Tag: compliance programs

Categories
Blog

Incentives in Compliance: Part 2 – Clawbacks

Just as the Department of Justice (DOJ) has long focused on financial incentives in a best practices compliance program, it has equally focused on punishing those officers and employees who fail to do business ethically and in compliance. The 2020 FCPA Resource Guide, 2nd edition, stated, “A compliance program should apply from the board room to the supply room—no one should be beyond its reach. DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation. Many companies have found that publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”

The Monaco Memo drove this point home with the statement, “Corporations can best deter misconduct if they make clear that all individuals who engage in or contribute to criminal misconduct will be held personally accountable. In assessing a compliance program, prosecutors should consider whether the corporation’s compensation agreements, arrangements, and packages (the “compensation systems”) incorporate elements ­ such as compensation clawback provisions – that enable penalties to be levied against current or former employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct. Since misconduct is often discovered after it has occurred, prosecutors should examine whether compensation systems are crafted in a way that allows for retroactive discipline, including through the use of clawback measures, partial escrowing of compensation, or equivalent arrangements.”

Prior to the Monaco Memo, clawbacks had not been generally seen as a necessary part of a compliance program. However now it is clearly mandated by the DOJ. Moreover, having such a penalty in place is also seen as a part of a good corporate culture which not only penalizes those who engage in unethical behavior in violation of a company’s policies and procedures but will “promote compliant behavior and emphasize the corporation’s commitment to its compliance programs and its culture.”

This will mandate the DOJ investigating whether a corporation has included clawback provisions in its compensation agreements and whether “following the corporation’s discovery of misconduct, a corporation has, to the extent possible, taken affirmative steps to execute on such agreements and clawback compensation previously paid to current or former executives whose actions or omissions resulted in, or contributed to, the criminal conduct at issue.”

The issue for many compliance professionals is where to look for guidance in how to construct such clawback provisions. Fortunately, the Securities and Exchange Commission (SEC) has provided guidance in another area that the compliance professional can look to for guidance. In a final rule, published in 2022 and entitled “Listing Standards for Recovery of Erroneously Awarded Compensation”, the SEC directed “the national securities exchanges and associations that list securities to establish listing standards that require each issuer to develop and implement a policy providing for the recovery, in the event of a required accounting restatement, of incentive-based compensation received by current or former executive officers where that compensation is based on the erroneously reported financial information.” While this final rule related to Both Big-R and little-r restatements, the final rule does provide guidance in the anti-corruption compliance area.

According to a client alert, entitled “SEC Issues Long-Awaited Rule on Clawback of Executive Compensation”,  by law firm Vinson & Elkins LLP, the final rule “requires companies to claw back incentive compensation erroneously received by current and former executives during the three-year period preceding the required restatement date.” An interesting caveat is that under this final rule, “the term “received” generally means that the applicable financial reporting measure connected to incentive compensation has been satisfied and such incentive compensation has been earned, even if such incentive compensation has not yet actually been paid.”

This means “an annual bonus award is deemed received in the fiscal year that the executive earns the award based on achievement of the underlying performance measure(s), even if the award is not actually paid until March of the following fiscal year.” Interestingly, the final rule “applies to incentive compensation received by executive officers on or after the effective date of the listing standards, incentive compensation granted prior to the effective date would still be subject to the Rule if it is not received prior to the effective date.” Finally, this means that the “recoverable amount (on a pre-tax basis) is the difference between the incentive-based compensation received by the executives and the amount that would have been received based on the required restatement.”

While the Monaco Memo directed, “to develop further guidance by the end of the year on how to reward corporations that develop and apply compensation clawback policies, including how to shift the burden of corporate financial penalties away from shareholders- who in many cases do not have a role in misconduct–onto those more directly responsible.” This clause is an effort by the DOJ to keep companies from shielding recalcitrant executives from the consequences of their own illegal and unethical conduct. Here compliance professionals can also draw assistance from the SEC final rule for guidance which bans companies from obtaining indemnity insurance to protect executives from clawbacks. The final rule stated, “The Commission proposed that listed issuers would be prohibited from indemnifying any executive officer or former executive officer against the loss of erroneously awarded compensation.” The reason is that if your clawback provision can be overcome by indemnification, it would “fundamentally undermine the purpose of the statute and effectively nullify the mandatory nature of the compensation recovery.”

