Tag: Code of Conduct

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 3 – The Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in the regulator’s face during an enforcement action as proof of overall ethical behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in creating your company’s Code of Conduct?

Indeed violation of your Code of Conduct can form the basis of a domestic FCPA enforcement action. In an enforcement action involving United Airlines, Inc., a breach of the Code of Conduct by the Company CEO was determined to be an FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey. This public government entity has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, NJ.
Your Code of Conduct should be tailored to your company’s culture, industry, and corporate identity. It should provide a mechanism by which employees trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used for employee review and evaluation. It should certainly be invoked if there is a violation. Your company’s disciplinary procedures must be stated in the Code. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code. Further, your company’s Code should emphasize it will comply with all applicable laws and regulations wherever it does business. The code must be written in plain English and translated into other languages so all applicable persons can understand it.

Three key takeaways:

1  A Code of Conduct is a foundational document in any compliance regime.
2  The substance of your Code of Conduct should be tailored to the company’s culture, industry, and corporate identity.
3  “Document, Document, and Document” your training and communication efforts regarding your Code of Conduct.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 2 – Clearly Articulated Written Standards

The written standard requirements have long been memorialized in the U.S. Sentencing Guidelines, which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements, the DOJ has crafted its minimum best practices compliance program, which is now attached to every DPA and NPA issued. These requirements were incorporated into the 2012 FCPA Guidance and brought forward in the 2023 ECCP and FCPA Corporate Enforcement Policy. The U.S. Sentencing Guidelines assumes that every effective compliance and ethics program begins with a written standard of conduct; i.e., a Code of Conduct.

Following your Code of Conduct is written policies and procedures required for a best practices compliance program are well- known and long established. The role of compliance policies is to provide guidance and to protect companies, despite an occasional hick-up. Policies provide a basic set of guidelines for employees to follow. They can include general do’s and don’ts, work process flows, specific issue guidelines. By establishing what is and is not acceptable compliance behavior, a company can mitigate the compliance risks posed by employees who might make foolish decisions or otherwise engage in unethical behavior.

There are numerous reasons to put some serious work into your Code of Conduct, policies and procedures. They are certainly a first line of defense when the government comes knocking. This means the regulators will take a strong view against a company that does not have well thought out and articulated policies, procedures or Code of Conduct; all of which are systematically reviewed and updated. Written policies, signed by employees provide a vital layer of communication. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, Document” mantra applies just as strongly to this area of anti-corruption compliance.

Three key takeaways:

  1. A Code of Conduct, together with policies and procedures, have long been recognized as cornerstones of a best practices compliance policy.
  2. Each level of written standards builds upon one another, so consider this integration step.
  3. The Fair Process Doctrine applies to your written standards.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 1 – Introduction to Written Standards

The cornerstone of any best practices compliance program is written protocols. This includes a Code of Conduct, policies and procedures. These elements have long been memorialized in the US Sentencing Guidelines; the Department Of Justice’s (DOJs) Opinion Releases regarding compliance programs, the 2012 FCPA Guidance, both DOJ and Securities and Exchange Commission (SEC) enforcement actions, the 2019 Guidance and FCPA Corporate Enforcement Policy.
There are three levels of standards and controls, Code of Conduct standards and policies and procedures. Every company should have a Code of Conduct that expresses its ethical principles. But a Code of Conduct is not enough. The Code of Conduct is implemented through your compliance policies. It is further operationalized through your compliance procedures. The DOJ spoke to their importance in the 2019 Guidance when it stated, “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” As a corollary, prosecutors should also assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.

At the end of the 31 Days you will have a very detailed grounding on better written standards for your compliance program. You will be able to utilize the information presented to implement a more effective compliance program for your organization. 

Three key takeaways: 

  1. The cornerstone of any best practices compliance program is its written protocols.
  2. Written standards work to prevent, detect and remediate.
  3. What are the specific written protocols you should have in your compliance program?

