Tag: CCO

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 3 – The Role of Internal Controls

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 3, we will consider the role of internal controls.

Internal controls are often seen as the backbone of an organization’s ability to operate efficiently, ethically, and within the bounds of the law. They serve as the safety net that catches errors deters fraud, and ensures that policies are not just theoretical but are put into practice. However, the recent revelations in the Wall Street Journal (WSJ) surrounding the culture of overwork at a major financial institution, where junior bankers were expected to work excessively long hours, shine a spotlight on a critical failure in internal controls—not in their design, but in their execution and monitoring. This blog post will explore the lessons compliance professionals can learn from this situation, focusing on implementing, actively managing, and enforcing internal controls.

Understanding the Control Environment

The control environment is at the heart of any robust internal control system. This includes the corporate culture, employee attitudes toward internal controls, and the tone set by senior management. It’s the foundation upon which all other aspects of internal control are built. When the control environment is weak or toxic, as in the situation under discussion, the entire control structure can crumble.

In this case, BoA had ostensibly implemented controls to prevent overwork—junior bankers were required to self-report their working hours. If they exceeded a certain threshold, this would trigger a review by HR. However, this control was ineffective because those responsible for enforcing it did not take it seriously. Managers instructed their subordinates not to report excessive hours, bypassing control entirely. Additionally, think about the basic conflict of interest (READ: Absurdity) in having the person the control was supposed to monitor input the information for the control to activate.

For the compliance professional, this emphasizes that your control environment is only as strong as the commitment of those enforcing it. Senior management must set the tone and ensure that it resonates throughout the organization. When internal controls are ignored or undermined, it’s often a sign that the control environment is flawed.

The Role of Monitoring and Remediation

Internal controls are not static; they require ongoing monitoring and, when necessary, fine-tuning or remediation. In the BoA situation, the institution needed to adequately monitor the effectiveness of its controls. Even after the tragic death of a junior banker, which should have been a clear signal that the controls in place were not working, there was no significant overhaul or improvement in the control environment.

Monitoring is a critical component of internal control, as it allows an organization to detect weaknesses and address them before they lead to significant issues. In this case, the failure to monitor and remediate allowed a toxic culture to persist for years, ultimately leading to repeated tragedies.

For the compliance professional, the lesson is clear: regular monitoring of internal controls is essential. When weaknesses are identified, they must be addressed promptly and effectively. A failure to remediate control weaknesses leaves an organization vulnerable to risks and can signal to employees that the controls—and the culture—are not taken seriously.

The Flaws of Self-Reporting as a Control

One of the most striking aspects of this case is the reliance on self-reporting as a key control mechanism. While self-reporting can be helpful, it is far from foolproof, especially in environments with significant pressure to conform to unrealistic expectations. In this instance, the control requiring junior bankers to self-report their hours was ineffective because the reporting was neither enforced nor monitored.

The problem with self-reporting as a control is that it places the onus on the individuals being controlled, which can create a conflict of interest. Employees may feel pressured to underreport or falsify their time to meet expectations or avoid repercussions. With independent verification and oversight, self-reporting is likely to be reliable.

For the compliance professional, the starkness of the lesson could not be more profound. Self-reporting should not be relied upon as the sole or primary control in a high-risk environment. It should be supplemented with independent verification methods, such as automated time tracking, regular audits, or cross-referencing with other data sources. This approach ensures that the data collected is accurate and that controls are truly effective.

Automation and Technology in Internal Controls

Given BoA’s size and sophistication, it is somewhat perplexing that more robust, automated controls were not implemented. In today’s technologically advanced world, numerous tools can automatically track employee hours, monitor for signs of overwork, and flag potential issues for review. These tools can remove the burden of self-reporting and provide more accurate, real-time data.

For example, many organizations use software that tracks employee computer activity, monitors login and logout times, and even tracks time spent on specific tasks. This data can then be used to identify patterns of overwork and take proactive measures to prevent burnout or health issues.

For the compliance professional, it is a direct lesson that leveraging technology can significantly enhance the effectiveness of internal controls. Automated systems can provide continuous monitoring, reduce the risk of human error, and offer objective data that can be used to identify and address potential issues before they escalate.

The Importance of a Holistic Approach

Finally, every compliance professional must recognize that internal controls cannot operate in a vacuum. Internal controls must be part of a broader, holistic approach to risk management and compliance. This includes fostering a strong ethical culture, regularly training employees at all levels, and ensuring transparent, accessible channels for reporting concerns.

With BoA, the failure was not just in the specific control related to work hours—it was a systemic failure across the organization. The culture of overwork was allowed to persist because the control environment was weak, monitoring was inadequate, and there was no serious commitment to remediation.

This final lesson learned for the compliance professional is that internal controls are just one piece of the puzzle. To be truly effective, they must be integrated into a comprehensive risk management framework that includes strong ethical leadership, ongoing education, and a commitment to continuous improvement. 

