Tag: compliance

Categories
Everything Compliance

Everything Compliance: Episode 139, The Bank of America Episode

In this episode, we take up the recent imbroglio surrounding the Bank of America and its toxic workplace culture of 100+ hour work weeks. We have the full quintet of Matt Kelly, Jonathan Armstrong, Karen Woody, Jonathan Marks, and Karen Moore; all hosted by Tom Fox.

  1. Matt Kelly mines the matter for compliance lessons learned. He shouts out the GOP speakers at the recently concluded Democratic National Convention who bucked their party for the good of the nation.
  2. Jonathan Marks explores how internal controls were in place but not completely disregarded. He shouts out to researchers at the University of Pennsylvania for its work in CAR T cell therapy to treat certain types of cancer.
  3. Karen Moore considers the matter from the perspective of the Board of Directors and what their role should be. She shouts out to her students in the new semester of her class at Fordham Law School.
  4. Karen Woody takes a deep dive into the district court’s recent dismissal of the SEC complaint against Solar Winds. She shouts out the persons who ran the Democratic National Convention for a great Convention.
  5. Jonathan Armstrong reviews the entire matter from his UK perspective. He rants about Elon Musk and hate speech on X.
  6. Tom Fox shouts out to Rick Springfield and his hit song Jessie’s Girl as one of the two most well-known and sung songs from the 1980’s.

The members of the Everything Compliance are:

  • Karen Woody – Is one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague and an experienced data privacy/data protection lawyer in London. He can be reached at his new law firm Jonathan.Armstrong@puntersouthall.law
  • Jonathan Marks can be reached at jtmarks@gmail.com
  • Karen Moore can be reached at Kmoore51@fordham.edu

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 4 – A Tale of Metrics and Misalignment: Lessons for Compliance Professionals

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 4, we consider a misconnection of metrics. This issue is not merely a question of productivity but a fundamental concern about corporate culture, ethics, and long-term sustainability.

In corporate governance and compliance, aligning business metrics and ethical obligations often defines a company’s culture’s success or failure. The recent Wall Street Journal (WSJ) article about BoA and its investment banking metrics sheds light on a crucial disconnect that compliance professionals must address: the disparity between business performance indicators and employee well-being.

At the heart of the issue is the nature of the metrics used to evaluate success in different industries. In investment banking, the primary focus is often on closing deals. The logic is straightforward: deals drive revenue, and revenue drives the bottom line. This singular focus on deal-making creates an environment where the end justifies the means, potentially overlooking the toll it takes on employees.

Conversely, in law firms, the metric of success is often billable hours. Lawyers are compensated and promoted based on the number of hours they bill, which can lead to a different, yet equally problematic, set of behaviors. Over-inflating hours or working excessive hours becomes the norm because that is the path to career advancement.

Both systems create perverse incentives: investment bankers might underreport hours to avoid raising HR flags, while lawyers might overreport hours to enhance their career prospects. These behaviors highlight a crucial point for compliance professionals: the metrics set at the top of an organization inevitably shape the behavior throughout the company.

One of the first steps in addressing these issues is understanding the available data and how it is used. Compliance professionals must ask themselves, “What data do we have, and how can it be used to monitor and manage risks effectively?” By focusing solely on deal closure, companies are potentially neglecting data related to employee well-being, such as hours worked or stress levels.

In contrast, law firms have systems that track the minutiae of an employee’s workday, from time spent on tasks to keystrokes made during document review. This data is invaluable for billing clients and identifying patterns that may indicate overwork or burnout. Compliance professionals in investment banking could learn from this approach, using technology to track hours worked or monitor workload distribution, ensuring that employees are kept within reasonable limits.

The core issue is more alignment between business metrics and corporate culture risks. Compliance professionals must ensure senior management acknowledges overwork as a significant risk and takes proactive steps to monitor and mitigate it. This involves tracking the traditional success metrics and implementing metrics that reflect the company’s values and culture.

For example, if overwork is recognized as a risk, metrics such as average hours worked, employee turnover rates, and employee satisfaction surveys should be regularly monitored and reported. This dual approach allows a company to pursue business success while ensuring its corporate culture remains healthy and sustainable.

The responsibility of aligning these metrics rests not solely with middle management, compliance officers, or senior management; it extends to the board of directors. The board’s oversight role is crucial in ensuring that the company’s culture is preserved in pursuing financial success. For boards everywhere, the recent scrutiny BoA received in the WSJ article serves as a lesson.

Board members must go beyond the surface level of management reports and delve into the realities of the workplace culture. This requires more than attending board meetings in luxurious settings and listening to pre-prepared presentations. It involves engaging directly with employees at all levels, understanding their challenges, and prioritizing their well-being.

A practical approach could involve the board requiring regular reports on employee well-being metrics, mandating internal audits focused on workplace culture, or even conducting anonymous employee surveys to get an unfiltered view of the corporate environment.

An effective compliance program also hinges on creating a culture where employees feel safe to voice their concerns. A speak-up culture is essential in identifying issues before they escalate into major risks. Management and the board should encourage employees to report inconsistencies between policy and practice and take these reports seriously.

For instance, if employees consistently report working beyond reasonable hours, this should trigger an investigation and subsequent action from the board. Such feedback mechanisms help identify risks and reinforce the company’s commitment to ethical practices.

Lastly, when issues do arise—such as the tragic death of a young employee in the Bank of America case—the board should conduct a root cause analysis. This analysis should not be limited to the immediate cause but should explore deeper systemic issues that may have contributed to the incident.

A comprehensive root cause analysis might reveal that the focus on deal closure at the expense of employee well-being is not an isolated issue but indicative of a broader cultural problem. The board could use this analysis to implement changes across the organization, ensuring that similar incidents do not occur in the future.

