Categories
The Compliance Life

Scott Garland – Lessons Learned in Ethics and Going Forward

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, I am joined by Scott Garland, Managing Director at AMI. Scott came to AMI from the DOJ, where he held the role of Professional Responsibility Officer. As he described, it was akin to a CCO role for the US Attorney’s Office for Massachusetts.

Some of the key lessons Garland learned in the role of Professional Responsibility Officer, which apply to the skill set needed to be a CCO, include; (1) Always do the right thing, but it is not always obvious what that is; (2) the issue you are presented might not be the real issue, or the sole real issue, (3) being calm and nonjudgmental helps people open up, (4) try and balance analysis with action, pragmatism with principles, using tenets of risk management, (5) craft advice that is simple, clear, and unambiguous. (6)Do not just say what not to do; also say what to do and when to come back for more help, (7)  admit mistakes as soon as possible, and (8) good people make mistakes. Most people will forgive a mistake if done unintentionally; you are forthright about it and try to fix it.

Garland recently joined Affiliated Monitors, Inc. as Managing Director – Sanctions, Cyber, Fraud, and Ethics Compliance & Monitoring. One of the reasons he did so was to help companies strengthen their compliance operations in these areas in a couple of areas. The first is before the government comes knocking by proactively assessing a company’s compliance operations and ethical culture and recommending improvements. The second is after the government knocks, acting as an independent monitor of the company’s compliance with a plea agreement, settlement agreement, consent decree, court or administrative order; emphasize not playing gotcha or playing the blame game, but rather with helping the company improve through lasting change.

Resources

Scott Garland’s Profile on AMI

Categories
Blog

To Increase Resilience in Compliance, Engage More

If there is one thing I have learned in working with Carsten Tams, Ethical Business Architect and founder and Chief Executive Officer (CEO) of Emagence LLC, it is that one of the very top keys for a successful compliance program is employee engagement. Tams and I explored this topic in the popular podcast series, Design Thinking in Compliance. It also appears that engagement can lead to great business resiliency based upon a 2021 article in the MIT Sloan Management Review, entitled The Top 10 Findings on Resilience and Engagement, by Marcus Buckingham. After Covid 19 and the Russian invasion has changed business forever which has made business resiliency a key trait for any business, corporate function and most especially a Chief Compliance Officer (CCO) or compliance professional. That last arena is where engagement is so critical.

The author defined resilience as “the capacity of an individual to withstand, bounce back from, and work through challenging circumstances or events.” But it is also a “reactive capacity, describing how people will respond when challenges arise.” Conversely, engagement was seen as proactive state of mind. The authors defined the criteria by making such inquiries “as how clear their expectations were, whether they got to use their strengths every day, whether they felt they would be recognized for doing excellent work, and whether someone at work was encouraging them to grow.” Yet the most interesting part is the dichotomy between reactive and proactive. It is a bit like the difference in prevention and detection in a compliance program; clearly the former is preferred to stop illegal or unethical conduct so you do not have to detect it.

Not surprisingly, trust is the number 1 factor in both engagement and resilience. Astoundingly the author found “employees who said they completely trust their team leader were 14 times more likely to be fully engaged.” Moreover, those employees who completely trusted their colleagues, team leader, and senior leaders, “were 42 times more likely to be highly resilient.” The reason should seem obvious as it is certainly “easier to engage in our best work when we don’t have to expend mental resources looking over our shoulders or protecting ourselves against dysfunctional workplace practices that erode trust, like bullying or micromanaging. When it comes to building engagement and resilience, trust is everything.” [emphasis added throughout]

Teamwork is also a key factor. Although this is not something I have experienced over the past 12 years of working alone, the author found, “Those who said they are on a team were 2.6 times more likely to be fully engaged and 2.7 times more likely to be highly resilient than those who didn’t identify as team members. For millennia, humans have experienced psychological well-being only when they feel connected to and supported by a small group of people around them.” When the pandemic hit, working from home (WFH) was not new to me as I had been doing it since 2010 but even in the WFH or Hybrid Work era, most employees need to feel like they are a part of a team.

