Halloween is almost upon us, and we celebrate the greatest Halloween cartoon in the history of the world, “It’s the Great Pumpkin, Charlie Brown,” which premiered in 1966. As usual, the story revolves around the Peanuts gang, who are preparing for Halloween. Linus writes his annual letter to the Great Pumpkin despite Charlie Brown’s disbelief, Snoopy’s laughter, Patty’s assurance that the Great Pumpkin is a fake, and even his sister Lucy’s violent threat to make her brother stop. On Halloween night, the gang goes trick-or-treating. On the way, they stop at the pumpkin patch to ridicule Linus for missing the festivities, just as he has done every year. Undeterred, Linus is convinced that the Great Pumpkin will come and even persuades Charlie Brown’s little sister, Sally, to remain with him to wait. At 4:00 AM the following day, Lucy wakes up and notices that Linus is not in his bed. She finds her brother asleep in the pumpkin patch, shivering. She brings him home and puts him to bed. Later, Charlie Brown and Linus are at a rock wall, commiserating about the previous night’s disappointments. Although Charlie Brown attempts to console his friend, admitting he has done stupid things, Linus angrily vows that the Great Pumpkin will come to the pumpkin patch next year.
The compliance lesson from Linus’ adventure is process validation. Unlike Santa Claus, whom we have been repeatedly told, “Yes, Virginia, there is a Santa Claus,” there has been no process validation for the Great Pumpkin. Linus faints when he thinks he sees the Great Pumpkin rising from his pumpkin patch; unfortunately, it is only Snoopy. In the compliance world, process validation comes through oversight. Two of the seven compliance elements in the 1992 US Sentencing Guidelines call for companies to monitor, audit, and respond quickly to misconduct allegations. The 2020 FCPA Resource Guide, 2nd edition, mandates ongoing monitoring to update and improve your compliance program continually. The Department of Justice’s 2020 Update to the Evaluation of Corporate Compliance Program made clear that monitoring your compliance program through reviewing data and looping it back into your system is the bare minimum for an effective compliance program.
Many companies fall short of effective monitoring. This can sometimes be attributed to the differences between monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance programs in real-time and reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region, or market sector during a particular timeframe to uncover and evaluate certain risks, mainly as seen in financial records. However, it would be best if you did not assume that because your company conducts audits, it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. While unique in protocol, the two parts are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance, if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to audit those operations to investigate the issue further.
Your company should establish a regular monitoring system to spot and address issues. To do effective monitoring, you need to use a consistent set of protocols, checks, and controls that are based on the risks your company faces to find and fix compliance issues regularly. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. Additionally, the global compliance committee should meet or communicate as often as every month to discuss issues as they arise. These ongoing efforts demonstrate your company is serious about compliance.
I hope that you have the chance to watch It’s the Great Pumpkin, Charlie Brown again this year (even if it’s criminally behind the Apple Paywall). I did. When you watch, think about the compliance implications. Will anyone ever set a ‘second set of eyes’ on the Great Pumpkin? If not, will it ever be validated? I hope that if you are trick-or-treating tonight, you will be safe and dry.
Doug Cornelius Responds:
Are you trying to say that the Great Pumpkin is not real?
Just wait ’til next year, Tom Fox. You’ll see!
Next year, at this same time, I’ll find a real sincere pumpkin patch! And I’ll sit in that pumpkin patch until the Great Pumpkin appears. He’ll rise out of that pumpkin patch, and he’ll fly through the air with his bag of toys.
The Great Pumpkin will appear! And I’ll be waiting for him!
I’ll be there! I’ll sit in that pumpkin patch… and see the Great Pumpkin. Just wait and see, Tom Fox. I’ll see that Great Pumpkin.
I’ll see the Great Pumpkin!
Just wait, Tom Fox.