Of course, all of this should be written down and reflected in the corporation’s compliance policies and procedures. The Monaco Memo stated, “a corporation’s policies and practices regarding compensation and determine whether they are followed in practice.” This is also consistent with the SEC final rule which said that a company should develop and implement a policy requiring recovery of erroneously awarded incentive-based compensation, stating, “in the event that the issuer is required to prepare an accounting restatement due to material noncompliance with any financial reporting requirement, the issuer will recover from any of its current or former executive officers who received incentive-based compensation during the preceding three-year period based on the erroneous data, any such compensation in excess of what would have been paid under the accounting restatement.”

But the Monaco Memo made clear it is not simply having a written policy and procedure in place. There must be corporate action, if warranted, under the clawback policy and procedure. The DOJ will evaluate a company’s actions, “following the corporation’s discovery of misconduct, a corporation has, to the extent possible, taken affirmative steps to execute on such agreements and clawback compensation previously paid to current or former executives whose actions or omissions resulted in, or contributed to, the criminal conduct at issue.”

Categories
Principled Podcast

Season 8 – Episode 11 – Part 1: Geopolitics are Impacting Workplace Ethics and Compliance Programs

What you’ll learn on this podcast episode

As the world emerges from a pandemic mindset, we confront new geopolitical realities with Putin’s war in Ukraine and increasingly fraught relations between the US and China. How is this geopolitical landscape changing the compliance landscape? In this episode of the Principled Podcast, host Susan Divers is joined by Tom Fox, the founder of the Compliance Podcast Network and aptly accredited “Voice of Compliance.” Listen in as the two discuss the impact of geopolitics on ethics and compliance and what issues should be top-of-mind for E&C leaders in the near future.

To learn more, download a copy of Tom Fox’s white paper Never the Same: Five Key Areas in Which Business Will Never Be the Same After the Russian Invasion.

Guest: Tom Fox

Tom_Fox_grayscale

Tom Fox is literally the guy who wrote the book on compliance with the international compliance best-seller The Compliance Handbook, 3rd edition, which LexisNexis released in May 2022. Tom has authored 23 other books on business leadership, compliance, ethics, and corporate governance, including the international best-sellers Lessons Learned on Compliance and Ethics and Best Practices Under the FCPA and Bribery Act, as well as his award-winning series “Fox on Compliance.”

Tom leads the social media discussion on compliance with his award-winning blog and is the Voice of Compliance, having founded the Compliance Podcast Network and hosting or producing multiple award-winning podcasts. He is an executive leader at the C-Suite Network, the world’s most trusted network of C-Suite leaders. He can be reached at tfox@tfoxlaw.com.

Host: Susan Divers

Susan_Divers_Principled_Podcast

Susan Divers is the director of thought leadership and best practices with LRN Corporation. She brings 30+ years of accomplishments and experience in the ethics and compliance arena to LRN clients and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance, and sharing substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, recognizing her work advancing the company’s ethics and compliance program.

Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Before that, she partnered with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with Theodore Goddard & Co. and Herbert Smith & Co law firms. She also served as an attorney in the Office of the Legal Advisor at the Department of State. She was a member of the U.S. delegation to the UN, working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C., and of the National Law Center of George Washington University. In 2011, 2012, 2013, and 2014 Ethisphere Magazine listed her as one of the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. She resides in Northern Virginia and is a frequent speaker, writer, and commentator on ethics and compliance topics.

Categories
Greetings and Felicitations

Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this special series, I consider many structural engineering concepts are apt descriptors for an anti-corruption compliance program. In this episode 1, I consider the Roman architect Vitruvius and what makes a structure great. Highlights include:

·      The Vitruvius Triad.

·      Compliance Program formulations.

·      What are form, function, and structure

·      Continuous risk and continuous risk management.

·      Risks assessments after Covid 19.

Resources

Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity,” taught by Professor Stephen Ressler from The Teaching Company.

Categories
Blog

Great Structures Week IV –  Gothic Cathedral and Compliance Incentives

I continue my Great Structures Week with focus on great structural engineering and its innovations in the medieval world – that being the Gothic Cathedral. I am drawing these posts from The Great Course offering, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. When it comes to Gothic Cathedrals, Ressler notes that they are a rich case study in the development of “architecture and the limits of empirical design, literally written into the walls of the buildings.”

