Hemingway and Trust and Respect for Compliance Leadership

On this day in 1899, Ernest Hemingway was born. To me, he was the greatest Man of Letters the US has produced. Probably like most of you all, I was introduced to Hemingway in high school through The Son Also Rises. It remains my favorite of his works but I have enjoyed many more of his novels, short stories and non-fiction work. I particularly enjoyed his Nick Adams short stories as I found them crisply written and with a conciseness of language that is not often found today, or perhaps in any other time. Hemingway was awarded the Pulitzer Prize in 1953 and the Nobel Prize for Literature in 1954. He died via suicide in 1962.

I thought about Hemingway and his writing style when reading the most recent Corner Office column by Adam Bryant in the New York Times (NYT), entitled “To Work Here, Win the ‘Nice’ Vote”, where he profiled Peter Miller, the Chief Executive Officer (CEO) of Optinose, a pharmaceutical company. Miller has some interesting leadership concepts that are applicable to the position of Chief Compliance Officer (CCO) 2.0 and how a CCO 2.0 could use influence to lead, not only in the compliance function but also across an organization.

Miller talked about one thing you rarely hear in the corporate world, which is to be nice. He garnered this concept because as a “young sales manager at Procter & Gamble. I had five salespeople working for me, and one of the guys was 55 and another guy was 48. They were really successful salespeople, so I realized that I couldn’t teach these guys anything about selling. Since I couldn’t teach them anything, I tried to cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way.”

Yet this apparent inability to lead in precisely the area he was tasked in leading led Miller to formulate “a very important core value of mine, which is that you can and should try to create friends at your company.” But more than simply becoming friends, Miller came to the understanding that underlying the friendship “is this concept of trust and respect. When you get that as a team, that’s when great things happen. And that comes from creating a culture of openness, of authenticity, of being willing to have fearless conversations. It’s about being yourself, not being afraid to say what’s on your mind.”

As a CCO, you need to be able to have that type of conversation with those both up and down your chain of command. Certainly it is always beneficial to have type of relationship with your team that allows the full flow of communication. Miller said, “Think about how people are with their best friends. You want them to succeed. And sometimes that means having really hard conversations. If that’s what’s motivating you — and you’re really trying to help everybody around you in a company as if they were great friends of yours — that’s really powerful.”

I was interested in using some of Miller’s insights in the managing up role for any CCO. You have to be able to have some very frank conversations with your CEO and Board members about your compliance program and any issues that may arise under it. As CCO if you “cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way” as Miller used with his more senior sales team members, it should certainly help you going forward when you have to manage up your chain.

I also thought about this somewhat enlightened approach as contrasted with another style that I read about in a recent On Work column by Lucy Kellaway in the Financial Times (FT) entitled, “Wrong skillset excuse masks coup at the top of Barclays”, where she discussed the recent termination of Antony Jenkins from Barclays Bank. The newly installed chairman of the company’s Board, John McFarlane, who simultaneously promoted himself to CEO, Jenkins former position, fired Jenkins. The reason Jenkins was fired; he no longer had the right “set of skills” for the organization. Chairman McFarlane explained to Kellaway that there were four skills going forward which (apparently) were lacking in Jenkins: “a) strategic vision; b) charisma; c) the ability to put plans in place that deliver shareholder value; and d) ability to ensure results were delivered.” Ironically, Kellaway noted that lawyers for Kleiner Perkins had said that Ellen Pao “was an employee who never had a skillset.”

Kellaway noted the obvious when she wrote “To invoke skillsets in hiring is not only ugly, but dangerous. Find the right person to run a very big bank is very hard, and having a list of skills that you are matching an applicant against is not necessarily the best way of going about it.” More ominously, she noted that the head of such bank would have to be able to reign in the traders and investment banker types who brought Barclays its unwanted regulatory scrutiny. More critically from the compliance perspective, I think it says much more about Chairman McFarlane that he did not say anything about a new CEO running the business ethically, in compliance or in any other manner which could help to prevent Barclays from another very large fine or penalty from the regulators.

McFarlane’s dictum is one that will certainly be noted by regulators on both sides of the Atlantic going forward. After the disastrous run by former Barclays’ head Bob Diamond, the bank was moving in the direction of regulatory compliance while securing the profits demanded by shareholders. However, McFarlane’s sacking of Jenkins could well derail the bank’s focus on ethics and compliance and engender the former attitude which led to the bank’s fine in the LIBOR scandal.

Unlike Peter Miller at Optinose, it does not appear that Chairman McFarlane appreciates the trust and respect style of leadership. I fear things may well turn out badly for Barclay’s yet again with the newly found emphasis on profits, profits and profits.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Never Tick Off a Redbird

At a Press Conference today, Satan officially announced that Hell has frozen over. He made this stunning announcement after the New York Times (NYT) reported that the baseball team with the most World Series wins in the history of the National League (NL), the St. Louis Cardinals, had hacked those paragons of virtue, enormity and the very symbol of baseball greatness, the Houston Astros, to view confidential information. The Cardinals have managed to win 5 World Series in the past 50 years; how many World Series have the Astros won? That would be a big fat nada, ZERO, none, zilch. The NL team with the most World Series wins in the past 50 years was caught hacking into the inner most secrets of one of the worst teams in that same time period. Where are Tom Brady’s deflated balls when you need them?

