Chief Compliance Officer as Chief Persuasion Officer

The roles of a Chief Compliance Officer (CCO) can be many and varied but one role of any successful CCO is that of Chief Persuasion Officer (CPO). I say this because it is often the case that the most a CCO has in his or her arsenal is the ability to persuade. While there may be times that the CCO can veto something outright, it may not only be difficult but also risk long-developed corporate political capital that might be best used at another time or in another arena. I thought about this concept of persuasion and how even the smallest gesture can pay great dividends when I read the New York Times (NYT) obituary of George Shuba. Shuba was a little known outfielder from the old Brooklyn dodgers who had a decent seven-year professional career with the team. He played on the losing side in two World Series in 1952 and 1953 but was with the Dodgers for their only win over the Yankees in the World Series of 1955.

However, Shuba is remembered for one dramatic gesture. In 1946, both he and Jackie Robinson were playing for the Dodgers farm team, the Montreal Royals. In the first professional game that Robinson played when he was the first African-American to break the color line; Robinson hit a home run in the third inning. Shuba was on deck and went to the plate to shake Robinson’s hand. A photographer was on hand to snap a picture and when that photo went out over the wire services it was viewed as a gesture of racial tolerance. While there would be many opposite events for Robinson when he finally made it up to the major leagues, that one picture made a difference. Shuba’s comment on the 60^th anniversary of the handshake, “I couldn’t care less if Jackie was Technicolor.”

Such small gestures can make a difference. I recently read a book review in the New York Review of Books, for a biography of Dale Carnegie by Steven Watts, entitled “Self-Help Messiah: Dale Carnegie and Success in Modern America”, penned by Ian Frazier. Carnegie is of course well known for his seminal work “How to Win Friends and Influence People” first published in 1936. I was somewhat surprised to learn that the text was largely drawn up as transcripts to lectures Carnegie was giving in New York City in the mid-1903s. Carnegie’s main thesis was to provide concrete steps on how ordinary people could help master the art of persuasion. While it has been some time since I read this book, what I recall is that to influence people, one has to listen to them. So for me, the book was about how to become a better listener.

I cannot say enough about this skill for a CCO. If you hear any long-term CCO speak about their job, they will tell you it is largely about listening to people; whether those people are employees, senior management or the Chief Executive Officer (CEO) and Board members. By listening to others you not only hear, and hopefully will come to understand their concerns, but you allow them to come to decisions themselves and you are not in the position of telling them what to do. It is a skill that has served many CCOs very well for many years.

I recently wrote about a presentation at the SCCE 2014 Compliance and Ethics Institute about influence and was reminded of this when I read an unattributed article in the Financial Times (FT) entitled “Persuasion for the time pressed”. In this article it discussed Professor Robert Cialdini, the Regents’ Professor of Psychology and Marketing and Arizona State University. Professor Cialdini is one of the leading proponents of ‘persuasion science’, which draws upon various disciplines, including “psychology, neuroscience and behavioural economics”. The Professor has been in this field for over 30 years and has been dubbed “The Godfather of Influence” based upon his work. One of his insights was that corporations should have a “chief persuasion officer” because such a person can help to bring influence upon others and “often it is the smallest changes that can make the biggest differences.”

In his work, entitled “Influence: The Psychology of Persuasion”, Professor Cialdini laid out what he believed to be six “universal principals of persuasion” which I have adapted for the compliance practitioner.