However, being or even feeling like you are a part of a team is a state of mind, not a state of place. I always feel like I am engaged with my blog posts and article readers, my podcast listeners and the greater compliance community. Based on that experience, I certainly agree with the author’s statement that “engagement and resilience are about who you work with, not where you’re working.” Moreover, he noted, “virtual workers are both more engaged and more resilient than those who are physically in an office or shared workspace… In 2020, well into the pandemic, 20% of virtual workers were fully engaged and 18% were highly resilient — a stark contrast to the 11% of fully engaged and 9% of highly resilient office-based workers during the same period. How the work is done and with whom people work are both important, but organizations can stop worrying about whether virtual work is detrimental to teamwork.” But even more than teamwork, it is about having relationships with your co-workers. The author stated, “Relationships boost resilience. Women are not more resilient than men, or vice versa… This data strongly suggests that it is much harder to summon and sustain one’s resilience when going through life alone.”

I can certainly attest that the unknown is more terrifying than change. The author found that employees “who reported five or more changes at work were 13 times more likely to be highly resilient. This suggests that we humans fear the unknown more than we fear change. Company leaders shouldn’t rush employees back to normalcy when so much of the danger inherent in this current “normalcy” remains unknown and unknowable. Instead, leaders should tell their teams specifically what changes they are making to their work and why to increase their overall level of resilience.”

These findings suggest that every CCO and compliance professional must work to lessen or even dissolve the disconnect between senior leadership and front-line workers. It is your front-line business folks who will make or break your compliance program. Getting your senior management more engaged will begin to create and establish the trust that your employees will need to show resilience in the face of the next major business location, whether it is a pandemic or military invasion. Giving employees needed clarity and specificity from leaders, not sugarcoated enthusiasm, will help drive this trust. The author ended by taking this concept a step further by stating, “Leaders need to see their employees not as “labor” but as the messy, complex, emotional beings they are — dealing with real-world human challenges, just like they are. The more that leaders can infuse these findings in their organizations’ policies and practices, the more likely we will all be to flourish, both during these difficult times and beyond.”

Categories
Blog

The CCO and Board Refreshment

Boards of Directors are coming under increased legal and regulatory scrutiny. Courts in Delaware, from the Delaware Court of Chancery to the Delaware Supreme Court, have continued to refine and expand the Caremark Doctrine. Boards are on notice they must actively engage in compliance and risk management oversight. One of the continuing challenges for boards in this era of increasing responsibility is getting the right persons on boards. I was therefore interested in a recent MIT Sloan Management Review article, entitled Meet the New Board — Same as the Old Board, where authors Cynthia E. Clark and Jill A. Brown posit that many companies are just going through the motions of recruiting more diverse board members. Moreover, they advocate the time is now to get serious about board refreshment.

In addition to these new legal requirements, other stakeholders are pushing for public companies to refresh their boards to achieve greater diversity. Shareholders have been leading the way at least a dozen public company boards since mid-2020, “accusing them of failing to broaden out with greater diversity.” Institutional investors and investment managers such as BlackRock, Inc. have voted “against more than 1,800 directors at close to 1,000 companies for insufficient action to increase board diversity.” The proxy advisory firm Institutional Shareholder Services Inc. “now recommends withholding votes from, or voting against, directors with nominating or governance roles on boards that don’t have at least one non-White director and at least one woman.” Finally, the Nasdaq Exchange, with the approval of the Securities and Exchange Commission (SEC), “will soon require listed companies to have at least two demographically diverse directors (or explain why they don’t).”

Yet board refreshment and diversity is not simply something driven by regulators or changes in the law. The authors believe, “diverse boards representing a broader range of experience may be better able to quickly navigate volatile business environments and unexpected disruptions, such as a global pandemic.” They cite to “recent data from BoardReady, a nonprofit group that promotes corporate diversity, found a positive correlation between the diversity of S&P 500 boards and revenue growth during the pandemic.” So, if the law, regulators, stakeholders and the market all believe in board refreshment, why is not this effort moving forward with greater speed and urgency?

The authors found two key reasons why many companies still struggle to appoint directors who are women, people of color, or members of other underrepresented groups. (1) They found “that corporations go through the motions of refreshment but ultimately accomplish little, replacing an outgoing director with someone similar rather than with a person who has a different professional background, identity, or perspective.” (2) Perhaps not too surprisingly, they also “found that the independence of the board’s nominating committee is often compromised by substantial CEO influence over the process, perpetuating a tendency to select directors who reflect the opinions, and often the identity, of senior management.” When these factors converge, board independence and effectiveness in overseeing management of the company is compromised, which can negatively impact corporate performance.

The authors developed four actions which they believe can allow a company to turn around these areas in board refreshment. How can boards avoid these pitfalls and achieve meaningful refreshment? Leaders who want to change the culture of the board should take the following actions.

Diversity of identity and thought

Obviously, there are certain easily verifiable and achievable standard boards can articulate around diversity, including gender, race, and other such attributes. They can then evaluate nominees against that definition and for diversity of through as well. As the Compliance Evangelist, it would surprise you that I believe more former Chief Compliance Officers (CCOs) and compliance professionals should be nominated to boards. The same is true in other areas of risk management, cyber, export controls and trade sanction and even supply chain. The authors state, “Boards should also encourage nominees to talk about what type of diversity they believe they would bring to the board.” Documenting these actions will serve companies well, as multiple stakeholders are increasingly demanding public disclosure of this documented  information.

Refresh frequently

It is clear that a long-standing board is not the best system to have in place as members gradually lose effectiveness and long “tenures tend to compromise the true nature of director independence.” This leads the authors to suggest boards “set earlier mandatory retirements and shorter term limits.” Some investors oppose the re-election of directors who have served on a board for more than nine years, while others may limit service to seven years. Interestingly, the authors note, “in industries where business models and operational contexts change fast, tenures might need to be even shorter.” Rotation of members and a staggered hiring tenure can also be used.

Limit CEO involvement

Given the negative impact of a Chief Executive Officer (CEO) in the process of selection, it is not too surprising the authors posit “the CEO should not have a vote in the hiring decision, implied or otherwise.” To enhance this position, they also write, “We think boards could normalize the use of executive sessions and reduce any stigma associated with them by holding them more frequently, including when evaluating director candidates.” They noted the “New York Stock Exchange (NYSE) requires executive sessions once a year and Nasdaq at least twice a year, although neither specifies that the sessions be used in the nominee search and hiring process.”

Changing culture

Every CCO and compliance professional who has dealt with a board understands refreshment and corporate culture are tied together. The very act of refreshing an old, stagnant board with new people and ideas changes the culture of a board. That change permeates down into an organization. It is almost axiomatic that “A group of directors with similar experiences, opinions, skills, and identities will naturally tend toward consensus much too often.”

A CCO should work to get directors “to think about and freely discuss the existing board culture, including their own behavior and whether it needs to change.” You could also encourage a board to hire “a consultant to help diagnose and possibly change your board culture.” Finally, work to  “Encourage board members to voice their opinions, especially when they challenge the consensus.” As with most things in life, if you do what you did, you get what you got. The same is true for boards. If you replace one old white guy who was an executive in your industry with another old white guy who also is from the same industry, you have not refreshed your board member, you have simply replaced one for another. In this time of near constant change, boards need to be able to respond quickly and nimbly. That is going to take new blood into your Board of Directors.

And do not forget the ‘G’ in ESG.

