Tag: compliance program

Blog

Roman Philosophers and the Foundations of a Modern Compliance Program: Part 3 Varro, System Design, and Making Compliance Governable

I recently wrote a series on the direct link between ancient Greek Philosophers and modern corporate compliance programs and compliance professionals. It was so much fun and so well-received that I decided to follow up with a similar series on notable Roman Philosophers. This week, we will continue our exploration of the philosophical underpinnings of modern corporate compliance programs and compliance professionals by looking at five philosophers from Rome, both from the Roman Republic and the Roman Empire.

We have considered Cicero and the duty, law, and the moral limits of business; and Seneca and power, pressure, and ethical decision-making under stress. Today, we consider Varro and corporate governance; upcoming blog posts include Marcus Aurelius and ethical leadership and tone at the top, and we will conclude with Lucretius to explore rationality, fear, and risk perception. Today, we continue our discussion of Varro and compliance governance structures.

I. Varro in Context: Order as Institutional Survival

Marcus Terentius Varro was not a moralist in the way Cicero was, nor a psychological observer like Seneca. He was Rome’s great systematizer. Varro cataloged language, religion, agriculture, history, and civic life with a single objective: to make complex institutions intelligible and durable. He believed that civilizations fail not first from immorality, but from disorder. Although very little of his writings survives, Plutarch described him as “Rome’s Third Great Light” behind Virgil and Cicero.

Varro lived through the collapse of the Roman Republic. He watched institutions grow so complex, fragmented, and inconsistent that they could no longer govern themselves. His response was not exhortation or outrage, but classification. By defining categories, standardizing language, and organizing knowledge, Varro sought to preserve Rome’s ability to function even as political pressures mounted.

For modern compliance professionals, Varro is essential precisely because he does not begin with ethics. He starts with structure. He understood that values cannot operate within incoherent systems. Before leadership can model ethics and before culture can reinforce integrity, the institution must be governable.

II. The Compliance Problem Varro Illuminates: Program Sprawl and Structural Entropy

Modern compliance programs rarely fail because they lack policies or commitment. They fail because they become structurally unmanageable.

Over time, compliance programs accumulate:

Policies written for different risks, jurisdictions, and moments in time
Risk assessments that do not align with controls
Training modules disconnected from decision-making
Escalation paths that vary by function or geography
Metrics that track activity but do not integrate

This is compliance sprawl. No one intentionally designs it. It emerges gradually as organizations respond to enforcement actions, audits, mergers, new regulations, and internal incidents. Eventually, the program exists everywhere and nowhere at once. Varro would recognize this immediately. He believed that when systems grow faster than understanding, governance becomes ceremonial. Rules exist, but they do not guide behavior. Oversight exists, but it cannot see clearly.

The DOJ Evaluation of Corporate Compliance Programs (ECCP) reflects Varro’s concern by asking whether a program is well-designed, consistently applied, and understood by employees. These are not ethical questions. They are structural ones.

III. Modern Corporate Application: Varro, DOJ Expectations, and Compliance Architecture

Applying Varro to modern compliance highlights the importance of architecture over accumulation.

First, compliance programs must classify risk consistently. Varro believed that naming and categorizing were a form of control. In compliance terms, this means standardized risk taxonomies, consistent issue classifications, and shared definitions across legal, compliance, audit, and HR. Without this, trend analysis and root cause assessment become unreliable.

Second, integration must replace layering. Varro linked systems rather than allowing them to multiply independently. Modern compliance programs should map risks to controls, controls to training, training to behavior, and behavior to metrics. The DOJ increasingly expects compliance to be embedded in business operations rather than treated as a parallel system.

Third, ownership must be explicit. Varro rejected ambiguity about responsibility. In compliance programs, unclear ownership of controls, investigations, and remediation creates delay and finger-pointing. A governable program clearly and visibly assigns responsibility.

Fourth, institutional memory must be preserved. Varro understood that institutions that forget repeat mistakes. Compliance programs must retain investigation outcomes, remediation decisions, and lessons learned to inform future risk assessments and controls. DOJ guidance increasingly focuses on learning and continuous improvement, which cannot occur without memory.

Finally, language discipline matters. Varro studied language because confused language produces confused action. In compliance, inconsistent terminology across policies, reports, and board materials undermines oversight. Precision is not pedantry. It is governance.

