Corporate culture is finally being acknowledged as a key ingredient in a successful business, particularly one which operates ethically and in compliance. The Department of Justice (DOJ) formally recognized the need to assess corporate culture in the speech by Deputy Attorney General Lisa Monaco to the ABA White Collar Conference in October 2021. But what are some indicia of good culture and more importantly what are some indicia of a toxic culture? A recent article in the MIT Sloan Management Review provided some guidance. In Why Every Leader Needs to Worry About Toxic Culture, Donald Sull, Charles Sull, William Cipolli and Caio Brighenti posited that by pinpointing the elements of toxic culture in a company, its leaders focus on addressing the issues that lead employees to disengage and quit. These ideas have significant importance for the compliance function as it navigates corporate culture, both in assessing and improving it.
Moreover, the Chief Compliance Officer (CCO) and corporate compliance function were identified in the 2020 Update to the Evaluation of Corporate Compliance Programs as the keepers of institutional justice and institutional fairness. This mean recognizing and then preventing a toxic culture from spreading and infecting your entire organization is squarely in the compliance wheelhouse. The article lays out key red flags for every CCO and compliance professional to look for in assessing culture. Finally, for any company with a toxic culture, the chances are much greater to be defrauded by its own employees or to defraud others through bribery and corruption by violating such laws as the Foreign Corrupt Practices Act (FCPA).
The authors identify behaviors that they call “the Toxic Five attributes”, being “disrespectful, noninclusive, unethical, cutthroat, and abusive – poison corporate culture in the eyes of employees. While organizational culture can disappoint employees in many ways, these five elements have by far the largest negative impact on how employees rate their corporate culture and have contributed most to employee attrition throughout the Great Resignation.” As a CCO or compliance professional you need to be on the watch for them and take steps to remedy them if you see or hear about them.
Non-inclusive Behavior
This is about whether your employees are “treated fairly, made to feel welcome, and included in key decisions.” It is “the most powerful predictor of whether employees view their organization’s culture as toxic. It applies to all demographic groups; “gender, race, sexual identity and orientation, disability, and age.” It can be outright discrimination to the equally invidious but more subtle conflicts of interests of nepotism and playing favorites. The topic of non-inclusiveness includes “terms like “cliques,” “clubby,” or “in crowd” that indicate that some employees are being excluded without specifying why.”
Disrespectful Behavior
The authors found that “feeling disrespected at work has the largest negative impact on an employee’s overall rating of their corporate culture of any single topic.” Lack of respect can occur in many areas. The most obvious is the lack of a speak up culture where employees understand it is useless to raise issues to management; whether serious matters such as FCPA violations to more straight-forward ideas such as process improvement. It can also be something as simple as whether or not to return to the office on a fulltime basis and whether management listens to employees about their desires to continue working from home or utilize some type of hybrid working arrangement. The authors noted, “whether you analyze culture at the level of the individual employee or aggregate to the organization as a whole, respect toward employees rises to the top of the list of cultural elements that matter most.”
Ethical Behavior
The authors believe that ethics “is a fundamental aspect of culture that matters at both the organizational and individual levels.” Interestingly, there are several different aspects to ‘ethics’ that every CCO needs to consider. Unethical behavior is “about integrity and ethics within an organization.” It also includes dishonesty, which “employees described dishonest behavior in many ways”, from outright lying to making false promises to shading the truth to simply “sugarcoating.” Under regulatory compliance employees talked about failure to comply with applicable regulations, including failure around safety standards.
Cutthroat Behavior
I found this category fascinating as it included both uncooperative co-workers and the lack of harmonization across organizational silos. This was not simply “friction in coordination” but situations where “employees talked about colleagues actively undermining one another.” It included what the authors termed as a “vivid lexicon to describe their workplace, including “dog-eat-dog” and “Darwinian” and talked about coworkers who “throw one another under the bus,” “stab each other in the back,” or “sabotage one another.””
Abusive Behavior
Having worked in law firms long ago, I understand abusive behavior. The authors called it “sustained hostile behavior toward employees” including such actions as “bullying, yelling, or shouting at employees, belittling or demeaning subordinates, verbally abusing people, and condescending or talking down to employees.” While one would hope such behaviors do not exist in the 21st century, they apparently still do. 0.8% of the employees surveyed for the article described their manager as abusive, however, when employees did mention abusive managers, it significantly depressed a corporate culture.
What CCOs and compliance professionals should try to drive forward is a “culture that is inclusive, respectful, ethical, collaborative, and free from abuse by those in positions of power.” But the authors caution that these are really the “baseline elements of a healthy corporate culture.” Employees want more than the basics and other stakeholders in an organization want companies to have strong official core values. In an interview with LRN’s Susan Divers, she called it the ‘value in values’. From the compliance professional’s perspective in means values like integrity, collaboration, respectful, and DEI.
Author: admin
EU Freeze and Seize Task Force
New “Freeze and Seize’ Task Force set up by the European Commission against listed Russian and Belarussian oligarchs.
Compliance and ethics expert Kristy Grant-Hart joins us as she discusses the importance of the compliance function, how it plays into each aspect of ESG, and how CCOs are the most well-suited to take the first step in corporate ESG efforts.
Watch ▶️ Leading Compliance Efforts as CCOs with Kristy Grant-Hart:
Key points discussed in the episode:
✔️ Kristy Grant-Hart talks about the current situation at Spark Consulting, a book she co-authored, The Compliance Entrepreneurs Handbook, and its impact.
✔️ Compliance is a driver for reputation enhancement. People not only vote with their dollars but also their employee time.
✔️ Kristy Grant-Hart says the ability to gather people and put programs into a framework is what CCOs must have to lead ESG efforts. The 7 Elements of Effective Compliance Program can guide CCOs in creating an ESG program and its monitoring and implementation.
✔️ California becomes the first state to pass a gender-diversity-centered initiative. The social element of diversity goes deeper into the working conditions in the supply chain, sustainably-sourced products, and low carbon emissions.
✔️ With ESG, companies can be part of the solution. Bigger names shouldn’t receive the brunt of the blame as businesses of all sizes should be accountable.
✔️ With the UK Modern Slavery Act, ESG has been placed at the forefront, pressuring companies to disclose the truth in what transpires in their supply chains.
✔️ Having a strong law background, Kristy Grant-Hart and Thomas Fox exchange ideas on the significance of lawyers in ESG endeavors. Learning the new jargon and talking to experts can help ease the hesitation to delve into this playing field.
✔️ CCOs are encouraged to be the frontrunners in compliance as they hold the authority to create a significant impact on a corporate scale. The ability to be relevant is a great opportunity in compliance.
Kristy Grant-Hart is a compliance and data privacy thought leader specializing in transforming compliance departments into in-demand business assets. She’s been featured in the Wall Street Journal, Financial Times, Compliance Week, Compliance and Ethics Professional Magazine, and many others. She was named a Trust Across America 2019 Top Thought Leader in Trust.
She is the CEO of Spark Compliance Consulting, a London, Los Angeles, New York, and Chicago-based consultancy providing pragmatic, pro-business, proportionate compliance ethics solutions. She is the creator of Compliance Competitor, an facilitated online training game built on business simulation software.
She’s the author of the best-selling book, “How to Be a Wildly Effective Compliance Officer.”
LinkedIn: https://www.linkedin.com/in/kristygranthart/
—————————————————————————-
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Mac Bartine is the CEO of SmartRIA, a market-leading compliance software platform. Tom Fox welcomes him to this week’s show to talk about his company’s services and contributions to the compliance sector, what SmartRIA offers clients in terms of cybersecurity, and the future of technology solutions.
The Minimum Viable Product
The Minimum Viable Product (MVP) is the first part of the startup process for platforms. It is recognizing the problems within your platforms and also believing that you can solve them. Mac explains to Tom that the problem SmartRIA solution identified in terms of the MVP is the compliance obligations. So many individuals are not experienced in managing compliance in their given industries, and so need a source of structure that understands where they are. SmartRIA offers them that, as well as the tools and frameworks needed.
Vendor Due Diligence & Data Governance
Vendor due diligence and vendor management are key to managing cybersecurity risk. “You have to understand who you’re working with and what precautions they’re taking as a business to protect you from cyber risk,” Mac tells Tom. Having access to the proper documentation that reflects this is also important. SmartRIA has a plethora of different policies and procedures to protect clients’ data and takes the lists of vendors their clients have and itemizes each risk. Data governance falls under the same bracket as due diligence, that is, who has access to the vendors and what devices they use to access the data from those vendors.
SmartRIA as an SEC Solution
The solutions that you use for compliance obligations have to be done in a way that documents everything as it happens. “If it isn’t documented, it didn’t happen,” Mac says. Internal auditors aren’t in the position of giving the benefit of the doubt because they have no evidence of due diligence. SmartRIA has the tools to help its clients through this by way of PDF files, workflows, and documents.
To The Future
Tom asks Mac what the future will be like for technology solutions. Regulations in every industry are going to increase. “Across every industry, there is an increasing need for cybersecurity-related evidence, and tracking of what’s happening in that space,” Mac says. Data governance and vendor due diligence are big parts of that, but compliance management is going to also become more important.
Resources
Mac Bartine | LinkedIn | Twitter
SmartRIA
In today’s edition of Daily Compliance News:
- Disney employees apparently speak for company. (NYT)
- Corruption once again hamstringing Russian army. (Jerusalem Post)
- Trump more likely than not guilty of felony. (WSJ)
- Barclay’s in regulatory hot water again. (Reuters)
Oligarch Task Force
The Kitchen reviews the Department of Treasury, DOJ announcement of a multilateral Russian Elites, Proxies, and Oligarchs (REPO) task force.

Tom Fox is joined by Jed Yueh, founder and CEO of Delphix. They discuss his newest passion project with SustainableIT.org and their mission to advance global sustainability through technology and leadership.
The Work of SustainableIT.org
Many people believe that sustainability is somebody else’s problem to solve, but Jed makes it clear that we cannot keep thinking that way if we want to make a difference. At SustainableIT.org, they collaborate with esteemed technology leaders to drive sustainability forward across the world’s largest organizations.
The Link Between Technology and ESG
Jed tells Tom that companies must “take a hard look at how you govern technology programs so that they don’t have adverse impacts on society and the environment.” Most companies view ESG as something in-demand, and so they independently chart the course they will take on ESG initiatives. At SustainableIT.org, they create and identify the best programs that can actually digitize the way a business functions while decreasing its carbon footprint.
Making an Impact
Facilitating change is not about one technology company being pro-environment. Jed names a number of SustainableIT.org’s board members, explaining how many of these great technologists work for some of the world’s biggest companies. “That’s how we can have the biggest impact,” he says.
RESOURCES
Tom Fox’s email
Jedidiah Yueh | LinkedIn | Twitter | SustainableIT.org
In this episode of the FCPA Compliance Report, I am joined Susan Divers, Director of Thought Leadership at LRN. We discuss recently released LRN Ethics & Compliance Program Effectiveness Report. Highlights in include:
- What is the LRN Ethics & Compliance Program Effectiveness Report?
- What does it measure?
- How is it generated?
- Why is culture so critical?
- What are the values in values?
- What is LRN’s High Performance Premium?
- What are the roles of managers and leaders?
- What are the keys to effective training?
- What will the new normal for compliance programs look like going forward?
- The issue of culture and values down the road into 2025 and beyond.
Resources
Susan Divers
LRN Ethics & Compliance Program Effectiveness Report
In today’s edition of Daily Compliance News:
- H-GAG says it can’t enforce its own COI rules. (Houston Chronicle)
- London insurance firms caught up in bribery probe. (Bloomberg)
- Do you trust Google AI to review your medical records? (WSJ)
- Another 3M loss in military ear plugs litigation. (Reuters)
Will Roger Ng Walk?
One of the most interesting Foreign Corrupt Practices Act (FCPA) criminal trials in sometime is ongoing in New York, that of Roger Ng. The lead up to the trial and in trial reporting efforts have been led by Law360and its lead reporter Stewart Bishop and most of information in this post comes from that site. Unfortunately, it is behind a paywall so if you want to follow it going forward you will have to subscribe. According to Bishop, Ng was charged with conspiring to violate the FCPA and money laundering conspiracy along with his employer Goldman Sachs Group, Inc., its former Southeast Asia chairman Tim Leissner and financier Jho Low. The charges were bribery of “Malaysian and Emirati officials and to circumvent the internal accounting controls of Goldman, which underwrote more than $6 billion in bonds issued by 1MDB in three offerings in 2012 and 2013. Leissner pled guilty over his role in the alleged scheme, while Low has remained abroad, out of reach of U.S. authorities for now.”
The prosecution’s case turns almost exclusively on the testimony of Leissner, one of the most pathological liars ever to grace the witness stand. Indeed, Matthew Goldstein, writing in the New York Times, reported this question by Ng’s defense counsel to Leissner, “Do you think you are good at lying?” Leissner demurred on this question but did admit he had “lied a lot”. Goldstein cited to Rebecca Roiphe, a former prosecutor and a professor at New York Law School who specializes in legal ethics, who related “it could be tricky to rely on such a witness, but “it isn’t a fatal blow.”” She said a prosecutor can argue that a witness is “a horrible person” and “a serial liar” who has had “a come-to-Jesus moment. That can work when you have really bad people who have lied a lot,” she said.””
What do Leissner’s admitted lies consist of? Leissner admitted under cross-examination that he had presented “a bogus divorce decree to his now-estranged wife, the model and fashion designer Kimora Lee Simmons, so that she would marry him eight years ago.” Defense counsel also got Leissner to “recount the many ways he deceived his wives, particularly Ms. Simmons. Mr. Leissner admitted that he had used an email account in the name of his second wife, Judy Chan, to communicate with Ms. Simmons while dating her, and that he was still married to Ms. Chan when he and Ms. Simmons were wed. (Mr. Leissner was also legally married to another woman when he married Ms. Chan.)” Leissner also admitted that some $10MM of his ill-gotten gain from 1MDB was used to “buy a $10 million house for one of his girlfriends (while married) so she would not go to the authorities.”
Of course, Leissner now maintains he is “telling the truth about Mr. Ng, who prosecutors say helped line the pockets of officials in Abu Dhabi and powerful Malaysians close to then Prime Minister Najib Razak.” Leissner testified “Mr. Ng was his primary contact at Goldman, which earned roughly $600 million in fees to arrange the $6.5 billion in bond deals for the fund. “Roger made him one of his clients,” Mr. Leissner said. He testified that Mr. Ng had set up many of the meetings to plan the scheme, including one at Mr. Low’s London apartment during which Mr. Low drew boxes on a piece of paper with the names of all the officials that would get bribes and gifts. For helping arrange the payments, Mr. Leissner said, he raked in more than $80 million. Prosecutors contend that Mr. Ng’s share was $35 million.” Leissner tried to paint Ng as someone very close to Low, even placing Ng “at a star-studded 31st birthday party that Mr. Low arranged for himself in Las Vegas in 2012, although Mr. Ng was not on the guest list.”
But here’s problem No. 1 with this testimony, Ng always worked for and under Leissner during the 1MDB scandal and not the other way round. Leissner admitted under cross that “he — not Mr. Ng — oversaw the payment of most of the bribe money.” As Roiphe later told Goldman, “In a case like this, you hope to avoid a situation where you have a cooperator testifying against someone who is a subordinate.”
Then there is problem No. 2 for the prosecution, which is the government’s claim that Ng received some $35 million in ill-gotten gains from the 1MDB scandal. Ng’s lawyers have responded that any money Ng received, was repayment of a debt one of Leissner’s wives owed Ng’s wife. The prosecution has to show Ng received this money.
As further reported by Bishop, the prosecution concluded its direct case with “An FBI agent on Tuesday outlined how kickbacks allegedly flowed from Malaysian sovereign wealth fund 1MDB to former Goldman Sachs managing director Roger Ng and others.” Bishop wrote the monies allegedly from Chan Leissner’s account, “to another shell company in the name of Ng’s mother-in-law, initially called Silken Waters but later changed to Victoria Square.” Then came another web of shell company transfers into entities controlled by some combination of Ng, his wife, Lim Hwee Bin, and Lim’s mother. Around $300,000 was spent on diamond jewelry, another $20,000 for an hourglass and over $200,000 for the purchase of Bristol Myers Squibb shares, according to the government.” Finally, there was another $3.15 million which went into yet another “account the government couldn’t identify.” Nothing in this adds up to $35 million.
Got all that. Does that money transfer convince you that Ng was the mastermind that Leissner and the government is trying to make him out to be? By putting one of the great liars of all time on the stand as their key witness with only this as the ‘documented’ evidence, the government is risking everything on Leissner’s testimony; that it will be believable and credible and will not taint the government’s case in one juror’s eyes so the government can garner a guilty verdict. Remember, it doesn’t take 12 to acquit, only one.
There is lots of other unbelievable things going on in the Ng trial, but I will save them for another day.