Categories
Blog

Woodstock and Redesigning Work

On this date in 1969, one of the all-time events in music history, the Woodstock Music & Art Fair, drew to a close after three days of peace, love and rock ‘n’ roll in upstate New York. According to This Day in History, the promoters sold “about 186,000 tickets and expected no more than 200,000 people to show up. Close to half a million people attended Woodstock, jamming the roads around Bethel with eight miles of traffic.” Woodstock certainly brought a new way of thinking about such events. I thought it was a good way to introduce today’s topic of thinking through a different way to redesign your compliance program based on an article in MIT Sloan Management, entitled The Four-Step Process for Redesigning Work by Lynda Gratton. Gratton believes that a “fear of failure weighs heavily on many leaders tasked with managing new workplace expectations. Seeing the challenge as a process is the way forward.” Her piece provides a great way to think about the decision on hybrid or other models of working going forward.

Moreover, this fear is disrupting other areas which demand corporate attention right now and  “has left leaders hypersensitive to issues of retention and unsure what accommodations, if any, will attract and keep talent. They are also apprehensive about what their competitors are doing. This has a ripple effect: Because of the fear of failure, I’ve seen leaders begin to stumble on issues of inclusion, belonging, and identity. Rather than being bold and adopting an experimental mindset, they are falling back to familiar ways of operating and becoming less empathic to what others want. When we fear failure, we retreat to the known.” I would only add the same is true for the corporate compliance function.

Gratton believes all of this means “the way organizations work is in need of a structural overhaul, and that the task of moving forward needs to be worked out by more people than just an organization’s top leadership. Leaders who have confronted their fears and set about this task of overhaul have done it by moving through four crucial steps: understanding people, networks, and jobs; reimagining how work gets done; modeling and testing redesign ideas against core principles; and ensuring the overhaul sticks by taking action widely.” I have adapted her work for the compliance professional.

Understand What Matters

Probably the top fear or concern is the decision to work from home or require workers to return to the office. But the key is “to understand with precision what matters: for example, where and how productive work takes place, what people want, and how knowledge flows.” For instance, being in the office can allow more productivity in crucial tasks particularly around individual thinking, analyzing, and writing. It turned out that for these people, being out of a busy office during lockdown was a plus.

But that is not the only equation as “work, people, and knowledge flow differ across companies.” As Gratton noted from one study participant, “Bringing ideas from across all our disciplines is crucial for us. In the office, we have engineers, designers, planners, technical specialists, and consultants. We want them to talk to each other and bounce ideas off each other.” This leadership clarity allows that “an office-based way of working would maximize highly valued cooperative behavior.”

Reimagine new ways of operating

Understanding the focus of your compliance team can be a key driver of productivity but it can also lessen “fears about pushing for an office-based way of working and enabled them to be imaginative and bold.” For instance, you might try to create opportunities for some employees to work anywhere for three months. Once again this might not work for all companies but if your compliance tasks can lend themselves to this approach it could be useful for you to consider it going forward.

The author reported, “Unilever reimagined the employee contract — the set of promises that employers make to their people.” To that end, “the conglomerate reimagined how to enable employees to work for Unilever while also engaging in other activities such as starting a business, traveling, or caring for a family member. In this model, called U-Work, some employees receive a monthly retainer and earn assignment pay. Importantly, they also get pension support and access to health insurance.” This allows flexibility “between being a full-time employee and being a contractor or agency worker from a third-party organization.”

Model and test new ways of working

Obviously, any model work should be aligned to the company’s purpose or business strategy. Unfortunately for many top-down run businesses, that means treating your employees like children. But if you succeeded during the pandemic (and you had to) you should be able to determine a hybrid way of working that could have a longer-term play.

For compliance that might mean a fuller determination of what being “customer-centric means and how hybrid work would have to align to changing customer needs.” Of course, for a compliance professional, your customer could be a variety of stakeholders such as employees, Supply Chain vendors or other third parties. The author’s overall point is to “be bold and courageous in your attend… in the spirit of being experimental.”