As reported by Michael Schmidt, in a piece entitled “Cardinals Face F.B.I. Inquiry in Hacking of Astros’ Network”, Major League Baseball (MLB) asked the FBI and Department of Justice (DOJ) to investigate the hacking of the Astros “Last year, some of the information was posted anonymously online, according to an article on Deadspin. Among the details that were exposed were trade discussions that the Astros had with other teams. No doubt expecting that nefarious rogue agents of the Chinese government (or worse-the Chinese military) were seeking to wreck havoc on the game once known as ‘America’s pastime’ or “Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in. The agents then turned their attention to the team’s front office.” Oops, those darn Chinese; they are never around to blame when you need them.

So move aside New England Patriots, with your petty attempts to manipulate footballs in a championship game. Stop allowing your quarterback to dictate how he uses the tools of his trade, footballs. Do not cheat and call it getting an edge; all of this makes you look like rank amateurs next to the St. Louis Cardinals. Act like a real team and enlist your front office executives to steal information from the worst team in football. For long term pathetic-ness, you might try the Oakland Raiders or just go with the current joke of a team, the Tampa Bay Buccaneers whose No. One draft pick, and now face of the franchise, was one of the most ‘ethically challenged’ college players in recent years. If you really want great information about poor football, steal it from the Jacksonville Jaguars. Bill Belichek, you are only limited by your imagination!

As to the Cardinals, what on earth could the Astros have that they could possibly want? Take the Astros record over the past five years; it’s the worst in baseball. You want a piece of that? How about secret information on the leadership savoir fare of the Astros owner ‘Mr. I am smarter than everyone in the room because I made a $100mm in business’ Jim Crane. Why be one of the best-run sports franchises, when you can mimic the Astros? First you can tell everyone how stupid they are because they do not understand how it is in your interest to try and lose; next why you should cut off over 70% of your fan base from even watching games on television so they will not see your joke of a team play and, finally, how to sue the prior owner who sold you the team for mis-representing the quality of the assets.

But do not stop with the owner. The apparent ire of St. Louis (never under-estimate a pissed off Redbird) was directed at a former Cardinal employee who left to become the General Manager of the Astros, Jeff Luhnow. Apparently the Cardinals were upset that the baseball knowledge in Luhnow’s head was now being used by the Astros. (Did I mention the Astros had baseball’s worst record for the past 5 years?) Of course, perhaps the Cardinals could learn how make an offer to the top draft pick in the annual amateur draft and then withdraw the offer so they could make a lower one, thereby losing two top draft picks. That certainly was a brilliant move by the Astros that you would want to use going forward.

The Cardinals action brings up one of the greatest areas of corporate angst; when a business gets its feelings hurt. Heaven forbid. No doubt having recently seen a recent late night showing of the movie Animal House the Cardinals decided not to get mad; they decided to get even. So with this newfound information gleaned from the Astros, it now clear how the Cardinals have been so successful. Not simply being content to cheat, they broke the law to hack into the confidential information of another baseball team to learn that other team’s secret. Now I know why the Astros have been so bad over the years; they had all their confidential information sucked out of their organization by the evil Cardinals. So that giant sucking sound you hear from south Texas is not American jobs going to Mexico because of NAFTA but all the confidential information being sucked out of the Houston Astros.

What are the lessons for a Chief Compliance Officer (CCO) or compliance practitioner? One lesson is it points to the myriad of reasons that companies and individuals engage in bribery and corruption. It is laughable to think that the St. Louis Cardinals, one of the best-run franchises’ in all of sports (or so we thought); could learn anything from the idiots who run the Astros. Yet here we are; out of spite, vindictiveness or just plain old malevolence, front office executives of the Cardinals engaged in conduct that has drawn the scrutiny of the FBI and DOJ. This points to other motivations than fidelity to monetary gain as a reason for bribery and corruption.

Also, cybersecurity is a compliance concern. What protocols to you have in place to protect your data? How will you respond to a breach? What happens if another member of the cartel your business is in engages in criminal activity against you? Will you demand that they are kicked out of the cartel?

I think it also points up how actually Doing Compliance differs from having a paper compliance program in place. Whether you use the McNulty’s Maxims formulations (What did you do to prevent? What did you do to detect it? What did you do after you found out about it?) or the FCPA Guidance formulation that a best practices compliance program should prevent, detect and remedy violations. I am relatively certain the St. Louis Cardinals had a policy against breaking the law by hacking into the database of another baseball team. With equal certainty, I am sure the Cardinals had no program to prevent or detect such illegal conduct for if they did, it would certainly appear they conveniently looked the other way.

Finally, American businesses need to wise up. Stop all the whining, moaning and complaining about data breaches from Chinese/Russian/Bulgarian/the Galactic Empire/the Borg/(name your Evil Empire); you are most at risk from other US companies. For if the best team in the history of the NL will break the law to steal the trade secrets and confidential information of one of the worst teams, is anyone safe? Further, what are the chances that the Cardinals have been trying to steal trade secrets from winning teams? That would be a number way too high for me to even imagine. Quit crying to Congress that it is unfair for you to be required to protect your own data or that it would cost you money or jobs; secure your data now.

Now for a free tip from my consulting company, Advanced Compliance Solutions-if you have super-secret confidential information, make sure it password protected. But more than simply password protected, change you password every 90 days. That is a good first step in case the St. Louis Cardinals come hacking your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Tribute to Sir Christopher Lee and Release of New Book for CCOs

Sir Christopher Lee died yesterday. For several generations of horror movie fans, he was simply Dracula, having starred in the role for Hammer Films in the 1950s through the 1980s. Yet for another couple of generations of movie aficionados, he was known for his work in the later Star Wars series as Count Dooku in both Star Wars: Episode II — Attack of the Clones and in Star Wars: Episode III — Revenge of the Sith. He was also the wizard Saruman in Peter Jackson’s Lord of the Rings films.