Internal Controls as a Reflection of Corporate Culture

The tragic situation at BoA is a stark reminder of the critical importance of internal controls in maintaining compliance and a healthy and sustainable corporate culture. Internal controls are more than checkboxes—they reflect an organization’s values and priorities. When controls are ignored or undermined, they send a message that compliance, and by extension, employee well-being, is not a priority.

For compliance professionals, the key takeaway is clear: internal controls must be actively managed, monitored, and enforced. They must be part of a broader effort to create a culture of integrity and accountability. Perhaps most importantly, they must be seen as a dynamic system that requires constant attention and adjustment to remain effective. In a world where pressure on employees is greater than ever, robust internal controls are not just a regulatory requirement but a moral imperative.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 2 – Lessons Learned for Compliance

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 2, we journey through some key lessons learned for compliance professionals.

In the high-stakes world of investment banking, where deals are won or lost in hours, the pressure to perform can push individuals to the brink. Unfortunately, that brink has meant a premature end to some people’s lives. The recent tragedy at BoA, where a junior banker named Leo Lukenas died after working over 100 hours a week for weeks on end, has cast a harsh light on a decade-long problem. This is not the 2013 scandal revisited; it’s an ongoing crisis, a corporate culture problem that has festered for years. The lessons from this ongoing debacle are critical and chilling for compliance professionals.

Lukenas was not the first casualty of this toxic culture. In 2013, an intern in Bank of America’s London office, Moritz Erhardt, met a similar fate after enduring a grueling workload. Following that incident, the bank promised to implement policies to prevent such tragedies from recurring. Yet, a decade later, Lucas’s death is a stark reminder that those policies have either failed or were never truly enforced.

The investment banking division at Bank of America has been likened to a “white-collar sweatshop,” a description that, sadly, fits too many high-pressure work environments. While the term “sweatshop” might conjure images of factories in developing countries, overwork and exploitation can happen in plush office towers just as easily. Lucas’s death has brought into sharp relief the human cost of such environments, where the relentless pursuit of profit eclipses the well-being of employees.

What is particularly concerning is that this issue is separate from a single office or even a single country. The WSJ’s reporting has revealed that overwork at Bank of America is a pervasive issue, affecting employees in New York, London, Tokyo, and Latin America. Former employees have cited overwork as a primary reason for leaving the bank, underscoring that this is not a localized problem but an enterprise-wide failure of corporate culture.

This brings us to a crucial question: Where was compliance? Why have the policies and controls put in place to prevent overwork ineffective? The answer lies in a deep-seated cultural issue that transcends mere policy implementation. Middle management has tolerated if not outright encouraged, this culture, which senior management has failed to address with the necessary urgency.

Middle management is often described as the “meat grinder” of corporate culture, where good intentions from the top can get mangled into toxic behaviors at the bottom. In the case of Bank of America, middle managers were reportedly telling their subordinates not to report excessive working hours to HR, effectively bypassing the controls that were supposed to prevent overwork.

This is a classic example of what can happen when senior management fails to engage effectively with middle management. Senior executives may have genuinely wanted to prevent overwork, but their message could have been more focused and addressed by those in the middle tasked with enforcing it. This disconnect is where corporate culture often fails. Compliance professionals understand that policies are only as good as their enforcement, and enforcement is only as good as the people who are responsible for it. For the compliance professional, this means you must directly connect what senior management has laid out as policy and not simply put procedures in place to implement the policy but then monitor the implementation to ensure the policy is being followed. Sadly, that was not the case at BoA.

Another critical factor in this crisis is the role of incentive structures. It is no secret that high-stakes deals and intense pressure to produce results drive investment banking. But the stage is set for disaster when bonuses and career advancement are tied to closing deals, even at the cost of employee health.

This misalignment of incentives is a fundamental issue that any compliance officer must address. If the financial rewards for middle managers are tied to delivering results, irrespective of the human cost, then it should be no surprise that overwork becomes a pervasive problem. Incentive structures must be reexamined and realigned with the organization’s ethical and operational goals.

As compliance professionals, it is imperative not just to address the symptoms of such crises but to dig deeper and identify the root causes. This case’s root cause is clear: a toxic corporate culture prioritizes results over people. But beyond that, it is about senior management’s failure to enforce a healthy work culture and the misalignment of incentives that drives middle managers to push employees to the brink.

Organizations need to examine their culture, management practices, and incentive structures to prevent such tragedies in the future. This is not just a problem for Bank of America; it’s an industry-wide issue that requires a collective response. Compliance officers have a crucial role in advocating for stronger controls, better communication, and a culture that truly values employee well-being.

The ongoing crisis at BoA is a sobering reminder of the human cost of a toxic work culture. For compliance professionals, it serves as a call to action. A culture that values employees as people, not just as cogs in a machine, is necessary for enforcing and supporting policies; having them on paper is not sufficient.