Act and create

A clear concern is that new models of work may end up becoming fads that are never really embedded into the culture of the company or will be discarded at the first sign of a recession or cost cutting. While senior leadership is critical in supporting such initiatives, Gratton identified four ways to deepen engagement and support throughout an organization for such a change.

  1. Managers must be engaged. A series of workshops with them helped create a managerial playbook.
  2. Communication to describe how these new work models would positively impact talent attraction and retention while supporting the strategic aim of the business.
  3. Managers should have open and active communications channels with their teams to make agreements on details such as when employees would work together in the office and when they would engage in focused work at home.
  4. Managers should support each other through peer networks to support and learn from each other.

Gratton ended her piece by challenging leaders to ask themselves three questions: “Where are you now on the journey of redesigning work? Are there steps you need to reengage with in a more purposeful manner? And are you clear about what your biggest priorities are? The actions you take now will create your signature model of work and define the deal that you are making with your employees and your customers.” The same is even more so for a Chief Compliance Officer (CCO) and corporate compliance function.

Categories
Hidden Traffic Podcast

Developments in Human Trafficking and Forced Labor Prevention

 

In this solo episode of the Hidden Traffic Podcast, host Gwen Hassan discusses recent developments in human trafficking and forced labor prevention. She shares with listeners a snapshot of where Hidden Traffic is headed over the next few months as 2022 draws to a close.

 

 

There has been a flurry of activity around the Uyghur Forced Labor Prevention Act, Gwen claims. It has been driving broader conversations among companies about their supply chains, serving as an impetus to examine where they source their products from and if they have been enabling entities that violate human rights. Even companies that are truly domestic have now started full-scale risk assessment processes for forced labor risk within their supply chain.

 

It really has stemmed from UFLPA work, because many of them are concerned they may have private label goods that are manufactured for them under a contract manufacturing arrangement overseas. They’ve become aware of the fact that they may be caught up in a forced labor situation, even if it’s not their own labor or their own manufacturing.

 

Resources

Gwen Hassan on LinkedIn

 

Categories
The Corruption Files

The Sophisticated Conduct of Och-Ziff’s African Bribery with Tom Fox and Michael DeBernardis

In 2016, the DOJ and SEC served enforcement action against Och-Ziff Capital Management Group for inappropriate business practices in Africa. It seemed like only yesterday when this successful hedge fund was incriminated in a complex scheme of bribing government officials to maintain and get new business. The settlement was $412 million (and even more for restitution for the victims), making it one of the biggest payments for violating the Foreign Corrupt Practices Act (FCPA).

▶️ The Sophisticated Conduct of Och-Ziff’s African Bribery with Tom Fox and Michael DeBernardis

Key points discussed in the episode:

✔️ A crisis can breed opportunities for corruption. Even as its red flags became increasingly apparent, the option remained for the Och-Ziff to stop its bribery and illegal action before and even after its activities were discovered.

✔️ Compliance professionals need to have their eyes extra peeled, not simply to vet due-diligence partners but to look deeply into the ongoing business relationships with joint-venture partners. Och-Ziff Subsidiary was involved in corruption issues tied to its mining projects in the Democratic Republic of Congo. What was blatantly amiss was the review and audit necessary to view the joint venture from the compliance perspective.

✔️ Find a joint-venture partner that approaches compliance the same way you do. In handling joint ventures, there is a need for ongoing due diligence — and ongoing management of the relationship beyond due diligence. In the lifecycle of a third-party agent, work starts when the contract is signed, and the joint venture is formed.

✔️ There are various means for auditing available that don’t include turning the place upside down. Here are some good ways to keep an eye on an entity like a joint venture:

-Do spot checks on certain transactions
-Do sampling from a distance
-Make the audit by interviewing the employees to ensure they understand and follow the compliance requirements.

✔️ Remember, it becomes more complicated when you are not in control. Regarding building contractual protections and having strict control, ensure that you find a joint-venture partner that approaches compliance the same way you do.