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Code of Conduct as an Internal Control

In 2016, the SEC announced one of the most interesting non-international-focused FCPA enforcement actions. It involved a clear quid pro quo benefit paid out by United Airlines, Inc. to David Samson, the former chairman of the Board of Directors of the Port Authority of New York and New Jersey. This public government entity has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, New Jersey.

At the time, United’s Code of Conduct prohibited “United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to influence the recipient improperly.” Only the United Board of Directors could grant a waiver to the code, and none was sought or obtained by Smisek. The Order concluded, “The [Chairman’s] Route was initiated in violation of United’s policies.”

The company was also sanctioned for not having internal controls to prevent such actions as those taken by Smisek. The SEC also found this was a violation of Section 13. This was in the face of detailing the protocol for the United instituting or reinstituting a route. The Order stated, “United had insufficient internal accounting controls to prevent approval of the South Carolina Route in derogation of United’s Policies.” All the underlying facts, enforcement theories, and remediation point towards the failure of internal controls when domestic bribery corruption occurs.

 Three key takeaways:

1. It is very unusual for the FCPA to form the basis of a domestic bribery violation.

2. A Code of Conduct can be an internal control.

3. Even a CEO must follow internal controls.

For more information on building a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.

Categories
Daily Compliance News

November 14, 2022 the Are You a Pepper Edition

In today’s edition of Daily Compliance News:

  • FTX hacked? (WSJ)
  • Don’t be the office curmudgeon. (FT)
  • Pepper CEO resigns for Code of Conduct violation. (Reuters)
  • DOJ notches win in antitrust. (WaPo)
Categories
Greetings and Felicitations

Great Structures Week II: Structures from Ancient Egypt and Greece and Written Standards

Welcome to the Greetings and Felicitations, a podcast where I explore topics which might not seem to be directly related to compliance but clearly influence our profession. In this special series, I consider many structural engineering concepts are apt descriptors for an anti-corruption compliance program. In this episode 2, I consider the great structures of ancient Egypt and Greece and how they inform the building blocks of a compliance program: Code of Conduct, Policies and Procedures. Highlights include:

  • Greek Column and Egyptian pyramid.
  • What should go into your Code of Conduct.
  • How should your policies be structured.
  • How do implement policies through procedures.
  • Training and communications of Code of Conduct/policies and procedures are mandatory yet complimentary strategies.

Resources

 “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler from The Teaching Company.

Categories
Blog

Great Structures Week II – Structures from Ancient Egypt and Greece and Written Standards

I continue my Great Structures Week with a focus on great structures from the earliest times, ancient Egypt and Greece. I am drawing these posts from The Teaching Company course, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. From Egypt there are of course the Pyramids, of which Ressler says, “They’re important, not just because they’re great structures, but also because they represent some of the earliest human achievements that can legitimately be called engineering. The Great Pyramid of Giza stands today as a testament to the strength and durability of Egyptian structural engineering skills.”

From Greece we derive what Vitruvius called the “Empirical Rules for Temple Design” which define a “single dimensional module equal to the radius of a column in the temple portico, then specify all other dimensions of the building in terms of that module.” These rules are best seen in Greek temples, largely consisting of columns, which are defined as “a structural element that carries load primarily in compression” and beams, which are “structural elements subject to transverse loading and carry load in bending.” My favorite example of the use of columns is seen in the Parthenon; the most famous of all Greek temples still standing.

In many ways these two very different structures stand as the basis of all structural engineering and Great Structures that come later throughout history. For any anti-corruption compliance regime based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery statutes, the same is true for a Code of Conduct and written policies and procedures. They are both the building blocks of everything that comes thereafter.

