Categories
Innovation in Compliance

A Conversation with Skillsoft and StoneTurn: Part 2 – Charlie Voelker on How a Risk Assessment Informs Your Code of Conduct


Welcome to a special five-part podcast series, A Conversation with Skillsoft and StoneTurn: From the Code of Conduct to Risk Assessment to Continuous Improvement. This week’s podcast series is jointly sponsored by Skillsoft and StoneTurn Group, LLP. In this podcast series we will explore the recently released 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2020 Update). We focus on your Code of Conduct and how it is informed by your Risk Assessment, training on your Code of Conduct, performing a Risk Assessment and conclude with how all this ties to continuous monitoring and continuous improvement. Participants in this podcast series include: from Skillsoft, Charlie Voelker, Director, Compliance Products; John Arendes, Vice President and GM of Global Compliance Solutions; from StoneTurn, Toby Ralston, Managing Director, Jamen Tyler, Managing Director and Stephen Martin, Partner. In this second episode, I visit with Voelker on how a Risk Assessment informs your Code of Conduct.
We began with an exploration of why the Code of Conduct is so foundational to a compliance program in general. Voelker said, the “Code of Conduct is a way of capturing the risks and the issues that the organization faces. These are the major concerns that, that the organization has in terms of the type of business it is in, where it is operating and other factors of that nature.” Moreover, “by capturing those major issues within a training experience that is delivered across the organization and to all employees, it helps to level set everybody within the company in terms of what are those issues that are sort of top of mind for the company, what are the areas that as an employee needs to be focused on. Also, for employees, the Code of Conduct is a source of that information and also about where to go for more help. In many cases, a Code of Conduct will point to other policies or procedures or other resources that serve to provide that support that employees might need as they go about their day-to-day business.”
One of the key themes of the 2020 Update was of the importance of a risk assessment to all aspects of your compliance program. Additionally, the 2020 Update made clear the relationship between risk assessment and Code of Conduct training going forward. A risk assessment informs the content of the company’s Code of Conduct itself by identifying the topics and the issues that relate to the risks the organization faces.
Join us tomorrow where Jamen Tyler, Managing Director at StoneTurn, helps us take a deep dive into Risk Assessments.

Webinar

If you enjoyed today’s podcast, I want to let you know about an upcoming webinar Skillsoft and StoneTurn are hosting. The webinar “Evolving Your Compliance Program” will be held on Wednesday Sept 23 and will explore how companies are leveraging data and information to improve and evolve their compliance programs. Information and Registration click here.

Resources

For more information on Skillsoft’s compliance offerings, click here.
For more information on the Skillsoft/StoneTurn partnership, click here.
For more information on StoneTurn, click here.

Categories
Innovation in Compliance

A Conversation with Skillsoft and StoneTurn: Part 1 – Toby Ralston on Your Code of Conduct

Welcome to a special five-part podcast series, A Conversation with Skillsoft and StoneTurn: From the Code of Conduct to Risk Assessment to Continuous Improvement. This week’s podcast series is jointly sponsored by Skillsoft and StoneTurn Group, LLP. In this podcast series we will explore the recently released 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2020 Update). We focus on your Code of Conduct and how it is informed by your Risk Assessment, training on your Code of Conduct, performing a Risk Assessment and conclude with how all this ties to continuous monitoring and continuous improvement. Participants in this podcast series include: from Skillsoft, Charlie Voelker, Director, Compliance Products; John Arendes, Vice President and GM of Global Compliance Solutions; from StoneTurn, Toby Ralston, Managing Director, Jamen Tyler, Managing Director, and Stephen Martin, Partner. In this first episode, I visit with Toby Ralston on Code of Conduct.

Obviously, your Code of Conduct is viewed as a foundational document by the DOJ and Securities and Exchange Commission (SEC) as they laid out in the FCPA Resource Guide, 2nd edition. Yet many compliance practitioners struggle with how to benchmark a code of conduct. Ralston believes there are a number of ways that a compliance professional could potentially benchmark a Code of Conduct. He suggested “a matrix approach that uses a modified scorecard or a balanced scorecard where we measure objectives early and subjectively rank an individual Code. We then consider those components against the Codes of competitors and those recognized as best practice.” This can make such a benchmarking exercise a peer comparison, but that peer to peer comparison should not be limited to organizations in your industry. “We find that this approach helps us identify missing or underdeveloped topics as well as sections of a Code that likely need to be condensed or reorganized.”

Join us tomorrow where Charlie Voelker, Director, Compliance Products, Skillsoft, discusses how a Risk Assessment informs your Code of Conduct.

Webinar

If you enjoyed today’s podcast, I want to let you know about an upcoming webinar Skillsoft and StoneTurn are hosting. The webinar “Evolving Your Compliance Program” will be held on Wednesday Sept 23 and will explore how companies are leveraging data and information to improve and evolve their compliance programs. Information and Registration click here.

 Resources

For more information on Skillsoft’s compliance offerings, click here.
For more information on the Skillsoft/StoneTurn partnership, click here.

For more information on StoneTurn, click here.

Categories
31 Days to More Effective Compliance Programs

Design of your Code of Conduct


Next is the design of your Code of Conduct. Through attention to detail in the design process, you should be able to come out at the end with a code which will help you to more fully operationalize your compliance program. You must begin with a determination of what you are trying to accomplish. It does not serve you to try and list every compliance risk you might think your company may encounter. You should determine the values you want to communicate, what the expectations are for employees and how to call the hotline. Under such an approach, a Code of Conduct can be the jumping off point for training on the issues stated in it. It can also form the hub of the wheel for other policies and procedures and written standards you want to communicate to relevant stakeholders.
You should also consider how you are going to distribute your code to your employees and stakeholders. If it is through an Adobe .pdf document, which is accessible for most stakeholders across an organization or via another method. If a significant part of your workforce does not have access to computers, online production only will not work as the primary distribution platform.
Three key takeaways:

  1. Get your business folks involved in your Code of Conduct from the outset.
  2. Your ethical values should be integrated into and integral to your Code of Conduct.
  3. How have you operationalized your Code of Conduct?
Categories
31 Days to More Effective Compliance Programs

Code of Conduct


What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be a lawyer-written and lawyer-driven document to wave in regulator’s face during an enforcement action by using it to claim, “we are an ethical company”. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?
How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the code was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United Airlines operations at the company’s huge east coast hub at Newark, NJ.
The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to United’s Non Prosecution Agreement resolution with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.
Three key takeaways:

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity
  3. “Document, Document, Document” your training and communication efforts around your Code of Conduct.
Categories
31 Days to More Effective Compliance Programs

Day 6 | The Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in the creation of your company’s Code of Conduct?

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United’s operations at the company’s huge east coast hub at Newark, NJ.
The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to its 2016 Non-Prosecution Agreement (NPA) settlement with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.
In the 2012 FCPA Guidance, the DOJ and SEC states:
A company’s Code of Conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.
The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) further specified “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” The Department of Justice (DOJ) Antitrust Division, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance) also specified “If the company has a Code of Conduct, are antitrust policies and principles included in the document?”
Three key takeaways:

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity.
  3. “Document, Document, and Document” your training and communication efforts.