✔️ Companies have always had audit rights but haven’t exercised those rights. It’s almost a requirement when making high-risk transactions to not only build in the audit rights but also exercise them. Ask the right questions and gauge whether the third party has been honest in the due diligence process.

Many companies get scared off by the idea of the disruption and invasion involved, but that’s what takes away the potential problems and the unnecessary bouts with the SEC and the Department of Justice (which is responsible for enforcing the FCPA).

—————————————————————————-

Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance-Shout Outs and Rants from Episode 103

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Jonathan Armstrong, and Matt Kelly.

1. Jay Rosen rants about ESPN stupidly lost the rights to broadcast Big 10 football.

2. Matt Kelly has a dual shout-out and rant. He shouts out to the campaign being run by John Fetterman for Senate in Pennsylvania and rants about the GOP for seeking the unredacted affidavit which supports the warrant to search Mar-a-Lago.

3. Jonathan Marks also has a dual shout-out and rant. He shouts out to USC student Jake Freeman for making $110MM on Bed Bath and Beyond stock and rants about the continued failure to make the departure of a CAE or CCO an 8K event.

4. Tom Fox has a cautionary tale (with a tip of the hat to fellow podcaster Tim Harford) about the importance of good corporate governance in the saga of Blue Bell Ice Cream.

5. Jonathan Armstrong shouts out to cookie claimants who don’t take the summer off.

The members of Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Innovation in Compliance

Assessing Corporate Culture with Ty Francis

 

Ty Francis is a renowned compliance leader and the Chief Advisory Officer at LRN; he leads the company’s worldwide ethics and compliance consulting, ESG, and community outreach strategy. Tom Fox welcomes him to this week’s episode of Innovation In Compliance to discuss LRN’s new report, Assessing Corporate Culture

 

 

The Genesis of the Assessing Corporate Culture Report

Tom asks Ty about the genesis of the LRN report. This is the second report LRN produced; the first one was about activating culture and ethics in the boardroom. Their previous research led the team at LRN to realize that most corporate boards did not understand the culture. Ty says, “Over the last 10 years, culture is so high on those lists, but when you look further into the survey and ask them what they’ve done to measure this culture, it’s nonexistent.” Therefore, LRN sought to discover the general opinion on culture and ethics compliance and provide a roadmap on how to activate these skills within a company. 

 

Roadmap for Building Corporate Culture

Tom highlights how the report can be used as a roadmap to building culture. Ty says that building corporate culture starts with defining ethical culture. Ethical culture is the codification of what an organization stands for and the systems that support those beliefs; the core architecture should be reinforced by leadership in how they model desired behavior. The second step in building culture is getting to know the most valuable members within your company, in each department. Culture is extremely important for building relationships within a company and allowing people to hear opinions from all sides. 

 

The Relationship Between ESG and Corporate Culture

The culture within a corporate setting has always been an ESG issue. The governance aspect of ESG is directly related to culture as it is something that companies should have been implementing for years. Ty remarks, “It shows the company’s values across the board and I think when you have a mismatch of what the company says it’s doing and what they are really doing, that can fragment any ability for a company to demonstrate that it is really a forward-thinking, future-expanding company.” The governance is to be upheld by the board, stewards, stakeholders, and managers. He lists five key considerations for boards: 

  • prioritizing culture on the board agenda, 
  • challenging the board’s culture, 
  • mentoring and monitoring, 
  • articulating the desired culture, and 
  • establishing clear communication.

 

Looking Ahead

Acknowledging the new legal and regulatory requirements, public pressure, and the evolution of thinking surrounding corporate culture, Tom asks Ty if he believes that boards will maintain the corporate culture into 2025 and beyond. Ty believes these pressures will force boards to manage and maintain the corporate culture. 

Resources

Ty Francis | LinkedIn | Twitter

LRN | LRN Report – Assessing Corporate Culture

 

Categories
Daily Compliance News

August 23, 2022 the Royal Pardon Edition

In today’s edition of Daily Compliance News: