Tag: CCO

Categories
Blog

Compliance and Corporate Principles in Today’s World

For corporations, navigating the political landscape has become an increasingly difficult task. While being admonished to ‘stay in their lane’ by some; businesses are just like their stakeholders, impacted by the ever-changing political miasma. When this new reality is coupled with the new levels of transparency in companies, which are only amplified by social media, a company can find itself embroiled in very public controversies with one or more stakeholder groups. As these situations occur, Chief Compliance Officers (CCOs) and compliance professionals will be called upon to help companies navigate this fraught process.

I was therefore intrigued by a recent Harvard Business Review (HBR) article, entitled Strategy in a Hyperpolitical World, where authors Roger L. Martin and Martin Reeves opined on how companies can make smart choices when values clash. Some recent examples the authors pointed to included “when Delta stopped offering discounts to NRA members following a 2018 school massacre in Florida, it was threatened with the withdrawal of fuel subsidies in Georgia. When Disney spoke up on LGBTQ+ rights in Florida, it lost its special governance status and rights in the state. When H&M voiced concerns about cotton sourcing and human rights in China, its revenues in that country plummeted. When the Ukraine crisis broke, McDonald’s was forced to exit the business it had painstakingly built in Russia over a 30-year period.”

This change for corporations has been percolating for some time. As with many changes over the past few years, this politicizing of corporations accelerated during Covid-19 and the Russian invasion of Ukraine. In addition to the increased amplification through social media noted above, the authors believe, “the workplace has become the main vehicle for socialization and self-expression. As employees seek to express their identities and beliefs at work, they increasingly expect that their companies will support the issues they care about.” Companies have for years wanted this type of commitment and engagement with its employees but with all these changes, new risks are presented. Moreover, “many CEOs who have taken a stance on social issues say the impetus was that their employees expected and lobbied for it.” In other words, as the authors believe, the corporate playing field has expanded beyond simply justifying strategic decisions in purely business terms.

How can compliance help a company navigate through all of this? The authors state, “To make and implement the best strategic choices in this environment, leaders will have to (1) develop robust principles to guide strategic choices, (2) address ethical issues early, (3) consistently communicate and implement their choices, (4) engage beyond the industry to shape the context, and (5) learn from mistakes to make better choices in the future.” This is a process that can be facilitated by the corporate compliance function, and I have adapted the authors process for compliance.

Develop Robust Principles

The authors believe the “first step is understanding the salient social and political issues for your company. The second step is envisioning where and how those issues might intersect with your business and the choices that they imply. The third step is hearing and understanding the opinions of your employees on those issues—because, as we’ve noted, they are often the reason that companies take a position on political issues.” They caution the principles must be broad enough “to apply across the major sources of political tension to which a company is likely to be exposed” and they should be clear. Finally, they should be easily audited.

Address Ethical Issues Early

Admittedly, “anticipating and shaping ethical challenges requires a delicate balancing act” but companies are now required to be more nimble and more agile. The authors note, “Individual companies may be able to move earlier and with greater control, but eventually complex issues may necessitate collective action, often initiated by a market leader.” An organization should assess where and how it should operate as well as its “need to anticipate, preempt, and shape nascent ethical challenges. That may require a high degree of creative problem-solving, but it often garners outsize public goodwill and strategic advantages for early movers. Once an issue has become front-page news, political camps will be entrenched, and the company’s room for maneuver will be limited.” This was seen most strikingly in the wake of the Russian invasion of Ukraine where companies were presented with a stark choice from their employees and other stakeholders; support Democracy or suffer the impacts of being pro-Putin. Companies who quickly responded were also in a much better position when the inevitable economic and trade sanctions began to be levied.

Consistently Communicate and Implement Choices

It is critical that principles should “be communicated to and understood by all employees. Because they will influence the expectations of stakeholders outside the company, they should also be publicly transparent.” As the Fair Process Doctrine implies, “Principles are credible only if they are consistently applied.” The authors interpret this to mean “they must be part of the everyday making of business decisions, not simply called up in response to pressure after a situation has exploded.” But just as senior leaders must not simply “Talk the Talk but Walk the Walk”, principles which only “inform communications but not action will not be credible over time or effective in navigating risk.” A CCO should use its company’s principles to “engage with and solve issues preemptively and collaboratively whenever possible. A company standing against corruption will have a greater impact if it works with other stakeholders to address that issue and improve the context—even if, at the end of the day, a decision about whether to stay in the business in question or exit it is required.”