1. Reciprocity – Cialdini believes that people will feel obligated to return favors performed for them. But for the compliance practitioner, I think this means listening and using skills to help manage risk or even high-risk areas. One of the points of compliance is that unless a transaction involves bags of cash being paid to get a deal done, there usually a way to manage compliance risk. If you, as a CCO, can help an executive or your company to successfully manage a high compliance risk, this will be remembered.
2. Authority – Cialdini believes that people look for experts to show them the way. The Department of Justice (DOJ) expects a company’s compliance experts to have subject matter experts (SMEs) on Foreign Corrupt Practices Act (FCPA) anti-corruption compliance programs. This is made clear in the FCPA Guidance, in the Ten Hallmarks of an Effective Compliance Program. For the CCO, Cialdini’s insight is that you or someone on your staff must be able answer the day-to-day questions that come up on doing business not only in compliance with the FCPA but your company’s compliance regime.
3. Scarcity – Here Cialdini takes a slightly different tack by noting that the less a resource is available, the more people want it. For the CCO, I think this translates to the scarcity of your time. A good chuck of your time must be spent at the corporate office but a large amount must be spent out in the field. Your employee base will respond to you more often and with a deeper symbiosis if you can get out into the field and meet people.
4. Liking – Noting the self-obvious Cialdini says that the more people like you, the more they want to say yes to you. However, as noted in point 3 above, for the CCO I think this means getting out into the field, training employees who want to do business the right way on how to do so and simply meeting and talking with them. In my corporate life I put on contract and transaction law training across the world for the company’s business units and the universal response was along the line of ‘thank you for coming out here to talk to us.’
5. Consistency – Here Cialdini intones that people want to act on concert with their values. I believe that most people do want to conduct their business ethically and in compliance with anti-corruption laws such as the FCPA. By providing them a way to do so, you can help them do something they were inclined to do anyway. I once had an employee in the Far East tell me that there was more then enough business for the company to garner in the middle of the road. He did not see the need to even get close to the line of bribery and corruption. With that type of attitude, a CCO can almost be a facilitator.
6. Social Proof – This can be a tricky one for a CCO. Cialdini believes that people will look to others on what to do to guide their own behavior. This means that a compliance program must have sufficient incentives to get the message of compliance through middle management and down to the troops. Simply put if employees see a high revenue producer get bonuses and promotions for conduct which may violate your company’s Code of Conduct; they will come to believe in short that management is much more concerned about the bottom line than doing business ethically and in compliance.

From these articles and perspectives, I believe that several conclusions can be drawn. First, as in the case of George Shuba, a little can mean a lot. Second, from Dale Carnegie, one of the primary keys to influencing people is to listen to them. Thirdly, from Professor Cialdini, a CCO can be a CPO and by using the six principals of persuasion, can create a more effective compliance program. Finally, always seek to improve your soft skills.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Use of Influence in the Compliance Function

One of the challenges for any Chief Compliance Officer (CCO) is how to influence the conduct and actions in a corporate environment, particularly as compliance is viewed as non-revenue generating and usually does not exist simply to protect the company, which is how the legal department is often viewed. Folks like myself who came into compliance from the legal function tend to think of a top-down approach where compliance is centralized at the corporate officer, usually in the United States. But because the role is very different than that of a General Counsel (GC), a CCO needs to bring another skill set to bear to do his or her job. In a session at the SCCE 2014 Compliance and Ethics Institute, SCCE Chief Executive Officer (CEO) Roy Snell and Jenny O’Brien, CCO at United Health Care, talked about the techniques that a CCO can use to influence decision making in a company in order to do business in compliance and ethically.

Snell began the session with some basic questions about why there are positions such as a CCO and why there is a compliance function within an organization. After all, departments like legal and internal audit have existed in business organizations for up to at least a few hundred years. He posed two questions that I found interesting “Why are we here?” and “What did those who came before us to fail to do?” He listed some of the scandals from the late 90s and early 00s such as Enron, WorldCom, HealthSouth, Adelphia and others where he believed that the problems, which led to the disintegration of these organizations, were well known within the companies themselves. So the situation was not that people did not find the problems, the issue was that the people inside these organizations did not fix the problems. Snell believed that the persons who could and would have stood up to raise questions or say this should stop lacked some skill or ability to influence others to make the right decision. He concluded that such business and ethical collapses were a failure of influence.

This led into his presentation with O’Brien about techniques for a CCO to employ to help influence decision-making within an organization. They labeled them as the “Seven Steps of Influence” and they are as follows:

1. Collaboration. O’Brien emphasized that as a CCO you need to know your company’s business. If you are new to an organization she said you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling her inner Atticus Finch, she characterized this as walking in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
2. Here O’Brien emphasized that she has to work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak you should be prepared to make the case for the compliance proposition that you are trying to get across. She noted that as a CCO or compliance practitioner, you should strive to be relevant in every interaction you have with your senior management peers. O’Brien said that sometimes it means speaking up at meetings or other forums but sometimes it means listening. You should try to develop a rapport with your business team and this rapport can lead to trust building.
3. Relationships. Snell opened his remarks on this topic by intoning that by relationships he did not mean inter-personal relationships. He believes that it is mainly through relationships with other functions in an organization that a CCO or compliance practitioner can best bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization that you want to work and with those with whom you desire to build relationships. Snell believes that some of the more key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications. Snell said that when one of these groups offered to help him move the ball forward in compliance he always viewed it as a positive and wanted to work with these and other corporate groups. He did not view it as a turf war at all. The only thing that he said he requested were the terms of working together. Of those, he said the most important was that if another group in the company took on some project related to compliance, such an internal audit, that the group finish whatever they take on.
4. Humility. O’Brien believes that humility is important because it empowers. Moreover, it can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. She reiterated her belief that business units should solve compliance issues, as compliance is really just another business process. Further, through such influence where you can get the business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. She ended by noting that it is not about being right but about moving the compliance ball forward in the right direction.
5. Negotiation. Here Snell said that negotiation should not be about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. He said that when faced with such a confrontation, he would try to determine what both sides wanted then give them something else in addition to what they thought they wanted. He provided the example of a CCO quietly listening and when the room is just right and all the participants are worn out, you, as the compliance practitioner, throw out an idea where the apparent loser in the argument receives even more than they thought they were asking for in the requesting. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No. He ended by saying that as a compliance practitioner you need to learn the art of compromise.
6. Triple ‘C’. What do the three C’s stand for? Calm, cool and collected. O’Brien believes that all company employees, up and down the chain, are watching the CCO. For this reason, she said that as a compliance practitioner you should be poker faced. To this end she keeps the sign “Keep Calm and Carry On” in her office. She believes that the Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? Snell agreed with O’Brien that there should be business unit ownership for every issue that comes into the compliance department. Yet, as a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. Finally, Snell ended by saying that a CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board.

Snell concluded by reminding us all that influencing is not a one-time activity. It is ongoing. Tying back to his original question of why the compliance function exists in the quantum it does today, he said that he believes a CCO or compliance practitioner exists to help influence a company to build a better business environment by acting more ethically and responsibility. By moving the ball forward in this manner, it may well lead to a country’s economy to be trusted which could well lead to greater economic development.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

SCCE 2014 Compliance and Ethics Institute

Next week, from September 14-17, the Society of Corporate Compliance and Ethics (SCCE) will hold its 13^th annual Compliance and Ethics Institute in Chicago. For my money, it is the top event for compliance practitioners held each fall. This year is no different and Roy Snell and his team have put together a fabulous event for anyone even remotely interested in the field of compliance and ethics. I wanted to highlight some of the reasons why you should attend and some of the reasons why I am attending.

The individual sessions are arranged into learning tracks to help facilitate course selection. Each track is arranged around a specific area of interest, enabling the attendees to quickly find the sessions that match their educational needs. The learning tracks are designed so that someone can follow one learning track all the way through, or hop around between them. The learning tracks include the following:

 General Compliance/Hot Topics

Here you can cover everything from Compliance 101 to hot topics like detecting identity theft and privacy breaches. This track will keep you up to date on everything that is currently happening in the compliance and ethics environment as well as bring you back to the basics and keep you grounded. Learn what you need to know from compliance & ethics officers, regulators, outside and in-house counsel, auditors, providers and industry experts.

Risk

This learning track, developed by Risk Track Program Chai, Greg Triguba, is designed to provide insight into how to effectively manage the risks your company faces. In today’s business environment, risk and how to effectively manage it has become a top priority for most organizations. The specific sessions are focused on top compliance and ethics risks. There will be interactive sessions led by experts in the compliance, ethics, and risk management field. Participants in this track will take a deep dive into important risk areas and will learn strategies for effectively managing these risks.

Ethics

This track allows you to immerse yourself in ethics. The SCCE believes, and I hardily agree, that there are few things more challenging or rewarding to manage than ethics issues. Moreover it is a topic upon which everyone has an opinion. The subtleties are great and they can make all the difference in the world. The sessions will cover the considerations that compliance and ethics professionals need to understand and manage effectively.

Case Studies

The Case Studies learning track is designed to present the facts detailing just what companies have actually done to effectively manage ethical challenges and will take you inside companies to show you how they have handled specific issues in real world situations.

Multi-National/International

For companies facing new and fast changing complexities, SCCE will present the International/Multinational learning track, which is chaired by Marjorie Doyle. This learning track will take a deep dive into the needs of the global compliance program and the topics that are creating the biggest challenges for global companies today.