IV. Key Takeaways for Compliance Professionals

Compliance Governance. Compliance professionals should view Varro as the architect of governable compliance. Varro teaches that ethics cannot function without a structure that allows oversight, consistency, and understanding. A compliance program that cannot be clearly explained cannot be effectively governed. Governable compliance is the prerequisite for ethical leadership, accountability, and continuous improvement.
Well Designed. Compliance should prioritize coherence over accumulation. Adding more policies, controls, and tools does not strengthen a compliance program if they do not align with one another. Varro would warn that unchecked accumulation creates confusion rather than protection. Coherence ensures that each element of the program reinforces the others instead of competing for attention.
Risk Measurement. Compliance should standardize risk classification and language across functions. Varro understood that shared language is essential for coordinated action. When legal, compliance, audit, and business teams describe the same risk differently, oversight becomes fragmented. Standardized terminology allows trends to be identified, lessons to be learned, and governance to function effectively.
Written Program. Your compliance should integrate policies, controls, training, and metrics into a single operating model. Varro rejected isolated systems in favor of interconnected ones. A compliance program works only when policies inform controls, controls shape training, and training influences measurable behavior. Integration transforms compliance from a collection of activities into an operational system.
Remember. Compliance should preserve institutional memory to prevent repeat failures. Varro believed institutions must remember their own history to avoid repeating mistakes. Compliance programs fail when lessons learned from investigations or audits are lost with personnel changes or reorganizations. Preserving institutional memory enables trend analysis, informed risk assessments, and durable remediation.
Enabler. Compliance should treat structure as an ethical enabler, not a bureaucratic burden. Structure is often misunderstood as red tape rather than support. Varro shows that clear structure empowers ethical action by reducing ambiguity and inconsistency. Well-designed systems make it easier for individuals and leaders to do the right thing.
Simplicity. Finally, Varro reminds us that ethical intent cannot survive inside incoherent systems. Compliance programs do not fail only because people act under pressure. They fail because the system itself becomes too complex to operate. Ethical breakdown is often preceded by structural breakdown. When compliance systems become fragmented, opaque, or unmanageable, even well-intentioned actors struggle to act responsibly. Varro’s lesson is that simplicity, clarity, and integration are not administrative preferences but governance necessities.

V. Conclusion

Varro’s enduring contribution to modern compliance is his insistence that ethics cannot function in systems that cannot be understood, managed, or governed. He reminds compliance professionals that before culture can shape behavior and before leadership can model integrity, the program itself must be coherent, integrated, and durable. In an era where compliance programs risk collapsing under their own complexity, Varro offers a sobering but practical lesson: clarity is not a luxury, simplicity is not weakness, and structure is not bureaucracy. They are the conditions that allow ethical intent to survive pressure, scale, and time.

Varro stabilizes the compliance program by making it governable. But structure alone does not produce integrity. A well-organized system can still fail if those who lead it do not model ethical restraint. This is where Varro yields to Marcus Aurelius. If Varro ensures that the compliance program holds together, Marcus Aurelius determines how it behaves. The transition from Varro to Marcus Aurelius mirrors the shift from system design to ethical leadership, from architecture to example. Compliance becomes durable only when principled leaders animate coherent systems.

Join us tomorrow in Part 4 for a look at Marcus Aurelius, stoicism, and leadership.

Tags compliance, compliance governance, compliance program, Roman Philosophers, Varro

Blog

A Shifting Mindset Towards Prevention

Post author By admin
Post date February 16, 2024
No Comments on A Shifting Mindset Towards Prevention

It would not be too controversial to say that compliance programs are crucial in ensuring that organizations adhere to legal and ethical standards. That is basically what we are all striving to do. However, many of these programs are reactive, focusing more on problem-solving than prevention. This approach often leads to a lack of resources and initiative for proactive measures, which can ultimately hinder the effectiveness of compliance efforts. What I would ask you to consider today is a shift in your compliance program to prevention through greater engagement.

I have long used the McNulty Maxim’s of (1) What did you do to stop it? (2) What did you do to find out about it? and (3) What did you do to fix it? (Prevent, Detect, Remediate) You may need to shift your compliance mindset regarding your compliance regime. Through proactive measures, such as engaging and frequent training, you can move towards creating a culture of compliance that is both effective and engaging. Ronnie Feldman continually reminds us of the value of using entertainment and comedy in compliance training to make the learning experience enjoyable and memorable.

One of the critical factors impacting the shift towards prevention and engagement is the allocation of resources. Traditionally, compliance programs have focused on detection and investigation, often spending a significant portion of their budget on these reactive measures. However, as Feldman pointed out, this approach can be counterproductive. By investing more in preventative measures, organizations can mitigate risks more efficiently and avoid the need for extensive investigations.

Another essential factor to consider is the impact on employees. Compliance programs relying solely on detection and punishment can create a hostile, fear-based culture. Employees may hesitate to speak up about potential issues or concerns, fearing retribution or negative consequences. On the other hand, a prevention-focused approach that emphasizes engagement and empowerment can foster a culture of trust and psychological safety. When employees feel safe and supported, they are likelier to speak out and ally with their colleagues.

