carmichael’s music… the sense of place becomes palpable.” While that may be true, the piece attributed to Frank Trumbauer who said, “Nobody ever lost money writing songs about the South”. The song did not become the well-known standard it is today until Ray Charles recorded it in 1960, some 30 years after Carmichael wrote it. Hobart believes that the song works so well “not the least because ‘Georgia On My Mind’ is a brilliant piece of imaginative fiction that captures the yearnings of a homesick soul. That fact and fantasy are so out of step only adds to the pathos.”

That ultimate line from Hobart’s piece struck me around an issue that I have thought about for some time. How many Chief Compliance Officers (CCOs) and compliance practitioners out there have faced the following question from the General Counsel (GC), Chief Executive Officer (CEO), Chief Financial Officer (CFO) What does it do to enhance shareholder value? This is the question that is posed when senior management wants to deny resources to or even cut back the compliance function. At best the question is disingenuous and at worst it is simply a dodge by someone wanting to denude a corporate compliance function for their own nefarious reasons.

Michael Skapinker raised this second point, in another FT article entitled “Shareholder value is a cover for over-mighty chief executives”. Skapinker further opines that this question also presages an inquiry into whether CCOs “are using the cover of shareholder primacy to put themselves first?” While he also condemned the disparity in the growth of senior executives salaries and true shareholder value, Skapinker worries about the lack of accountability of CCOs and how their actions can damage a company’s reputation.

So how do you respond to this query? I think there is an answer with which you can always respond when faced with a clearly hostile CEO or other senior manager. It is the following. A best practices anti-corruption compliance program, whether based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law always enhances shareholder value. The reason is quite simple. It is all about tightening up the internal controls to prevent bribery and corruption.

However the part that such CEOs or other senior management may not understand is that FCPA internal controls are largely financial controls. Such controls are in place not only to comply with laws but also to provide internal oversight on how money flows out from an organization. The better the internal financial controls the better run a company will be in both the short and long term.

Most readers are familiar with Ethisphere’s annual designation of the World’s Most Ethical Companies. Many commentators deride this list because many of the companies on the list have gone through a FCPA investigation or enforcement action. Even with that factor, one of the things that Ethisphere touts about this list is that the companies on it routinely outperform the Standard & Poor’s (S&P) Index in annual performance. I thought about this seeming anomaly for a long time, wondering how ethical companies could be in the midst of FCPA investigations and be on a most ethical list.

The reason these companies are on the list is that they have better financial controls and by having better financial controls, these companies are more generally better run. Think about financial controls around employee expense reimbursement as an example. These are in place to satisfy Internal Revenue Service (IRS) rules to demonstrate the business purpose of employee travel, entertainment of customers, hospitality for potential customers and similar business expenses. Now consider this IRS requirement overlaid with a FCPA compliance requirement. Not only do you need to record the foreign government officials (or not) that you entertain, you need to document the expense incurred and the business purpose. If the expenses were predetermined to be over the amount set in your compliance policy, you may require compliance department pre-approval. When an employee submits an expense reimbursement form, there is usually a signature or self-attestation required. Then the employee’s supervisor, and perhaps one level above, must approve the reimbursement request before it even gets to Accounts Payable (AP) for a financial and procedure focused review.

All of these steps are financial controls yet they operate as internal compliance controls as well. If the controls are enforced the compliance function would have a searchable database to test employee expense reimbursement requests to see if any anomalies appear which should be set aside for further investigation. Imagine how GlaxoSmithKline PLC (GSK) might have fared if it had properly assessed its Chinese employee reimbursement requests to determine if the employees had actually put on the events for which they claimed reimbursement.

The same financial control analogy is true for the other key steps in any best practices compliance program. Management must communicate the message regarding doing business in compliance down to the troops. This message should be formalized in policies and procedures to set expectations of behavior. Then there should training on these educations and a person or function sufficiently resourced to run it. Next there should be incentives to do business in compliance and sanctions for those who fail to meet the set expectations and an appropriate reporting mechanism for internal reporting of compliance violations. Any best practices FCPA compliance program would also have a risk assessment, management of third parties and a mergers and acquisition (M&A) component. Finally, all of these concepts should be memorialized through internal controls that are designed, implemented and tested for effectiveness.

So the next time one of those senior management types asks you what the compliance function does or even what an expenditure that you want to incur will do to increase shareholder value, you can not only point him (or her) to the Ethisphere Most Ethical Company list but you can dive down to the specific level of your company and point directly to one of the above concepts around internal controls, which are really financial controls, to make your company not only run more efficiently but also provide appropriate levels of oversight.

So just as Hoagy Carmichael may indeed have written Georgia On My Mind because no one “ever lost money writing songs about the South”; no company was worse run because it had effective internal controls. Quite the contrary, the more effective your compliance controls are the better run your company will be and that will most certainly enhance shareholder value.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

December 13, 2012

The Ethical Business Compact-A New Compliance Best Practice?

Found on page 54 of the recently released Department of Justice (DOJ) Guidance on the Foreign Corrupt Practices Act (FCPA) is the following language:

“Chapter 8 of the Sentencing Guidelines, which governs the sentencing of organizations, takes into account an organization’s remediation as part of an effective compliance and ethics program.”

