FCPA Compliance and Ethics Blog

January 13, 2015

What’s the Password for Compliance? Swordfish and Lessons for the CCO

SwordfishI continue my exploration of the Marx Brothers this week by looking at their most successful commercial film made for Paramount, Horse Feathers. While Duck Soup is and always will be my favorite film due to its overall and complete anarchy, Horse Feathers comes in a close second. The movie takes place on a college campus and generally revolves around Huxley College’s attempt to win ‘the big game’ against Darwin College and payments to college football players (does that sound familiar?). I remember after the first time I saw it and told my father about it, he was still able, some 40 years after he first viewed it, to quote the famous password scene involving all manners of puns on the word ‘swordfish’. I quote the entire scene, where Professor Wagstaff (Groucho) attempts to gain access to a Speakeasy guarded by Baravelli (Chico).

Baravelli: …you can’t come in unless you give the password.

Professor Wagstaff: Well, what is the password?

Baravelli: Aw, no. You gotta tell me. Hey, I tell what I do. I give you three guesses. It’s the name of a fish.

Professor Wagstaff: Is it “Mary?”

Baravelli: [laughing] ‘At’s-a no fish!

Professor Wagstaff: She isn’t? Well, she drinks like one! …Let me see… Is it “Sturgeon”?

Baravelli: Aw, you-a craze. A “sturgeon”, he’s a doctor cuts you open when-a you sick. Now I give you one more chance.

Wagstaff: I got it! “Haddock”.

Baravelli: ‘At’s a-funny, I got a “haddock” too.

Wagstaff: What do you take for a “haddock”?

Baravelli: Sometimes I take an aspirin, sometimes I take a calomel.

Wagstaff: Y’know, I’d walk a mile for a calomel.

Baravelli: You mean chocolate calomel? I like-a that too, but you no guess it. [Slams door. Wagstaff knocks again. Baravelli opens peephole again.] Hey, what’s-a matter, you no understand English? You can’t come in here unless you say, “Swordfish.” Now I’ll give you one more guess.

Professor Wagstaff: …swordfish, swordfish… I think I got it. Is it “swordfish”?

Baravelli: Hah. That’s-a it. You guess it.

Professor Wagstaff: Pretty good, eh?

Harpo (“Pinky”) takes the perhaps more direct approach. When Baravelli challenges him for the password, he gets into the speakeasy by pulling a sword and a fish out of his trench coat, putting the sword down the throat of the dead fish and presenting the combined sword and fish the doorman. While I still guffaw when reading all of this, I would urge you to click through to the YouTube video I have linked to at the end of this blog post.

I do find some lessons for the Chief Compliance Officer (CCO) or compliance practitioner in this scene. I have adapted the lessons from an article in the Financial Times (FT) by Michael Skapinker, entitled “Seven lessons in management I learnt over the last decade”.

  1. Do not rush. It takes Groucho a while but he does not rush and he gets in. We all arrive with a new plan. Your plan may be right or wrong but unless the barbarians are at the gate (i.e. banks or creditors) you will have time to listen, refine and build alliances and to identify those folks who were actually waiting for what you may want to propose. Skapinker believes the most important promise you will make in an interview is to talk to everyone first and then work towards your implementation.
  2. A good deputy helps you sleep at night. This one may seem to be a counter-intuitive lesson from the above skit but not in reality, as it is in the interest of the establishment for Groucho to actually enter the Speakeasy. However, Skapinker believes you should have someone who not only understands what you want but also “a deputy with different skills from yours. You want someone who will alert you to problems. But you also want someone who sees the business the way you do”.
  3. Decide what your business stands for and tell everyone until you can no longer stand the sound of your voice. The Marx Brothers did this every time they opened their collective mouths; insanity prevailed. Skapinker wrote, “You need to decide what yours is, and you need to keep telling people, both inside and outside. Whether they believe you depends on how true it is”. I cannot think of anything more important for the CCO or compliance practitioner to follow.
  4. Hire people on probation. This would seem to be the entire point of the swordfish exercise. You need to find a way to determine if folks are going to do and say the right thing before you let them in. In the corporate world this should take place in the form of employees being evaluated for doing business the right way and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Whenever someone is promoted to senior management or into a position where there is a high risk of corruption, such as to a region with a propensity for corruption, such an evaluation should be made by the compliance function in conjunction with the Human Resources (HR) function of an organization.
  5. Treat your team like adults. If the Marx Brothers were anything it certainly was adults. By this I mean their humor worked on multiple and a multitude of levels. It worked for me as a teenager in the 1970s just as it worked for my father who was then in his late 40s. Skapinker relates what might seem self-obvious that “Most people want to do a good job. They do not come to work to rip you off. So trust them. Judge them by their results and do not hover over them.” However, coming from the energy industry in Houston, I have certainly seen companies that treated employees like they were in the third grade. It simply does not work in the compliance arena because if you are big enough to be international, you will not have the ability to lord over all your employees, all the time. You have to try and hire the right folks, train them and give them the tools to succeed.
  6. Tell people what they have just told you. This technique simply shows you are listening, which is how Groucho finally figured out the password and got into the Speakeasy. In a company, Skapinker believes that “There is no more powerful management tool than showing people that you have listened to them. The best way not only to show you have listened, but really to do so, is to repeat their views in good faith back to them. That way, even if you decide something different, they feel they have had a good hearing.” At the close of meetings you can use this strategy to help rally your team around your decision including those who might have disagreed with you.
  7. Make your numbers. I think Harpo’s example here is paramount. Let folks see what you are doing. Since he was the mute one, he gave a visual representation of a swordfish but it communicated the message. For the CCO or compliance practitioner, you need to come up with some metrics to demonstrate the value you are adding. I would suggest that it comes in the area of accounting controls because at the end of the day, internal controls under the FCPA are accounting controls. You need to communicate your mission and that you are achieving it to the Board of Directors or senior management. 

I still grin when I think about the swordfish scene. For a clip of the scene on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 12, 2015

Get Your Tootsie-Frootsie Ice Cream; Hiring as Part of Your Compliance Program

Tootise-Frootsie Ice CreamOne of my great loves is the Marx Brothers. I fell in love with their rapid-fire wiseacre remarks as a teenager and have been enthralled with them since then. I have seen all of their movies, most of their television appearances and even read some of their radio scripts. I was reminded of the their unique brand of comedy and contribution to the great good when I read an article in the Financial Times (FT) by Danny Leigh, entitled “Souped-up comedy”. Leigh wrote the article around the British Film Institute’s (BFI) 2015 season, which includes a year-long retrospective of Marx Brothers movies. To honor both the BFI and my beloved Marx Brothers, this week, I am featuring series of Marx Brothers themed blog posts.

Today, I want to look at what many believe is one of their funniest skits, which comes from the MGM-released movie A Day at the Races, the “Tootsie-Frootsie” Ice Cream/Code Book scene. Tony (Chico) poses as an ice-cream vendor outside the racetrack – he is actually a con artist selling racing tips on horses. He knows that in the next race, he can win with 10-1 odds with a bet on Sun-Up, but he needs the cash. So he sets up the scam as gullible victim Dr. Hackenbush (Groucho) arrives at the racetrack to bet two dollars on Sun-Up. Hackenbush is advised by Tony to bet on Rosie, a 40-1 shot. At the betting window, Hackenbush bets two dollars on Rosie, but the bookie tells him the race is already over – Sun-Up was the winner. Hackenbush realizes he has been taken. He thinks for a moment, then dumps the books back in the cart and takes the scammer’s place waiting for a victim, crying: ”Get your Tootsie-Frootsie. Nice ice cream. Nice Tootsie-Frootsie ice cream.”

I thought about the Tootsie-Frootsie ice cream scene in the context of hiring and Foreign Corrupt Practices Act (FCPA) compliance. One of the theories of conventional wisdom about anti-corruption compliance is that you will never be able to reach 5% of your workforce with compliance training because they are predisposed to lie, cheat and steal anyway. Whether they are simply sociopaths, scumbags or just bad people; it really does not matter. No amount of training is going to convince them to follow the rules, such as the FCPA, UK Bribery Act or even foreign domestic laws against bribery and corruption, consider the Chinese domestic laws that GlaxoSmithKline PLC (GSK) was convicted under, they were of no import to such people. They do not think such laws apply to them and they will lie, cheat and steal no matter what industry they are in and what training you provide to them. But knowing such people exist and they may be able to lie, con or otherwise dissimilate their way into your organization does not protect your company from FCPA liability when they inevitably violate the law by engaging in bribery and corruption. It is still the responsibility of your company to prevent and detect such conduct and then remediate if it occurs. Simply put, if you hire Chico, you are going to get a Tootsie-Frootsie ice cream.

I thought about these concepts when reading an article in the Corner Office column of the New York Times (NYT), entitled “Three Keys to Hiring: Skill, Will and Fit”, by Adam Bryant where he reported on an interview with Marla Malcolm Beck, the Chief Executive Officer (CEO) of Bluemercury. She had several lessons that I thought would be helpful for Chief Compliance Officer (CCO) or compliance practitioner in general and in particular when trying to have your company avoid bringing in the five per-center mentioned above.

Be Passionate

Beck related an early leadership lesson that she learned during college, she ran unopposed to be President of a student organization. Since she was unopposed, she ran no campaign but did not receive a majority of votes and therefore was not elected to the position. So she tried to learn from her mistakes, “In the second election, someone ran against me, but I had interviewed a lot of people about why I didn’t get the position the first time, and they said I wasn’t human enough, I wasn’t passionate enough. So I talked more about the mission and my dreams for the organization, and I think people respected me for getting up there again, and I got most of the votes.” For the compliance practitioner or CCO, I think the message here is both communication and passion. If you do not believe in the anti-corruption compliance regime that you are pushing, it will be nearly impossible for the rest of your far-flung corporate work force to believe in it. Talk about compliance and the positive aspects of your program for your company. If you sit in your office, situated as Dr. No in the Land of NO, you and your program will get NOwhere fast.

Problem Solving

Another valuable lesson that Beck related was one she learned early on in her entrepreneurial career and it related to problem solving. She said, “Early on, I kept a lot of the hard problems to myself. Not only did that put more pressure on me, but also people can start working on the wrong things, and you have no way to course-correct if you don’t give them the “why.” I don’t think I was brave enough early on, and I’m more brave now about not keeping things to myself — things that are working, things that are not working, and just being more fluid with communication. I still catch myself now when I’m asking people to do things, and I have to go back to why it’s important and why we need to do this as a company.”

As a CCO or compliance practitioner, you will never have enough time to answer every question, nor should you. If you can provide your employee base the tools to make the right call, I think you will find most of the time they will. In a compliance leadership role, you should have two overriding goals: (1) burn compliance into the DNA of your company deeply enough that the business folks will come up with the right response almost all the time, and (2) be there when they cannot do so. Beck’s query of “why it’s important and why we need to do this as a company.”

The Hiring Process

I found Beck’s remarks on hiring the most interesting. I have long argued that Human Resources (HR) is a key component in any best practices anti-corruption compliance program. This is particularly true in hiring and promotion of employees to senior management. Avoiding the hiring or promotion of the sociopaths, or even the Chico’s of the world, is a key tool that HR brings to the table. Beck’s approach is to take a short interview technique in which she attempts to assess, Skill, Will and Fit. She said, “I’ll ask, “What’s the biggest impact you had at your past organization?” It’s important that someone takes ownership of a project that they did, and you can tell based on how they talk about it whether they did it or whether it was just something that was going on at the organization. Will is about hunger, so I’ll ask, “What do you want to do in five or 10 years?” That tells you a lot about their aspirations and creativity. If you’re hungry to get somewhere, that means you want to learn. And if you want to learn, you can do any job. In terms of fit, I’m looking for people who have some sort of experience with a smaller company. At big companies, your job is really one little piece of the pie. I need someone who can make things happen and is comfortable with ambiguity.”

Through such a structured series of questions, a properly trained HR professional can begin to assess whether an employee might have a propensity to engage in bribery and corruption. By adding information about your company’s values towards doing business ethically and in compliance, you can introduce this topic at either the interview evaluating process or in the promotion process. While true sociopaths will most certainly lie to you, perhaps even convincingly, by introducing the topic at such a pre-employment stage, they may be encouraged to take their skills elsewhere. Or you can just get your Tootsie-Frootsie ice cream.

For a clip of the Get Your Tootsie-Frootsie Ice Cream scene on YouTube, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015TexasBarToday_TopTen_Badge_Large

December 18, 2014

Ty Cobb and the Compliance Performance Appraisal Review

Ty CobbToday we celebrate greatness, in the form of one of the greatest baseball players ever, with the anniversary of the birthday of Ty Cobb. Coming up to the majors as a center fielder for the Detroit Tigers in 1905, he emerged in 1907 to hit .350 and win the first of nine consecutive league batting titles. He also led the league that year with 212 hits, 49 steals and 116 RBIs. In 1909 he won the league’s Triple Crown for the most home runs (9), most runs batted in (107), and best batting average (.377). In 1911, he led the league in eight offensive categories, including batting (.420), slugging percentage (.621), hits (248), doubles (47), triples (24), runs (147), RBI (144) and steals (83), and won the first American League MVP award. He batted .410 the following season, becoming the first player in the history of baseball to bat better than .400 in two consecutive seasons.

Cobb set a record for stolen bases (96) and won his ninth straight batting title in the 1915 season. He faltered the next year, but came back to win another three straight titles from 1917 to 1919. He left the team in 1926 and signed with the Oakland Athletics, hitting .357 and becoming the first-ever player to reach 4,000 total career hits before retiring after the 1928 season. His record of nine consecutive batting titles as well as his overall number of 12 will never be succeeded.

While Cobb certainly had quite a bit of natural ability, he was also a very dedicated baseball player, forever working to improve his craft. He might not have taken well to criticism but he did work to improve all aspects of his game. One of the modern ways to improve employee performance is through an annual employee performance review. Recently I read an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive” by Janet Flewelling. I found her article provided some interesting perspectives on some of the ‘nuts and bolts’ work that you can put into your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act anti-corruption program that can be relatively low-cost but can add potentially high benefits.

One of the ways to drive compliance into the DNA of an organization is through incentives such as making it a component of a year-end discretionary bonus payment. Indeed the FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”

Most Human Resources (HR) experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year’s worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.

In her article Flewelling provides six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal. 

  1. Prioritize reviews in your schedule – You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
  2. Review the entire year’s performance – You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
  3. Do not hesitate to critique – Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee’s compliance shortcomings is a disservice to both the company and the employee.
  4. Do not dominate the conversation – Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
  5. Understand the employee’s role – You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
  6. Anticipate reprisal – Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.

Flewelling ends her piece by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. Nonetheless the potential upside can be significant from your overall compliance program perspective.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 15, 2014

Hiring and Promotion in Compliance – Wait for Great

7K0A0597The role of Human Resources (HR) in anti-corruption programs, based upon the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, is often underestimated. I come from a HR background and practiced labor law early in my career so I have an understanding of the skills HR can bring to any business system which deals with legal issues; which is not only required of all businesses but certainly is true of FCPA or UK Bribery Act compliance. If your company has a culture where compliance is perceived to be in competition or worse yet antithetical to HR, the company certainly is not hitting on all cylinders and maybe moving towards dysfunction.

One of the Ten Hallmarks of an Effective Compliance program relates to the key role HR plays in incentives and discipline. However, another key area that is not given as much attention is in hiring and promotion. The FCPA Guidance states, “[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cu tting ethical corners is an ac­ceptable way of getting there, they’ll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.” In other words make compliance significant for professional growth in your organization and it will help to drive the message of doing business in compliance.

I thought about these concepts when I read an article in the Corner Office column of the Sunday New York Times (NYT), entitled “Sally Smith of Buffalo Wild Wings, on patience in hiring” where columnist Adam Bryant interviewed Sally Smith, the Chief Executive of Buffalo Wild Wings, the restaurant chain. She had some interesting concepts not only around leadership but thoughts on the hiring and promotion functions, which are useful for any Chief Compliance Officer (CCO) or compliance practitioner striving to drive compliance into the DNA of a company.

Leadership – Get Feedback

One of the early lessons which Smith learned about leadership is to set clear expectations. Bryant wrote that Smith told him, “You have to be really clear about what you want and what your expectations are. When you’re clear and everybody understands them, you have a much better chance of success than if you say, “Just do it.” It’s a great slogan, but you’ve got to know what it is that you’re just doing.” This is a constant battle for the compliance practitioner when senior management also makes clear that you must make your numbers as well. However this dynamic tension can be met and one of the best ways is to require business-types to make their numbers but doing so in a way that is in compliance with a company’s Code of Conduct and compliance regime.

A second leadership lesson that Smith has learned is around feedback. As you might guess from a Chief Executive, Smith has found that obtaining honest critiques about her management style from those who work under her is difficult to acquire. To overcome this reluctance she set up a program where her leadership can give anonymous reviews of her performance annually to the company’s Board of Directors. Bryant said, “My leadership team does a performance review on me each year for the board. It’s anonymous. They can talk about my management style or things I need to work on. If you want to continue growing, you have to be willing to say, “What do I need to get better at?”” This type of insight is absolutely mandatory for any best practices compliance program as anonymous reporting is also one of the Ten Hallmarks of an Effective Compliance program. But more than simply an anonymous reporting line for FCPA violations, how does your company consider feedback to determine how all levels of the company is doing compliance going forward or as the FCPA Guidance states, “From the boardroom to the shop floor.”

Hiring and Promotion – Waiting for Great

Here Smith had some thoughts put in a manner not often articulated. One of her cornerstones when hiring is to search out the best person for any open position, whether through an external hire or internal promotion. Bryant stated that Smith said “We use the phrase “wait for great” in hiring. When you have an open position, don’t settle for someone who doesn’t quite have the cultural match or skill set you want. It’s better to wait for the right person.”

Smith articulated some different skills that she uses to help make such a determination. Once a potential hire or promotion gets to her level for an interview, she will assume that person is technically competent but “I assume that you’re competent, but I’ll probe a bit to make sure you know what you’re talking about. And then I’ll say, “If I asked the person in the office next to you about you, what would they say?””

Passion and curiosity are other areas that Smith believes is important to probe during the hiring or promotion process. In the area of passion, Smith will “Often ask, “What do you do in your free time?” If they’re passionate about something, I know they’re going to bring that passion to the workplace.” Smith believes curiosity is important because it helps to determine whether a prospective hire will fit into the Buffalo Wild Wings culture. Bryant wrote, “I look for curiosity too, because if you’re curious and thinking about how things work, you’ll fit well in our culture. So I’ll ask about the last book they read, or the book that had the greatest impact on them.” Smith also inquires about jobs or assignments that went well and “ones that went off the tracks. You ask enough questions around those and you can determine whether they’re going to need a huge support team.”

I found these insights by Smith very useful for a compliance practitioner and the hiring and promotion functions in a compliance program. By asking questions about compliance you can not only find out the candidates thoughts on compliance but you will also begin to communicate the importance of such precepts to them in this process. Now further imagine how powerful such a technique could be if a Chief Executive asked such questions around compliance when they were involved in the hiring or promotion process. Talk about setting a tone at the top from the start of someone’s career at that company. But the most important single item I gleaned from Bryant’s interview of Smith was the “Wait for great” phrase. If this were a part of the compliance discussion during promotion or hiring that could lead to having a workforce committed to doing business in the right way.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 1, 2014

Creation of Yosemite and Putting Compliance at the Center of Strategy

YosemiteOn this day in 1890, an act of Congress created Yosemite National Park, home of such natural wonders as Half Dome and the giant sequoia trees. Environmental trailblazer John Muir (1838-1914) and his colleagues campaigned for the congressional action, which was signed into law by President Benjamin Harrison.

In 1889, John Muir discovered that the vast meadows surrounding Yosemite Valley, which lacked government protection, were being overrun and destroyed by domestic sheep grazing. Muir and Robert Underwood Johnson, a fellow environmentalist and influential magazine editor, lobbied for national park status for the large wilderness area around Yosemite Valley. With this persuasion, Congress set aside over 1,500 square miles of land for what would become Yosemite National Park, America’s third national park. In 1906, the state-controlled Yosemite Valley and Mariposa Grove came under federal jurisdiction with the rest of the park to create the Yosemite that we know today. It clearly was a triumph for Muir and Johnson but more so for the American people.

I recently read an article in the Harvard Business Review (HBR) that seemed to draw inspiration from the actions of Muir and Johnson. The article by Frank Cespedes, entitled “Putting Sales at the Center of Strategy”, discussed how to connect up management’s new sales plans with the “field realities your salespeople face.” Referencing the well-known Sam Waltonism that “There ain’t many customers at headquarters”; Cespedes believes that “If you and your team can’t make the crucial connections between strategy and sales, then no matter how much you invest in social media or worry about disruptive innovations, you may end up pressing for better execution when you actually need a better strategy or changing strategic direction when you should be focusing on the basics in the field.”

The problem is usually clear. Senior management and the C-Suite make clear their commitment to doing business ethically and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA). The company even has a best practices compliance. But the problem is that the installation or enhancement of a compliance regime is usually perceived as a ‘top-down’ exercise. The reality of the employee base that must execute the compliance strategy is not considered. Even when there are comments, it is derisively characterized as ‘push-back’ and not taken into account in moving the compliance effort forward. I thought Cespedes piece had some great insights for the compliance practitioner so borrowing from his four-point process, I will rework it for a compliance professional.

Communicate the Strategy

It can be difficult for an employee base to implement a strategy that they do not understand. Even with a company wide training rollout, followed by “a string of e-mails from headquarters and periodic reports back on results. There are too few communications, and most are one-way; the root causes of underperformance are often hidden from both groups.” Here Cespedes’ insight is that clarification is a leadership responsibility and in the compliance function that means the Chief Compliance Officer (CCO) or other senior compliance practitioner. Moreover, if the problem is that employees do not understand how to function within the parameters of the compliance program, then there is a training problem and that is the fault of the compliance department. I once was subjected to a PowerPoint of 268 slides, which lasted 7.5 hours, about my company’s compliance regime. To say this was worse than useless was accurate. The business guys were all generally asleep one hour into the presentation as we went through the intricacies of the books and records citations to the FCPA. The training was a failure but it was not the fault of the attendees. If your own employees do not understand your compliance program that is your fault.

Continually improve your compliance productivity

I thought this point was insightful. Cespedes talked about incentivizing your sales force. Why not do the same concepts around compliance? You can work with your Human Resources (HR) department to come up with appropriate financial incentives. Many companies have ad hoc financial awards, which they present to employees to celebrate and honor outstanding efforts. Why not give out something like that around doing business in compliance? Does your company have, as a component of its bonus compensation plan, a part dedicated to FCPA compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. HR can, and should, facilitate this process by setting expectations early in the year and then following through when annual bonuses are released. With the assistance of HR, such a bonus can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice.

Improve the human element in your compliance program

This is another area where HR can help the compliance program. More than ongoing assessment of employees for promotion into leadership positions, here HR can assist on the ground floor. HR can take the lead in asking questions around compliance and ethics in the interview process. Studies have suggested that certainly Gen Y & Xers appreciate such inquiries and want to work for companies that make such business ethics a part of the discussion. By having the discussion during the interview process, you can not only set expectations but you can also begin the training process on compliance.

However, this approach should not end when an employee is hired. HR can also assist your compliance efforts by tracking employees through their company career to identify those who perform high in any compliance metric. This can also facilitate the delivery on more focused compliance training to those who may need it because of changes on FCPA risk during their careers.

Make your compliance strategy relevant

Cespedes notes, “Most C-suite executives know these value-creation levers, but too few understand and operationalize the sales factors that affect them.” In the sales world this can translate into a reduction in assets to underperforming activities. This is all well and good but such actions must be coupled with an understanding of why sales might be underperforming in certain areas. In the compliance realm, I think this translates into two concepts, ongoing monitoring and risk assessment. Ongoing monitoring can allow you to move from a simple prevent mode to a more prescriptive mode; where you can uncover violations of your company’s compliance program before they become full blown FCPA violations. By using a risk assessment, you can take the temperature of where and how your company is doing business and determine if new products or service offerings increase your compliance risks.

Above all, you need to get out and tell the compliance story. Louis D’Amrosio was quoted for the following, “You have to repeat something at least 10 times for an organization to fully internalize it.” If there is a disconnect between your compliance strategy and how your employee base is implementing or even interpreting that strategy, get out of the office and go out to the field. But you need to do more that simply talk you also need to listen. By doing so, can help to align your company’s compliance strategy with both the delivery and in the field.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 17, 2014

Use of Influence in the Compliance Function

IMG_1213One of the challenges for any Chief Compliance Officer (CCO) is how to influence the conduct and actions in a corporate environment, particularly as compliance is viewed as non-revenue generating and usually does not exist simply to protect the company, which is how the legal department is often viewed. Folks like myself who came into compliance from the legal function tend to think of a top-down approach where compliance is centralized at the corporate officer, usually in the United States. But because the role is very different than that of a General Counsel (GC), a CCO needs to bring another skill set to bear to do his or her job. In a session at the SCCE 2014 Compliance and Ethics Institute, SCCE Chief Executive Officer (CEO) Roy Snell and Jenny O’Brien, CCO at United Health Care, talked about the techniques that a CCO can use to influence decision making in a company in order to do business in compliance and ethically.

Snell began the session with some basic questions about why there are positions such as a CCO and why there is a compliance function within an organization. After all, departments like legal and internal audit have existed in business organizations for up to at least a few hundred years. He posed two questions that I found interesting “Why are we here?” and “What did those who came before us to fail to do?” He listed some of the scandals from the late 90s and early 00s such as Enron, WorldCom, HealthSouth, Adelphia and others where he believed that the problems, which led to the disintegration of these organizations, were well known within the companies themselves. So the situation was not that people did not find the problems, the issue was that the people inside these organizations did not fix the problems. Snell believed that the persons who could and would have stood up to raise questions or say this should stop lacked some skill or ability to influence others to make the right decision. He concluded that such business and ethical collapses were a failure of influence.

This led into his presentation with O’Brien about techniques for a CCO to employ to help influence decision-making within an organization. They labeled them as the “Seven Steps of Influence” and they are as follows:

  1. Collaboration. O’Brien emphasized that as a CCO you need to know your company’s business. If you are new to an organization she said you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling her inner Atticus Finch, she characterized this as walking in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
  2. Here O’Brien emphasized that she has to work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak you should be prepared to make the case for the compliance proposition that you are trying to get across. She noted that as a CCO or compliance practitioner, you should strive to be relevant in every interaction you have with your senior management peers. O’Brien said that sometimes it means speaking up at meetings or other forums but sometimes it means listening. You should try to develop a rapport with your business team and this rapport can lead to trust building.
  3. Relationships. Snell opened his remarks on this topic by intoning that by relationships he did not mean inter-personal relationships. He believes that it is mainly through relationships with other functions in an organization that a CCO or compliance practitioner can best bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization that you want to work and with those with whom you desire to build relationships. Snell believes that some of the more key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications. Snell said that when one of these groups offered to help him move the ball forward in compliance he always viewed it as a positive and wanted to work with these and other corporate groups. He did not view it as a turf war at all. The only thing that he said he requested were the terms of working together. Of those, he said the most important was that if another group in the company took on some project related to compliance, such an internal audit, that the group finish whatever they take on.
  4. Humility. O’Brien believes that humility is important because it empowers. Moreover, it can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. She reiterated her belief that business units should solve compliance issues, as compliance is really just another business process. Further, through such influence where you can get the business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. She ended by noting that it is not about being right but about moving the compliance ball forward in the right direction.
  5. Negotiation. Here Snell said that negotiation should not be about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. He said that when faced with such a confrontation, he would try to determine what both sides wanted then give them something else in addition to what they thought they wanted. He provided the example of a CCO quietly listening and when the room is just right and all the participants are worn out, you, as the compliance practitioner, throw out an idea where the apparent loser in the argument receives even more than they thought they were asking for in the requesting. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No. He ended by saying that as a compliance practitioner you need to learn the art of compromise.
  6. Triple ‘C’. What do the three C’s stand for? Calm, cool and collected. O’Brien believes that all company employees, up and down the chain, are watching the CCO. For this reason, she said that as a compliance practitioner you should be poker faced. To this end she keeps the sign “Keep Calm and Carry On” in her office. She believes that the Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
  7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? Snell agreed with O’Brien that there should be business unit ownership for every issue that comes into the compliance department. Yet, as a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. Finally, Snell ended by saying that a CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board.

Snell concluded by reminding us all that influencing is not a one-time activity. It is ongoing. Tying back to his original question of why the compliance function exists in the quantum it does today, he said that he believes a CCO or compliance practitioner exists to help influence a company to build a better business environment by acting more ethically and responsibility. By moving the ball forward in this manner, it may well lead to a country’s economy to be trusted which could well lead to greater economic development.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 9, 2014

Tales From the Crypt: Rule No. 8 – Even Sailors Behaving Badly can get Promoted

Tales from the CryptEd. Note-the Two Tough Cookies are back with today’s guest post on the toleration of bad behavior…

It is no secret that “sailor’s mouth” is an acronym for someone who liberally uses foul language in even the most formal situations. There was a time in my life when I was known for dropping the “f-bomb” a bit too frequently, but age, experience and just plain civility has given me the presence of mind to be sensitive to others in a way I was not early in my career. I don’t even use that particular term in casual conversation with friends any longer without feeling a tinge of regret as soon as the word crosses my lips, acutely aware that it’s a bit “unseemly” of me, and doesn’t reflect the person I’ve grown into. I am less “familiar” with people, as I have come to realize that familiarity does indeed breed contempt, particularly in the workplace. I don’t even relax in casual get-togethers with friends, as many of my friendships are the direct result of my work relationships and, as we know from prior posts, appearances matter. When you are an Integrity and Compliance professional, people look at the whole person, not just the person who shows up to work, and personal conduct outside the workplace can result in just as damning a judgment from peers as conduct within workplace walls.

I was less than a month on the job when I was handed the work files pertaining to the hotline calls that had come into the organization before I was appointed to the compliance function. I had met with the HR professional who handled the lion’s share of the investigations, but one stood out – instead of the file name being labelled by the implicated party accused of wrong doing (as most were), this file was labelled under the name of the accuser. What I found within was nothing short of extraordinary, and, in hindsight, gave me crystal clarity to what lay ahead. What puzzles me (and many of my colleagues) to this day is how individuals such as those we describe in our Tales seem to consistently percolate to the top of their organizations, landing one plumb assignment after another, and those of us who keep our heads down, demonstrate respect and do our jobs with professionalism and dedication seem to get shunted off to the side again and again. We’re missing something important and this Tale from our Crypt spotlights one of the worst of the worst…

The time of my appointment was one of change. The CEO, unbeknownst to me, was preparing for retirement, planning on “ruling” his roost for only a few short months before turning his mantle over to one of the senior level executives who had steadily risen through the ranks and was now in charge of the largest revenue segment of the company. The Chief Human Resource Officer (CHRO) had “resigned” only a few months prior to my arrival, and I could not get a straight answer as to why. The interim executive in charge of the human resource function had only been at the organization a short time, overlapping the prior CHRO’s tenure by only a month.   He already had business cards printed with the title CHRO under his name, even though the board had not officially sanctioned his candidacy for the role and there was still an active executive search underway. By all rights, I should have been clued in then and there, but I was happy to have a job, having just left a rather unsavory position at a privately held company that made “hostile work environment” sound like a Hawaiian vacation in comparison to the draconian employment tactics they routinely used that forced me to stop and meditate every morning prior to crossing the threshold into the office.

The file that I had open before me told a story of foul language, abusive behavior, threatening gestures, lack of sensitivity for “personal” needs (such as terminal illness resulting in a death in the family), disrespect towards subordinates, and falsified work history. Was this guy for real? And to have him as “Charles in charge” of the HR function for a large, global company? I was shaking my head in disbelief. To further compound matters, the company had already hired a “coach” to work with him on his foul language…. and still, there was no apparent change of behavior.

The person who filed a complaint against this individual was so intimidated by his language, threatening gestures, and workplace violence (he once threw a pencil at her from across the room, saying people’s actions weren’t going to stick, just like the pen didn’t stick to the wall) that she asked to be demoted and lose pay in order to not work for him any longer.

Shortly after our new fearless CHRO took the reins, I caught wind that not only was the CHRO being snickered at behind his back for his outrageous behavior, word had it that he had actually falsified his work history, claiming a higher level HR executive position on his resume than was true. I had it on “good authority” from another HR professional that when both the CHRO and my “source” were colleagues at this same company, our new CHRO had established himself firmly as a “buffoon” and had risen no higher than a manager at his prior organization. Yet he managed to convince our hiring folks that he was “leadership” material…. and it was no wonder when we looked at the new hire due diligence process (coming up later)…

A really quick way to percolate talk around the coffee pot (and erode the respect your employees have for the organization) is when a company bends over backwards to accommodate an executive’s special needs, especially setting up offices and whole operations in places where the company never had a business presence, for the convenience of the executive (or one of his top subordinates). Not long after his self-appointment, our new CHRO became so enamored with a candidate of his choosing that he pushed to move an entire HR function to this candidate’s home state, disrupting the lives of several dozen individuals who were forced to either move to the new location (a full day’s drive and 5 states south of headquarters), find a new position at HQ, or be laid off.  In this instance, the CHRO’s “pet” was ensconced to oversee several HR support functions out of this new location. Given that the “pet” was new and unproven as an employee, the talk speculated whether or not there was something going on between the CHRO and this new hire. Then this new manager pushed through the hiring process a candidate she had chosen in spite of the interview panel commenting that the candidate’s “demeanor was deceptive.”

When it came to the background check on new hires, “asleep at the wheel” comes to mind. The only reason this candidate came up on my radar was when another HR colleague suspected something was amiss when the company was pursuing some government contracts, and a request for documentation was issued from a state agency that wasn’t part of the bidding process. This Mata Hari’s mistake? When we opened the file (which was sent via email, from a fabricated email address, from a web site she created and launched only a month earlier, which very much had the look and feel of an “official” state agency, and even had a live phone number answered by her “significant other” – you get my drift…), the metatags on the document indicated she was the author, and not the state agency.   When we reviewed her application, and did a root cause analysis of what went wrong, it became clear that expediency won over reason, and red flags which surfaced in the original background check were overlooked, even though several points indicated her candidacy as “unverifiable.” False names were given for references, and burn phones given for contact info. Job positions were fabricated for companies which did not exist, and couldn’t be found on either the internet, or by the PI’s we hired to actually visit the sites identified. We weren’t even really certain if the candidate’s social security number was really hers … but I digress.

We have seen it again and again – people behaving badly, getting away with it, and in some instances, being “rewarded” for their behavior by being promoted soon after a workplace incident was brought to my attention. We have yet to break the “code” of when arrogance crosses the line from being “coachable” behavior, to being “assertive” and a “closer,” thus worthy of promotion. We cannot figure out, for the life of us, why allowing fundamental compliance lapses such as due diligence in hiring can be overlooked, shrugged off as if inconsequential. We have come to the conclusion it all has to do with whether or not you’ve finally been accepted into the “inner circle” and/or whether or not the company feels too “invested” in the person to simply punt them out of the arena for being abrasive, and in some instances, downright hostile. What amazes us even further is when it is the Human Resource Function that is behaving badly….

Who are the Two Tough Cookies?

Tough Cookie 1 has spent the more than half of her 20+ legal career working in the Integrity and Compliance field, and has been the architect of award-winning and effective ethics and compliance programs at both publicly traded and privately held companies.  Tough Cookie 2 is a Certified Internal Auditor and CPA who has faced ethical and compliance challenges in a variety of industries and geographies and recently led a global internal audit team. Their series “Tales from the Crypt: Tough Choices for Tough Cookies” are drawn largely from real life experiences on the front line of working in Integrity & Compliance, and personal details have been scrubbed to protect, well, you know, just about everyone…

December 8, 2013

And The Hits Just Keep on Coming for the ‘Sons and Daughters’ Hiring Program

About the best thing that you can say for the Houston Texans is that they did not lose on Sunday. Of course they did not play on Sunday, pathetically losing Week 14’s game last Thursday. For their season’s effort, the head coach was fired the next day. At least in the National Football League (NFL) there is accountability.

On the other hand, the hits just keep on coming for JP Morgan Chase. On the front page of Sunday’s New York Times (NYT), in an article entitled “Bank Tracked Business Linked to China Hiring”, reporters Ben Protess and Jessica Silver-Greenburg reviewed yet more potentially damning evidence in the Bank’s Foreign Corrupt Practices Act (FCPA) investigation. They were able to view documents which had been recently disclosed by JP Morgan Chase to the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in connection with the bank’s ongoing internal investigation into its ‘Sons and Daughters’ hiring program which apparently targeted the children of communist party officials and high ranking officials of state owned enterprises for employment in order to obtain business from their parents. The reporters noted, “Until now, the indications of a connection between the hires and business deals have not been so explicit.”

Emails, Spreadsheets and Whistleblowers

The reporters studied both documents and emails which seemed to indicate that the bank thought hiring of these sons and daughters would and did contribute in bringing business to the bank. The documents included spreadsheets “that list the bank’s “track record” for converting hires into business deals”. Another set of documents discussed in the article were described as “historical deal conversion” spreadsheets. The article went on to detail that in one column there was a list of the job candidates and in another column “the bank recorded its track record for winning business from the companies tied to the candidates.” There were other spreadsheets which listed the hires of well-connected children and the revenue that the bank earned from deals involving with hires linked to those companies. These other documents included spreadsheets which discussed “about 30 employees with ties to state-owned companies or Communist Party officials, including the daughter of the deputy minister of propaganda, a relative of a Chinese financial regulator and the nephew of the executive chairman at Sinotruk, which is part of a state-owned trucking enterprise.”

There were also emails cited in the article which seemed to indicate that depth and pervasiveness of the ‘sons and daughters’ hiring program. One email discussed “the “existing and potential business opportunities,” a senior JPMorgan executive in Hong Kong emphasized that the father of a job candidate was the chairman of the China Everbright Group, a state-controlled financial conglomerate. The executive also extolled the broader benefits of the hiring program, telling colleagues in another email: “You all know I have always been a big believer of the Sons and Daughters program — it almost has a linear relationship” with winning assignments to advise Chinese companies.”

In addition to these emails and documents discussed in the NYT article, the reporters also interviewed current and former bank employees. Apparently at least two whistleblowers came forward to identify the hiring scheme, “with one filing a complaint in April 2011 with the Hong Kong stock exchange and another coming forward to American authorities this year.” It has not been clear when JP Morgan Chase began its internal investigation or what was the genesis of the investigation.

The Tang Xiaoning Hiring

The article went into specifics with one of the hiring’s, that of “Tang Xiaoning, a onetime Goldman and Citigroup employee whose father is the chairman of the China Everbright Group, appeared to encapsulate the spirit of the “Sons and Daughters” program for state-owned clients. The father, approached a JPMorgan executive in Hong Kong in March 2010 about a position for his son, records and interviews show. The executive, who led JPMorgan’s China investment banking unit, welcomed the request and urged his colleagues in an email a day later to discuss “how we can leverage more on this account going forward.” But in an internal compliance form, the executive played down the significance of hiring Mr. Tang, documents show, saying there was “no expected benefit.”

Tang Xiaoning was subsequently hired on a one-year employment agreement. Thereafter his father, Tang Shuangning, who had done little if any business with the bank prior to the hiring of his son. But thereafter, “a China Everbright subsidiary hired the bank to advise on a $300 million private offering of shares, according to interviews. And in 2011, after Mr. Tang worked at JPMorgan for several months, China Everbright’s banking subsidiary hired JPMorgan as one of several financial advisers on its decision to become a public company, a deal that was delayed amid turmoil on the world’s markets.” In 2012, after two successive one-year extensions of his employment agreement, “China Everbright International, a subsidiary focused on alternative energy businesses, hired JPMorgan to advise on a $162 million sale of shares, according to Standard & Poor’s Capital IQ, a research service.” When the issue of a third one-year employment agreement it was clear what bank officials in China thought of the situation. The NYT article quoted an email which read, ““Given where we are on China Everbright, I think we may need another contract for Xiaoning,” the executive wrote.”

The article notes that the origins of the ‘Sons and Daughters’ hiring program was to comply with the FCPA. The reporters noted, “According to documents and interviews with current and former employees, JPMorgan created the “Sons and Daughters” program in 2006 with the expectation that the hires would receive heightened scrutiny. But by 2009, the “Sons and Daughters” program was putting the job candidates on the fast track to employment. The documents show that applicants from prominent Chinese families faced less stringent hiring standards — and fewer job interviews — than the average junior-level hire.” Moreover, there has apparently been no direct evidence of knowledge by the program at the corporate headquarters in New York.

Ongoing Monitoring is Critical

So for the compliance professional what are some of the lessons that can be drawn from this matter? First and foremost is that there needs to be ongoing monitoring to determine whether employees are staying within the compliance program. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company’s employees are adhering to the compliance program. Two of the seven compliance elements in the Federal Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three highlighted activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.

Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local Finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. Additionally, the global compliance committee should meet or communicate as often as every month to discuss issues as they arise. These ongoing efforts demonstrate that your company is serious about compliance.

This means that you may want to walk down the hall and talk to your company’s Human Resources (HR) Department to see if there is anything around hiring of the children or family members of government officials. You might also do some transaction monitoring to see if there are new clients, customers or projects which popped up suddenly as new business for the company. Or take it a step further to see if there were contracts or business retained because of any hiring.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

September 8, 2013

Star Trek Premiers and Hiring Practices under the FCPA

Today is the 46th anniversary of the premier episode of the most iconic science fiction related television show during my lifetime – Star Trek. I am a self-confessed uber-trekkie and I can still remember watching the first episode, The Man Trap. So here’s to you, all the crew members of the Starship Enterprise, you have had a great run and I can only hope it keeps going on yet another five year mission “Where no man has gone before.”

I.                   JP Morgan’s Hiring Practice Inquiry

Last month the New York Times (NYT) reported that JP Morgan Chase is under Foreign Corrupt Practices Act (FCPA) scrutiny in China for its hiring practices. In an article, entitled “Hiring in China By JPMorgan Under Scrutiny”, reporters Jessica Silver-Greenberg, Ben Protess and David Barboza broke the story that the Securities and Exchange Commission (SEC) is investigating JP Morgan Chase to determine “whether JPMorgan Chase hired the children of powerful Chinese officials to help the bank win lucrative business in the booming nation.” The article is based upon “a confidential United States government document”.

The article details several situations where JPMorgan hired the children of Chinese government officials and sometime thereafter the bank was able to secure work from the business or industry of a parent of a hired employee. The examples included the hiring of a “son of a former Chinese banking regulator who is now the chairman of the China Everbright Group, a state-controlled financial conglomerate, according to the document, which was reviewed by The New York Times, as well as public records. After the chairman’s son came on board, JPMorgan secured multiple coveted assignments from the Chinese conglomerate, including advising a subsidiary of the company on a stock offering, records show.” In another instance, the bank hired the daughter of a Chinese railway official. After hiring the daughter, JP Morgan was hired to assist the company to go public.

Things got worse when Dawn Kopecki, in a Bloomberg article entitled “JPMorgan Bribe Probe Said to Expand in Asia as Spreadsheet Is Found”, reported that there was “an internal spreadsheet that linked appointments to specific deals pursued by the bank”.  She noted that the original investigation, which began in Hong Kong, has now been expanded to other countries in Asia and that JP Morgan “has opened an internal investigation that has flagged more than 200 hires for review, said two people with knowledge of the examination, results of which JPMorgan is sharing with regulators.” Kopecki quoted Dan Hurson, a former US prosecutor and SEC lawyer who runs his own Washington practice, who said that the “SEC will hunt for evidence showing “these weren’t real jobs, that they were only there because their father or mother were important public officials”; and “If the public official requested the job for the child, that would be a strong indication to the company that the official was seeking and receiving something of value.” Perhaps more damaging was that the spreadsheet had information which apparently linked “some hiring decisions to specific transactions pursued by the bank.”

In a later NYT article, entitled “JPMorgan Hiring Put China’s Elite on an Easy Track”, Jessica Silver-Greenberg and Ben Protess further reported that the JP Morgan hiring program even had its own name, which was ‘Sons & Daughters’. Although the program was originally set up to provide transparency and visibility into the hiring process which might implicate FCPA issues, they reported that it went badly “off track”. Under the Sons & Daughters hiring program, a two-tiered track was created in the hiring process; one for regular applicants and one for children of Chinese officials. However, as time passed the program began to be used to allow for fewer job interviews and relaxed hiring standards for the candidates in the program. This allowed the company to hire some candidates who had “subpar academic records and lacked relevant expertise.”

II.                Steps for the Compliance Practitioner

For the compliance practitioner, the first thing to note is that there is no per se prohibition against hiring the son or daughter of a foreign government official. As noted by the FCPA Professor in the original NYT article, “While the hire of a son or daughter itself is not illegal, red flags would be raised if the person hired was not qualified for the position, or, for example, if a firm never received business before and then lo and behold, the hire brought in business.” In a blog post entitled “Regarding Princelings And Family Members” the FCPA Professor cited three Opinion Releases; 82-04, 84-01, and 95-03 where the Department of Justice (DOJ) looked at the hypothetical facts presented around the hiring of a family member of a foreign official as an agent or representative and found that the facts as presented, did not give rise to a FCPA violation.

Mike Volkov, writing his Corruption, Crime and Compliance blog, in a post entitled “All in the Family: Enforcement Focus on Hiring of Relatives of Foreign Officials”, said that “The issue boils down to corrupt intent – was the hiring made with the intent to improperly influence a government official?  That is not an easy question to answer since no one is a reader but the facts surrounding the hiring can certainly give some insight into what the company’s actor was intending when the relative was hired.” He cautioned that the task of the compliance practitioner is to (as I refer to it) ‘dis-link’ the hiring decision by the company from the obtaining or retaining of business from the foreign government official concerned. Volkov listed ten key questions which need to be addressed in the hiring process.

  1. Who, if anyone, at the company is sponsoring/supporting the applicant?
  2. How did this applicant come to the company’s attention?
  3. What is the applicant’s relationship to the foreign official?
  4. What involvement, if any, has the foreign official had with the company relating to the applicant’s interest?
  5. In which office/division does the foreign official serve?
  6. How important is this specific office/division to the company’s business relationship with the foreign government?
  7. Is the applicant qualified for the position that he/she has applied?
  8. Has the applicant (or will the applicant) be subject to the normal hiring process?
  9. Has the company completed a due diligence review of the applicant and the foreign official to identify any corruption risks?
  10. Has the company or any representative provided any assurance to the foreign official or the applicant that the applicant will be hired?

I would add that the follow up to Volkov’s points is that all decisions made must be documented. This means that all information regarding the hiring process needs to be kept in a repository which can be called up for review if called upon by a government regulator. I have often said that your company’s HR function needs to be a key component of your overall FCPA compliance program and the JP Morgan investigations reinforces that need. So if you need to provide more compliance training to your HR department on this issue, now would be an excellent time for you to do so.

How does all of the above tie into the premier of Star Trek? Easy – do not get caught in the trap of hiring in violation of the FCPA when some simple and frankly necessary steps can help keep you out of hot water. And while doing that click here for a YouTube video of the iconic opening theme from Star Trek.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

June 13, 2013

Why Can’t We Be Friends? Compliance and HR

I have long been an advocate of the compliance function working with the Human Resources (HR) function in any company to help achieve greater compliance under anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act. I think that HR is uniquely situated to ‘connect the dots’ in many areas of compliance. My thoughts on this subject were echoed in a recent article in the June issue of Compliance Week Magazine, in an article by Jaclyn Jaeger, entitled “How Compliance and HR Can Get It Together”. Jaeger quoted Alex Weisgerber for the following, “Boards are increasingly asking their executive teams to identify and address major people risks.” He further stated that “The HR-compliance partnership can help anticipate this request and set the organization’s human capital risk management agenda proactively.”

However, Jaeger wrote that in some companies this cooperation towards the goal of greater compliance has been found to be lacking. There may be several factors which lead to a more asymmetrical approach by these functions, particularly due to “gaps in communication and collaboration between compliance and HR.” She quoted Weisberger that “The two groups simply haven’t found many opportunities to collaborate in supporting organizational performance.” While I disagree with this statement, Jaeger’s article does detail some of the steps the compliance practitioner can take to bring these two corporate functions into alignment.

Jaeger quotes Shanti Atkins, for the following, “The first challenge to overcome is the “deeply held stereotypes that legal, compliance, and HR typically have of each other.” It’s important to talk about those if we are to get past them.” But perhaps more importantly is the notation held in many legal departments and compliance functions that “the HR function is not a strategic player in the company—that its central function is to manage paperwork, schedule training sessions, and mediate mundane spats such as who hogs the best space in the parking lot.”

As mentioned above, I have long advocated that HR is uniquely situated to connect the dots and along this line of thought, Jaeger wrote that “Getting employees to function as a coherent, engaged unit has to do with people, not policies—and people issues are exactly where HR excels, or course. HR has its finger on the pulse of employee culture, Atkins says because it is the primary channel employees use to complain when there is a problem—and those problems are usually a warning sign of wider compliance-related issues.” What are some of the areas that HR can assist the compliance function with? I believe that there are five key areas. They include the following.


A key role for HR in any company is training. This has traditionally been in areas such as discrimination, harassment and safety, to name just a few, and based on this traditional role of HR in training this commentator would submit that it is a natural extension of HR’s function to expand to the area of FCPA compliance and ethics. There is a training requirement set forth in the US Sentencing Guidelines. Companies are mandated to “take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.”

Employee Evaluation and Succession Planning

What policy does a company take to punish those employees who may engage in unethical and non-compliant behavior in order to meet company revenue targets? Conversely, what rewards are handed out to those employees who integrate such ethical and compliant behavior into their individual work practices going forward? One of the very important functions of HR is assisting management in setting the criteria for employee bonuses and in the evaluation of employees for those bonuses. This is an equally important role in conveying the company message of adherence to a FCPA compliance and ethics policy. In addition to employee evaluation, HR can play a key role in assisting a company to identify early on in an employee’s career the propensity for compliance and ethics by focusing on leadership behaviors in addition to simply business excellence. If a company has an employee who meets, or exceeds, all his sales targets, but does so in a manner which is opposite to the company’s stated FCPA compliance and ethics values, other employees will watch and see how that employee is treated. Is that employee rewarded with a large bonus? This requirement is codified in the Sentencing Guidelines with the following language, “The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”

Hotlines and Investigations

One of the requirements for a company under the Sentencing Guidelines is that they “… have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.” This requirement is met by having a hotline. One of the traditional roles of HR in the US is to maintain a hotline for reporting of harassment claims, whether based on EEOC violations or other types of harassment. It is a natural extension of HR’s traditional function to handle this role.

Regarding investigations, HR can bring broad benefits to any FCPA compliance and ethics program through an efficient investigation process. It is recognized that a Legal or Compliance Department may wish to take over and complete an investigation process. However, HR can bring a consistency in both the process and any discipline which is imposed. Such consistency reinforces the senior management’s message of commitment by the company to FCPA compliance and ethics. Such a function by HR can lead to an understanding of emerging risks. Lastly, it may be that employees are more willing to speak up to HR and the building of trust can be utilized to assist in overall risk mitigation.

Background Screening

A key role for HR in any company is the background screening of not only employees at the time of hire, but also of employees who may be promoted to senior leadership positions. HR is usually on the front lines of such activities, although it may be in conjunction with the Legal Department or Compliance Department. This requirement is discussed in the Federal Sentencing Guidelines for Organizations (FSGO) as follows “The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.”

When the Government Comes Calling

While it is true that a company’s Legal and/or Compliance Department will lead the  response to a government investigation, HR can fulfill an important support role due to the fact that HR should maintain, as part of its routine function, a hard copy of many of the records which may need to be produced in such an investigation. This would include all pre-employment screening documents, including background investigations, all post-employment documents, including any additional screening documents, compliance training and testing thereon and annual compliance certifications. HR can be critical in identifying and tracking down former employees. HR will work with Legal and/or Compliance to establish protocols for the conduct of investigations and who should be involved.

Lastly, another role for HR can be in the establishment and management of (1) an Amnesty Program or (2) a Leniency Program for both current and former employees. Such programs were implemented by Siemens during its internal bribery and corruption investigation. The Amnesty Program allowed appropriate current or former employees, who fully cooperated and provided truthful information, to be relieved from the prospect of civil damage claims or termination. The Leniency Program allowed Siemens employees who had provided untrue information in the investigation to correct this information for certain specific discipline. Whichever of these programs, or any variations, that are implemented HR can perform a valuable support role to Legal and/or Compliance.

Doing More with Less

While many practitioners do not immediately consider HR as a key component of a FCPA compliance solution, it can be one of the lynch-pins in spreading a company’s commitment to compliance throughout the employee base. HR can also be used to ‘connect the dots’ in many divergent elements in a company’s FCPA compliance and ethics program. The roles listed for HR in this series are functions that HR currently performs for almost any company with international operations. By asking HR to expand their traditional function to include the FCPA compliance and ethics function, a US company can move towards a goal of a more complete compliance program, while not significantly increasing costs. Additionally, by asking HR to include these roles, it will drive home the message of compliance to all levels and functions within a company; from senior to middle management and to those on the shop floor. Just as safety is usually message Number 1, compliance can be message Number 1A. HR focuses on behaviors, and by asking this department to include a compliance and ethics message, such behavior will become a part of a company’s DNA.

If your company does not integrate HR into several ongoing roles for FCPA compliance I believe that is high time you did so. Jaeger’s article points out several steps you can take to bring these two functions into greater collaboration. From my perspective, HR can be a valuable partner for compliance and one that you should begin to take advantage of now.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Next Page »

Blog at WordPress.com.