Advanced Discussion Groups

There will also be the ever-popular Advanced Discussion Group. This learning track is designed for the more ‘Been there, done that?’ Join an advanced discussion group and share what you know. If you are an experienced compliance and ethics professional or are looking for a more interactive program, this provides you with the opportunity to gain greater insight and knowledge, as well as share back with others in our profession. Each Advanced Discussion Group session is designed to involve everyone in the room. There are no formal presentations, just discussion facilitated by industry experts.

Compliance Lawyer

Here we have a new offering for in-house and outside counsel practicing in any compliance related field. This learning track is designed to meet the specific needs of the legal community on the hot compliance topics for legal counsel. If you attend this learning track you will be rewarded with insights of value to your compliance practice and your clients.

But the SCCE National Compliance and Ethics Institute is much more than even these fabulous learning track sessions. One of the things that has always impressed me with the SCCE and this event is the way they use and treat vendors. The vendors are clearly viewed as a part of the overall compliance and ethics solution that we are all working towards, not as some sponsor who is simply there to peddle some wares in the farthest of the back rooms. So the vendors will be located in a large exhibit hall where they will be lined up for easy viewing and access.

Moreover, the exhibit hall doubles as the breakfast/coffee/refreshments/cocktail hour room. Each time there is a break and the conference delegates get together, you not only have the opportunity to visit with other compliance professional but view some of the newest, coolest and most useful products and services in the compliance space. Are vendors in business to make sales? That answer would be yes. But at the conference, they take up the mantle of education as much as any speaker and use the form to help educate compliance professionals on their offerings and how they can assist your company to move the ball forward in ethics and compliance.

On Sunday, September 14, SCCE is hosting two events, SpeedNetworking and SpeedMentoring, which you should consider. If you are looking to build out your network with like-minded ethics and compliance professionals, I would recommend you sign up for the SpeedNetworking session. It can be an enjoyable manner in which to connect with peers who share your challenges in a wide-range of compliance arenas.

If you are looking for a mentor in the compliance and ethics space, then the SpeedMentoring session is the place for potential mentors and mentees to be connected ‘face-to-face’. I would suggest that if you are a seasoned compliance professional and are willing to give back to the compliance profession by sharing your expertise, you should sign up to be a mentor.

Whichever option you choose you are in control of the people you connect with and are provided with an excellent opportunity to learn from others and grow long-lasting professional relationships. I hope that you will join my in Chicago next week. It looks to be a great event.

Information on the SCCE Compliance and Ethics Institute can be found be clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Pre-Acquisition Due Diligence Program for Evaluating Target Companies in M&A

I am just back from our nation’s capital attending the Society of Corporate Compliance and Ethics (SCCE) 2013 annual Compliance and Ethics Institute. If you have a chance to attend next year’s event in Chicago I urge you to do so. The sessions were first rate, topical and had great insights. The networking and sharing of information was also great. While the vendors were there to market their own products and services they were clearly part of the overall solution, so kudos to every company that showed at the event. Hats off to everyone on Team SCCE for doing a great job. Finally, to Roy Snell, Matt Kelly was right; you take the casual, hip look up to the next level, I wish I had your style.

One of the sessions I attended was entitled “Compliance Due Diligence In Multi-National Transactions: Mergers & Acquisitions and Third Parties”, led by Louis Perold, Legal Compliance Manager at Sasol Ltd., and Krista Muszak, Senior Compliance Analyst at Paychex, Inc. In this session, they laid out the steps that you should take when looking at an acquisition from the compliance perspective.

I.                   Review

They suggested a five step process which I thought was well laid out to show you how to plan and execute a strategy to perform pre-acquisition due diligence in the merger context. The process was as follows:

1. Establish a point of contact. Here you need to determine one point of contact that you can liaise with throughout the process. They suggested that typically this would be the target’s Chief Compliance Officer (CCO) if the company is large enough to have full time position.
2. Collect relevant documents. The documents suggested that you begin with are a detailed list of sales going back 3-5 years, broken out by country and, if possible, obtain a further breakdown by product and/or services; all JV contracts and due diligence on JVs and other third party business partners; the travel and entertainment records of the acquisition target company’s top sales personnel in high risk countries; internal audit reports and other relevant documents.
3. Review the compliance and ethics mission and goals. Here they said you should look at the Code of Conduct or other foundational documents that a company might have to gain some insight into what they publicly espouse.
4. Review the seven elements of an effective compliance program, as below:

A. Oversight and operational structure of the compliance program. Here you should assess the role of board, CCO and if there is one, the compliance committee. Regarding the CCO, you need to look at their reporting and access – is it independent within the overall structure of the company? Also, what are the resources dedicated to the compliance program including a review of personnel, the budget and overall resources?