His characterization of Dracula may have been closer to what Dracula’s creator, Bram Stoker, had envisioned. According to his obituary in The Telegraph, Lee “imbued the character with a dynamic, feral quality that had been lacking in earlier portrayals.” The first Hammer Dracula film was the most successful. The Telegraph stated, “With Cushing cast this time as the vampire hunter, Dracula (retitled Horror of Dracula in America) was a box-office success for Hammer and horror aficionados at the time labelled it “the greatest horror movie ever made”. Lee also regarded it as the best of the series of Dracula films that he made with Hammer. “It’s the only one I’ve done that’s any good,” he recalled. “It’s the only one that remotely resembles the book.””

Lee’s creativeness and greatness in the roles he has played lead-in to my topic today. I am extremely pleased to announce that my latest book CCO 2.0 | Internal Marketer and Soft Skills Required has been published and is now available from Compliance Week. CCO 2.0 provides the Chief Compliance Officer (CCO) and compliance practitioner with some of the most current ideas on the types of skills that a compliance officer might need and how to market the compliance function within the corporate environment.

In the Internal Marketer section, I take on such topics as The Five Golden Rules of Internal Marketing Compliance; Internal Marketing of a Compliance Program; Getting Employees to Care about a Compliance Program; Getting Your Employees to Internally Market Your Compliance Program; Internal Advertising of Your Compliance Program and Funding Your Compliance Program.

In the sections of soft skills I discuss skills the CCO or compliance practitioner can use to move forward the compliance agenda in a company. I discuss such topics as the use of influence by a CCO; Four Keys to Compliance Leadership; the CCO as Chief Persuasion Officer; the CCO as Chief Collaboration Officer; Communications tips for the compliance professional; putting compliance at the center of strategy and why compliance is different than legal function.

The book is available in paperback and eBook formats and you can find both by clicking here.

While you are on the Compliance Week site, I would also suggest that you take at look at my seminal work on creation, implementation and enhancement of an anti-corruption compliance program, Doing Compliance. If there is one book in your library on how to do compliance, this book is it. In this book I discuss the requirements to build, and execute, a modern compliance program. With a focus on anti-bribery and anti-corruption issues, the book first reviews the basic building blocks a compliance officer needs (code of conduct, policies and procedures, internal controls), moves on to address the proper role and autonomy of a CCO, delves into the most important CCO duties (risk assessment, training, investigations), and always offers practical examples and advice for how a compliance program should work.

Best of all, the paperback and eBook both have newly reduced pricing which should make it a ‘must have’ for every member of your compliance team. The book is available by clicking here.

Finally, if you have not yet checked out my podcasts, after you check out my latest two books, published by Compliance Week, you should head over to the FCPA Compliance and Ethics Report or iTunes to check out the latest editions. Some of the highlights are:

Episodes 163 and 166 deal with the FIFA indictments.

Episode 164 – MissionLogPodcast.com co-host John Champion returns to discuss Star Trek – The Next Generation (TNG) and the leadership lessons from Season One of TNG.

Episode 165 – I discuss the BHP FCPA enforcement action and its implications for the compliance practitioner as a strict liability standard because there was no evidence of bribery presented by the Securities and Exchange Commission (SEC).

Episode 167 – Mara Senn returns to share her top ten practices for cross-border investigations. Senn has some important and useful tips to help the CCO or compliance practitioner think through an approach for an international FCPA investigation.

Episode 168 – Noted criminal defense attorney Dan Cogdell discusses criminal procedure and funding your defense costs, in the defense of an individual Foreign Corrupt Practices Act (FCPA) enforcement action. With all the talk coming about the Department of Justice (DOJ) and FCPA commentariat about the need for individual prosecutions, this episode is timely.

Lastly, after you have purchased my two latest books and checked out my podcasts, I would urge you to head on over to Netflix and settle in with Sir Christopher Lee and his great Hammer films. They are the top of 1950s horror movies.

A happy weekend to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Doing Compliance in an Economic Downturn, Part IV – Testing, Peer Groups and Talent Development

Today we celebrate the conquest of what the Tibetans call “Mother Goddess of the Land” and what the rest of us call Mount Everest. For on this date in 1953, Sir Edmund Hillary of New Zealand and Tenzing Norgay, a Nepalese Sherpa, became the first explorers to reach the summit of the highest point on earth. News of the success was rushed by runner from the expedition’s base camp to the radio post at Namche Bazar, and then sent by coded message to London, where Queen Elizabeth II learned of the achievement on June 1, the eve of her coronation. The next day, the news broke around the world. Later that year, Hillary and Norgay were both honored by the queen for their momentous achievement.

One of the things that made Hillary and Norgay’s ascent to the summit of Everest was the overall integration and teamwork of the entire group. The British team was led by Colonel John Hunt who set up a series of camps, allowing the expedition to push its way up the mountain in April and May. A new passage was forged through several previously un-surmounted obstacles to bring the team to about 26,000 feet. The first assault to the summit was launched on May 26 by Charles Evans and Tom Bourdillon, however they had to abandon their assent 300 feet from the top due to malfunctioning oxygen sets. Three days later, Hillary and Norgay were successful. In other words, teamwork and process were key to their success.