Chris Bauer, among others, gently chides me from time-to-time that I do not put enough emphasis on ethics in a FCPA compliance program. Probably part of the reason is that, with my legal training, I tend to think of rules, regulations and laws as the guideposts for corporate conduct. Chris, once again among others, reminds us that corporations are made up of people and that there can never be enough rules and regulations to cover every situation. So if employees have the right ethical compass they would tend to do the right things in business going forward.

Yesterday, at the Hanson Wade Pharmaceutical Anti-Corruption Compliance Conference, I heard a talk by Jay Mumford of Ethisphere on the Health Care Industry Executive and Company Conduct Compact. Jay’s talk focused largely on the ethics component of compliance and ethics and he talked about an Ethisphere initiative which helps company’s in the health care industry to add an ‘ethics’ component to compliance and ethics. Jay began his talk by pointing out the loss of trust that Americans have in various industries and corporations. When most Americans, generally, have such a lack of trust, as after the 2008 financial meltdown, they turn to more regulations. The financial meltdown and the perception that the financial industry caused it led to the passage of the Dodd-Frank legislation. Jay pointed out that the 848 page long Dodd-Frank bill now has over 8000 pages of regulations interpreting this law. He said that the law firm of Davis Polk has estimated that this is only 1/3 of the total page number of regulations to come to implement Dodd-Frank. His point was stark and clear, there is absolutely, positively no way that any corporation or person could know all the regulations.

One of the things that Ethisphere tries to bring to the compliance and ethics debate is a manner to rise above the rules-only approach. They recently initiated a new program in the Life Sciences Industry called the Company Conduct Compact “Compact”. This Compact is designed to reduce the probability of corporate misconduct and to help to set up an affirmative defense if an individual prosecution action is in the offing. The Compact itself offers companies and individuals a method to proactively commit to a set of heightened ethical principles and specific behaviors, based upon the elements found in the US Federal Sentencing Guidelines.

The Compact is designed to be executed by both the Chief Executive Officer (CEO) and top Senior Management in a company. It is set up to align with the company’s overall compliance efforts. The commitments made in the Compact are subjected to external verification and testing. Each commitment is set out in writing for each signatory and the CEO commits his or her organization to the seven principles set out in the Compact. The seven principles are as follows:

  1. Written Policy and Procedures. The organization will have a comprehensive written set of policies and procedures that establish a best in class compliance program, including a Code of Conduct, company-wide policies and procedures and specific internal controls for each department. The leader commits to proactively identifying, preventing and correcting behaviors that are not consistent with the company’s values. If the leader has a disagreement with the standards, he or she will work within the system to address them.
  2. Program Oversight. The company will ensure that the compliance function has vigorous support from management and the Board of Directors, is well-resourced and financed and has appropriately elevated status within the company. The leader commits to full, consistent and active implementation of the company’s compliance regime and will give the time, attention and resources to support his or her area of responsibility within the overall compliance structure.
  3. Education and Awareness. The company commits to periodically and in a practical manner educate employees on its standards and procedures, through effective training. The leader commits that all of his direct reports will complete all required compliance and ethics training in a timely manner and that if these direct reports do not do so, the leader’s compensation may be effected. The leader will also attend a number of live compliance and ethics training sessions for employees to emphasize the importance of it throughout the company.
  4. Monitoring and auditing; reporting channels for concern. The company shall embrace both ongoing monitoring and auditing as techniques to help ensure that its compliance program is followed. The company shall periodically assess the effectiveness of its compliance program and maintain a dedicated reporting channel which can be used anonymously. The leader commits that at least once per quarter he or she will sit down individually with the Executive Leadership Team (ELT) and ask them what specific steps they are taking to help the company do business in a compliant manner. There shall also be a strong commitment to the creation of a culture of no retaliation for reporting of compliance violations.
  5. Enforcement and discipline incentives. The company will enforce its compliance program through both incentives and discipline. There should be a portion of compensation based upon doing business ethically. The leader commits to enforcing the company’s ethical standards, through both positive and negative incentives, including him or herself, through an agreement for claw backs if a FCPA violation occurs on his or her shift. The leader believes that senior management should be held to a higher standard and embraces that obligation.
  6. Response and prevention. This commitment means that after misconduct has been discovered, the organization shall take reasonable steps to respond appropriately and prevent further similar misconduct. The leader commits to learn what has happened, why it happened and how to prevent it from occurring again. He or she will not shift the blame to ‘the system’ but will work to prevent it from occurring again.
  7. Risk management. Here there is a commitment to periodically assess the risk of misconduct and the signatory shall take appropriate steps to aid in the design, implementation or modification of the company’s compliance program to reduce the risk of misconduct. The leader commits to actively manage the compliance risks that an organization faces no ‘out of sight, out of mind’ mentality for thee. The risk assessment process must be embraced.

While sitting through Jay’s presentation I initially thought that no CEO would agree to such obligations, but as they are largely based on obligations which already exist, legally I do not see much downside to a CEO and senior management agreeing to such obligations. As Jay pointed out, one of the very large reasons for signing this Compact and performing its obligations is to present a viable defense if the DOJ comes knocking. But more than simply another defense, the Compact really does help a company to demonstrate to its employees, its shareholders and its business relations a commitment to doing business ethically. As I told Jay after his talk, primarily I thought this initiative was so far out in left field it had no chance of success. However, what may be today’s initiative from left field may be tomorrow’s ‘Enhanced Compliance Obligations’ and next year’s new best practices in compliance. The Ethisphere Compact certainly is something that companies can and should consider.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Blog at WordPress.com.