In an article Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, stated a company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the FCPA Resource Guide 2nd edition, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Another way to think of policies, procedures and controls was stated by Aaron Murphy, in his book “Foreign Corrupt Practices Act”, when he said that you should think of all three as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Borrowing from an article in the Houston Business Journal, entitled “Company policies are source and structure of stability”, I found some interesting and important insights into the role of policies in any anti-corruption compliance program. Allen says that the role of policies is “to protect companies, their employees and consumers, and despite an occasional opposite outcome, that is typically what they do. A company’s policies provide a basic set of guidelines for their employees to follow. They can include general dos and don’ts or more specific safety procedures, work process flows, communication guidelines or dress codes. By establishing what is and isn’t acceptable workplace behavior, a company helps mitigate the risks posed by employees who, if left unchecked, might behave badly or make foolhardy decisions.”

Allen notes that policies “are not a surefire guarantee that things won’t go wrong, they are the first line of defense if things do.” The effective implementation and enforcement of policies demonstrate to regulators and the government that a “company is operating professionally and proactively for the benefit of its stakeholders, its employees and the community it serves.” If it is a company subject to the FCPA, by definition it is an international company so that can be quite a wide community.

Allen believes that there are five key elements to any “well-constructed policy”. They are:

  • identify to whom the policy applies;
  • establish the objective of the policy;
  • explain why the policy is necessary;
  • outline examples of acceptable and unacceptable behavior under the policy; and
  • warn of the consequences if an employee fails to comply with the policy.

Allen notes that for polices to be effective there must be communication. He believes that training is only one type of communication. I think that this is a key element for compliance practitioners because if you have a 30,000+ worldwide work force, the logistics alone of such training can appear daunting. Consider gathering small groups of employees, where detailed questions about policies can be raised and discussed, as a powerful teaching tool. Allen even suggests posting Frequently Asked Questions (FAQ’s) in common areas as another technique.

The FCPA Resource Guide 2nd edition ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” Allen puts a bit differently in that “it is important that policies are applied fairly and consistently across the organization.” He notes that the issue can be that “If policies are applied inconsistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated.” This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

Join us tomorrow where we look at the Roman Arch and resourcing your compliance program.

Categories
Innovation in Compliance

Compliance Insights from Traliant: Episode 4 – Scott Schneider, Spotlight on Your Code of Conduct


Welcome to a special five-part podcast series on compliance insights, sponsored by Traliant. Over this series, we will discuss key issues that Traliant is helping to lead and define the online training industry going forward. Over this five-part series, I will visit with  John Arendes, Chief Executive Officer (CEO) at the company, on what is new at New Traliant and what the Department of Justice (DOJ) has communicated to the compliance community regarding its expectations around online training and communications; Maggie Smith, Vice President of Human Resources at Traliant on the role of DEI in your corporate ESG program; and Scott Schneider, Head of Content Development at Traliant on your Code of Conduct and anti-corruption training. In this Episode 4, I visit with Scott Schneider, VP of Innovation at Traliant, on the evolution and importance of the corporate Code of Conduct. Highlights include:

  • Culture is the key driver, and your Code of Conduct is the foundation for a broader discussion of what regulators look for in a compliance program.
  • How has the Code of Conduct evolved?
  • Your Code of Conduct should be more than simply aspirational, and your Code of Conduct training helps drive home values, ethics & culture.

Resources
Traliant Website
Scott Schneider on LinkedIn

Categories
Blog

The Continued Evolution of the Code of Conduct

Welcome to a special five-part blog post series on the New Traliant, sponsored by Traliant, LLC. Over this series, we will discuss key issues that Traliant is helping to lead and define the online training industry in going forward. I will visit with John Arendes, Chief Executive Officer (CEO), on what is new at Traliant and what the Department of Justice (DOJ) has communicated to the compliance community regarding its expectations around online training and communications; Maggie Smith, Vice President of Human Resources, on the role of diversity, equity and inclusion (DEI) in your corporate environmental, social and governance (ESG) program; and Scott Schneider, Head of Content Development, on your Code of Conduct and anti-corruption training. In Episode 4, I visit with Scott Schneider on the evolution and importance of the corporate Code of Conduct.
The corporate Code of Conduct has evolved as much as any part of a best practices compliance program. Early codes were often sold as statements about who we are and, as resources, that employees could use to make better decisions. Unfortunately, they tended to be written by lawyers, for lawyers with both formalistic and legalistic language. This created, as Schneider noted, “a clear disconnect that didn’t help employees a lot.” However, as Codes have evolved, he believes “companies have done a much better job and they began to phrase codes of conduct in terms of values and what a company stands for.” This has, in Schneider’s words “restored that connection between the code and the company.” Codes of Conduct also began to include features, language and content that was geared towards employees. This allowed employees who were trying to do the right thing, to use the Code “to figure out what decision should be made either because it provided guidance or because it at least put that guidance in the context of values that you could apply to your situation in making a decision.”
Once the language issue was overcome, the next step was around Code implementation for the devil is in the details. When a code said things like “our company does not discriminate”, it was, as Schneider expressed, “putting a stake in the ground.” If you understand the values in the Code that are motivating, an employee can look at a situation and say, at the very least, I need some help on this. A Code then begins to become something employees can begin to apply because the situation before a particular employee may not be exactly covered in the code. Additionally, companies began to develop resources around their Codes such as FAQs which presented information in a question-answer format in a manner that an employee could obtain an answer.
We next considered Code of Conduct training. Here, Schneider believes companies have room for improvement as the development of the Code itself, “took an arc towards something that is more meaningful, more relatable, more helpful. I do not think code training is quite there yet.” Oftentimes Code training is too formalistic. Many companies have “coalesced around this idea that the training should be modular so that you can train on various topics within your Code.” This includes one training module on what the Code says and then several others which are essentially summaries of law. “We’re kind of stuck that way. I think it leaves employees in the same place they were before with the bad codes, what you remembered as an employee was that I have to sign something that says I read it, even though I did not.” Schneider believes that too often, “employees take Code training because they have to,” and then say, “that’s done”. This loses the connection between the training and the company and the training and the employee. “So, there’s room for improvement for sure.”
One of these responses has been more focused, engaged training for the Code. There is an obvious tension for shorter and more in-depth training and sometimes it is difficult to make that trade off. The key is to understand what is important, what is the core message that you are trying to communicate? The details are often important in providing context and guidance. Schneider concluded, “I think that the key to having shorter training is to understand what’s important and what you want the takeaway to be. Moreover with longer modules, it means you cover fewer topics and the more likely the learner will tune out.”
Start with what is important, what is the takeaway, and then fill in the things that will bring that to life. It does not mean that you must cover every legal detail. Always try to remember who you are training. For the most part, “we are not training lawyers, we are not training judges, we are training employees. You want to help them understand the context of the issue, what they can do, with a focus on what they can do. With the idea that if they get out in the real world, they’ll be able to at least spot the danger and ask for questions.”
Join us for our next episode where we look at the evolution of anti-bribery/anti-corruption training.
Check out Scott Schneider podcast on the evolution of the Code of Conduct and Code training here.

Categories
FCPA Compliance Report

Scott Schneider on Your Code of Conduct

In this episode of the FCPA Compliance Report I visit with Scott Schneider, Head of Content Development at Traliant. Scott has been in the compliance space for over 15 years and is passionate about the building blocks of a best practices compliance program, including Codes of Conduct. This week we take a deep dive into the foundational backbone of every compliance program, the Code of Conduct.  Some of the highlights include:

·      Importance of  Code of Conduct training.

·      Types of Code training.

·      Why have a Code of Conduct?

·      How does a Code of Conduct help establish culture?

·      Key areas the Code should cover?

·      How should a company develop its Code of Conduct?

·      When should a Code be revisited or reassessed?

·      The roles of Codes of Conduct and training down the road into 2025 and beyond?

Resources

Scott Schneider on LinkedIn
Traliant website