The accomplishment achieved by Hillary and Norgay drives the conclusion of my series on the steps you can take to improve your Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program and overall compliance function during a period of economic downturn. So when faced with reduced monetary resources and lessened head count you might want to consider the teamwork of compliance. To that end you might use a strategy of developing compliance talent and relationships for the compliance function. You could initiate a compliance talent development group where you rotate high potential individuals in your company through the compliance function in some manner.

My suggestion would be to work with senior management and your Human Resources (HR) function to identify some of the key talent within your company. They can come from any other area of the company; such as accounting, finance, internal audit, HR itself, sales or any other discipline. From there you can task them to lead a working group on a compliance related project. The project itself can be any project you would like to try and implement when funding becomes more available.

One company I worked at had such an organization called the President’s Team which was an annual group that developed projects for the company Chief Executive Officer (CEO). The concept is the same but the goal is having the high talent employees learn more about compliance. Equally important for you as the compliance practitioner is to develop relationships with such up and comers so you can access to them if they continue to progress up the corporate chain. Remember it is important to have relationships with those in power and those who will be in power.

In addition to the talent development group, you should also revisit your interactions with your Board or Audit Committee. You need to re-emphasize to them their responsibility for compliance going forward and that it will not diminish simply because the price of oil has gone south or any other reason why you may be in an economic downturn. If there are emergency projects or others which you believe should take priority this would be a good time to inform and educate the Board on them so that you can continue to maintain as much funding as is possible. This could come into play if you have a number of whistleblower complaints to triage and review in short order due to employee layoffs. But if you did not establish those relationships ‘yesterday’, you probably cannot call on them ‘tomorrow’ so you need to make sure they are in place now.

Another idea that you can try is something along the lines of a client advisory committee or peer group review. You can put together a peer group to help advise your compliance function. After all, one of your constituent groups is your employee base. So why not turn to that group to find out what is working and perhaps their views on what is not, in their eyes, from the compliance function. If they can provide feedback to you on how to streamline a compliance process you might well be able to incorporate such suggestions going forward. They will be aware of the resource constraints the company is under so it could be an avenue which you have not previously used. Further, as with the talent development group concept, you would have the opportunity to develop relationships with other leaders in your organization. Finally, the group would have greater investment in the compliance function going forward.

Next is one of your highest risks, that of third parties, which most compliance practitioners recognize as their highest risk in any FCPA anti-corruption compliance program. This risk does not lessen simply because of a downturn. My suggestion is that you test and review all of the indicia around the lifecycle of your third party risk management program. This is not a forensic audit or even standards that an auditor might use. But you can test and you can test the documentation around your program at little to no cost.

The lifecycle of a third party is the following: (1) Business justification, (2) Questionnaire, (3) Due Diligence and Evaluation, (4) Contract negotiation, and (5) Managing the relationship thereafter. You can perform testing on all of these steps by reviewing the documentation in your third party database. For each third party you should confirm that there is documentation in each file, which supports each of the five prongs. In addition to the document, document, document aspect of this exercise, you can also use it as a cross-check on your internal control mapping for each validated prong so this can also be considered an internal compliance control.

I hope that you have found some of these ideas for improving your compliance function in an economic downturn useful. Perhaps they have stimulated ideas or discussions within your organizations going forward. If you have any other ideas which you would be willing to share, I hope that you will pass them along to me. We are all in this compliance ride together anything we all can do to move things forward is progress in my mind.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Economic Downturn Week, Part II – The Golden Gate Bridge and Employment Separation – Hotlines and Whistleblowers During Layoffs

Today, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80^th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

 

Compliance Week 2015 Wrap Up

Compliance Week 2015 has ended. This year was the tenth anniversary of the annual conference and in many ways I found it to be the best one yet. Matt Kelly and his team put together a conference and experience, which was absolutely first-rate. If you were not able to make this year’s event, I hope you will join us for Compliance Week 2016, which Matt announced the dates for at the conclusion of this year’s event. The dates for 2016 are May 23-26, back of course in Washington DC to be held yet again at the Mayflower Hotel. I wanted to give you some of my thoughts on the highlights of this year’s event and what made it so unique.

At my age, I am somewhat loathe to channel my teenage daughter but the first thing that I noticed was a very different vibe this year over past year’s conferences. From the Cocktail Party reception held on Sunday night, all the way through the conclusion of the event, there seemed to be an air that I have not quite been able to put my finger on. It was more than an acknowledgement and perhaps even an excitement about how far the compliance profession has come in the past ten years. While I have written about the Chief Compliance Officer (CCO) and compliance profession as CCO 2.0, I had the feeling that we may be moving on to CCO 3.0, as that was even the title of a session.

But this vibe was more tangible than simply a feeling. One key ingredient for me was the use of social media into the conference experience. While many events have a conference app, which can provide you information on such things as the agenda, speakers and their presentations, room locations and the like; the Compliance Week 2015 app was fully interactive, allowing you to live tweet, send IM to fellow conference attendees and receive text messages when a room changed or other conference alteration occurred. It also provided a virtual help desk for all attendees.

Many of sessions were led by CCOs from major corporations and they were able to provide a strategic vision of where they were going at their organizations. This was kicked off from the start of the conference, from the first panel on the first day where the CCOs from Boeing, GE and the Director of Compliance for Wal-Mart began the event. Obviously these are three of the largest companies in the US and do business on a worldwide basis. Yet, while sharing their strategic visions, each one was able to provide a solid example from their respective organization that a CCO or compliance practitioner from any sized company could implement. From Wal-Mart with a workforce of 2.2 million employees, it was keep the message simple. From Boeing, it was incorporate any compliance failures as teaching moments or lessons learned into your internal compliance training going forward. From GE, it was how to inculcate and incorporate compliance into your everyday business planning.