Balancing these factors can be challenging. Compliance professionals must find a way to allocate resources effectively, ensuring that both prevention and detection measures are in place. This requires a shift in mindset and a willingness to invest in proactive measures, even if it means reallocating resources from reactive measures. It also requires a commitment to engaging and empowering leaders within the organization, as they play a crucial role in setting the tone for compliance.

One approach to achieving this shift is through the use of microlearning. Many training professionals have highlighted the value of short, impactful learning modules that can easily integrate into employees’ daily routines. By delivering training in bite-sized pieces, organizations can ensure that employees are consistently engaged and learning without overwhelming them with lengthy and infrequent training sessions.

While shifting compliance programs towards prevention and engagement is compelling, it is essential to acknowledge the challenges associated with implementing such a shift. Resistance to change, limited resources, and competing priorities can all pose obstacles. However, by recognizing the importance of prevention and engagement, organizations can begin to overcome these challenges and make meaningful progress toward a more effective and engaging compliance program.

Shifting compliance programs towards prevention and engagement is a critical step in improving the effectiveness of compliance efforts. By investing more in proactive measures, engaging employees through innovative training methods, and empowering leaders, organizations can create a culture of compliance that is both effective and engaging. While there are challenges associated with this shift, the benefits far outweigh the tradeoffs. Ultimately, a prevention-focused approach mitigates risk more efficiently and creates a positive and engaging compliance culture.

Tags compliance, compliance program, detect, prevent, prevention, remediate, Ronnie Feldman

Blog

Simplifying Compliance Programs: The Power of Basic Approaches

Post author By admin
Post date November 20, 2023
No Comments on Simplifying Compliance Programs: The Power of Basic Approaches

This week I am running a three-part blog post series and three-part podcast series on compliance lessons from one of the most beautiful cities on earth, Venice. We will consider how construction in Venice can inform your compliance program, how the Venice ship building and repair business located in the Arsenale inform both corporate culture and your compliance program and how Venice created the first modern day hotline reporting system. In this first blog post and accompanying podcast we go back to basics by considering the importance of simplicity in compliance programs was highlighted, drawing a comparison to the simple yet effective block and tackle pulley system used in Venice.

One of the things that has long fascinated me about Venice is how so little of the 21st century has impacted it. Take construction, for example. All materials must be brought to the city via boat, offloaded and then lifted by hand or by a handmade machine. Seen to the upper stories of a building where the residents are located. As no one lives on the ground floor anymore, as all the ground floors are now flooded, if the building is not on the water, the ground floor is used as a commercial establishment, but unlike other large metropolitan areas, there is no room for cranes or other large mechanical lifting devices.

I thought about this when I saw workmen lifting up materials through a block and tackle pulley system, which has been in use since antiquity. Not only were these workers doing it the old-fashioned way, but they were also getting the job done. As I watched this most basic level of construction, I thought about some of the things the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have said about what and how a compliance department should be doing compliance.

Sometimes the most basic and obvious methods are overlooked in compliance programs. Just like the block and tackle pulley system in Venice, which may seem quaint and old-fashioned, it still gets the job done effectively. The same concept applies to compliance programs – simplicity can lead to optimal results.

One of the key factors in the importance of compliance departments is the availability of resources. A compliance department must be staffed with an appropriate number of professionals dedicated to the day-to-day work of compliance. This includes answering phone calls and responding to emails promptly. It is not enough to have someone in the seat; they must actively provide guidance and advice on complying with the company’s ethics and compliance program.

Having a live person to answer questions and walk noncompliance individuals through the process is essential. Compliance practitioners must possess the expertise to answer questions that come into the office. The DOJ has emphasized the importance of expertise in compliance functions, stating that it is not just about headcount but also about having knowledgeable practitioners who can provide accurate guidance.

However, balancing the need for resources with simplicity can be a challenge. Compliance departments must find the right balance between having enough staff to handle the workload and avoiding unnecessary complexity. It is crucial to avoid becoming the “land of no” and instead focus on providing practical answers and solutions to compliance-related queries.

Another challenge is ensuring that compliance departments are available and responsive when needed. Compliance personnel must be present to answer phone calls and respond to inquiries promptly. This includes being available on Fridays or during urgent situations. Failure to have someone available to answer questions can undermine the effectiveness of a compliance program.

The comparison to the block and tackle pulley system in Venice highlights the importance of simplicity in compliance programs. Sometimes, the old-fashioned way can be the most effective way. By keeping compliance programs simple and straightforward, organizations can ensure that employees understand and follow the policies and procedures.

Compliance departments are crucial for implementing and maintaining ethical standards within organizations. They provide the necessary resources and expertise to guide company personnel and ensure compliance policies are understood and adhered to at all levels. Simplicity in compliance programs is essential for optimal results, just like the block and tackle pulley system in Venice. Balancing resources, responsiveness, and simplicity can be challenging, but it is necessary to achieve an effective compliance program. By considering the impact on employees and making decisions that prioritize simplicity, organizations can create a culture of compliance that is both effective and efficient.

Tags compliance, compliance program, Venice

Blog

2023 Global Business Ethics Survey: Part 4 – The Importance of Implementing a Strong Ethical Culture

Post author By admin
Post date October 12, 2023
No Comments on 2023 Global Business Ethics Survey: Part 4 – The Importance of Implementing a Strong Ethical Culture

In a recent ECI podcast series, I had the opportunity to visit with Pat Harned, CEO of ECI. We took a deep dive into the 2023 Global Business Ethics Survey (GBES), which revealed concerning trends in workplace ethics. The survey highlighted increased employee pressure, misconduct, and retaliation against whistleblowers. These findings underscore the need for organizations to implement robust ethics and compliance programs, including formal anti-retaliation measures. In Part 4 of this blog post in this series, we consider the importance of implementing a strong ethical culture in an organization.

Pat strongly advocates for the establishment of a robust ethical culture in businesses, a perspective shaped by their extensive experience in the field, including their significant role in conducting the 2023 GBES. Harned’s insights reveal that many employees do not operate within a strong ethical culture, and they stress the need for businesses to not only meet minimum standards but also strive for high-quality programs that transform company culture and operations. Harned believes that leaders should model ethical behavior and actively promote program activities that positively influence conduct and minimize the risk of non-compliance.

Two of the key findings from the GBES revealed that only 13% of employees believe they work in a strong ethical environment, indicating a pressing concern in today’s business landscape.

Key Finding: 5 – Few employees say they work in a strong ethical culture.

One of the key findings was that businesses are not taking the necessary steps to reduce their risk significantly. The survey found that only 30% of companies globally have implemented foundational elements of an ethics and compliance program. This lack of focus on ethics is alarming, as organizations with high-quality programs are more likely to have a strong ethical culture and positively impact conduct.

Building a strong ethical culture requires prioritizing key components of a high-quality program. These components include setting clear standards, providing training, establishing reporting systems, and ensuring consistent discipline for violations. By implementing these elements, organizations can foster a culture where employees believe that ethical standards matter and feel comfortable reporting wrongdoing.

However, achieving a strong ethical culture is not without its challenges. Balancing different factors and tradeoffs is necessary. For example, organizations must find a balance between setting clear standards and allowing flexibility for innovation and growth. They must also consider the impact of their decisions on stakeholders, including employees, customers, and the wider community.

Key Finding: 6 – Businesses are not taking the steps that are proven to reduce their risk significantly.

We also saw surprising findings regarding the countries with the highest and lowest percentages of employees working in ethical, solid cultures. Egypt and Colombia were listed as the countries with the highest percentages, while Japan and South Korea were at the bottom. This highlights the complexity of ethical culture, as it is not solely determined by cultural mores but also by trust in leaders and the extent to which employees feel welcome to voice concerns.

To address weaknesses and improve ethical culture, organizations can utilize the findings from the survey. The ECI report provides metrics that can help compliance professionals identify areas for improvement and address weak points in their programs. By focusing on the behaviors of top managers and supervisors, modeling expected conduct, and creating an environment where employees feel comfortable raising concerns, organizations can strengthen their ethical culture.

The episode also emphasized the importance of a high-quality program effort, as defined by the ECI. Organizations that go above and beyond the minimum standards and truly transform their culture are 546% more likely to have a strong ethical culture and 467% more likely to impact conduct and reduce the risk of non-compliance positively. The ECI has outlined key components of a high-quality program, including clear standards, training, helpline reports, leadership engagement, and consistent discipline.

In conclusion, the importance of implementing a strong ethical culture in businesses cannot be overstated. The findings from the Global Business Ethics Survey highlight the need for organizations to prioritize ethics and compliance programs. By focusing on key components of a high-quality program and addressing weaknesses, organizations can foster a culture where ethical standards are valued, misconduct is reported, and risk is significantly reduced. Achieving a strong ethical culture requires a careful balance of different factors and a commitment to continuous improvement.

To access the 2023 GBES report and obtain more information about ECI, interested individuals can visit the organization’s website at www.ethics.org. The report provides a summary of the findings, while an interactive website allows users to explore the data in more detail.

Join us in our concluding Part 5, where we discuss how a compliance professional can use this information in their corporate compliance program.

For more information, check out the ECI podcast series with Pat Harned discussing the GBES here.

Tags 2023 Global Business Ethics Survey, compliance program, ECI, Ethical Culture, Pat Harned

Principled Podcast

Season 10 Episode 1 – How Does the US Department of Justice Evaluate Ethics and Compliance Programs?

Post author By admin
Post date September 12, 2023
No Comments on Season 10 Episode 1 – How Does the US Department of Justice Evaluate Ethics and Compliance Programs?