As we progress, the lessons from this tragedy should guide our efforts to create healthier, more sustainable work environments. Compliance is not just about ticking boxes; it’s about ensuring our values are reflected in our organizations’ day-to-day operations. Ultimately, it’s about protecting the organization and the people who make it what it is.

Categories
Adventures in Compliance

The Last Bow Stories – Investigative Lessons from The Disappearance of Lady Frances Carfax

Welcome to a review of all the Sherlock Holmes stories that are collected in the work, “The Last Bow.“. It is a collection of eight detective stories written by Sir Arthur Conan Doyle, from 1908 to 1917. The collection spans some of the most intriguing cases and mysteries that Holmes and his loyal friend Dr. John Watson tackle.

Today we take up The Disappearance of Lady Frances Carfax, which appeared in Strand Magazine in December 1911, as we consider investigative lessons for compliance professionals from The Disappearance of Lady Frances Carfax.

This episode considers the investigative methods employed by Holmes and Watson, which offers valuable lessons on investigations for compliance professionals. Key points include thorough information gathering, maintaining confidentiality, attention to detail, critical thinking, collaboration, understanding human behavior, following financial clues, meticulous documentation, and learning from each case. The episode underscores how these investigative principles can be directly applied to the field of compliance.

Key Highlights:

  • Introduction to Lady Frances Carfax
  • The Disappearance and Investigation
  • Holmes’ Discoveries and the Climax
  • Key Investigative Lessons for Compliance
  • Compliance Principles

 Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Persuasion in Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

At the end of the day, persuasion is a compliance professional’s most powerful tool. Learn how to wield it effectively.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Telling a Story in Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today we consider the story elements you can use to make your compliance work come alive, even for the regulators.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: The Brand of Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

A brand is a promise delivered. Are you delivering your promises in compliance?

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending August 17, 2024

Welcome to 10 For 10, the podcast that brings you the week’s top 10 compliance stories in one episode each week.

Tom Fox, the Voice of Compliance, presents the stories every compliance professional needs to know as you wrap up your busy week. In just 10 minutes, sit back and catch up on the key compliance stories from the prior week.

Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for compliance professionals, all curated by the Voice of Compliance, Tom Fox. Get your weekly dose of compliance stories with 10 For 10, a podcast produced by the Compliance Podcast Network.

  • DOJ defends itself from Boeing victims’ families’ objections.  (Law360)
  • Boeing puts work output before employee health and safety. (WSJ)
  • A new CCO salary survey is out. (WSJ)
  • More fines for failure to monitor employee text messaging. (WSJ)
  • Boeing and the cost of culture failure. (NYT)
  • Smartmatic execs accused of FCPA violations in The Philippines. (NYT)
  • SFO files charges against 2 additional Glencore traders. (FT)
  • Ukraine detains Deputy MoE in corruption scandal. (Reuters)
  • French ABC efforts led to the most successful Olympics since 1984. (The Conversation)
  • Mozambique official found guilty in tuna boat corruption case. (Bloomberg)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Training and Communications Lessons from Star Trek: The Trouble with Tribbles

Last month, I wrote a blog post on the tone at the top, exemplified in Star Trek’s Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a series of blog posts exploring Star Trek: The Original Series episodes as guides to the Hallmarks of an Effective Compliance program set out in the FCPA Resources Guide, 2nd edition. Today, I will continue my two-week series by looking at the following Hallmarks of an Effective Compliance Program laid out by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in the FCPA Resources Guide, 2nd edition.

The Trouble with Tribbles is the most beloved episode from the original Star Trek series, renowned for its humor and an underlying message about the unintended consequences of seemingly innocuous actions. While the episode aired in 1967, its themes offer valuable insights into effective compliance programs, particularly in training and communication for compliance professionals in 2024. This blog post will explore how this entertaining episode of Star Trek aligns with the “Hallmarks of an Effective Compliance Program” and offers lessons that can be applied in today’s corporate environments.

Lesson 1: The Importance of Clear Communication

In the episode, the crew is unaware of the potential threat the tribbles pose. Lieutenant Uhura receives a tribble as a gift from Cyrano Jones, a trader, but only one communicates the risks associated with these creatures once it is too late. This oversight underscores the importance of clear and effective communication in compliance programs. Effective compliance programs ensure that all employees understand the policies and procedures that affect their roles. This requires not only the dissemination of information but also ensuring it is understood.

Communication should be clear and accessible, easy to understand, and accessible to all employees. This can be achieved through regular updates, easy-to-read materials, and translations for non-native speakers. Messaging and communications should be consistent across all levels of the organization to prevent confusion and ensure everyone is on the same page. The communications should be two-way, encouraging employees to offer feedback and ask questions to identify areas of confusion and improve understanding. This fosters an environment where employees feel comfortable discussing compliance issues.