The conversations were excellent as usual. I led the FCPA conversation and there were several alumni present, who told me they look forward to attending each year. One of the reasons is that there is no avenue in their hometowns to get together in an environment to discuss issues of mutual concern. It is concept that Mike Snyder and I used in founding the Houston Compliance Roundtable. A place where you can ask any question and have it answered by another compliance professional in an environment where Chatham House rules apply. While I certainly started the discussion, it quickly became fully interactive with all participants sharing their views on a variety of topics. While we have some great compliance talent in Houston at our Roundtable, it cannot top the level of maturity and sophistication present at the Compliance Week annual conference. We all benefited from the experience.

This experience was doubled when I led a breakfast event on Tuesday. While an inducement to attend was a complimentary copy of my book Doing Compliance, there were 25 attendees who joined me for a very engaging and free-flowing conversation about the state of compliance, we practitioners and where enforcement may be heading. Compliance Week treated us all to breakfast and, once again, I probably learned as much as any one. But since Chatham House rules were in effect, I cannot report on any of the substantive things that were discussed. I will share with you that I am excited to lead such a breakfast again next year and I hope you will be one of the 25 to sign up.

As always there were a number of government representatives who spoke at Compliance Week again this year. For me, the parade was led by Department of Justice (DOJ) Assistant Attorney General Leslie Caldwell. While I will be writing further, and in more detail, about Caldwell’s remarks, she said a few things that I think bear emphasis. One was that compliance professionals need to work towards more data analytics in the form of transaction monitoring to assist in moving to a prevent and even predictive and prescriptive mode for your best practice compliance program. Next she emphasized that your compliance program must not be static but must evolve as your business risks evolve. Finally, and much closer to my heart, were her remarks that you need to “sensitize your business partners to compliance.” It was if she was channeling her inner Scott Killingsworth with his groundbreaking work on ‘Private-to-Private’ or P2P compliance solutions. Or, as I might say, she was advocating a business solution to the legal problem of bribery and corruption across the globe.

But Caldwell was not the only DOJ representative as we had Laurie Perkins, Assistant Chief, Foreign Corrupt Practices Act (FCPA) Unit and Kara Brockmeyer, Chief, FCPA Unit; Division of Enforcement from Securities and Exchange Commission (SEC), on a panel moderated by yours truly. First I would urge that if you are ever asked to moderate a panel with FCPA enforcers and regulators, jump at the chance. The reason is that you get to ask the questions you want answers to; even if you get past your prepared questions, when there is a lull in questions from the audience, you can follow up with something you want to know or in my case always wanted to know. So I asked some basic questions like: What is Criminal Information? (to Perkins) and Could you explain the process for the SEC’s Administrative Procedure? (to Brockmeyer). I was certainly enlightened by their answers to both questions.

The event sponsors were of course there to provide information on their solutions to assist any compliance practitioner. If you have never been to an event at the Mayflower Hotel in Washington, the conference rooms are along a wide hall that allows good people flow and adequate room for the sponsors and others to set up, meet attendees and discuss their products and services. I view the sponsors and vendors as a part of the compliance solution going forward and while they are clearly there to sell; they also engage in a fair amount of education. But the education runs both ways with many compliance practitioners communicating needs they have which can be incorporated into new product developments.

Unfortunately Compliance Week 2015 had to come to an end. But the feeling, information and new friends I met will last with me until Compliance Week 2016 next year. I hope you will plan to join me.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

King Arthur Week – the Pentecostal Oath and Code of Conduct – Part II

One thing for which King Arthur is remembered are his chivalric knights. He helped create this legend, in large part, by establishing a Code of Conduct for the Knights of the Round Table. The King required each one of them to swear an oath, called the Pentecostal Oath, which was Arthur’s ideal for a chivalric knight. The Oath stated, “The king established all his knights, and gave them that were of lands not rich, he gave them lands, and charged them never to do outrageousity nor murder, and always to flee treason; also, by no mean to be cruel, but to give mercy unto him that asketh mercy, upon pain of forfeiture of their worship and lordship of King Arthur for evermore; and always to do ladies, damosels, and gentlewomen succor upon pain of death. Also, that no man take no battles in a wrongful quarrel for no law, ne for no world’s goods. Unto this were all the knights sworn of the Table Round, both old and young. And every year were they sworn at the high feast of Pentecost.” (Le Morte d’Arthur, pp 115-116)

Interestingly, the Oath first appeared in Sir Thomas Malory’s Le Morte d’Arthur and in none of the prior incarnations of the legend. In Malory’s telling, after the Knights swore the Oath, they were provided titles and lands by the King. The Oath specifies both positive and negative conduct; that is, what a Knight might do but also what conduct he should not engage in. The Pentecostal Oath formed the basis for the Knight’s conduct at Camelot and beyond. It was clearly a forerunner of today’s corporate Code of Conduct.

The foundational document of any Foreign Corrupt Practices Act (FCPA) compliance program is its Code of Conduct. This requirement has long been memorialized in the US Sentencing Guidelines, which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements the Department of Justice (DOJ) has crafted its minimum best practices compliance program, which is now attached to every Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA). These requirements were incorporated into the 2012 FCPA Guidance. The US Sentencing Guidelines assume that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct”.

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)

An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws.

In the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) state, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program the DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.

In each DPA and NPA over the past 36 months the DOJ has stated the following as item No. 1 for a minimum best practices compliance program.

1. Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy shall be memorialized in a written compliance code.

In an article in the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual, 2nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your FCPA compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands the Code. For employees, it is important that a representative of the Compliance Department, or other qualified trainer, explains the standards set forth in your Code of Conduct and answers any questions that an employee may have. Your company’s employees need to attest in writing that they have received, read, and understood the Code of Conduct and this attestation must be retained and updated as appropriate.

The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed their Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to “wave in a defense situation” by claiming that “see we have one”. But is such a legalistic code effective? Is a Code of Conduct more than simply, your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?

Just as the Pentecostal Oath was required to be sworn out each year, you should have your employees recertify their adherence to your Code of Conduct. Moreover, just as King Arthur set his expectations for behavior your company should do so as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

King Arthur Week, King Arthur and Leadership – Part I

I have been studying the legend of King Arthur and thought it would be good idea to have a week of blog posts around the legend of King Arthur, the Roundtable and his knights. Today I begin with King Arthur and some leadership lessons that might apply to a Chief Compliance Officer (CCO), compliance practitioner or others who might be responsible for an anti-corruption compliance program based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or similar anti-bribery law.

According to the legends, King Arthur achieved quite a bit in one lifetime. He, established a kingdom, ruled his castle, Camelot and brought peace and order to the land based on law, justice, and morality. He founded an order known as the Knights of the Round Table where in all knights are seated as equals around the table, symbolizing equality, unity, and oneness. Nicole Lastimado, in a blog post entitled “Characteristics of a Good Leader 🙂”, identified five characteristics that she believed made Arthur a good leader.

Adapting Lastimado King Arthur was (1) Honest, in that he displayed sincerity, integrity, and candor in his actions. (2) Intelligent, because he read and studied. (3) Courageous, because he had the perseverance to accomplish a goal, regardless of the seemingly insurmountable obstacles. (4) Imaginative because he adapted by making timely and appropriate changes in his thinking, plans, and methods. Finally, (5) Inspiring, because through demonstrating confidence, he inspired his knights and those in his Kingdom to reach for new heights. I would add as a separate category that Arthur led from the front.

I thought about those qualities when I read a couple of recent articles in the Houston Chronicle. The first was by the Chronicle Business Columnist, L. M. Sixel, entitled “Leaders possess the keys to safety”, and the second was an Op-Ed entitled “Trust Shaken”. Both articles discussed corporate issues that have led to catastrophic injuries or even deaths and more importantly how the entities involved reacted. The first article discussed safety at the workplace and the second health issues in the processing of food products.

In her article Sixel, wrote, “A company truly interesting in making sure its workers are safe has to come up with ways to make it easy and risk-free to bring up potential safety problems.” Moreover, the corporate attitude which fosters this “starts with leadership.” She cited to Frank Reiner, the president of the Chlorine Institute, who recently said in a speech to the group’s annual conference in Houston “You have to eliminate the fear.” Additionally, “Once the cause is identified, similar accidents can be prevented, he said. The message that people are free to come forward to talk about what went wrong and why has to come from the top down. Identifying problems not only is everyone’s responsibility but also a companywide expectation.”

Equally important is for a company to learn from its mistakes. Obviously there should be a root cause analysis after a disaster. At the same conference, the Keynote Speaker, John E. Michel, a retired U.S. Air Force brigadier general and author of The Art of Positive Leadership: Becoming a Person Worth Following, said “After a disaster, there is a big investigation to find out why it happened and fix the problem before it can happen again. Sometimes, whole fleets are grounded after an airline crash.” However Michel noted that it is important to keep learning even if there is no disaster. Michel “likes to pay attention to “near misses” and learn from the times things could have gone horribly wrong but didn’t” and that “There are debriefing sessions even when things go well on a flight mission and there are always tweaks to be made.”

Another speaker at the conference Mark Briggs, area director of the Houston South office for OSHA, noted it was important for employees to feel their suggestions and comments around safety are considered by management, saying “You have to show you care and that’s its not just a one-month project.” If management shows that it takes employee recommendations around safety seriously, it will help employees down the chain feel more secure about bringing them to management’s attention.

The Chronicle Op-Ed piece focused on one of the most beloved institutions in the great state of Texas – Blue Bell Ice Cream. Unfortunately for Blue Bell, in March there were five cases of listeria in Kansas, linked to a Blue Bell plant. Three of those persons died, “although a Kansas health official stated that the listeriosis was not the cause of death.” The Chronicle piece noted that after that initial discovery, “multiple strains of listeria have been found in its Brenham and Oklahoma plants, almost 500 miles apart, according to the CDC [Center for Disease Control and Prevention]. Possible explanations include lax safety standards, extremely bad luck striking twice or some undisclosed manufacturing issue.”

A The Texas Tribune article by Terri Langford, entitled “State Health Tests Prodded Blue Bell Recall”, said, “The crisis for Blue Bell began on March 13, when Kansas officials determined that Listeria-tainted portions of the company’s ice cream made it into products served to five hospital patients between January 2014 and January 2015. Of the five who became ill, three died. By March 24, Kansas officials traced the source of the listeria to Blue Bell’s plant in Broken Arrow, Okla., built by the Texas company in 1992. On April 3, the Centers for Disease Control had traced Blue Bell’s Listeria strain to six other patients going back to 2010. Four had been hospitalized in Texas for unrelated problems when they became sick from listeria. Five days later, on April 8, the CDC had identified two clusters of Blue Bell listeria victims. The strains were traced to the plants in Oklahoma and Texas.”