The innovation of the Gothic Cathedral was to use elements of the Roman basilica but to add “height and light, featuring ever taller naves, pierced by ever-larger clerestory windows, and delineated by ever-more-slender engaged columns”. The first innovation came with the pointed arch followed by ribbing on the columns to help stiffen and strength them more effectively. However, the truly dynamic innovation was the creation of flying buttresses, which were huge additional columns outside the structure yet were designed to become load-bearing members so the highest point inside the cathedrals could be filled by light through ornately stained glass windows. Two of the finest examples of these Gothic Cathedrals are both found in France. They are the Cathedral of Our Lady at Chartres and Cathedral of St. Stephens at Bourges.

Just as the medieval world built up the structural engineering techniques from their forebears, as your compliance regime matures you can implement more sophisticated strategies to make your Foreign Corrupt Practices Act (FCPA) compliance program a part of the way your company does business. Using an article from the MIT Sloan Management Review, “Combining Purpose with Profits, as a basis, I have developed six core principles for incentives, for the compliance function in a best practices compliance program.

  1. Compliance incentives don’t have to be elaborate or novel. The first point is that there are only a limited number of compliance incentives that a company can meaningfully target. Evidence suggests the successful companies are the ones that were able to translate pedestrian-sounding compliance incentive goals into consistent and committed action.
  2. Compliance incentives need supporting systems if they are to stick. People take cues from those around them, but people are fickle and easily confused, and gain and hedonic goals can quickly drive out compliance incentives. This means that you will need to construct a compliance function that provides a support system to help them operationalize their pro-incentives at different levels, and thereby make them stick. The specific systems which support incentives can be created specifically to your company but the key point is that they are delivered consistently because it signals that management is sincere.
  3. Support systems are needed to reinforce compliance incentives. One important form of a supporting system for compliance incentives “Is to incorporate tangible manifestations of the company’s pro-social goals into the day-to-day work of employees.” Make the rewards visible. As stated in the FCPA Resource Guide 2nd edition, “Beyond financial incentives, some companies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compliance organization a way to advance an employee’s career.”
  4. Compliance incentives need a “counterweight” to endure. Goal-framing theory shows how easy it is for compliance incentives to be driven out by gain or hedonic goals, so even with the types of supporting systems it is quite common to see executives bowing to short-term financial pressures. Thus, a key factor in creating enduring compliance incentives is a “counterweight”; that is, any institutional mechanism that exists to enforce a continued focus on a nonfinancial goal. This means that in any financial downturn compliance incentives are not the first thing that gets thrown out the window and if my oft-cited hypothetical foreign Regional Manager misses his number for two quarters, he does not get fired. The key is that the counterweight has real influence; it must hold the leader to account.
  5. Compliance incentive alignment works in an oblique, not linear, way. The authors state, “In most companies, there is an implicit belief that all activities should be aligned in a linear and logical way, from a clear end point back to the starting point. The language used — from cascading goals to key performance indicators — is designed to reinforce this notion of alignment. But goal-framing theory suggests that the most successful companies are balancing multiple objectives (pro-social goals, gain goals, hedonic goals) that are not entirely compatible with one another, which makes a simple linear approach very hard to sustain.” What does this mean in practical terms for your compliance program? If you want your employees to align around compliance incentives, your company will have to “eschew narrow, linear thinking, and instead provide more scope for them to choose their own oblique pathway.” This means emphasizing compliance as part of your company’s DNA on a consistent basis — “the intention being that by encouraging individuals to do “good,” their collective effort leads, seemingly as a side-effect, to better financial results. The logic of “[compliance first], profitability second” needs to find its way deeply into the collective psyche of the company.”
  6. Compliance incentive initiatives can be implemented at all levels. Who at your company is responsible for pursuing compliance incentives? If you head up a division or business unit, it is clearly your job to define what your pro-social goals are and to put in place the supporting structures and systems described here. But what if you are lower in the corporate hierarchy? It is tempting to think this is “someone else’s problem,” but there is no reason why you cannot follow your own version of the same process.

