Tag: Code of Conduct

Categories
Great Women in Compliance

Nicole Diaz-Kindness and Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

In 2021, Snap Inc. released a new code of conduct with a theme of kindness evangelism. Hear Nicole Diaz, Global Head of Integrity & Compliance Legal talk about how the team worked on putting it together and why they considered it important to have a focus on kindness in a company code of conduct.

Nicole also shares some of the compliance considerations when working in a social media/tech company, as well as what’s on the agenda for the Snap Compliance program in 2022. We hear about her commitment to DEI also and how this has impacted Nicole’s approach to ethics and compliance.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it. You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast. Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Survive and Thrive

What Do You Do To Survive a Code of Conduct Review By the SEC?


One afternoon at 4 PM, you get a call from the local Securities and Exchange Commission office, and they say they want to come by in two days to review your company’s Code of Conduct. You ask them why they want to review your Code. They tell you that it is a foundational document of your compliance program and view it as an internal control and, therefore, enforce it under the FCPA. They want to review all aspects of your Code design, implantation, training, and rollout.
What steps do you need to take to demonstrate the robustness of your Code but also your training and ongoing communications on it?
How do you dig deeper and review the Code of Conduct design, implementation, and review process?
How do you make sure facts on the ground have not changed and that your Code is still relevant?
IN THIS NEW EPISODE, Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation, break down the steps you need to take to survive (and ace) the Code of Conduct investigation review by the SEC.
Major takeaways discussed in the episode:
✔️ Dig deeper and review the Code of Conduct design, implementation, and review process. Show any changes or amendments, what was the process for these actions. Finally, how do you make specific facts on the ground that have not changed and that your Code is still relevant?
✔️ Build a focus group and pull in people from teams in audit, finance, I.T., business folks, and procurement to assess the current Code to identify what works, what doesn’t, and what’s missing.
✔️ Another vital step is benchmarking. Search and see examples of codes, whether a private or public company, big or small, to benchmark against and identify where you think you should be and where others are in your industry.
✔️ Develop a code that you’re proud of and that you want to display to the world. It should reflect and be tailored to fit your organization and not any other.
✔️ Approval and buy-in from the Board and top management are necessary to lend credibility and authenticity to the Code’s core message. This serves as the organization’s Bible for how to operate. 
✔️ Identify your Code of Conduct training protocol and require annual attestation that the Code of Conduct is read and understood by all employees and directors.
✔️ Checklist of evidence to present to the SEC
Creation/Design
● Focus group minutes
● Drafts and updates to prior code language
● Benchmarking data and session information
● Translations
● Code launch plan – detailing Communications, emails, mgr meetings, printouts, CEO video
Training
● Training records & attestations
● Transcript of Code of Conduct training
■  Operationalization
● Culture and compliance surveys
● The open rate on emails/click rate on Code on the intranet
● How often employees reach out with questions
● Hotline calls and investigations
● Are people making good choices? Root cause analysis of non-compliance
—————————————————————————-
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. Hosted by the Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear and give you some lessons learned going forward.
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
31 Days to More Effective Compliance Programs

Day 6 | The Code of Conduct


What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in the creation of your company’s Code of Conduct?
The three most important things about your compliance program are “Document, Document, and Document.” The same is true in communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands it. The DOJ expects each company to begin its compliance program with a very publicly announced, very robust Code of Conduct. If your company does not have one, you need to implement one forthwith.
However, your Code of Conduct is not a static document to be put on a shelf and never reviewed again. For just as your compliance program is a living entity; it should be constantly evolving, the same is true for your Code of Conduct. If your company has not reviewed or assessed your Code of Conduct for five years, do so in short order, as much has changed in the compliance world. All of this has become much more clear in the age of Coronavirus. Some of the questions you should begin with include:

  • When was the last time your Code of Conduct was revised?
  • Have there been changes to your company’s business model since the last revision to the Code of Conduct?
  • Have there been changes to relevant laws relating to a topic covered in your company’s Code of Conduct?
  • Are any provisions of the Code of Conduct outdated?
  • What is the budget to revise your Code of Conduct?

Three key takeaways:

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity.
  3. “Document, Document, and Document” your training and communication efforts.
Categories
31 Days to More Effective Compliance Programs

Code of Conduct as an internal control


In 2016, one of the most interesting non-international focused FCPA enforcement actions was announced by the SEC. It involved a clear quid pro quo benefit paid out by United Airlines, Inc. to David Samson, the former chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United’s operations at the company’s huge east coast hub at Newark, New Jersey.
The reason that it is so interesting from an enforcement prospective is that it is not foreign corruption but domestic corruption, therefore not subject to the foreign government official requirement of the FCPA. However, the actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials. That sounds suspiciously like a books and records violation of the FCPA. The $2.4 million civil penalty levied on United was in addition to its NPA settlement with the DOJ, which resulted in a penalty of $2.25 million. Former Chairman Samson also pled guilty for putting pressure on United to reinstitute a flight service which was near his weekend residence.
At the time, United’s Code of Conduct prohibited “United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to improperly influence the recipient.” Only the United Board of Director’s could grant a waiver to the code and none was sought or obtained by Smisek. The Order concluded, “The [Chairman’s] Route was initiated in violation of United’s policies.”
Three key takeaways:

  1. It is very unusual for the FCPA to form the basis of a domestic bribery violation.
  2. A Code of Conduct can be an internal control.
  3. Even a CEO must follow internal controls.
Categories
Innovation in Compliance

A Conversation with Skillsoft and StoneTurn: Part 2 – Charlie Voelker on How a Risk Assessment Informs Your Code of Conduct


Welcome to a special five-part podcast series, A Conversation with Skillsoft and StoneTurn: From the Code of Conduct to Risk Assessment to Continuous Improvement. This week’s podcast series is jointly sponsored by Skillsoft and StoneTurn Group, LLP. In this podcast series we will explore the recently released 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2020 Update). We focus on your Code of Conduct and how it is informed by your Risk Assessment, training on your Code of Conduct, performing a Risk Assessment and conclude with how all this ties to continuous monitoring and continuous improvement. Participants in this podcast series include: from Skillsoft, Charlie Voelker, Director, Compliance Products; John Arendes, Vice President and GM of Global Compliance Solutions; from StoneTurn, Toby Ralston, Managing Director, Jamen Tyler, Managing Director and Stephen Martin, Partner. In this second episode, I visit with Voelker on how a Risk Assessment informs your Code of Conduct.
We began with an exploration of why the Code of Conduct is so foundational to a compliance program in general. Voelker said, the “Code of Conduct is a way of capturing the risks and the issues that the organization faces. These are the major concerns that, that the organization has in terms of the type of business it is in, where it is operating and other factors of that nature.” Moreover, “by capturing those major issues within a training experience that is delivered across the organization and to all employees, it helps to level set everybody within the company in terms of what are those issues that are sort of top of mind for the company, what are the areas that as an employee needs to be focused on. Also, for employees, the Code of Conduct is a source of that information and also about where to go for more help. In many cases, a Code of Conduct will point to other policies or procedures or other resources that serve to provide that support that employees might need as they go about their day-to-day business.”
One of the key themes of the 2020 Update was of the importance of a risk assessment to all aspects of your compliance program. Additionally, the 2020 Update made clear the relationship between risk assessment and Code of Conduct training going forward. A risk assessment informs the content of the company’s Code of Conduct itself by identifying the topics and the issues that relate to the risks the organization faces.
Join us tomorrow where Jamen Tyler, Managing Director at StoneTurn, helps us take a deep dive into Risk Assessments.

Webinar

If you enjoyed today’s podcast, I want to let you know about an upcoming webinar Skillsoft and StoneTurn are hosting. The webinar “Evolving Your Compliance Program” will be held on Wednesday Sept 23 and will explore how companies are leveraging data and information to improve and evolve their compliance programs. Information and Registration click here.

Resources

For more information on Skillsoft’s compliance offerings, click here.
For more information on the Skillsoft/StoneTurn partnership, click here.
For more information on StoneTurn, click here.