B. Policies/Procedures, Code of Conduct. In this analysis you should identify industry practices and legal standards which may exist for the target company. You need to review how the compliance policies and procedures were developed and determine the review cycles for compliance policies, if any. Lastly, you need to know how everything is distributed and what are the enforcement mechanisms for compliance policies? The speakers pointed out that you should check with HR for terminations or discipline relating to compliance

C. Education, training and communication. Here you need to review the compliance training process as it exists in the company; both the formal and the informal. You should ask such questions as “What are the plans and schedules for compliance training?” Next determine if the training material itself is fit for intended purpose, including both internal and external training for third parties. You should also evaluate the training delivery channels. Is the compliance training delivered live, online, or through video? Finally, assess whether the company has updated their training based on changing of laws.

D. Monitoring and auditing. Under this section you need to review both the internal audit plan and methodology used regarding any compliance audits. A couple of key points are (1) is it consistent over a period of time and (2) what is the audit frequency? You should also try and judge whether the audit is truly independent or if there was manipulation by the business unit.

E. Reporting. What is the company’s system for reporting violations or allegations of violations? Is the reporting system anonymous? From there you need to then turn to who does the investigations and how are they conducted? A key here, as well as something to keep in mind throughout the process, is the adequacy of record keeping by the target.

F. Response to detected violations. This review is to determine management’s response to detected violations. What is the remediation that has occurred and what corrective action has been taken to prevent future, similar violations. Has there been any internal enforcement and discipline of compliance policies if there were violations? Lastly, what are the disclosure procedures to let the relevant regulatory or other authorities know about any violations and the responses thereto?

G. Enforcement Practices/Disciplinary Actions. Under this analysis, you need to see if there was any discipline delivered up to and including termination. If remedial measures were put in place, how were they distributed throughout the company and were they understood by employees?

5. Review the periodic evaluation of the program’s effectiveness. Under this they suggested a review of the target’s internal audit reports or outside investigations if they were performed.

II.        Red Flags

The speakers provided a short list of red flags that, should you determine exist, need to be further investigated and cleared. They listed the following:

• Ineffective compliance program elements
• Company in financial difficulty
• Frequent breach of policies and procedures
• Inactive compliance and ethics committee
• No access to the board
• No regular reports to the board
• CCO not allowed direct access to the Chief Executive Officer (CEO)
• Lack of independence
• Frequent requests to waive policies
• No consistent consequence management for violations

III.             Evaluation

The speakers also provided a ranking system which can be used to think through and evaluate the information that you have obtained. They proposed the following.

• Level 1 – Absent. There is no commitment to compliance illustrated by no dedicated resources, no formal compliance policy and the absence of a compliance program.
• Level 2 – Reactive. There is commitment to address compliance issues when major breaches arise.
• Level 3 – Foundational. While there is commitment to address compliance issues when major breaches arise, there is no formal compliance program but policies and monitoring activities are put in place to prevent the reoccurrence of major breaches.
• Level 4 – Proactive. There is a commitment to have a strong compliance program in place with dedicated resources and a clear assessment of all risk areas. The program encompasses ongoing monitoring and measurement as well as proactive and preventative elements.
• Level 5 – Embedded. The compliance program pervades the organization in every respect: strategically, culturally and operationally. Every staff member is aware of and takes appropriate responsibility for the effective implementation of the compliance program and its ongoing improvement.

I found their program a very useful session on how you should think through performing due diligence on a target in the acquisition context. With the Department Of Justice’s (DOJ’s) emphasis on pre-acquisition due diligence, as set out in last year’s FCPA Guidance, I think more companies will need to strengthen this portion of their compliance program.

And once again, a big thanks to SCCE for a great week at the Compliance and Ethics Institute 2013.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Be Relevant: How a Compliance Professional Can Influence Corporate Decision Making

So how do you influence decision making as a compliance professional? That topic was explored in a session at the Society of Corporate and Compliance (SCCE), 2013 national Compliance and Ethics Institute by presenters Jennifer O’Brien, Chief Medicare Compliance Officer, UnitedHealthcare Medicare & Retirement, and Shawn DeGroot, Associate Director, Navigant. They, together with a very participative audience, had some insightful thoughts for the compliance practitioner on “how to get to effective”.