Engage Beyond the Industry

If there has been one change around principles, it has been that some issues are larger than any one company can impact. Some issues are beyond even an entire industry and businesses “need to work with civil society and government on the hardest and most deeply entrenched issues to effect change.” Failing to do so can lead to “accepting the unpredictability of an endless series of ad hoc responses or having regulation forced on the industry owing to insufficient impact from their own efforts. And there are important new issues around which to build consensus.”  Perhaps the clearest example of this is human trafficking and human slavery in the business context and the passage of the Uyghur Forced Labor Prevention Act (UFLPA). This legislation sailed through the US Congress, almost unanimously, as many corporations had taken stands on the abuse of such persons who were potentially embedded somewhere in their supply chain. This type of public/private collaboration is now seen in many other areas such as trade and economic sanctions in the wake of the Russian invasion of Ukraine and the fight against money laundering.

Continuous Improvement

Your business will not always get everything right. Indeed, a compliance program is designed to prevent, detect and remediate. This means fix problems as they are detected. I was therefore gratified when the authors cited to Siemens AG for such an example, in the wake of their massive corruption scandal involving Foreign Corrupt Practices Act (FCPA) violations. The authors noted, “Siemens began by cleaning house: It hired the company’s first-ever external CEO, Peter Löscher, who, within months of taking over, had replaced about 80% of the top level of executives, 70% of the next level down, and 40% of the level below that. Next, it made earnest and long-term commitments to atone for its past actions: It has supported government investigations and set up the global Siemens Integrity Initiative to fund collective action to reduce corruption, which has allowed the company to continue to bid for government contracts.”

If you work through these steps, you should be able to prepare your organization for the next major shock.

Categories
Blog

Assessing and Aligning Your Corporate Values

One of concepts enshrined in the Monaco Memo is that the Department of Justice (DOJ) will assess corporate culture for any company that may find itself under investigation for Foreign Corrupt Practices Act (FCPA) violations. This enshrinement is not exactly new as Deputy Attorney General (DAG) Lisa Monaco announced this new DOJ focus in October 2021 in her speech to the ABA White Collar Bar Conference. The parameters of how the DOJ will assess culture are still being worked out but Chief Compliance Officers (CCOs) and compliance professionals need to be considering this issue in the context of their own compliance programs and corporate culture in case the DOJ ever comes knocking. Over the next several blog posts, I will be exploring how a corporate compliance function can assess, monitor and improve your corporate culture.

We begin with assessing your corporate values and then aligning them within your organization. In a recent Harvard Business Review (HBR) article, entitled What Does Your Company Really Stand For?, authors Paul Ingram and Yoonjin Choi explored these and other issues. I have adapted their work for the compliance professional. The authors believe that corporate values are more critical then ever.

New technologies, the lingering effects of the Covid-19 pandemic and the continued fallout from the Russian invasion of Ukraine have forced companies to “reassess what they value in their relationships with their employees, their customers, and even their societies… Across industries and sectors, companies have been forced to ask themselves, “What do we stand for?” and “What binds us to one another and to the community?” Through their research, the authors discovered, “They discovered that when a company’s official values match those of its employees—a situation they call values alignment—the benefits include higher job satisfaction, less turnover, better teamwork, more-effective communication, bigger contributions to the organization, and more-productive negotiations, not to mention more diversity, equity, and inclusion.”

The authors developed a five-step approach for values alignment. The first step is to identify the values within your employee base and create what they call a “values structure” which represents “the eight values that are most significant for each individual and the interdependencies that person perceives among them. For example, someone might believe that pursuing excellence will help satisfy the value of achievement.” Step two is to identify key priorities from strategy to determine “What is the most important thing the organization can do to achieve its strategy?” This determination will allow you align your official values with your organization’s mission.

The next step is to wed values that serve both the organization and its employees. Here you can use a group or groups of employees to make these connections to create value statements based upon the outputs from steps one and two. You may create many value statements, but these can be refined down. The authors note, “values alignment does not require exact matches; someone who identifies achievement as an individual value is likely to feel aligned with a similar organizational value—say, accomplishment. So you have some flexibility in creating your potential value statements.”

Next, in step four, you should begin the assessment process. Here try to be as wide and inclusive as possible. The authors state, “any member of the organization whose input is significant to its ultimate success should be invited to weigh in.” The benefits are clear as the more employees and other stakeholders involved, the wider the engagement will be going forward. This will lead to greater buy-in at the end of the day as well. The fifth and final step is to generate a final list of organizational values. In this process, senior management may become more involved.

The authors concluded their article by noting, “when properly aligned, values are powerful. They serve your strategy and provide your employees with authentic connections, and in so doing they create a foundation for better group performance and higher personal satisfaction. But values are not magic. They don’t become real or effective just because you announce them to your organization in a town hall meeting or etch them into marble at HQ. If you want to enjoy their benefits, you need to work with everybody in your organization to identify and align them. That requires the kind of careful attention and hard work that we’ve described in this article. We can assure you that it’s worth it.”

From the compliance perspective, the protocol the authors have set out can be quite useful. Recognizing that values are but one part of an overall corporate culture, this gives you a mechanism to think through how to begin an overall assessment of your organization. Values do make a portion of an overall culture. Through the engagement advocated herein, you can not only get a good reading on such key values as trust and respect, but, more importantly, learn how to incorporate them as overall assets into your corporate culture.

Categories
Great Women in Compliance

Harper Wells-Training Update

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley. We have not done a training episode in a while so this week we invited Harper Wells, Chief Compliance Officer of Learning Pool, to share her insights as a Compliance expert working for a training company. Harper shares what it’s like being a CCO within a service provider and then takes us on a journey of the latest and greatest elements of training in Ethics and Compliance programs.  Harper and Mary address some considerations on the potentially controversial topic of testing out of Compliance training. We end this episode with some advice and encouragement for non lawyers like Harper, with their eye on the prize for a CCO role.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
The Compliance Life

Stephen Martin – Into the CCO Chair and Beyond

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Stephen Martin, CCO at Skillsoft on his path to the CCO Chair.

In this concluding episode, moves into the CCO Chair at Skillsoft, he talks about his current role and the challenges of bringing a compliance program to a compliance product and services organization. He reflects on some of the key lessons he learned throughout his career leading up the CCO role. He concludes by looking down the road at where the CCO and the compliance profession will be in 2030.

Resources

Stephen Martin LinkedIn Profile

Categories
Sports and Compliance

Colt’s Hiring of Jeff Saturday

Welcome to the Sports and Compliance podcast. For the longest time, I have wanted to have a podcast on the intersection of Sports and the World of Compliance and Ethics, both for those stories as they play out on the Sports Page and for the lessons they provide to business executives and compliance professionals. In this podcast series, I am joined by one of the top compliance commentators, Stephen Martin, CCO at Skillsoft. Together, we will use our love of sports and competition to discuss current ethical issues in sports, look at compliance through a sports lens, and determine how the world of sports and its stories can guide the compliance professional.

In this episode, we consider the hiring by the Indianapolis Colts of Jeff Saturday to be a head coach. Saturday is a former All-Star player, playing most of his career for the Colts. He was hired as interim coach after Frank Reich’s firing. Owner Jim Irsay hired him. We consider whether he was hired to tank and the implications around that issue. The Colts did not follow the Rooney Rule, and we consider that issue. What does this hire say about the NFL coaching fraternity? Saturday won his first game against the Las Vegas Raiders.

We take a deep dive into the hire through a corporate compliance program lens and consider what happens if you bring in an inexperienced CCO to run your compliance function.

Categories
The Compliance Life

Stephen Martin-Move into Compliance Consulting

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Stephen Martin, CCO at Skillsoft on his path to the CCO Chair.

From the corporate world, Martin moves to the compliance consulting world, first at Baker & McKenzie and later moving to StoneTurn. Martin literally traveled the globe (multiple times) both investigating allegations of bribery and corruption and building out best practices compliance programs. He also began teaching a compliance course at the University of Denver and reflects on lessons from that experience. He concludes by talking about the need for a personal brand and how he created one.

Resources

Stephen Martin LinkedIn Profile

Categories
Daily Compliance News

October 29, 2022 the World Series Edition

In today’s edition of Daily Compliance News:

  • Credit Suisse names new CCO. (WSJ)
  • Removing sanctions against Tornado Cash. (WSJ)
  • A crisis in curling. (NPR)
  • Astros return to World Series. (WSJ)
Categories
The Compliance Life

Bridget Abraham-Reflections on a Non-Traditional Compliance Career Path

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Bridget Abraham, CCO at Remitly, who had a decidedly non-traditional path to the CCO Chair.

In this concluding episode, Bridget reflected on her non-traditional path to the CCO chair. She also discussed the compliance challenges of moving money around the globe and doing so with less friction. She recalled some of the key mentors who had helped her career path and concluded with thoughts on how and why a corporate compliance program needs to use data to tell its story.

Resources

Bridget Abraham LinkedIn Profile

Categories
Daily Compliance News

October 24, 2022 the Ramaphosa Vows Crackdown Edition

In today’s edition of Daily Compliance News:

  • Ramaphosa vows to crack down on corruption. (Barron’s)
  • Credit Suisse CCO to leave after little over one year in the job. (Bloomberg)
  • Hyundai is under investigation for the use of child Labor. (Reuters)
  • Alleged chess cheater sues. (FT)
Categories
Blog

Great Structures Week V – The Tacoma Narrows Bridge Failure and Preventing Failure in Your Compliance Program

I conclude my Great Structures Week with a focus on structural engineering failures: suspension bridges and the challenges of wind in their construction and maintenance. I am drawing these posts from The Great Courses offering, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. In his chapter on suspension bridges he notes that the “Tacoma Narrows Bridge was the third longest span in the world when it opened to the world, this month of July in 1940.” Yet it collapsed only four months later, in one of the most famous visual images of a bridge’s collapsing. This is due to the “inherent flexibility of cable as a structural form”. A bridge can move in longitudinal vibration, that is up and down and in torsion, where it twists from side-to-side.

Most people recognize unstiffened suspension bridges as old as man and engineering itself. It was not until the 1820s that serious study was brought to bear on the issue of wind-related collapse of suspension bridges. The initial solution was to simply use more weight to reinforce the span. However, while that solution did bring some stability, it reinforced damage as the structure became a textbook example of Newton’s Second Law of Motion, which states that the acceleration of an object is dependent upon two variables – the net force acting upon the object and the mass of the object; meaning that once a heavy weight is in motion, it is more resistant to deceleration.

Yet it was scientific methodology that led to the disaster with the Tacoma Narrows Bridge. An engineer named Leon Moisseiff had developed a theory that long spanned suspension bridges were heavy enough that they did not require stiffening trusses because “their mass stabilized them against wind-induced vibrations.” However, this theory failed to take into account how air flows around a bridge and the “dynamic response of the structural system.” Ressler concludes this section by stating, “this case has become a classic symbol of the dangers of arrogance born of overconfidence in science-based design methods, and belt-and-suspenders engineering has made a bit of a comeback.”

I thought about the catastrophic failure of the Tacoma Narrows Bridge in the context of one of the greatest risks in Foreign Corrupt Practices Act (FCPA) compliance; that being third parties. Many non-compliance corporate employees assume that if a third party passes due diligence muster; they are in the clear. After all, you cannot stop a third party from making a bribe or other corrupt payment. Fortunately, the Department of Justice (DOJ) does not take such a myopic view as many business types. Under the FCPA, a company is responsible for the actions of its third-party representatives.

The real work around your third-party compliance program begins after the contract is signed and it is in the management of the third-party relationship. While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, in “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

Carol Switzer, writing in the Compliance Week magazine, set out a five-step process for managing corruption risks, which I have adapted for third parties.

  1. Screen – Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit – Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Additionally, there several different functions in a company that play a role in the ongoing monitoring of the third party. While there is overlap, I believe that each role fulfills a critical function in any best practices compliance program.

Relationship Manager

There should be a Relationship Manager for every third party which your company does business. The Relationship Manager should be a business unit employee who is responsible for monitoring, maintaining and continuously evaluating the relationship between your company and the third party.

Compliance Professional

Just as a company needs a subject matter expert (SME) in anti-bribery compliance to be able to work with the business folks and answer the usual questions that come up in the day-to-day routine of doing business internationally, third parties also need such access. A third party may not be large enough to have its own compliance staff so I advocate a company providing such a dedicated resource to third parties. This role can also include anti-corruption training for the third party, either through onsite or remote mechanisms. The compliance practitioner should work closely with the relationship manager to provide advice, training and communications to the third party.

3rd Party Oversight Committee

A company can have a Third-Party Oversight Committee review documents relating to the full panoply of a third party’s relationship with the company. It can be a formal structure or some other type of group, but the key is to have the senior management put a ‘second set of eyes’ on any third parties who might represent a company in the sales side. In addition to the basic concept of process validation of your management of third parties, as third parties are recognized as the highest risk in FCPA or Bribery Act compliance, this is a manner to deliver additional management of that risk.

After the commercial relationship has begun the Third-Party Oversight Committee should monitor the third-party relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations and evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the third party. The Third-Party  Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. In addition to the above remedial review, the Third-Party Oversight Committee should review all payments requested by the third party to assure such payment is within the company guidelines and is warranted by the contractual relationship with the third party. Lastly, the Third-Party Oversight Committee should review any request to provide the third party any type of non-monetary compensation and, as appropriate, approve such requests.

 Audit

A key tool in managing the relationship with a third-party post-contract is auditing the relationship. I hope that you will have secured audit rights, as that is an important clause in any compliance terms and conditions. Your audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed.

Perhaps now you will understand why I say that managing the relationship of your third party’s is where the real work of your FCPA compliance program comes to the fore. It also demonstrates a key difference in having a paper compliance program and doing compliance. Having a paper compliance program is simple but doing compliance is not always easy; you have to work at it to maintain an effective program.

I hope that you have enjoyed this week’s offering based around some of the world’s greatest structures, their engineering concepts and innovations and how they all related to a best practices compliance program. I am a huge fan of The Great Courses offerings and if you are interested in learning in a great many areas it is one of the best resources available to you.