Categories
Innovation in Compliance

A Conversation with Skillsoft and StoneTurn: Part 1 – Toby Ralston on Your Code of Conduct

Welcome to a special five-part podcast series, A Conversation with Skillsoft and StoneTurn: From the Code of Conduct to Risk Assessment to Continuous Improvement. This week’s podcast series is jointly sponsored by Skillsoft and StoneTurn Group, LLP. In this podcast series we will explore the recently released 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2020 Update). We focus on your Code of Conduct and how it is informed by your Risk Assessment, training on your Code of Conduct, performing a Risk Assessment and conclude with how all this ties to continuous monitoring and continuous improvement. Participants in this podcast series include: from Skillsoft, Charlie Voelker, Director, Compliance Products; John Arendes, Vice President and GM of Global Compliance Solutions; from StoneTurn, Toby Ralston, Managing Director, Jamen Tyler, Managing Director, and Stephen Martin, Partner. In this first episode, I visit with Toby Ralston on Code of Conduct.

Obviously, your Code of Conduct is viewed as a foundational document by the DOJ and Securities and Exchange Commission (SEC) as they laid out in the FCPA Resource Guide, 2nd edition. Yet many compliance practitioners struggle with how to benchmark a code of conduct. Ralston believes there are a number of ways that a compliance professional could potentially benchmark a Code of Conduct. He suggested “a matrix approach that uses a modified scorecard or a balanced scorecard where we measure objectives early and subjectively rank an individual Code. We then consider those components against the Codes of competitors and those recognized as best practice.” This can make such a benchmarking exercise a peer comparison, but that peer to peer comparison should not be limited to organizations in your industry. “We find that this approach helps us identify missing or underdeveloped topics as well as sections of a Code that likely need to be condensed or reorganized.”

Join us tomorrow where Charlie Voelker, Director, Compliance Products, Skillsoft, discusses how a Risk Assessment informs your Code of Conduct.

Webinar

If you enjoyed today’s podcast, I want to let you know about an upcoming webinar Skillsoft and StoneTurn are hosting. The webinar “Evolving Your Compliance Program” will be held on Wednesday Sept 23 and will explore how companies are leveraging data and information to improve and evolve their compliance programs. Information and Registration click here.

 Resources

For more information on Skillsoft’s compliance offerings, click here.
For more information on the Skillsoft/StoneTurn partnership, click here.

For more information on StoneTurn, click here.

Categories
31 Days to More Effective Compliance Programs

Design of your Code of Conduct


Next is the design of your Code of Conduct. Through attention to detail in the design process, you should be able to come out at the end with a code which will help you to more fully operationalize your compliance program. You must begin with a determination of what you are trying to accomplish. It does not serve you to try and list every compliance risk you might think your company may encounter. You should determine the values you want to communicate, what the expectations are for employees and how to call the hotline. Under such an approach, a Code of Conduct can be the jumping off point for training on the issues stated in it. It can also form the hub of the wheel for other policies and procedures and written standards you want to communicate to relevant stakeholders.
You should also consider how you are going to distribute your code to your employees and stakeholders. If it is through an Adobe .pdf document, which is accessible for most stakeholders across an organization or via another method. If a significant part of your workforce does not have access to computers, online production only will not work as the primary distribution platform.
Three key takeaways:

  1. Get your business folks involved in your Code of Conduct from the outset.
  2. Your ethical values should be integrated into and integral to your Code of Conduct.
  3. How have you operationalized your Code of Conduct?
Categories
31 Days to More Effective Compliance Programs

Code of Conduct


What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be a lawyer-written and lawyer-driven document to wave in regulator’s face during an enforcement action by using it to claim, “we are an ethical company”. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?
How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the code was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United Airlines operations at the company’s huge east coast hub at Newark, NJ.
The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to United’s Non Prosecution Agreement resolution with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.
Three key takeaways:

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity
  3. “Document, Document, Document” your training and communication efforts around your Code of Conduct.
Categories
31 Days to More Effective Compliance Programs

Day 6 | The Code of Conduct

What is the value of having a Code of Conduct? In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action as proof of ethical overall behavior. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s internal law? What should be the goal in the creation of your company’s Code of Conduct?

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United’s operations at the company’s huge east coast hub at Newark, NJ.
The actions of United’s former CEO, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to its 2016 Non-Prosecution Agreement (NPA) settlement with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.
In the 2012 FCPA Guidance, the DOJ and SEC states:
A company’s Code of Conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.
The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) further specified “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” The Department of Justice (DOJ) Antitrust Division, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance) also specified “If the company has a Code of Conduct, are antitrust policies and principles included in the document?”
Three key takeaways:

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity.
  3. “Document, Document, and Document” your training and communication efforts.