What you’ll learn on this podcast episode

The US Department of Justice Criminal Division has been increasingly vocal about what makes organizations’ ethics and compliance programs effective. This input on program effectiveness takes the form of guidance to prosecutors about what questions to ask when companies negotiate to resolve DOJ investigations into corporate wrongdoing on favorable terms. What does this guidance on program effectiveness mean in practice for E&C professionals? In the season 10 premiere of LRN’s Principled Podcast, host Susan Divers speaks with John Michelich, who retired last November after 35 years as a federal prosecutor with the Department of Justice’s Criminal Division. Listen in as they explore how the DOJ evaluates E&C programs, as well as best practices for companies settling misconduct investigations.

Guest: John Michelich

John Michelich is a retired career prosecutor, who has served at the state, federal, and international levels for 45 years. A native of Illinois, John received his undergraduate education at Illinois Wesleyan University and then attended Drake University Law School in Des Moines, Iowa. For 10 years, John served as Assistant State’s Attorney and First Assistant State’s Attorney in Springfield, Illinois, where he prosecuted all types of state criminal felony violations including armed robbery, aggravated sexual assault and capital murder.

In 1988, John moved to Washington, DC where he began his 35-year career as a prosecutor with the US Department of Justice, Criminal Division. As a federal prosecutor, John has handled a wide variety of cases including child pornography and obscenity, narcotics distribution and all types of white-collar criminal cases. John served for 30 years as a prosecutor with the Fraud Section of the Criminal Division where he handled numerous cases including health care fraud, bank fraud, telemarketing fraud, commodities and securities fraud and violations of the Foreign Corrupt Practices Act. Because Washington DOJ lawyers are traveling prosecutors, John has handled grand jury proceedings or jury trials in more than two dozen federal districts nationwide from Guam and Hawaii to Puerto Rico, and California to New York. Over his long career, John has tried dozens of jury trials to verdict.

In 1998, the Justice Department sent John on loan to the United Nations’ International Criminal Tribunal for the Former Yugoslavia, also known as the War Crimes Tribunal, in the Hague, Netherlands, where he handled investigations and Tribunal proceedings involving crimes against humanity and serious breaches of the Geneva Convention that occurred during the Yugoslavian civil war.

For over 40 years, John has been an active instructor of Trial Advocacy and has appeared regularly on the faculty of the NITA Trial Practice course offered at Georgetown University Law Center. In addition, John has served as an Adjunct Professor at Georgetown, teaching Trial Practice courses to third-year law students. In his retirement, John is available as a legal consultant to trial lawyers to advise them in preparation for jury trials and to consult with corporate counsel concerning internal investigations and to advise them on how to approach the government when there are allegations of wrongdoing, especially foreign bribery.

John is licensed to practice in the states of Illinois and Iowa, and several federal courts, and is a licensed Solicitor of the Senior Courts of England and Wales.

Host: Susan Divers

Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years’ accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Mrs. Divers’ background includes more than thirty years’ experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008.

She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. Mrs. Divers’ most recent publication is “Balancing Best Practices and Reality in Compliance,” published by Compliance Week in February 2015. In her spare time, she mentors veteran and university students and enjoys outdoor activities.

Tags compliance, compliance program, DOJ, ethics, John Michelich, LRN, Susan Divers

SBR - Authors' Podcast

SBR Authors Podcast: Mary Shirley – Living Your Best Compliance Life: Hacks for Engaging Compliance Programs

Post author By admin
Post date August 22, 2023
No Comments on SBR Authors Podcast: Mary Shirley – Living Your Best Compliance Life: Hacks for Engaging Compliance Programs

Mary Shirley’s conversational and authentic writing style is the focus of this podcast episode. As a compliance officer, she strives to make compliance topics more engaging and relatable. The episode delves into important aspects of compliance, such as program assessment, team building, culture and communications, and enhancing compliance programs. Mary’s book, “Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Ethics and Compliance Program,” offers practical tips and “hacks” for improving compliance programs. The conversation also highlights the value of Compliance Week as a tool for engagement and feedback. Overall, the episode emphasizes the importance of authenticity, engagement, and continuous improvement in compliance functions.

Key Highlights Include

· Mary’s Writing Style

· Compliance Program Assessment

· Enhancing Compliance Programs

· Utilizing Compliance Week

· Compliance Week Insights

· Putting Advice into Practice

Resources

Mary Shirley on Linkedin

Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Compliance Program

Tom Fox

Key Highlights Include

· Mary’s Writing Style

· Compliance Program Assessment

· Enhancing Compliance Programs

· Utilizing Compliance Week

· Compliance Week Insights

· Putting Advice into Practice

Resources

Mary Shirley on Linkedin

Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Compliance Program

Tom Fox

Tags CCI, compliance, compliance program, Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Ethics and Compliance Program, Mary Shirley

Principled Podcast

Principled Podcast – S9 E14 – From Basic to Best in Class: Evolving Hexcel’s Compliance Program

Post author By admin
Post date May 29, 2023
No Comments on Principled Podcast – S9 E14 – From Basic to Best in Class: Evolving Hexcel’s Compliance Program

What you’ll learn on this podcast episode

How do you move your ethics and compliance program along the journey from basic to best in class? How do you keep momentum amid a major business disruption and downturn? And how do you make progress on the holy grail of compliance objectives—a speak-up culture? In this episode of LRN’s Principled Podcast, host Emily Miner is joined by Gail Lehman, the EVP, general counsel, and secretary at Hexcel Corporation. Listen in as Gail shares how this high-tech materials manufacturing company has evolved its compliance program over the past five years and what that’s meant for the company’s culture.

Guest: Gail Lehman

Gail Lehman is the executive vice president, general counsel, and corporate secretary at Hexcel Corporation, having joined Hexcel in January of 2017. Hexcel is headquartered in Stamford, Connecticut. Gail oversees the legal and trade compliance functions for this NYSE public company, a leading global producer of advanced composites for commercial aerospace, space and defense, and various industrial markets. She is also the leader of Hexcel’s Sustainability program at a corporate level. Gail serves as a trusted strategic advisor to the board, chief executive officer, and business teams. Upon joining the company, Gail restructured the legal and trade functions to align with Hexcel’s business teams and operational objectives. She re-engineered the Code of Business Conduct program, redrafting the code and rolling out specially tailored “speak up” ethics training and messaging across all global locations. She collaborates with other senior leaders and teams to drive Hexcel’s sustainability efforts and major growth, strategic and commercial activities, including mergers and acquisitions, cyber incident readiness, and contracting with the company’s critical customers and suppliers.

Prior to joining Hexcel, Gail served as chief administrative officer, general counsel, and corporate secretary at Noranda Aluminum Holding Corporation. Prior to Noranda, Gail was vice president, general counsel, and corporate secretary at both Hawker Beechcraft Corporation and Covalence Specialty Materials Corporation. Earlier she rose through the ranks of the law department at Honeywell International. She began her career at the law firm of Lowenstein, Sandler in Roseland, NJ after serving a federal judicial clerkship in the District Court in New Jersey.

Gail has a degree in psychology from Rutgers College, a graduate degree in educational psychology from Rutgers Graduate School of Education, and a law degree with high honors from Rutgers University School of Law. She has served on several non-profit boards, including currently for the Women’s Business Development Council in Stamford, Connecticut.

Host: Emily Miner

Emily Miner is a vice president in LRN’s ethics and compliance Advisory practice. She counsels executive leadership teams on how to actively shape and manage their ethical culture through deep quantitative and qualitative understanding and engagement. A skilled facilitator, Emily emphasizes co-creative, bottom-up, and data-driven approaches to foster ethical behavior and inform program strategy. Emily has led engagements with organizations in the healthcare, technology, manufacturing, energy, professional services, and education industries. Emily co-leads LRN’s ongoing flagship research on E&C program effectiveness and is a thought leader in the areas of organizational culture, leadership, and E&C program impact.

Prior to joining LRN, Emily applied her behavioral science expertise in the environmental sustainability sector, working with non-profits and several New England municipalities; facilitated earth science research in academia; and contributed to drafting and advancing international climate policy goals. Emily has a Master of Public Administration in Environmental Science and Policy from Columbia University and graduated summa cum laude from the University of Florida with a degree in Anthropology.

Tags compliance, compliance program, Emily Miner, Gail Lehman, Hexcel, LRN, Principled Podcast

Principled Podcast

Principled Podcast – S9E9 – The Power of “Force Multipliers” in Lockheed Martin’s Compliance Program

Post author By admin
Post date April 13, 2023
No Comments on Principled Podcast – S9E9 – The Power of “Force Multipliers” in Lockheed Martin’s Compliance Program

What you’ll learn on this podcast episode

How does the largest global security and defense company, with 116,000 employees worldwide, ensure the highest standards for its ethics and compliance program? This is particularly challenging amid an environment of increased regulation, geopolitical conflict, and economic uncertainty. In this episode of the Principled Podcast, host Susan Divers explores this question with Jim Byrne, Lockheed Martin’s vice president for ethics and business conduct. Listen in as the two discuss how Lockheed Martin uses “force multipliers” to empower employees to create an inclusive culture, own their ethical workplace, and act when something is amiss.

Guest: Jim Byrne

The Honorable James M. Byrne currently serves as Vice President, Ethics & Business Conduct, for Lockheed Martin Corporation. He is responsible for the strategic direction and operational excellence of Lockheed Martin’s award-winning domestic and international ethics program and execution of the Corporation’s compliance training across the enterprise. Jim is also on the Corporate Vice Presidents Contributions Committee of Lockheed Martin, established and authorized to review and approve large charitable contributions. Prior to rejoining Lockheed Martin, he served as the Deputy Secretary of the United States Department of Veterans Affairs (VA) where he led modernization initiatives and served as the chief operating officer of the federal government’s second-largest Cabinet department, with some 385,000 employees in VA medical centers, clinics, benefits offices, national cemeteries, and other facilities throughout the country. Previously, Mr. Byrne served as VA’s General Counsel, leading VA’s nationwide team of nearly 800 attorneys, paralegals, and staff who support VA’s mission and priorities by providing sound legal expertise, representation, and, as needed, critical problem-solving skills and risk-management advice to the Secretary and other senior VA leaders.

Before arriving at VA, Mr. Byrne served as Associate General Counsel and Chief Privacy Officer at Lockheed Martin Corporation. He also served for several years on the board of directors for Pacific Architects and Engineers (PAE) when it was a wholly owned subsidiary of Lockheed Martin. Prior to joining Lockheed Martin, Mr. Byrne served in the career Federal Senior Executive Service as Deputy Special Counsel with the Office of the United States Special Counsel, and as both the General Counsel and Assistant Inspector General for Investigations with the Office of the Special Inspector General for Iraq Reconstruction. Soon after the invasion of Iraq in 2003, Mr. Byrne was recalled to active duty for 18 months with the U.S. Marine Corps in support of the Global War on Terrorism. Lieutenant Colonel James Byrne was assigned as the Officer-in- charge of the Marine Liaison Office at the then-National Naval Medical Center in Bethesda, Maryland. Colonel Byrne led teams of Marines, stationed in DC-metro-area military hospitals and Aberdeen Proving Grounds, Maryland, who were responsible for supporting injured and deceased Marines, Sailors, and their families.

Mr. Byrne has over 25 years of experience in the public sector, including service as a forward deployed Marine Corps Infantry Officer and a U.S. Department of Justice international narcotics prosecutor. Mr. Byrne’s professional honors include several DOJ awards and The Drug Enforcement Administration (DEA) Administrator’s Award for Exceptional Service. He is also a recipient of the Secretary of Defense Medal for the Global War on Terrorism and several military decorations, including the Meritorious Service Medal.

Mr. Byrne also currently serves as a Proxy Holder – Outside Board Director for Rancher Government Solutions, a company that delivers secure and certified open source and cloud-native software for the United States Government adopting DevSecOps across the IT landscape. His past professional engagements include director and advisory board positions on several startup companies, and service on the U.S. Department of Homeland Security Data Privacy & Integrity Advisory Committee and the International Association of Privacy Professionals Board of Directors (Chairman). Jim is very active in his church and community and prioritizes mentoring veterans. He currently volunteers on the American Association of Suicidology Board of Directors, the Navy – Marine Corps Relief Society Advisory Board, Veterans Moving Forward Board of Directors, Maternal Mental Health Leadership Alliance Board of Directors, Victor Bravo Board of Directors and the Give an Hour Executive Board.

Mr. Byrne is a Secretary of the Navy Distinguished Midshipman Graduate of the U.S. Naval Academy, where he received an engineering degree and, ultimately, held the top leadership position of Brigade Commander. Mr. Byrne later earned his Juris Doctorate from Stetson University College of Law in St. Petersburg, Florida, where was awarded a public service fellowship. He started his legal career as a judicial law clerk to the Honorable Malcolm J. Howard, U.S. District Court, Eastern District of North Carolina.

Host: Susan Divers

Tags compliance program, Jim Byrne, Lockheed Martin, Susan Divers, The Power of “Force Multipliers”

31 Days to More Effective Compliance Programs

Day 24 – Updates and Feedback

Post author By admin
Post date January 24, 2023
No Comments on Day 24 – Updates and Feedback

One of the critical elements found in the 2020 Update is the need to use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report, or any other manner, to remediate the situation which allowed it to arise. Your company should establish a regular monitoring system to address issues. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should check in routinely with local finance departments in your foreign offices to ask if they have noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage.

These ongoing efforts demonstrate that your company is serious about compliance.

It is a function of the CCO to reinforce the vision and goals of the compliance function, where assessment and updating are critical to an ongoing best practices compliance program. If you follow this protocol, you will put a mechanism in place to demonstrate your company’s commitment to compliance by following the intentions set forth in your strategic plan. What should you do with this information? Put a strategic plan in place ready to implement your findings of continuous improvement by using the following:

Review the goals of the strategic plan. This requires that you arrange a time for the CCO and team to review the goals of the Strategic Plan, which the CCO should lead to determine how this goal in the Plan measures up to its implementation in your company.
Design an execution plan. The KISS method (Keep it Simple, Sir) is the best to move forward. This would suggest that there should be a simple and straightforward plan for each compliance goal to ensure that the goal in question is being addressed.
Put accountabilities in place. In any plan of execution, there must be accountabilities attached to them. This requires the CCO or other senior compliance department representatives to put these in place and then mandate a reporting requirement on how the task assigned is being achieved.
Schedule the next review of the plan. There should be a regular review of the process. It allows any problems that may arise to be detected and corrected more quickly than if meetings are held less frequently.

Continuous monitoring is a key step, but it is only the first step. It is not simply that you tested your compliance program but that you did something with the information you obtained to improve your program.

Three key takeaways:

Innovation can come through a new way of thinking about and using data.
Have the plan to use the information garnered in your monitoring incorporated into your compliance program.
Always remember that Document Document Document is critical if the regulators come knocking.

Tags CCO, compliance, compliance program

Blog

Great Structures Week II – Structures from Ancient Egypt and Greece and Written Standards

Post author By admin
Post date October 18, 2022
No Comments on Great Structures Week II – Structures from Ancient Egypt and Greece and Written Standards

I continue my Great Structures Week with a focus on great structures from the earliest times, ancient Egypt and Greece. I am drawing these posts from The Teaching Company course, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. From Egypt there are of course the Pyramids, of which Ressler says, “They’re important, not just because they’re great structures, but also because they represent some of the earliest human achievements that can legitimately be called engineering. The Great Pyramid of Giza stands today as a testament to the strength and durability of Egyptian structural engineering skills.”

From Greece we derive what Vitruvius called the “Empirical Rules for Temple Design” which define a “single dimensional module equal to the radius of a column in the temple portico, then specify all other dimensions of the building in terms of that module.” These rules are best seen in Greek temples, largely consisting of columns, which are defined as “a structural element that carries load primarily in compression” and beams, which are “structural elements subject to transverse loading and carry load in bending.” My favorite example of the use of columns is seen in the Parthenon; the most famous of all Greek temples still standing.

In many ways these two very different structures stand as the basis of all structural engineering and Great Structures that come later throughout history. For any anti-corruption compliance regime based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery statutes, the same is true for a Code of Conduct and written policies and procedures. They are both the building blocks of everything that comes thereafter.

In an article Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, stated a company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the FCPA Resource Guide 2^nd edition, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Another way to think of policies, procedures and controls was stated by Aaron Murphy, in his book “Foreign Corrupt Practices Act”, when he said that you should think of all three as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Borrowing from an article in the Houston Business Journal, entitled “Company policies are source and structure of stability”, I found some interesting and important insights into the role of policies in any anti-corruption compliance program. Allen says that the role of policies is “to protect companies, their employees and consumers, and despite an occasional opposite outcome, that is typically what they do. A company’s policies provide a basic set of guidelines for their employees to follow. They can include general dos and don’ts or more specific safety procedures, work process flows, communication guidelines or dress codes. By establishing what is and isn’t acceptable workplace behavior, a company helps mitigate the risks posed by employees who, if left unchecked, might behave badly or make foolhardy decisions.”

Allen notes that policies “are not a surefire guarantee that things won’t go wrong, they are the first line of defense if things do.” The effective implementation and enforcement of policies demonstrate to regulators and the government that a “company is operating professionally and proactively for the benefit of its stakeholders, its employees and the community it serves.” If it is a company subject to the FCPA, by definition it is an international company so that can be quite a wide community.

Allen believes that there are five key elements to any “well-constructed policy”. They are:

identify to whom the policy applies;
establish the objective of the policy;
explain why the policy is necessary;
outline examples of acceptable and unacceptable behavior under the policy; and
warn of the consequences if an employee fails to comply with the policy.

Allen notes that for polices to be effective there must be communication. He believes that training is only one type of communication. I think that this is a key element for compliance practitioners because if you have a 30,000+ worldwide work force, the logistics alone of such training can appear daunting. Consider gathering small groups of employees, where detailed questions about policies can be raised and discussed, as a powerful teaching tool. Allen even suggests posting Frequently Asked Questions (FAQ’s) in common areas as another technique.

The FCPA Resource Guide 2^nd edition ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” Allen puts a bit differently in that “it is important that policies are applied fairly and consistently across the organization.” He notes that the issue can be that “If policies are applied inconsistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated.” This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

Join us tomorrow where we look at the Roman Arch and resourcing your compliance program.

Tags CCO, Code of Conduct, compliance, compliance professional, compliance program, Policies and Procedures

Recent Posts

Recent Comments

Categories

What you’ll learn on this podcast episode

Guest: John Michelich

Host: Susan Divers

What you’ll learn on this podcast episode

Guest: Gail Lehman

What you’ll learn on this podcast episode

Guest: Jim Byrne

Host: Susan Divers

What are you looking for?