Yet it was not until Blue Bell was notified by a representative from the Texas Department of State Health Services, that “lab tests on two Blue Bell ice cream flavors — Mint Chocolate Chip and Chocolate Chip Cookie Dough — came back “presumptive positive” for the deadly bacteria Listeria monocytogenes” that the company announced it was pulling product from its shelves for testing.

What are the lessons from for the CCO or compliance practitioner? You should channel your inner King Arthur and lead. You have to lead management to understand that one of the best sources of information on your own business is your employees. There is a reason the FCPA Guidance lists internal reporting as one of the Ten Hallmarks of an Effective Compliance Program. You must give employees a way to report misconduct and then you must use that information to investigate and communicate to employees going forward. If there are lessons to be learned use those lessons for in-house compliance training. If a true catastrophe or disaster befalls the company, do not wait to remediate. Do so as soon as is practicable, not when the government calls.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Lee Surrenders and Hanson Wade’s Oil & Gas Supply Chain Compliance Conference

Today we celebrate one of the most momentous anniversary’s in the history of the United States, for it was on this day in 1865, 150 years ago, that Confederate General Robert E. Lee surrendered his Army of Northern Virginia to Union Commanding General Ulysses S. Grant at Appomattox Courthouse, effectively ending the American Civil War. Fighting continued for several more weeks to come, however with Lee’s surrender the Civil War had, in all intents and purposes, ended.

Lee and his troops were forced to abandon the Confederate capital of Richmond, they were blocked from joining the surviving Confederate force in North Carolina, and were harassed and outrun by Union cavalry, who took 6,000 prisoners at Sayler’s Creek. With desertions mounting daily the Confederates were surrounded with no possibility of escape. On April 9, Lee sent a message to Grant announcing his willingness to surrender and in the afternoon they met at the home of Wilmer McLean and agreed to the terms of surrender.

Although politicians would later change these terms quite dramatically, Grant is said to have told his officers, “The war is over. The Rebels are our countrymen again.”

Later this month, from April 28-30, Hanson Wade is putting on its annual conference in Houston. It is the “Oil and Gas Supply Chain Compliance” conference, now in its 5^th year, and once again the list of speakers is simply stunning. It includes the following Chief Compliance Officers (CCOs) and senior compliance folks: Dan Chapman, Cameron; Brian Moffatt, Ethos Energy, Jay Martin, Baker Hughes; Marcel De Chermont, Acteon Group, Jan Farley, Dresser-Rand; John Sardar, Noble Energy and a host of other luminaries in the field of Foreign Corrupt Practices Act (FCPA) compliance. Even if you live outside of Houston, the FCPA compliance talent at this event will rival any other event in the US and for such an event not held in Washington DC or New York City, it is simply outstanding.

Some of the panels and topics for discussion include: Applying Culturally Sensitive Approaches To Deliver A Core Compliance Methodology For A Variety Of Countries And Risks; How to Meaningfully Engage Your Business Operations in Taking Greater Compliance Ownership; Avoid The Risk Of Cavalier Behaviour Across The Supply Chain In The Face Of A Challenging Economic Climate; How To Deliver Cost-Effective, Risk Based, Function Specific Compliance Training; several in-depth presentations on Supply Chain and Third Party due diligence. These are but some of the sessions and there are many other excellent panels, sessions and speakers which I have not mentioned.

Recently the Event’s Chairperson, Dan Chapman, Vice President, Chief Ethics and Compliance Officer for Cameron, talked about some of the issues that will be discussed in this year’s conference. Chapman said, “Supply chain is, in my mind, a critical part of compliance and creating awareness throughout the business as to when and where you should apply compliance principles is a key focus. For me the industry has evolved in recent years, and our organizations tend to now have strong legal teams who understand anti-bribery and corruption legislation. Not only this, they now have the ‘tone from the top’. Where I feel that work needs to be done is practically embedding compliance into operational processes, and becoming a true and valuable partner to the business. With the current state of the oil price, we’re likely set for reduced budgets and increased risk, which makes it more important now than ever to share stories, materials and solutions to effectively mitigate compliance risk while enabling business delivery.”

I will be speaking at the conference on internal controls but I am extremely pleased to be co-leading an in-depth workshop on the third day of the event, with Joe Oringel, guest blogger and Managing Director at VisualRisk IQ. In our workshop, you will learn how to implement a system of data-driven monitoring controls and documents to measure the effectiveness of your compliance program and get you through a Securities and Exchange Commission (SEC) investigation. During our 3 hour session we will go into the weeds on the following:

• Understanding what internal controls are required under a best practices compliance program;
• Recognizing what FCPA enforcement actions tell us about internal controls in an anti-corruption compliance program;
• Getting to grips with what the SEC expects you to have in place;
• Competently documenting the effectiveness of your internal controls;
• Understanding best practices and a methodology for the use of data analytics in compliance and ethics organization;
• Prioritizing business and compliance questions that can be answered with analysis of digital data; and
• Identifying a learning plan and resources to enhance your team’s data analytics expertise