Lesson 2: Training to Anticipate and Manage Risks

The rapid multiplication of tribbles represents a failure to anticipate and manage risk, a critical aspect of compliance. Had the crew been trained to recognize potential hazards and understand the consequences of introducing foreign species into their environment, they could have mitigated the tribbles’ impact. Training programs should help employees anticipate and manage risks before they escalate.

Some key ways include using real-world scenarios and simulations to help employees understand potential risks and how to respond to them. This approach enhances problem-solving skills and prepares employees for unforeseen challenges. Training should be regularly updated; as risks evolve, training programs must be updated to reflect new challenges and ensure employees have the tools they need to respond effectively. Finally, prioritize training in areas with the highest risk, such as data privacy, anti-corruption, and workplace safety, to ensure employees are equipped to handle these challenges.

Lesson 3: Empowering Employees Through Knowledge

The crew’s lack of knowledge about tribbles highlights the importance of empowering employees with the information they need to make informed decisions. Knowledge is a powerful tool in preventing compliance breaches and fostering a culture of accountability. As a compliance professional, you can empower employees in various ways.

You should provide comprehensive training covering all compliance aspects, from legal requirements to ethical considerations, to ensure employees understand their responsibilities and the impact of their actions. Promote a culture of continuous learning by providing resources and opportunities for employees to expand their knowledge and stay updated on compliance trends. Finally, leverage technology to deliver training efficiently and effectively. Online platforms, interactive modules, and mobile applications can make learning more engaging and accessible.

Lesson 4: The Role of Leadership in Communications

Captain Kirk’s leadership is crucial in addressing the Tribble crisis. His decisive actions and ability to coordinate his team effectively demonstrate the importance of leadership in driving compliance efforts. Leadership plays a pivotal role in fostering a culture of compliance, and corporate leaders can do so in various ways.

Lead by example, walk the walk, and do more than just talk the talk. Leaders should demonstrate a commitment to compliance by adhering to policies and procedures and setting a positive example for others. They should regularly communicate the significance of compliance and the organization’s commitment to ethical behavior through various mechanisms and media. Finally, resources should be allocated to support initiatives that promote compliance, such as training programs and awareness campaigns.

Lesson 5: Building a Culture of Accountability

The Tribble incident emphasizes the need for accountability in managing risks. A culture of accountability ensures that employees take responsibility for their actions and understand the consequences of non-compliance. Compliance professionals should employ various mechanisms to build a culture of accountability.

You should have clear expectations through policies and procedures that define roles and responsibilities clearly so employees understand what is expected of them. Implement monitoring for your policies and procedures, as well as your communication and training. This can be accomplished through monitoring tools and reporting systems to track compliance and identify areas for improvement. Finally, there must be consequences for non-compliance. Ensure that violations of compliance policies are met with appropriate consequences to reinforce the importance of accountability.

The Trouble with Tribbles may be a humorous episode of Star Trek, but it offers valuable lessons for compliance professionals. By focusing on training and communication, organizations can anticipate and manage risks effectively, empower employees through knowledge, and foster a culture of accountability and ethical behavior.

Incorporating these lessons into your compliance program can enhance its effectiveness and help your organization navigate the complexities of today’s regulatory environment. Remember that a proactive approach to compliance protects your organization from potential pitfalls, strengthens its reputation, and builds stakeholder trust.

Join us tomorrow as we consider the internal reporting and investigative lessons from the Star Trek episode The Conscience of the King.

Categories
Daily Compliance News

Daily Compliance News: August 14, 2024 – The CCO Salary Survey Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • A new CCO salary survey is out. (WSJ)
  • Will the UK finally try and clean up BVI? (Politico)
  • Bank of America tells junior bankers to ‘follow the rules’. (WSJ)
  • Texas sues GM over stealing drivers’ personal data from its cars. (Reuters)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Securing Compliance: How CCO’s Can Combat Internal Sabotage

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into some of the nettlesome internal challenges faced by many Chief Compliance Officers (CCOs) in today’s corporate environment.

On Compliance into the Weeds, Tom and Matt discuss the various challenges that CCOs face within organizations. They delve into stories of how senior management, particularly General Counsels (GCs) and Chief Financial Officers (CFOs), can sometimes undermine compliance efforts. The conversation explores issues such as budget cuts, restrictive vendor usage, structural impediments, passive-aggressive behaviors, and direct interference in investigations. They also consider potential solutions and strategies for CCOs to better navigate these struggles and ensure the effectiveness of compliance programs.

Key Highlights:

  • Budgetary Constraints and Sabotage
  • Interference in Investigations
  • Structural Impediments to Compliance
  • Undermining by Engagement and Assignment
  • Advice Going Forward

Resources:

Matt in Radical Compliance

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn