Channeling John Steed in Your Tone in the Middle

Today we honor a great English actor from one of the 1960s signature television series. Last week, Patrick Macnee died. He was one-half of the crime-fighting duo on The Avengers. As reported in his New York Times (NYT) obituary, “Macnee, who wielded a lethal umbrella and sharp repartee as the dapper secret agent John Steed.” In The Avengers, Macnee “faced off against an assortment of evildoers, armed with understated wit and a traditionalist British fashion sense that made him look less like a spy in the Bond mold than “a junior cabinet minister,” as he once put it, although his tightly rolled umbrella concealed a sword and other crime-fighting gadgets, and his bowler hat, lined with a steel plate, could stop bullets and, when thrown, fell an opponent.”

His initial partner was the actress Honor Blackman but after she left the series to play Pussy Galore in the James Bond film Goldfinger his more famous sidekick became “Diana Rigg, stylish in a leather cat suit and every bit his equal in the wit and hand-to-hand-combat departments. In many scenes he was content to observe, an eyebrow cocked, as Emma — whom he always referred to as Mrs. Peel — unleashed her martial arts expertise on a hapless foe. He would often summon her to action with the words “Mrs. Peel, we’re needed.” Steed carried no gun. Aplomb and sang-froid were his weapons.” He could communicate what he meant when he meant it.

I thought about Macnee, his role as Steed and, of course, Mrs. Peel when I considered how a company must communicate its message of compliance. A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.

Adam Bryant, in a NYT article, entitled “If Supervisors Respect The Values, So Will Everyone Else”, explored this topic when he interviewed Victoria Ransom, the Chief Executive of Wildfire, a company which provides social media marketing software. Ransom spoke about the role of senior management in communicating ethical values when she was quoted as saying “Another lesson I’ve learned as the company grows is that you’re only as good as the leaders you have underneath you. And that was sometimes a painful lesson. You might think that because you’re projecting our values, then the rest of the company is experiencing the values.” These senior managers communicate what the company’s ethics and values are to middle management. So while tone at the top is certainly important in setting a standard, she came to appreciate that it must move downward through the entire organization. Bryant wrote that Ransom came to realize “that the direct supervisors become the most important influence on people in the company. Therefore, a big part of leading becomes your ability to pick and guide the right people.”

Ransom said that when the company was young and small they tried to codify their company values but they did not get far in the process “because it felt forced.” As the company grew she realized that their values needed to be formalized and stated for a couple of reasons. The first was because they wanted to make it clear what was expected of everyone and “particularly because you want the new people who are also hiring to really know the values.” Another important reason was that they had to terminate “a few people because they didn’t live up to the values. If we’re going to be doing that, it’s really important to be clear about what the values are. I think that some of the biggest ways we showed that we lived up to our values were when we made tough decisions about people, especially when it was a high performer who somehow really violated our values, and we took action.” These actions to terminate had a very large effect on the workforce. Ransom said, “it made employees feel like, “Yeah, this company actually puts its money where its mouth is.””

Ransom sought to ensure that everyone knew what senior management considered when determining whether employees were “living up to the company culture.” The process started when she and her co-founder spent a weekend writing down what they believed the company’s values were. Then they sat down with the employees in small groups to elicit feedback. Her approach was to look for what they wanted in their employees. They came up with six.

• Passion: Do you really have a thirst and appetite for your work?
• Humility and Integrity: Treat your co-workers with respect and dignity.
• Courage: Speak up – if you have a great idea, tell us, and if you disagree with people in the room, speak up.
• Curiosity: They wanted folks who would constantly question and learn, not only about the company but about the industry.
• Impact: Are you having an impact at the company?
• Be outward-looking: Do good and do right by each other.

Ransom had an equally valuable insight when she talked about senior management and ethical values. She believes that “the best way to undermine a company’s values is to put people in leadership positions who are not adhering to the values. Then it completely starts to fall flat until you take action and move those people out, and then everyone gets faith in the values again. It can be restored so quickly. You just see that people are happier.”

What should the tone in the middle be? Put another way, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and, consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore your organization should train middle managers to enhance listening skills in the overall context of providing training for what she termed their ‘Manager’s Toolkit’. This can be particularly true if there is a compliance violation or other incident that requires some form of employee discipline. Ransom believes that most employees think it important that there be “organizational justice” so that people believe they will be treated fairly. Ransom further explained that without organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness that an employee is more likely accept a decision that they may not like or disagree with.

So think about your lines of communication and your communication skills when conveying your message of compliance down from the top into the middle of your organization. You might even want to channel your inner John Steed, from The Avengers, in doing so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

West Side Story and GSK In China – Board Oversight and Tone in the Middle

Yesterday, I celebrated the anniversary of one of America’s cultural lows. But today, I am extremely pleased to open with exactly the opposite, that being one of America’s greatest gifts to the performing arts. For on this day in 1957, the musical West Side Story premiered on Broadway. There are so many facets to one of the great, even greatest, works of musical theater. Leonard Bernstein penned the score, Stephen Sondheim wrote the lyrics, Jerome Robbins choreographed the dance and the story was by Arthur Laurents, inspired by Romeo and Juliet.

There are many great songs, dances and moments in the play. Most of us (at least of my age) outside New York were introduced to the play via television where it ran for one showing in 1971. The show never toured until the 2000s. When I finally got to see the stage production I was absolutely blown away. I had never seen anything like and it and I will never forget the 5-counter point singing by Tony, Maria, Anita, Bernardo and the Sharks, and Riff and the Jets, as they all anticipate the events to come that night in the song Tonight’s Quintet. The show truly is one of America’s gems.

I thought about the continuing appeal of West Side Story as a musical and why the story continues to resonate with the American people when I continued to consider some of the lessons learned from the GlaxoSmithKline PLC (GSK) matter in China. Today’s areas for reflection should be the role of a company’s Board of Directors and the second is the ‘tone in the middle’. While we have not heard from the GSK Board on this case, it has become clear that the GSK Board was aware of both the anonymous whistleblower allegations and the release of the tape of the GSK China Country Manager and his girlfriend. One of the lessons learned from the GSK scandal is that a Board must absolutely take a more active oversight role not only when specific allegations of bribery and corruption are brought forward but also when companies are operating in high risk environments. Further how can a company move its message of doing business ethically and in compliance down the employee chain.

In a NACD Directorship article, entitled “Corruption in China and Elsewhere Demands Board Oversight”, authors Eric Zwisler and Dean Yoost noted that as “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? The authors reported, “20 percent of FCPA enforcement actions in the past five years have involved business conduct in China. The reputational and economic ramifications of misinterpreting these duties and responsibilities can have a long-lasting impact on the economic and reputation of the company.”

The authors understand that corruption can be endemic in China. They wrote, “Local organizations in China are exceedingly adept at appearing compliant while hiding unacceptable business practices. The board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just documentation.” Further, “the management cadence of monitoring and auditing should be visible to the board.” All of the foregoing would certainly apply to GSK and its China operations.

Moreover, the FCPA Guidance makes clear that resources and their allocation are an important part of any best practices compliance program. So if that risk is perceived to be high in a country such as China, the Board should follow the prescription in the Guidance, which states “the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

To help achieve these goals, the authors suggested a list of questions that they believe every director should ask about a company’s business in China.

• How is “tone at the top” established and communicated?
• How are business practice risks assessed?
• Are effective standards, policies and procedures in place to address these risks?
• What procedures are in place to identify and mitigate fraud, theft, and corruption?
• What local training is conducted on business practices and is it effective?
• Are incentives provided to promote the correct behaviors?
• How is the detection of improper behavior monitored and audited?
• How is the effectiveness of the compliance program reviewed and initiated?
• If a problem is identified, how is an independent and thorough investigation assured?

Third parties generally present the most risk under a Foreign Corrupt Practices Act (FCPA) compliance program and are believed (at least anecdotally) to comprise over 90 percent of reported FCPA cases, which subsequently involve the use of third-party intermediaries such as agents or consultants. But this is broader than simply third party agents because any business opportunity in China will require some type of business relationship.

One of the major failings of the GSK Board was that it apparently did not understand the actual business practices that the company was engaging in through its China business unit. While $500MM may not have been a material monetary figure for the Board to consider; the payment of such an amount to any third party or group of third parties, such as Chinese travel agencies, should have been raised to the Board. All of this leads me to believe that the GSK Board was not sufficiently engaged. While one might think a company which had received a $3bn fine and was under a Corporate Integrity Agreement (CIA) for its marketing sins might have sufficient Board attention; perhaps legal marketing had greater Board scrutiny than doing business in compliance with the FCPA or UK Bribery Act. The Board certainly did not seem to understand the potential financial and reputational impact of a bribery and corruption matter arising in China. Perhaps they do now but, for the rest of us, I think the clear lesson to be learned is that a Board must increase oversight of its China operations from the anti-corruption perspective.

GSK Chief Executive Officer (CEO) Sir Andrew Witty has certainly tried to say all of the right things during the GSK imbroglio on China. But did that message really get down into to the troops at GSK China? Moreover, did that message even get to middle management, such as the GSK leadership in China? Apparently not so, one of the lessons learned is moving the Olympian Pronouncements of Sir Andrew down to lower levels on his company. Just how important is “Tone at the Top”? Conversely, what does it say to middle management when upper management practices the age-old parental line of “Don’t do as I do; Do as I say”? In his article entitled, “Ethics and the Middle Manager: Creating “Tone in The Middle” Kirk O. Hanson, listed eight specific actions that top executives could engage in which demonstrate a company’s and their personnel’s commitment to ethics and compliance. The actions he listed were:

1. Top executives must themselves exhibit all the “tone at the top” behaviors, including acting ethically, talking frequently about the organization’s values and ethics, and supporting the organization’s and individual employee’s adherence to the values.
2. Top executives must explicitly ask middle managers what dilemmas arise in implementing the ethical commitments of the organization in the work of that group.
3. Top executives must give general guidance about how values apply to those specific dilemmas.
4. Top executives must explicitly delegate resolution of those dilemmas to the middle managers.
5. Top executives must make it clear to middle managers that their ethical performance is being watched as closely as their financial performance.
6. Top executives must make ethical competence and commitment of middle managers a part of their performance evaluation.
7. The organization must provide opportunities for middle managers to work with peers on resolving the hard cases.
8. Top executives must be available to the middle managers to discuss/coach/resolve the hardest cases.

What about at the bottom, as in remember those China unit employees who claimed they were owed bonuses because their bosses had instructed them to pay bribes? Well if your management instructs you to pay bribes that is a very different problem. But if your company’s issue is how to move the message of compliance down to the bottom, Dawn Lomer, Managing Editor at i-Sight Software, provided some concrete suggestions in an article in the SCCE magazine, entitled “An ethical corporate culture goes beyond the code”, where she wrote that that the unofficial message which a company sends to its employees “is just as powerful – if not more powerful – than any messages carried in the code of conduct.” Lomer suggested that a company use “unofficial channels” by which your company can convey and communicate its message regarding doing business in an ethical manner and “influence employee behavior across the board.” Her suggestions were:

1. Reward for Integrity – Lomer writes that the key is to reward employees for doing business in an ethical manner and that such an action “sends a powerful message without saying a word.”
2. The three-second ethics rule – It is important that senior management not only consistently drives home the message of doing business ethically but they should communicate that message in a short, clear values statement.
3. Environmental cues – Simply the idea that a company is providing oversight on doing business ethically can be enough to modify employee behavior.
4. Control the images – It is not all about winning but conducting business, as it should be done.
5. Align Messages – you should think about the totality of the messages that your company is sending out to its employees regarding doing business and make sure that all these messages are aligned in a way that makes clear your ethical corporate culture clear. 

The GSK case will be in the public eye for many months to come. Both the UK Serious Fraud Office (SFO) and US authorities have open investigations into the company. Just as the five counter-point singing or the rooftop symphonic dance scene to the song America demonstrates the best of that art form; you can draw lessons from GSK’s miss-steps in China now for implementing or enhancing your anti-corruption compliance program going forward now.

And while you are ending your week of considering GSK and its lessons learned for your compliance program, crank up your speakers to 11 and listen to some five counter-point singing the movie version of the Tonight Quintet, by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Mickey Rooney and The 90 Cent Solution

We begin today with a word on the death of Mickey Rooney. Rooney’s career, spanning nearly 90 years was certainly was from a different era. He was short of stature and long in his number of marriages but as Bob Lefsetz noted in his blog post tribute to Rooney, “But they stood in front of us twenty feet tall. At the drive-in. Even when the pictures truly got small on the tiny old screens of yore they emerged triumphant, because they were so good-looking, so charismatic. And if you were big enough, a bright enough star, your legacy lived on, even if your present day circumstances bore no resemblance to fame.” But here’s why there is always a place in my heart for Mickey Rooney. When I was very young I lived with my grandparents and one night I watched the 1935 movie version of Shakespeare’s A Mid Summer Night’s Dream on television with my grandmother. Rooney’s so over the top performance of Puck began for me a life long love affair with the Bard. So here’s to the grandmother that started me off on a lifelong love affair of Shakespeare’s works and here’s to the Mickster—you did it your way.

I have often considered the role of senior management is to set a proper ‘Tone-At-The-Top” to do business ethically and in compliance with anti-corruption laws like the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. Incentives to do business ethically and in compliance are also recognized as an important part of any best practices compliance program. The flip side of incentives is disincentives, such as discipline or financial penalties for affirmatively engaging in misconduct. But how far should such disincentives go and how strong should they be? Should there be penalties for not only affirmatively engaging in misconduct but also failing to monitor risk-taking that allows misconduct to occur? If the latter becomes prevalent, how close do we come to criminalizing conduct, which is arguably negligent and not simply intentional?

I have thought about several of these questions and many others over the past few days when reading about the ongoing struggles of General Motors (GM) over its Cobalt recall issues and Citigroup in regards to its Mexican banking operations. In an article by Gretchen Morgenson in the New York Times (NYT), entitled “The Wallet as Ethics Enforcer”, where she asked “Who decided—and who agreed—that 90 cents was too much to pay for each switch that would have fixed the problem that apparently led to 13 deaths? How much did that decision add to the bottom line and add to executives’ compensation over the years? What will the company have to pay in possible regulatory penalties and legal settlements?” One of her own answers to these questions reads, “While the shareholders of G.M. will shoulder the cost of the fines, the settlements and loss of trust arising from the mess, the executives responsible for monitoring internal risks like these are unlikely to be held accountable by returning past pay.”

Citigroup, which had previously indicated that it had been the victim of a huge fraud perpetrated by one of its customers in Mexico, Oceanografía. However, now Citigroup now faces both federal criminal and civil investigations over the affair. As reported in a Wall Street Journal (WSJ) article, entitled “Crime Inquiry Said to Open On Citigroup”, Ben Protess and Michael Corkery reported that both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have opened investigations “focusing in part on whether holes in the bank’s internal controls contributed to the fraud in Mexico. The question for the investigators is whether Citigroup—as other banks have been accused of doing in the context of money laundering—ignored warning signs.” For a bank to be criminally liable, “prosecutors would typically need to show that the bank willfully ignored warning signs of the fraud.” However, to show a civil violation, the threshold is lower and there may only need to be a showing that the bank lacked the proper internal controls or internal oversight.

In her article, Morgenson spoke with Scott M. Stringer, the New York City Comptroller, who is a strong advocate of corporate requirements which “make sure that insiders who engage in questionable conduct are required to pay the piper” in the form of clawback provisions. Stringer has worked with companies to expand clawback provisions beyond those mandated by Sarbanes-Oxley (SOX), which required “boards to recover some incentive pay from a chief executive and chief financial officer if a company did not comply with financial reporting requirements.” Now, clawbacks have expanded to require executives to return compensation “even if they did not commit the misconduct themselves; they run afoul of the rules by failing to monitor conduct or risk-taking by subordinates.” Stringer believes that such clawback provisions not only “speak to the issue of financial accountability but also to setting a tone at the top.”

Morgenson ends her article by noting that unless GM makes public its internal investigation, “we may never know how many G.M. executives knew about the Cobalt problems and looked the other way.” In the meantime though, this debacle shows the importance of policies that hold high-level employees accountable for conduct that, even if not illegal, can do serious damage to their companies. Directors creating such policies would be sending a clear signal that they take their duties to the company’s owners seriously.”

At this point, we do not know high up the decision went in GM not to install the 90 cent solution. But I would argue it really does not matter. Somewhere in the company, some engineer figured out a solution and indeed one was implemented without changing the part number. I am sure the GM Board would have been sufficiently shocked, just shocked, to find out that such decisions as monetary over safety were going on inside the company. What does all of the information released so far tell us about the culture inside GM when these decisions were made? While I am certainly willing to give current GM Chief Mary Barra the benefit of the doubt about her intentions for the company going forward, particularly after a grueling couple of days before Congress, what do you think the financial incentives were in the company when the 90 cent solution was rejected?

It initially appeared that Citigroup was the victim of a massive fraud perpetrated by one of its customers. However, even initially it was reported that Citigroup let its Mexican operation, Banamex run its own show with very little oversight from the corporate office in New York. Now Citigroup is not only under a civil investigation for lack of proper internal controls but also a criminal investigation for willful ignorance of Banamex’s operations. Does any of this sound far-fetched or perhaps familiar? Think about Frederick Bourke and ‘conscious indifference’. Even the judge in Burke’s criminal trial mused that she did not know if he was a perpetrator or a victim. Perhaps Citigroup is both, but if he was both it certainly did not help Bourke. While I am certainly sure that the Citigroup Board of Directors would also say that it would also simply be shocked, just shocked, to find that there were even insufficient internal controls over Banamex, let alone willful ignorance of criminal actions of its Mexico subsidiary, it does pose the question as to what is the culture at the bank?

As important as clawbacks are, until the message of compliance gets down from the top of an organization, into the middle and then to the bottom, a culture of compliance will not exist. I have worked in an industry where safety is goal number one. But in the same industry I have heard the apocryphal tale of the foreign Regional Manager who is alleged to have said, “If I violate the Code of Conduct, I may or may not get caught. If I violate the Code of Conduct and get caught, I may or may not be punished. If I miss my numbers for two quarters, I will be fired.” Clawbacks for Board members would not have influenced this apocryphal foreign Regional Manager, any more than they would have worked on the psyche of the GM engineers who proposed and then later dropped the 90 cent solution. It was clear to them what their bosses thought was important for them to keep their jobs. As long as management has that message, doing business ethically and in compliance will always take a second seat.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

Sammy Baugh in 1943: Do It the Right Way

2013 is the 70^th anniversary of one of the greatest individual seasons in pro football. In 1943, Sammy Baugh, playing for the Washington professional football team, had what Sports Illustrated said one of the greatest season’s a player has ever sustained. Playing at time when football players played both ways and usually the entire game, Sports Illustrated detailed the following of Baugh’s accomplishments:

• He completed 55.6 percent of his passes, best in the NFL that year.
• He threw 23 touchdowns passes, second in the NFL—and third-highest all-time to that point.
• As a defensive back, he had 11 interceptions, which broke another league record.
• He averaged an NFL-leading 45.9 yards a punt, often flipping the field with a well-timed quick kick.
• Five of his boots were longer than 70 yards.
• He had arguably the greatest single-game performance in history: In a 42-20 win over the Detroit Lions on Nov. 14, Baugh fired four touchdown passes, intercepted four passes and got off an 81-yard punt, the longest of the year in the NFL.

Baugh won and he won doing things the right way. I thought about his accomplishments when I read a recent article, entitled “Decisiveness Is a Double-Edged Sword”, in the Corner Office section of the New York Times (NYT) by Adam Bryant in his interview of David Cote, the Chairman and Chief Executive Officer (CEO) of Honeywell International Inc. In the article Cote explained that “Your job as a leader is to be right at the end of the meeting, not at the beginning.” Cote explained that he had a “reputation for being decisive. Most people would say that being decisive is what you want in a business leader. But it’s possible for decisiveness to be a bad thing. Because if you’re decisive, you want to make decisions — give me what you’ve got, and I’ll make a decision. I’d say that the lower you are in an organization, you can get away with a lot of that and you’ll be applauded for it.”

I found Cote’s approach a good way to explain the role of top corporate leadership in a Foreign Corrupt Practices Act (FCPA) compliance program. When I meet with a new client I explain to the President or CEO what his or her role is in a compliance regime. It is to be a leader and not simply to set the right tone for doing business ethically and in compliance but also ‘walking the walk’ of compliance. In other words, continually reminding the troops to do business the right way.

Further, you have to turn your pride and emotions aside at times because “it’s important to be smart and to think about what’s important.” Cote said that one of the most important behaviors at Honeywell is that you have to get results “and you have to get them the right way.” I thought about the way that Cote phrased it, “and you have to get them the right way.” Cote wants his team to make their quarterly numbers but he wants it done the right way “with the right kind of processes” and those right kinds of processes are financial and compliance controls to help the company to do business the right way going forward.

I once worked for a company where a regional manager was alleged to have said the following: If I violate the Code of Conduct, I may or may not get caught. If I violate the Code of Conduct and get caught, I may or may not be disciplined. If I miss my numbers for two quarters, I will be fired. And guess what – that regional manager never missed his quarterly numbers. Further, he was promoted for his “great” work.

What type of message do you think that this un-named regional manager’s aphorism, his quarterly numbers and, most importantly, the company’s treatment of him going forward sent throughout the region? It was pretty clear that making your numbers is all that top management wanted communicated down through the organization. Conversely, I have heard a compliance professional from another company in the same sector say that it is the business unit’s leader’s responsibility to make the numbers within the structure of the company’s compliance regime. It is not up to the compliance function to figure out how the operations manager should do business but the other way around.

But, equally significant, is the difference in focus between Cote and this un-named regional manager. Cote’s has a long term perspective in place and is thinking long term. He is considering something beyond, weeks, months, the next quarter or even the next two quarters. What Cote said in the NYT piece is that one of the reasons he desires to have the right financial and compliance controls in place is so that “we can make the quarter three years from now and five years from now.” Our un-named regional manager has no such focus; he is only looking at the next sale in front of him because if he does not make his numbers he will be fired. I do not think there can be a stronger message from management than to make your numbers “the right way”.

Just as Slinging Sammy Baugh had a season for the ages some 70 years ago, your compliance program can achieve the goals of doing business the right way if you have a CEO like David Cote. He believes that it is important to get your decisions right and to do business the right way. That is a message that can be translated from senior management down to the middle and the bottom of a company. That is what a compliance practitioner can ask of his or her leaders.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The Texans Are 2-7: What is Missing from Your Compliance Program?

I usually do not write about the Houston Texans because (1) unlike the sad sack Astros, they are not often relevant enough to care about and (2) they usually are relatively well-run. They continue to be not relevant this year, coming into this week’s game with a sterling 2-7 record. However, they showed themselves not be too well run this week when they summarily dismissed from the team  safety Ed Reed, after he publicly said that the Texans were “out-coached and out-played” last week following the team’s seventh straight loss. As my friend and colleague Richard Lummis is fond of saying “No sh– Sherlock.”

For those of you who do not know Ed Reed, he is in his 12^th season of playing in the National Football League. He is a two-time Super Bowl Champion, a nine-time Pro Bowler, a former NFL Defensive Player of the Year and a sure-fired first ballot Hall of Famer. In other words, he not only knows pro football but he is winner. Reed played his first 11 seasons with the Baltimore Ravens and was signed as a Free Agent by the Texans to bring some professionalism and winning attitude to the club. He had surgery in the offseason which slowed him down to the point he longer started but he still has the attitude and credentials of a winner. So what does it say about the Texans when a player of Reed’s stature speaks the truth and is summarily cut the next day. How many top notch free agents or top talent would want to play with an organization that punishes people who publicly complain about losing?

I thought about Reed and the Texans when I read a post from the noted site JDSupra entitled, “What’s the One Thing Missing From Your Corporate Compliance Program?” They put that question to various compliance attorneys writing on JD Supra, asking each to commit to just one essential element that, in their experience, they regularly see missing from corporate programs; IE., programs that are required to address myriad regulatory issues to do with privacy and data security, insider trading, bribery and corruption, and other such matters across numerous jurisdictions. I found the replies quite interesting and perhaps some insights which the Texans can use.

From Jeremy B. Zucker, Co-chair, International Trade and Government Regulation practice at Dechert LLP: “For a compliance program to be truly effective, personnel must take ownership of their behavior and take pride in being part of the team. To achieve this, a truly effective compliance program must demonstrate that a values-based approach is relevant to the daily conduct of business…”

From Charles F. Connolly, partner in Akin Gump’s white collar practice in Washington, D.C.: “…the key question enforcement authorities ask when evaluating a company’s compliance program is ‘does it work?’  The only way to answer that question proactively is to review – and test – the program on a regular basis.”

From Joe Bermudez, partner at Wilson Elser: “Crisis management policies, protocols and procedures are a necessary element for any company’s compliance program. Often overlooked because companies refuse or fail to consider the contingencies involved with catastrophic or tragic events, an effective crisis management plan may be the difference between a company surviving a crisis event and not…The issue is not when a crisis will strike, the issue is whether the company is prepared to survive the event.”

From Peter Menard, senior partner in the Corporate Practice Group at Sheppard Mullin: “Forms of policies, procedures and contract provisions are widely available on the Internet to ensure compliance with such diverse regulations as FCPA and other anti-bribery rules, prohibitions on insider trading, protection of confidential personal financial and health records, and import/export controls…Lawyers can draft the most comprehensive policy, but only management can take the policy out of the file cabinet and make it an integral part of the corporate culture…”

From Chester Hosch, partner in the Corporate and Tax Group at Burr Forman: “The one thing lacking in most corporate compliance programs is a culture of unshakable commitment to integrity and ethics. The commitment has to be embraced and encouraged notoriously, unambiguously and completely by senior management. The commitment will manifest itself in adequate funding, effective training and consistent monitoring. In the end, the compliance officer will have absolute confidence top management will remain true to the commitment, no matter the consequences.”

From Bettina Eckerle at Eckerle Law: “In my experience, often companies do not treat their compliance program as living breathing organism that need to be tested, reviewed, changed, brought up-to-date as market conditions, business practices and the regulatory environment evolve.  One should never think one is ‘done’ with what is in place but rather incorporate compliance in the day-to-day ebb and flow of the business.”

From yours truly: Document Document Document

These observations bring to bear a different set of focuses which you should consider in the context of your compliance program. Take each point raised and ask yourself, do we have this concept or protocol in place? If you do, then ask yourself my mantra: Did you Document Document Document it so that if a regulator, from the US to China comes knocking you will be able to demonstrate that you did have such protocol or concept in place.

As to the Texans, I think the thing that they are missing is reality. They should ask themselves about now if they are dedicated to winning or something else. After losing seven straight games it is even obvious to my English wife that they are being out-coached and out-played. Fortunately she cannot be fired from her job for saying so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Gettysburg Day 3: Pickett’s Charge and Culture of Compliance Throughout an Organization

Gettysburg, Day 3. What could our subject be other than Pickett’s Charge? If there was one event which symbolized the ‘Lost Cause’ of the Confederacy, it was this doomed-to-fail attack. I did not go to the Gettysburg battlefield until I was in my 50s. When I did, I was in awe of the brutality of the terrain. It was not just the rocks and crags of the Big Round Top, Little Round Top and the Devil’s Den, but also the openness and the space. Even in late May the sunshine just seemed to beat down on the fields. I imagine early July can bring some oppressive heat. Coupled with the smoke, screaming and chaos all around, it truly must have seemed like a descent into ‘The Inferno’.

In Pickett’s Charge, approximately 12,500 Southern soldiers from General George Pickett’s Virginia Division of Longstreet’s First Corp marched the three-quarters of a mile, across an open field and up to Union entrenched positions on Cemetery Ridge. All of this was in the face of murderous direct and cross fire from Union positions. As the Confederates approached, there was fierce flanking artillery fire from Union positions on Cemetery Hill and north of Little Round Top, and musket and canister fire from Hancock’s II Corps. In the Union center, the commander of artillery had held fire until the Confederate infantry was only 100 yards away. The effect was devastating. Nearly one half of the Confederate attackers did not return to their own lines. Although the Federal line wavered and broke temporarily at a jog called the “Angle” in a low stone fence, the Confederate attack was repulsed. The farthest advance of Brig. Gen. Lewis A. Armistead’s brigade of Maj. Gen. George Pickett’s division at the “Angle” is referred to as the “High-water mark of the Confederacy”, arguably representing the closest the South ever came to its goal of achieving independence from the Union via military victory. But it really was not a near thing, as the Union had sufficient reserves to breach any serious gap.

Over the past two days, we have looked at Confederate leadership failures as a segue into a compliance topic. So today we honor the everyman who fought at Gettysburg, from both North and South, and their values which allowed them to do such feats as march across an open field for ¾ of a mile in the face of sustained cannon, rifle and musket fire and then attack. David Brooks, in a New York Times (NYT) column entitled “Why They Fought”, cited to the 1997 James M. McPherson book “For Cause and Comrades,” which looked at the private letters Civil War soldiers sent to their loved ones. Brooks wrote that McPherson found that the letters from the soldiers spoke about “patriotism, ideology, concepts of duty, honor, manhood and community” and the letters “were also explicitly moralistic.” Brooks cited to McPherson again for the following, ““The consciousness of duty was pervasive in Victorian America,” McPherson writes. The letters were studded with the language of personal honor, and, above all, a desire to sacrifice, as one soldier put it, “personal feelings and inclinations to … my duty in the hour of danger.”” What made them like that? It was certainly a different place and time from today’s world.

The compliance perspective from our Day 3 lesson is moving the values of an ethical culture that your company espouses down through an organization. The Ethics Resource Center describes an “ethical culture” as having four essential characteristics:

• Ethical leadership: leaders set the right “tone at the top” and model ethical culture as part of earning the trust of employees;
• Supervisor reinforcement: employees look to immediate supervisors for signs that the tone at the top is important and is taken seriously;
• Peer commitment: peers talk about the importance of ethics and support one another in “doing the right thing”; and
• Embedded ethical values: a sense of “how we do things around here” integrated into daily activities.

Clearly this definition anticipates culture going down through an organization until it becomes a part of the corporate DNA.

In the Middle

Mid-level managers are often the demographic group within an organization that faces the greatest pressure. They often feel squeezed between carrying out edicts from the top and facing the realities from the field of actually getting the job done. But this role is critical because the majority of company employees work most directly with middle, rather than top management, as most employees will take their cues from how middle management will respond to a situation. Middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees have an outlet to express their concerns.

David Gebler, writing in the Society of Corporate Compliance and Ethics (SCCE) “The Complete Compliance and Ethics Manual”, in an article entitled “The Role of Culture”, says that “In many organizations mid-level managers have not had extensive leadership development training. Leadership may not have provided these managers with sufficient tools and training to both manage the pressure as well as provide the kind of empathetic reception that employees may need if they have a problem to discuss. The result is that line employees often feel their supervisors do not create a true open door for them to discuss issues. Even worse, in many organizations, supervisors are the source of the frustration that dampens the ability of senior leadership to create a culture of compliance.”

At the Bottom

How about at the bottom of an organization? Gebler believes that true self-governance within an organization means that lower level employees feel responsible for their actions; they feel emotionally invested in the welfare of the organization that they want to do a good job; and want to feel proud of their department and workgroup. Peer pressure still exerts a powerful influence on behavior in most organizations; sometimes it is even more powerful than messages or tone from leadership. One test could be the following, “if a colleague takes a short cut, or perhaps violates a code provision, such as unauthorized use of time or resources, will they say anything?”

Gebler ends his section by reiterating his belief that culture plays a significant role in shaping the day-to-day perceptions of employees and their relationship with the company’s standards and compliance program. Progressive companies evaluate their culture as such touchstones can inform the compliance practitioner “towards a fuller understanding of the drivers of ethical behavior through all levels of the organization. This data will help ensure that training and communication initiatives are seen as relevant and helpful tools for employees at all levels.”

I recently saw a formulation of the above that provides the compliance practitioner with a framework to define these concepts.

• Set Expectations: Define your leadership with integrity. This means clear instructions that doing business ethically will be rewarding and failure to do so, even if it means making one’s numbers each quarter, will not be tolerated.
• Equip: Supply the tools and training needed to authoritatively communicate compliance messages.
• Prepare: Provide practical support for receiving and responding to issues reported.
• Mitigate: Train managers on specific anti-bribery and anti-corruption risks. This would include laws such as the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act and also embedded legal risk such as retaliation for reporting unethical behavior.
• Educate: Make it clear that ethical values and doing business in a manner that is in compliance with your Code of Conduct and FCPA program are a fundamental part of each employee’s jobs. This should be reinforced with both performance criteria and performance rewards. The compliance practitioner should also train employees to spot and address issues in their business roles.

This blog concludes my three-part look at the Battle of Gettysburg. I hope that you can take a few minutes to consider the sacrifice of all the men who fought at this small village and what it continues to mean to all Americans today, even 150 years later. As a final commemoration, tomorrow, July 4, I will conclude my series with a posting of the Gettysburg Address.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Baseball and Compliance: From the Astros to Juiced Balls in Japan

What do national pastimes teach us about ethics and compliance? I would argue plenty. While, for the most part, I have reserved myself from writing about the Houston Astros fraud upon their fans this season in claiming that (1) they are fielding a major league team and (2) are not trying to lose; one item reached me last week which went far beyond the pale, even for the Astros. So channeling my inner Howard Sklar, I will start with a mini-rant. The item I received was a text from the Astros organization, informing me that I could vote for all Astros starters to be placed on the Major League Baseball (MLB) All-Star team in less than 30 seconds. Are you kidding me, what are the chances of any of the Astros starters being voted onto the All-Star team? At this point, I don’t think any of the starters would make an AA, All-Star team, let alone a MLB All-Star team.

Fortunately not all MLB teams are quite so brazenly fraudulent. But in Japan, there is currently a baseball scandal brewing that seems to be more poised to impact the entire country. What is that scandal about? Juiced baseballs and their cover-up. In an article in the New York Times (NYT), entitled “As Baseballs Fly in Japan, Dispute Simmers”, reporter Ken Belson wrote about the current scandal in Japan, where Nippon Professional Baseball (NPB) decreed that the baseball should be juiced so that there would be more home runs. Belson reported that Japanese baseball owners were concerned about the drop in home runs over the past couple of seasons but could not come up with a consensus approach to deal with the issue. So they turned the matter over to the league which apparently decided the baseballs needed a little more ‘umph’. I do find the cultural differences fascinating that while American baseball certainly had its own baseball scandal around juicing, in the US it was players that were juiced and not the baseball.

While the league made this decision, it apparently did not tell anyone; not the owners, nor the players and most certainly not the fans. The scandal was deepened by the remarks of the league’s commissioner, Ryozo Kato, who originally had denied that the baseballs were juiced this season. Some two weeks later Kato backtracked from this statement, claiming that his staff had not informed him that the baseballs were juiced when he made this initial denial. Kato made this about face “when he revealed that the league secretly made its official ball livelier during the off-season, essentially because the previous version, introduced in 2011, led to an alarming drop in home runs.” Oops.

In addition to the shame and disgrace that Kato would seem to have brought upon himself, and Japanese baseball in general, I found the metaphor for Japanese business interesting. Belson noted that “The revelation has angered a nation tired of leaders who try to sweep bad news under the rug to, according to a popular euphemism, “avoid confusion.” In recent years, executives at Olympus, the camera and medical equipment maker that hid massive losses from shareholders, and Tokyo Electric Power Company, whose shattered nuclear reactors have endangered millions of people, have been pilloried after their transgressions were unearthed, to name two prominent examples.”

Tone Up and Down the Organization

So what can the Astros and this season teach us about compliance? First it all starts at the top and in Houston we have team owner Jim “I-made-a-$100MM-so-I-must-know-what-I-am-talking-about” Crane at the top. Clearly his tone has impacted the organization because it is sending out texts trying to get folks to vote team members onto the All-Star team. One of things that might be a requirement is that a player has an all-star season to be voted onto the team. So it’s more than simply tone-at-the-top, it is also ‘tone in the middle’ or more appropriately for the Astros, ‘tone-at-the-bottom’.

If the top of your organization claims that not only is everything OK but everything is moving in the right direction, this message will certainly move throughout your organization. But one of the catches to making such claims is that everything should be OK and your organization should be moving in the right direction. Trying to have the worst team possible so that you can get more money in revenue sharing is not the same as trying to win baseball games. So tone does matter and if the top of your organization says we are made up of All-Stars, when you have the worst record in the American League (AL), the bottom of your organization may well say it to. They would both be wrong.

Transparency

One of the more interesting points that Belson wrote about in his article was the lack of transparency in the league’s actions to juice the baseballs in Japan. He wrote that “Most fans would have accepted the new ball because high-scoring games are often popular. The players union, too, would have gone along with the change if it were part of a goal that both pitchers and batters could get behind, like introducing a new ball to help the national team.” If there had been transparency, it would not have been fraud upon everyone for Kato to stand up and say that the baseballs were no different when everyone else involved could tell something was very different. If you want to change the style of play by changing the equipment, tell everyone about the equipment change so that they can adjust their play.

In the compliance world, transparency solves many issues relating to the gifts, travel and entertainment. If you cannot provide these to a foreign government official or employee of a state owned enterprise, without transparency, then the gift travel or entertainment is probably inappropriate. The example that I give is if you can give a gift to someone in front of their co-workers, then that is transparency. If you have to send the gift to his or her home, that indicates a lack of transparency.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Moving Compliance through an Organization

We often talk about tone at the top. But in many ways it is tone further down the organization which is more important for this is where the rubber hits the road and compliance is done on a day to day basis. I recently saw a couple of articles in the March/April Issue of the SCCE Magazine which discussed the “How-To” of compliance. They drove home several excellent ideas on specific steps that the compliance practitioner can use to move the compliance discussion from simply a tone from senior management that we will do business the right way down into middle and lower levels of the company where most of the business gets done.