I hope that you can attend this most excellent FCPA conference with the two-day sessions on April 28 and 29 and the workshop day on April 30. Very few FCPA conferences focus on Supply Chain and the information that you will receive at this one will be first rate. Finally, Hanson Wade has allowed me to offer a 20% discount to readers of my blog. You can obtain it by entering the code TFLaw20 when you register online. For the conference brochure and full details regarding the agenda and registration, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Tribute To Eddie LeBaron and CCO as Compliance Project Sponsor

Today we celebrate Eddie LeBaron, who died last week. LeBaron was a diminutive pro quarterback for 11 seasons in the National Football League (NFL) in the 1950s and 1960s. He was also a lawyer and decorated veteran, having been awarded the Bronze Star during the Korean Conflict. In his New York Times (NYT) obituary, Frank Litsky wrote “In a position where players are now routinely 6 feet 3 inches or taller, LeBaron was 5-foot-7, and his weight never reached 170 pounds. But he had no fear of scrambling.” LeBaron quarterbacked the Dallas Cowboys from 1960 to 1963, before handling the reins of Coach Tom Landry’s offense over to Don Meredith with his retirement. After his retirement he worked as a color analyst for CBS Sports, who covered the NFL in those days. One of the things that I remember from his commentary work was the need for planning in any game plan. It was one of the first things I recall learning about pro football.

One of the skills you may be called upon as a Chief Compliance Officer (CCO) or compliance practitioner is the initiation, integration or enhancement of a Foreign Corrupt Practices Act (FCPA) compliance solution into an organization. Most assuredly, one of the things that is not taught in law school or in any compliance course is project management. As CCO, you may either lead such a project on a day-to-day basis or you may take the role of project sponsor, while delegating the day-to-day running of the project to a compliance practitioner in your group.

I thought about this issue when reading a recent article in the MIT Sloan Management Review, entitled “How Executive Sponsors Influence Project Success”, by Timothy J. Kloppenborg and Debbie Tesch. In their article they note, “The role of a project sponsor is often overlooked. But for every stage of a project, there are key executive sponsor behaviors that can make the difference between success and failure.” I found their article has some excellent tips for the CCO or compliance practitioner who may be facing such a task. The authors break the project life cycle stage into four stages: (1) Initiating Stage; (2) Planning Stage; (3) Executing Stage; and (4) Closing Stage.

I.   Initiating Stage

In this stage there are three key activities that a sponsor should pursue. First, the sponsor needs to set the performance standards. This “can be accomplished in the project charter by stating goals about the project’s strategic value and how it will be measured.” But beyond the written details there must be a “clear understanding of expectations about performance” of which dialogue is critical. Second, the project sponsor must mentor the project manager, whose key responsibility is to explain, “how the project fits into the big picture, defining the performance standards and helping the project manager set priorities.” Finally, the project manager must establish the project priorities, with the “most compelling” questions being “what needs to happen first and how should conflicts by settled?”

II.  Planning Stage

In the Planning Stage the authors believe that there are two critical project sponsor behaviors. The first is to “ensure planning” activities are completed by providing “leadership so that the project manager and team can set goals that align with the vision and broader organizational goals. The second is to “develop productive relationships with stakeholders”. This means frequent meetings and communications. Interestingly, the project sponsor should not only see that “needs are identified and understood” but also make “sure that stakeholders’ emotional concerns are given adequate consideration.” Admittedly this is not something lawyers do particularly well but it is mandatory for the CCO or compliance professional.

III.  Executing Stage

In the Execution Stage the authors identify three elements. First the project sponsor must “ensure adequate and effective communication.” This means that regular communications must occur as the project progresses “to make sure that expectations are met.” However this may require the project sponsor to “stand ready to manage the organizational politics with internal and external stakeholders.” Second, a project sponsor must work to help “maintain relationships with stakeholders.” This element helps facilitate the project manager and project team communications noted in the first element. Here the project sponsor should be “open to direct feedback from team members” to ensure that expectations are met. Finally, the project sponsor should work to “ensure quality” by practicing “appropriate decision-making methods and work to resolve issues fairly.”

IV.  Closing Stage

Finally, in the Closing Stage the authors write that there are two elements that project sponsors should emphasize. The first is to “identify and capture lessons learned.” They should be properly “categorized, stored and distributed in such a manner that future project teams will be able to understand and capitalize on”. The second element is to “ensure that capabilities and benefits are realized.” Capabilities, the authors suggest, “could include employees becoming more committed and more capable”. Further, that processes are “more effective and efficient.” Benefits relates to “verifying that the deliverables that were specified at the beginning were actually provided, work correctly and satisfy customer needs.”

To the extent they know much about project management, most CCOs or compliance practitioners are aware of the “iron triangle” of factors to determine a project success. The authors define these as “cost, schedule and performance.” But the authors’ research has led them to conclude that for a project to be a success it must meet an organization’s expectations. The next evaluative point is did the project come in on time, within budget and to the project’s specifications? Finally, did the project succeed in bringing its touted positive benefits to the organization?

By using the steps the authors have outlined, a CCO can think through the organization and ongoing performance of a project to set it up for success. Equally importantly for the CCO, if the project management has been delegated to compliance team members or with other disciplines inside your organization, such as legal, internal audit, IT or human resources; the continued involvement of a CCO as the project sponsor can be key component. The authors posit, “for every project stage, there are success factors that project sponsors should consider” and that a CCO must engage in an ongoing and continual dialogue with the project manager. Finally, key lessons learned should be captured and used down the road to help facilitate other projects or issues as applicable.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015