Looking for some specific compliance obligations to measure against? You could start with the following examples of compliance obligations that are measured and evaluated.

 For Senior Management

  • Lead by example in your own conduct and in the decisions you take, to the resources and time you commit to compliance.
  • Facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally.
  • Support specific initiatives from the Chief Executive Officer (CEO), legal and compliance functions. 

 For Middle Management

  • Demonstrate, facilitate and proactively practice in day-to-day activities the key compliance competencies, both internally and externally.
  • Support specific initiatives from the legal and compliance functions.
  • Ensure that all employees, agents and contractors directly or indirectly reporting to you fully complete all required training and communications in a timely manner.
  • Provide full cooperation with investigations conducted by the compliance or legal functions of any alleged violation of compliance policies.
  • Include the Chief Compliance Officer (CCO) or another legal or compliance function representative in your management meetings at least twice per year, per geography.
  • Identify instances of non-compliance and support compliance monitoring and reporting systems. Partner with compliance in resolving compliance issues.

 For Business Development or Company Sales Representatives

  • Certify that all employees, agents and contractors directly or indirectly reporting to you have fully reported all sales and marketing interactions with all government officials in a timely manner.
  • Certify that all employees, agents and contractors directly or indirectly reporting to you have fully, promptly and accurately reported all expenses with third party sales representatives have occurred.

The Gothic Cathedral is one of the greatest structural engineering feats mankind has ever created. It combined a dimension of height not surpassed for nearly 1000 years with an ingress of light not previous seen in structures. This use of light facilitated the development of the artistry of stained-glass windows and directly led to the continued beauty and relevance of these magnificent structures.

Join us tomorrow as we conclude our series by looking at the Tacoma Narrows Bridge Failure and preventing failure in your compliance program.

Categories
Blog

Great Structures Week III – The Roman Arch and Resourcing Your Compliance Program

I continue my Great Structures Week with focus on structural engineering innovations from ancient Rome. I am drawing these posts from The Teaching Company course, “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler who said “When I think of Rome, the first image that comes to mind is an arch.” It is present in aqueducts, in the triumphal arches that adorn the city of Rome, in the city gates and even in the Coliseum.

The arch was a major engineering advancement because the prior method for traversing horizontal distance was the beam, which was limited in its use. Ressler notes “because the arch carries its load entirely in compression, its span isn’t limited by the tensile strength of the material, the size of its stones, and it can span greater distances which might be conceived of with stone beams”. The arch itself has two essential characteristics. First it carries an entire load in compression, that is it counter-balances against itself, which allows for construction using the most basic building materials known in the ancient world: stone, brick and concrete.

Yet the second characteristic of the arch is equally significant. An arch requires “both vertical and horizontal reactions to carry a load. The downward load of the arch is balanced by an upward reaction from the base”. Both the Arch of Titus and Pont du Gard aqueduct are still standing and can be seen today as magnificent examples of this Roman innovation.

I wanted to use the dual load system whereby an arch supports not only great weight but also esthetic engineering designs to discuss how a Chief Compliance Officer (CCO) or compliance practitioner might develop resources to implement a best practice anti-corruption compliance program under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law. Funding of a compliance program is always one of the biggest challenges. Short of being in the middle of a worldwide FCPA, UK Bribery Act or other anti-corruption investigation, you are never going to receive all the funding you want or even think that you are going to need.

However, this corporate reality is not going to save you if the government comes knocking. The FCPA Resource Guide 2nd edition, provides the following, “Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

Stephen Martin, CCO at  Skillsoft, often says that an inquiry a prosecutor might make is along the lines of the following. First what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), the next inquiry would be, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. Then the KO punch question would be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, most companies spent far more on Post-It Notes than they were willing to invest into their compliance program.

However this corporate reality will allow you to look to other areas to assist the compliance function. An obvious starting place is Human Resources (HR). There are several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touches every site in the company, globally. HR is generally seen as more approachable than many other departments in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document, and Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert (SME) so you can turn to them for any of your compliance program requirements, which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If your company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

All of these other corporate functions can greatly assist you in the actual doing of compliance. Moreover, in a resource-constrained environment, these other corporate disciplines can be used to strengthen your compliance program, in a manner similar to vertical and transverse integration of structural integrity presented in an arch. Finally, just as the arch utilized some of the most basic construction elements in existence, by using the other corporate disciplines, engaging in precisely their corporate functions, you can create a strong foundation in your compliance program going forward.

Join us tomorrow where we look at the intersection of Gothic Cathedrals and compliance incentives.

Categories
Blog

Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

In “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, by Professor Stephen Ressler, he explores some of the world’s greatest structures and the development of structural engineering throughout history. Many structural engineering concepts are apt descriptors for an anti-corruption compliance program. So today, I will begin the ‘Great Structures Week’ as an entrée into an appropriate topic for an anti-corruption compliance program. Each day I will discuss a structural engineering concept together with one my favorite examples from Professor Ressler’s course.

To open the series I will consider what makes a structure great. Marcus Vitruvius Pollio (Vitruvius) was a Roman author, architect, and civil engineer during the 1st century BC, known for his work entitled De Architectura. Vitruvius is famous for proclaiming that a structure must exhibit the three qualities of firmitas, utilitas and venustas, meaning that it must be solid, useful and beautiful. These are sometimes termed the Vitruvian Triad and today these are loosely translated that great constructions must have form, function or structure. Form is the arrangement of space and harmony. Function is the measure of usefulness. Structure contains innovative techniques in its creation.

My favorite example of a structure that incorporates all three of these concepts is the Brooklyn Bridge. The beauty of the form follows the functions of the scientific principles that underlie the bridge’s structure. As Ressler noted “Each element of the form of the Brooklyn Bridge serves a structural purpose based on mathematical principles.” First the form itself is one of great beauty. The function remains the same, even if the modes of transport have evolved; the Bridge was designed to carry people from Brooklyn to Manhattan. Yet as Ressler notes, “beyond the aesthetic, these features are a direct reflection of the scientific principles underlying the bridge’s design. They are, in a word, structure – a system of load carrying elements that cause the bridge to stand up.” We have a graceful and elegant design, which operates to safely conduct people over the Hudson River, through an engineering design that allows the structure to act as intended.

This convergence of Vitruvius’ tripartite view of what makes a great structure is an appropriate analogy for a best practices anti-corruption compliance program to facilitate compliance with the FCPA, UK Bribery Act or similar regime. Over the years both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear that each company should have a compliance program that fits its needs. Indeed, in the FCPA Guidance, it could not have been made clearer when it stated, “Individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors. When it comes to compliance, there is no one-size-fits-all program.” The Guidance goes on to state the obvious when it notes, “companies may consider a variety of factors when making their own determination of what is appropriate for their specific business needs. Indeed, small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations”.

The Guidance goes on to note, “Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffective. Because each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corporate compliance program most appropriate for that particular business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.”

Yet when viewed through Vitruvius’ prism, it is clear that an anti-corruption compliance program is much more holistic, with form, function and structure. A good compliance program is really about good financial controls. I think this is one outlook of FCPA compliance which is not discussed enough. Stanley Sporkin, in many ways the progenitor of the law, recognized that if a company was going to engage in corruption it would have to hide such activity through falsified books and records. Hence, he articulated the basis for having the accounting provisions included when Act was originally written and enacted into law. These provisions include both the books and records provision and the internal controls provision. The Guidance says, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. So the form of a compliance program should be largely in financial controls that are baked into a company.

The formula of a compliance program can follow several forms. It can be based on the Hallmarks of an Effective Compliance Program from the FCPA Guidance, the Six Principles of Adequate Procedures as contemplated by the UK Bribery Act; the OECD 13 Good Practices or other formulations. The form of any of these articulations meets the Vitruvius definition.

Next is the function. Here I think it is appropriate to consider what the FCPA Resource Guide 2nd edition says regarding internal controls, that being “Internal controls over financial reporting are the processes used by compa­nies to provide reasonable assurances regarding the reliabil­ity of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organi­zation regarding integrity and ethics; risk assessments; con­trol activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitor­ing.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.” This language points to function of any best practices compliance program, to make the company a better-run company.

Finally, in the area of structure it is incumbent to recall that any best practices anti-corruption compliance program continues to evolve. It evolves with technological innovations such as transaction or continuous controls monitoring. But a compliance program must evolve as your company evolves. Changing commercial realities and conditions can create new or increased FCPA compliance risks. Your compliance program needs to be able to detect, assess and manage new risk as your business creates new products; moves into new territories or develops new sales channels. The FCPA Resource Guide 2nd edition states, “They are dynamic and evolve as the business and the markets change.” To do so, “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its custom­ers, the laws that govern its actions, and the standards of its industry.”

Categories
FCPA Compliance Report

The EC Gang on the Monaco Doctrine

In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, we have the Award-Winning Everything Compliance quartet of Jonathan Marks, Jonathan Armstrong, Karen Woody, and Tom Fox on the Monaco Memo.

1. Tom Fox looks at the Monaco Memo through the monitorship language and answers a listener’s questions about compliance programs under the Monaco Memo.

2. Karen Woody reviews the Monaco Memo, the self-disclosure angle, and investigatory considerations and ponders the role of defense counsel going forward.

3. Jonathan Marks also looks at investigatory issues under the Monaco Memo, the role of the Board of Directors, and the role of the forensic auditor under the Monaco Memo.

4. Jonathan Armstrong’s self-disclosure from a UK angle joins Karen Woody in questioning how defense counsel should move forward.

Resources

Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog

1.     A Jolt for Compliance

2.     Timely Self-Disclosure

3.     Corporate Compliance Programs

4.     Monitors

5.     The Heat is On

Monaco Memo

Categories
Blog

To Increase Resilience in Compliance, Engage More

If there is one thing I have learned in working with Carsten Tams, Ethical Business Architect and founder and Chief Executive Officer (CEO) of Emagence LLC, it is that one of the very top keys for a successful compliance program is employee engagement. Tams and I explored this topic in the popular podcast series, Design Thinking in Compliance. It also appears that engagement can lead to great business resiliency based upon a 2021 article in the MIT Sloan Management Review, entitled The Top 10 Findings on Resilience and Engagement, by Marcus Buckingham. After Covid 19 and the Russian invasion has changed business forever which has made business resiliency a key trait for any business, corporate function and most especially a Chief Compliance Officer (CCO) or compliance professional. That last arena is where engagement is so critical.

The author defined resilience as “the capacity of an individual to withstand, bounce back from, and work through challenging circumstances or events.” But it is also a “reactive capacity, describing how people will respond when challenges arise.” Conversely, engagement was seen as proactive state of mind. The authors defined the criteria by making such inquiries “as how clear their expectations were, whether they got to use their strengths every day, whether they felt they would be recognized for doing excellent work, and whether someone at work was encouraging them to grow.” Yet the most interesting part is the dichotomy between reactive and proactive. It is a bit like the difference in prevention and detection in a compliance program; clearly the former is preferred to stop illegal or unethical conduct so you do not have to detect it.

Not surprisingly, trust is the number 1 factor in both engagement and resilience. Astoundingly the author found “employees who said they completely trust their team leader were 14 times more likely to be fully engaged.” Moreover, those employees who completely trusted their colleagues, team leader, and senior leaders, “were 42 times more likely to be highly resilient.” The reason should seem obvious as it is certainly “easier to engage in our best work when we don’t have to expend mental resources looking over our shoulders or protecting ourselves against dysfunctional workplace practices that erode trust, like bullying or micromanaging. When it comes to building engagement and resilience, trust is everything.” [emphasis added throughout]

Teamwork is also a key factor. Although this is not something I have experienced over the past 12 years of working alone, the author found, “Those who said they are on a team were 2.6 times more likely to be fully engaged and 2.7 times more likely to be highly resilient than those who didn’t identify as team members. For millennia, humans have experienced psychological well-being only when they feel connected to and supported by a small group of people around them.” When the pandemic hit, working from home (WFH) was not new to me as I had been doing it since 2010 but even in the WFH or Hybrid Work era, most employees need to feel like they are a part of a team.

However, being or even feeling like you are a part of a team is a state of mind, not a state of place. I always feel like I am engaged with my blog posts and article readers, my podcast listeners and the greater compliance community. Based on that experience, I certainly agree with the author’s statement that “engagement and resilience are about who you work with, not where you’re working.” Moreover, he noted, “virtual workers are both more engaged and more resilient than those who are physically in an office or shared workspace… In 2020, well into the pandemic, 20% of virtual workers were fully engaged and 18% were highly resilient — a stark contrast to the 11% of fully engaged and 9% of highly resilient office-based workers during the same period. How the work is done and with whom people work are both important, but organizations can stop worrying about whether virtual work is detrimental to teamwork.” But even more than teamwork, it is about having relationships with your co-workers. The author stated, “Relationships boost resilience. Women are not more resilient than men, or vice versa… This data strongly suggests that it is much harder to summon and sustain one’s resilience when going through life alone.”

I can certainly attest that the unknown is more terrifying than change. The author found that employees “who reported five or more changes at work were 13 times more likely to be highly resilient. This suggests that we humans fear the unknown more than we fear change. Company leaders shouldn’t rush employees back to normalcy when so much of the danger inherent in this current “normalcy” remains unknown and unknowable. Instead, leaders should tell their teams specifically what changes they are making to their work and why to increase their overall level of resilience.”

These findings suggest that every CCO and compliance professional must work to lessen or even dissolve the disconnect between senior leadership and front-line workers. It is your front-line business folks who will make or break your compliance program. Getting your senior management more engaged will begin to create and establish the trust that your employees will need to show resilience in the face of the next major business location, whether it is a pandemic or military invasion. Giving employees needed clarity and specificity from leaders, not sugarcoated enthusiasm, will help drive this trust. The author ended by taking this concept a step further by stating, “Leaders need to see their employees not as “labor” but as the messy, complex, emotional beings they are — dealing with real-world human challenges, just like they are. The more that leaders can infuse these findings in their organizations’ policies and practices, the more likely we will all be to flourish, both during these difficult times and beyond.”

Categories
GalloCast

Gallocast – Episode 3

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight on compliance brought to you by the co-CEOs of ComplianceLine. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the dinner table. Hosted by Tom Fox, the Voice of Compliance. Topics in this episode include:

  • Deshaun Watson appeal.
  • CCO certification. What is a ‘reasonably designed’ compliance program?
  • Documentation and Exceptions.
  • How does transparency help in employee recruitment and retention?
  • Cost of not listening to internal whistleblowers. What are the total costs beyond the fine and penalty?
  • How should compliance officers think about doing business in Taiwan with the increased tensions with China?
  • Why is climate risk a compliance issue?
  • What’s upcoming for the EthicsVerse?

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

ComplianceLine

Categories
Blog

Principals of Effective Organizations: Part 1 – David McCullough and the CCO

Last week we lost Vin Scully, this week we lost David McCullough. McCullough was one of America’s greatest living historians. He worked in a variety of formats, including non-fiction books, television and movies. He was a great writer, winning numerous national awards for his books. According to his New York Times (NYT) obituary, “McCullough won Pulitzer Prizes for two presidential biographies, “Truman” (1992) and “John Adams” (2001). He received National Book Awards for “The Path Between the Seas: The Creation of the Panama Canal” (1977) and “Mornings on Horseback” (1981), about the young Theodore Roosevelt and his family.”

Many others knew him from his television work, most notably on Ken Burns The Civil War, and as the host of the American Experience. Not exactly John Facenda-like (i.e., the Voice of God) but as Gary North said, “not imperious, yet not exactly soothing, either — comes on, and we become more calm.” He also noted, “Incredibly, you don’t want him to shut up.” I heartily agree and could have listened to McCullough read the phone book (when there was such a thing).

As for my favorite books, probably No. 1 is The Path Between the Seas. Book about places are a notoriously tricky thing but it was great history, wrapped in a great biography all the while telling a great story. My co-favorite (1A) was his biography John Adams, first and foremost because of the love story between Adams and his wife Abagail, who was truly his partner in his entire life’s work. It also set a standard for telling the story of how Founding Fathers created a new nation in the midst of a bitter war.

I thought McCullough was a good introduction to start a two-part series on business approaches to create an effective compliance. I recently saw an article in the Harvard Business Review (HBR), entitled 10 Principles of Effective Organizations, by Michael O’Malley which also intrigued me about this topic. The effectiveness of a compliance program is an ongoing dialogue but what business strategies can you use to do so. Chief Compliance Officers (CCOs) are good at using the Hallmarks of an Effective Compliance Program, as delineated in the FCPA Resource Guide 2nd edition, as a guide but in this article, the author articulates a set of criteria and goals to meet to maintain the ability of companies to compete and grow. He identifies 10 research-backed principles from the field of organization development to guide companies and I have adapted them for the compliance professional. Today we take up his first five and we conclude tomorrow with his final five.

Encourage cooperation

The central objective of every compliance program is to achieve a cooperative ethical order in an organization to do business ethically and in compliance. From the organizational behavioral perspective, this means removing “divergent motives and antagonistic goals” in an organization.  While getting everyone to row in the same direction is one part, the second part is to keep some group of employees, a business unit or geo-region, from breaking off and taking a short cut in your risk management protocol.

This means you as CCO need to channel your inner Russ Berland and buy lots of pizza for the business unit folks or others in the organization to create “strong social bonds among employees” that will drive all employees to do business in such a desired manner. The author notes, “They are affective bridges back to the organization that positively build relationships and influence performance.” That is certainly a key for every CCO and compliance professional.

Organize for Change

Many “once-great companies have found their final resting places in an expansive graveyard of slow-movers and has-beens. These companies failed because they were unable to adapt to changing conditions and succumbed to capitalism’s unapologetic truth that only the fittest will survive.” Now think about that intonation in the context of 2 years of a pandemic and the Russian invasion of Ukraine and its impact on business on a worldwide basis. Just as business has been buffeted by these winds, so has the compliance profession and its need to respond.

In effective compliance programs, CCOs “upend paralysis by generating a consensus of meaning and action. They build the case for change, create a positive mindset for change, convince others of the value and legitimacy of the change efforts, and battle against systemic forces of institutional inertia that lock companies into their current, misguided trajectories.” This is only truer in 2022 for the reasons I noted above. What the author said about companies applies to compliance even more, “Confidence, conviction, and courage are helpful companions in this journey, as not all change is readily apparent and must be made before there is an evident need for it and the window of opportunity has closed.”

Anticipate the Future

This is something I have talked more and more about, as the “preservation of an organization­ depends on its leaders having the navigational judgment and skill to prepare their companies for what lies ahead.” Once again this is even more so for the compliance function. The author noted that the “short term is undertaken with greater certainty of outcomes. The short term can be very rewarding. The short term provides executives with the continuing authority to lead by demonstrating their effectiveness in producing results.” Yet as we begin to plan towards mid-century, CCOs “must be able to look past nearby obstructions to see clearly what lies beyond.”

Part of that is anticipating your organizations needs both on the sales side and in the Supply Chain. Part of that is having resiliency built into your compliance program so that if China invades Taiwan, you will be able to respond to the inevitable changing landscape. Another part is technology or ComTech. A CCO needs to have tech savvy “people who collectively challenge the assumptions on which their current actions are based in order to imagine other possibilities. As Thomas Kuhn maintained, if your conception of the world is that it is flat, you will see things one way; if your conception is that it is round, you will see things in quite other ways. But you cannot see the implications of roundness until you suspend belief in flatness.”

Remain Flexible

Compliance must be at once disciplined, resilient and flexible, “reacting to the unexpected during turbulent times and flexibly bending when rushes of demand are placed on” it, then bounce back into shape “once the need for transformation has passed.” This can largely be achieved through improved use of ComTech and by aligning that tech to meet new challenges. Here the author also speaks to the need of “a simple creative additive of divergent thinking.” What you may not need on your compliance team is another lawyer but a data scientist, behavioral psychologist or a training expert. Compliance is changing and as a CCO you need to be ready to embrace the change to deliver the top compliance services to your customer, your company employees.

Create Distinctive Spaces

Interestingly, coming out of a two-year (and still ongoing) pandemic, the author believes there is  a “link between the quality of a work environment and employees’ health, satisfaction, and performance.” This means if you are going to require your compliance team back in the office, the “basic dimensions of environmental indoor quality such thermal comfort, air quality, lighting, acoustic quality, and the ergonomic features of furnishings positively relate to enhanced performance.” Not only will it make your compliance team more effective, but it will also help in the competition for talent acquisition and retention.

Join us tomorrow where we conclude our review and note that Grease is the word.