The first article entitled “Success: You hit the target you aim at” is by Frank Navran . In this article, one of the things that Navran discussed was expanding on the “How-To” of making change in ethics and compliance occurs throughout the organization. He listed seven steps which he believed can not only make change happen but can make it stick as well.

1. Position, philosophy and belief. Interestingly, Navran begins not with a top down item but a bottom up approach. He believes that an “organization’s and senior leadership’s positions can typically be improved, supplemented, and/or modified with input from employees and other stakeholders.” Further, once all company stakeholders, both up and down the chain, have inputted into the organization’s core beliefs, they will become “integral to the identity of an organization.”
2. Formal organizational systems. Navran believes that formal systems are needed to guide everyone’s “day-to-day behaviors” in an organization. Without these formal structures in place, even the most robust informal system for doing business in an ethical and compliant manner can be “demolished by one or two serious infractions.”
3. Informal leadership systems. Navran nails this concept by stating the “Informal leadership is not about what we say. Rather it is about what we do.”
4. Measures, rewards and sanctions. Navran notes that typically what we measure is what you get. This makes it imperative that ethical standards are communicated as clearly as the “objective outcomes that are the more conventional measures of success.” It is equally important that the sanctions for non-ethical or non-compliant behavior be levied and such conduct not allowed to continue.
5. Communications and education strategy. It matters not only what we say but how we say it. Navran emphasizes that “If we want our commitment to ethics to be credible, then it has to be reflected in both our words and actions. It has to be mirrored in what we teach, both formally and by example.”
6. Response to critical events. Navran believes that the most important indicia “in determining what others believe to be our priorities is how we behave in response to a critical event. What we do when the stakes are high, time is short, and the pressure is on reveals our priorities and our principles.” So when the pressure is on and the whole world is watching, if leaders act according to their stated vows of doing business ethically and in compliance, this will send a strong signal to the rest of the company. And, simply put, if they do not employees will understand their true values.
7. Hidden agendas. If employees believe that leaders have a hidden agenda, they lose credibility as a leader. Navran thinks that it is important that the “perceived motives and agendas are consistent with how we behave and what we say, expect, or require of others.”

Navran ended his story with an interesting parable, that of the “wrong rock”. In this story, a manager asks you to perform a task, which is to go outside and get a rock. You do so. When you return, the manager says that you did not get the rock he wanted. Navran derives from this tale, that “If you know the goal and the associated success criteria, it is easier to succeed the first time.” So if doing business in an ethical and compliant manner is your goal, it will help employees if you provide to them the values you wish them to hold through your own actions.

The second article which caught my eye was authored by Shelley Aul and Christina Reese and is entitled “Your board is engaged, but what about management?” In this article, the authors discuss some of the questions presented at a session at the SCCE 2012 Annual Conference. In this session, they asked the following questions, “what about your organization’s “mood in the middle” and “buzz at the bottom”?” They listed some of the successes they heard from the conference attendees for engagement of all employees in compliance and ethics. The suggestions included:

1.      Create an Ethical leadership award – Award management and employees for going above and beyond expectations.

2.      Host an internal ethics and compliance conference – Have your company host an in-person or virtual conference with management where they learn about ethics and compliance topics that are important to them and their roles.

3.      Create ethics and compliance liaisons/champions/networks – Identify employees from across your organization who can act as an extension to your program. The representatives can be leveraged to share information with employees and they can relate information back to you to help improve the program.

4.      Create ethics and compliance targets and goals – Implement an ethics and compliance component into performance reviews and bonus goals for all employees.

5.      Sponsor Ethics and Compliance Week – Work with management to participate in a companywide Ethics and Compliance Week.

6.      Leverage internal company e-newsletters – Add a “Compliance Corner” to an already existing management-only e-newsletter. In doing so, you can provide information and scenarios to discuss in their department/team meetings, without having to create an additional email.

7.      Create Management toolkits – Develop a toolkit with ethics and compliance resources that management can easily use. Post the toolkit in an online portal and keep it updated when things change.

8.      Meet with new hires – A compliance department representative should meet one-on-one with new hires or newly promoted managers. Explain to them your role, the resources available to them and follow-up with them periodically. The compliance function should develop such relationships early.

9.      Develop peer-to-peer recognition programs – Proactively seek employees who are doing what’s right by asking them to nominate coworkers who have helped them in their jobs. Have management locally recognize those who are selected.

10.  Train the trainers – Train your management to cascade training by having them train their staff on ethics and compliance-related matters.

Both of these articles lay out some excellent, practical ideas that the compliance practitioner can put to use or use to measure a compliance program against. If you are not a member of SCCE, you should join, the reason being is that the information it makes available to the compliance practitioner makes it one of the best value compliance resources on the market.

———————————————————————————————————————————————————————-

Compliance Week needs your help! Compliance Week and Kroll Advisory have teamed up to undertake a major survey on corporate anti-corruption programs, and are asking compliance executives to participate. The survey itself—the 2013 ‘Global Anti-Bribery Benchmarking Report’—can be found here:

http://surveys.harveyresearch.com/se.ashx?s=0D146E2D11F8D225

The survey should take no more than 20 minutes to complete. It asks about the bribery risks you have, procedures you use to train employees and vet third parties, the size of  your compliance team, and more. Rest assured, all submissions will be secure and anonymous. The deadline to submit information is end of business on Friday, March 15.

Results of the survey will first be presented at the Compliance Week 2013 annual conference in Washington, May 20-22 (www.ComplianceWeek.com/conference), and later published in a special supplement of the Compliance Week magazine.

Anyone with questions can contact Compliance Week editor Matt Kelly at mkelly@complianceweek.com.

———————————————————————————————————————————————————————

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013