In today’s edition of Daily Compliance News:
Mike Volkov, in a blog post entitled “Mood in the Middle Versus Tone at the Top”, said, “Even when a company does all the right things at the senior management level, the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that exist throughout the company.” To fully operationalize your compliance program, you must articulate the message of ethical values and doing business in compliance and then drive that message from the top down, throughout your organization.
The 2020 Update made clear a company must have more than simply good ‘Tone-at-the-Top’; it must move down through the organization from senior management to middle management and into its lower ranks. It stated, “Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.”
By engaging employees at this level, you can find out not only what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. Employees want to do business in an ethical manner. Giving employees the chance to engage in business the right way, as opposed to cheating, will win their hearts and minds almost all the time. By using this protocol, you can not only find out the effect of your compliance program on the employees at the bottom, but you can affect them as well.
Employees often look to their direct supervisor to determine what the tone of an organization is and will be going forward. Many employees of large, multi-national organizations may never have direct contact with the CEO or even senior management. By moving the values of compliance through an organization into the middle, you will be in a much better position to inculcate these values and operationalizing compliance with them.
Three key takeaways:
- Tone at the top – direct supervisors become the most important influence on people in the company
- Give your middle managers a Tool Kit around compliance so they can fully operationalize compliance
- Organizational justice is an additional way to help operationalize compliance
Welcome to this special podcast series, Integrity Matters: Exploring the NDAA, sponsored by K2 Integrity. This week I visit with Chip Poncy, Global Co-Head Financial Crimes Risk Management practice and member of K2 Integrity’s Board, and Gail Fuller, Managing Director at K2 Integrity. Over the week, we will break down the changes to the Bank Secrecy Act (BSA) and changes in enforcement authority to Financial Crimes Enforcement Network (FinCEN) which recently passed a National Defense Authorization Act (NDAA). Topics include breaking down the big picture, company formation reform, new opportunities under this new law, coming change to corporate governance under the NDAA and the long view of the new law. In Part 1, I am joined by Chip Poncy who breaks down the big picture of changes under the NDAA.
Join us tomorrow as we examine the changes in company formation.
For more information go to the K2 Integrity website.
For more information on the Dedicated Online Financial Integrity Network (DOLFIN) click here.
Categories
Episode 045–Bill McCormick
Gio welcomes Bill McCormick, Deputy General Counsel, and Problem Preventer, to discuss governance, influence, and staying human in the remote work environment.
In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for October 2020.
Some of the highlights include:
- A record setting year in FCPA enforcement.
- Beam Suntory-how did things go so sideways from SEC enforcement to DOJ enforcement.
- Transparency International Report on International anti-corruption enforcement.
- The continued debate over DOJ interpretation of agency theories. Do the 2 amici sited in the newsletter present any new arguments?
- China considering changes to anti-corruption laws. What does this mean for Western companies and does it pose an increased risk?
Resources
To a copy of the Top 10 International Anti-Corruption Developments for October 2020 Newsletter click here.
In today’s edition of Daily Compliance News:
- New AML law will apply banking rules to antiquities market. (NYT)
- What will CFOs be looking at in 2021? (WSJ)
- What to expect in the 2021 workplace? (WaPo)
- What is hyperconverged analytics? (AnalyticsInsight)
In today’s edition of Sunday Book Review:
- Powershift: Transform Any Situation, Close Any Deal, and Achieve Any Outcome by Damon John
- Mentor to Millions: Secrets of Success in Business, Relationships, and Beyond by Kevin Harrington and Mark Timm
- Lives of the Stoics: The Art of Living from Zeno to Marcus Aurelius by Ryan Holiday and Steven Handelman
- Who Not How: The Formula to Achieve Bigger Goals Through Accelerating Teamwork by Dan Sullivan and Dr. Benjamin Hardy
Obviously, in every compliance program, the ethical tone of a company and accountability all starts at the top and, most specifically, senior management. The 2020 Guidance stated, “Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.” This requirement is more than simply the ubiquitous “tone-at-the-top,” as it focuses on the conduct of senior management. The DOJ wants to see a company’s senior leadership actually doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values and finally, how is such conduct monitored in an organization?
Senior management must share these same values through operationalizing compliance going forward. Lynn Paine, in her seminal article “Managing for Organizational Integrity”, laid out five factors, which can be used as guideposts to not only to set the right tone from senior management on doing business ethically and in compliance, it can lay the groundwork for senior management to model appropriate behavior and then have it monitored by the company going forward.
- The guiding values of a company must make sense and be clearly communicated by senior management in a variety of settings, to the entire company workforce.
- The company’s leader must be personally committed and willing to take action on the values. This means that management must not simply ‘overlook’ the transgressions of top producers.
- A company’s systems and structures must support its guiding principles and these internal systems and structures cannot be over-ridden by senior management without both justification and Board approval.
- A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions. Sometimes a company must turn down business if there are too many red flags present or by engaging in such behavior the company’s value and ethics will be violated.
- Managers must be empowered to make ethically sound decisions on a day-to-day basis. This means senior management must fully support and back-up such decisions.
I once had a Chief Executive Officer (CEO), observe the following, “You want me to be the ambassador for compliance.” I immediately said yes, that is exactly what I need you to do. A CEO, as an “Ambassador of Compliance”, can fully model the conduct that senior management engage in going forward. Another area a CEO can forcefully engage an entire company is through a powerful video message about doing business the right way and in compliance. A great example was a CenterPoint Energy video put out in 2015 after the Volkswagen (VW) emissions-testing scandal became public. The video featured Scott Prochazka, CenterPoint Energy President and CEO. He used the VW scandal to proactively address culture and values at the company and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with an additional resource, entitled “Manager’s Toolkit – What does Integrity mean to you?”, which managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, the cost for the video was quite reasonable as it was produced internally.
Three key takeaways:
- Senior management must actually do compliance; walk-the-walk, not simply talk-the-talk.
- Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.
- CEO as Compliance Ambassador.
I want to next focus specifically on the tactical steps of moving towards both continuous monitoring and continuous improvement of your compliance program. These twin concepts are perhaps the biggest modifications in the 2020 Update. The changes began in Section 1- Risk Assessments. The question-by-question analysis begins with “Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions?” Do you have access to continuous and real time transactional data at your organization? How about across silos within your organization. Most likely the answer to both is “no”. This means you no longer have a best practices compliance program at this point in time. How can you garner such information?
While there is only one question in the Lessons Learned section, it is a compound question. It not only inquiries about data you may have obtained through your own work but also from other company’s in your industry operating in the same geo-region. Without commenting on the potential anti-trust aspects of this issue, if there is public source information available to you (and there always is), how are you using this information in your compliance regime. But this can be simply having your fully operationalized employee base keeping their eyes and ears open at trade show or any other gatherings of industry employee.
The next area for continuous monitoring and continuous improvement was in an area of compliance which is not normally associated with those concepts, Policies and Procedures. The final area in the 2020 Update for consideration is appropriate called Continuous Improvement, Periodic Testing and Review and is found in the subsection monikered Evolving Updates. It reads:
How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?
Similar to the language under Risk Assessment, this compound question considers the adaptation of a compliance program from your own lessons learned but also from other companies. The distinction now is that phrase is “other companies facing similar risks”? Think about how this language would apply to any company operating in China, West Africa or any other high-risk region in the globe. I would interpret this to mean every Chief Compliance Officer (CCO) and compliance practitioner needs to stay abreast of international anti-corruption enforcement actions where your company may be doing business.
Three key takeaways:
- What is your process for continuous monitoring?
- What is your process for continuous Improvement?
- What source of information do you use that are outside your organization?