The single best piece of advice O’Brien said that she had ever received came from the recently retired Chief Compliance Officer (CCO) of Microsoft, Odell Guyton. It was to “Be Relevant”. Although Guyton used that term in the context of senior management meetings, O’Brien thought it so profound that she applied it to all of her work as a compliance professional. In meetings, you have to know when to both speak up at the relevant times and then when to keep quiet.

Both O’Brien and DeGroot felt the single most important trait that a compliance professional could engage is to build relationships with others in your organization. This means that you have to get out of your office and meet people. It can certainly be corporate executives in the C-Suite but you need to get out into the field and be seen. Training was mentioned as one of the opportunities for you to get out of the office and into the field. By doing such training you do more than simply put a name on a face of the company’s compliance officer as the key is to build trust. You need to have employees trust that they can bring issues to you to report. They are much more likely to bring an issue to you if they have met you and have that personal connection.

O’Brien had some other thoughts about building relationships which I found interesting. Although she is an attorney by professional training and spent a good part of her early in-house career in a corporate legal setting, she emphasized that corporate compliance is very different than corporate legal. You have to answer the phone and be responsive to inquiries. I once worked in a corporate legal department where the standing joke was, call us and we might answer the phone. That type of attitude cannot work in a compliance department.

She also suggested that it is helpful for a compliance practitioner to explain the “why” of a decision and not simply be told what they can or cannot do. She said this helps alleviate the perception that compliance is simply the “Land of No” that many folks in operations or business development feel is the sole raison d’etre for the existance of a compliance department. Contrasting this attitude, once again, with some legal departments, which feel that they are the last bastions against the business folks in the company who seemingly giving it away in contract negotiations, compliance should be properly seen as a unified partner or system in business development (BD) or operations.

O’Brien has some good ideas to get in front of senior management. She said that she targets one person a month to try and meet or reconnect with in some fashion. But before you get in front of a senior executive, you should develop a strategic compliance work plan and use that information as an entrée into that executive. You can seek the executives buy-in to the issue or issues that you raise in the meeting. She cautioned that if it is the first time you are meeting with such a senior executive, you should do your homework and learn as much about them as you can. If you can talk about their family or their interests, it will be a good way to make that initial connection.

DeGroot had an interesting phrase which she added to the mix. It was “let the other person have my way”. By this she intended for other corporate stakeholders to move the compliance regime forward. She said to do so it was important to understand who were both your advocates and your opposition in the C-Suite. While sometimes it is more difficult, you should listen more closely to those who are in opposition to your ideas and plans because in may be that those persons have a more insightful critique which you will need to overcome. Also if you can convince those in opposition to you initially to support you, she believes that you can develop quite the powerful ally. She suggested that you try to determine the outcome desired by both your advocates and your opposition as she believes that often, in the corporate setting, the same outcome is desired, the difference is how to arrive there.

O’Brien concluded her portion of the session with some of her thoughts about the skill set she now looks for when she is hiring a compliance professional for her team. I found her list quite interesting and constructive. Several of these traits will follow the discussion above but she added some additional key elements. She enumerated what she looks for during the interview process.

• Visibility – A compliance professional needs to be comfortable getting out of the office and meeting others in the company, from the Board Room to the Shop Floor.
• Rapport – You have to develop a rapport with those who value and support you and those who might oppose you.
• Transparency – You cannot not answer the phone or hide or not ever answer questions. You must be responsive.
• Impose rigor – Sometimes you have to put your foot down and say no but more often it is requiring company personnel to follow company process and procedures.
• Be patient – You do not have to speak at every turn, sometimes the thing unsaid is more important.
• Be a role model – Compliance personnel must be seen to be doing things better and doing things right. You have to model your ethics to have credibility.
• Don’t overstep your role – Compliance does not have to answer every question. If others will not and it is their area do not get drawn in.
• Be an active listener – You have to work to be a good listener.
• Have a poker face – Even if you hear the worst story you have to maintain a calm demeanor and work through the process.

Both O’Brien and DeGroot ended their joint presentation by agreeing that the most powerful influence that a compliance officer can have is example. Lead by example and that will make management and the rest of the company sit up and take notice.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013