The lessons are clear: the metrics that companies use to measure success are powerful drivers of behavior. The challenge for compliance professionals is ensuring that these metrics align with business goals, ethical standards, and employee well-being. This requires a proactive approach, leveraging data to monitor business performance and corporate culture. It also requires a board that is engaged, informed, and committed to understanding the realities of the workplace.

In the end, compliance is not just about preventing legal and compliance risks but about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Asking Questions for Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the technique of asking questions to improve both culture and compliance at your organization.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 3 – The Role of Internal Controls

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 3, we will consider the role of internal controls.

Internal controls are often seen as the backbone of an organization’s ability to operate efficiently, ethically, and within the bounds of the law. They serve as the safety net that catches errors deters fraud, and ensures that policies are not just theoretical but are put into practice. However, the recent revelations in the Wall Street Journal (WSJ) surrounding the culture of overwork at a major financial institution, where junior bankers were expected to work excessively long hours, shine a spotlight on a critical failure in internal controls—not in their design, but in their execution and monitoring. This blog post will explore the lessons compliance professionals can learn from this situation, focusing on implementing, actively managing, and enforcing internal controls.

Understanding the Control Environment

The control environment is at the heart of any robust internal control system. This includes the corporate culture, employee attitudes toward internal controls, and the tone set by senior management. It’s the foundation upon which all other aspects of internal control are built. When the control environment is weak or toxic, as in the situation under discussion, the entire control structure can crumble.

In this case, BoA had ostensibly implemented controls to prevent overwork—junior bankers were required to self-report their working hours. If they exceeded a certain threshold, this would trigger a review by HR. However, this control was ineffective because those responsible for enforcing it did not take it seriously. Managers instructed their subordinates not to report excessive hours, bypassing control entirely. Additionally, think about the basic conflict of interest (READ: Absurdity) in having the person the control was supposed to monitor input the information for the control to activate.

For the compliance professional, this emphasizes that your control environment is only as strong as the commitment of those enforcing it. Senior management must set the tone and ensure that it resonates throughout the organization. When internal controls are ignored or undermined, it’s often a sign that the control environment is flawed.

The Role of Monitoring and Remediation

Internal controls are not static; they require ongoing monitoring and, when necessary, fine-tuning or remediation. In the BoA situation, the institution needed to adequately monitor the effectiveness of its controls. Even after the tragic death of a junior banker, which should have been a clear signal that the controls in place were not working, there was no significant overhaul or improvement in the control environment.

Monitoring is a critical component of internal control, as it allows an organization to detect weaknesses and address them before they lead to significant issues. In this case, the failure to monitor and remediate allowed a toxic culture to persist for years, ultimately leading to repeated tragedies.

For the compliance professional, the lesson is clear: regular monitoring of internal controls is essential. When weaknesses are identified, they must be addressed promptly and effectively. A failure to remediate control weaknesses leaves an organization vulnerable to risks and can signal to employees that the controls—and the culture—are not taken seriously.

The Flaws of Self-Reporting as a Control

One of the most striking aspects of this case is the reliance on self-reporting as a key control mechanism. While self-reporting can be helpful, it is far from foolproof, especially in environments with significant pressure to conform to unrealistic expectations. In this instance, the control requiring junior bankers to self-report their hours was ineffective because the reporting was neither enforced nor monitored.

The problem with self-reporting as a control is that it places the onus on the individuals being controlled, which can create a conflict of interest. Employees may feel pressured to underreport or falsify their time to meet expectations or avoid repercussions. With independent verification and oversight, self-reporting is likely to be reliable.

For the compliance professional, the starkness of the lesson could not be more profound. Self-reporting should not be relied upon as the sole or primary control in a high-risk environment. It should be supplemented with independent verification methods, such as automated time tracking, regular audits, or cross-referencing with other data sources. This approach ensures that the data collected is accurate and that controls are truly effective.

Automation and Technology in Internal Controls

Given BoA’s size and sophistication, it is somewhat perplexing that more robust, automated controls were not implemented. In today’s technologically advanced world, numerous tools can automatically track employee hours, monitor for signs of overwork, and flag potential issues for review. These tools can remove the burden of self-reporting and provide more accurate, real-time data.

For example, many organizations use software that tracks employee computer activity, monitors login and logout times, and even tracks time spent on specific tasks. This data can then be used to identify patterns of overwork and take proactive measures to prevent burnout or health issues.

For the compliance professional, it is a direct lesson that leveraging technology can significantly enhance the effectiveness of internal controls. Automated systems can provide continuous monitoring, reduce the risk of human error, and offer objective data that can be used to identify and address potential issues before they escalate.

The Importance of a Holistic Approach

Finally, every compliance professional must recognize that internal controls cannot operate in a vacuum. Internal controls must be part of a broader, holistic approach to risk management and compliance. This includes fostering a strong ethical culture, regularly training employees at all levels, and ensuring transparent, accessible channels for reporting concerns.

With BoA, the failure was not just in the specific control related to work hours—it was a systemic failure across the organization. The culture of overwork was allowed to persist because the control environment was weak, monitoring was inadequate, and there was no serious commitment to remediation.

This final lesson learned for the compliance professional is that internal controls are just one piece of the puzzle. To be truly effective, they must be integrated into a comprehensive risk management framework that includes strong ethical leadership, ongoing education, and a commitment to continuous improvement. 

Internal Controls as a Reflection of Corporate Culture

The tragic situation at BoA is a stark reminder of the critical importance of internal controls in maintaining compliance and a healthy and sustainable corporate culture. Internal controls are more than checkboxes—they reflect an organization’s values and priorities. When controls are ignored or undermined, they send a message that compliance, and by extension, employee well-being, is not a priority.

For compliance professionals, the key takeaway is clear: internal controls must be actively managed, monitored, and enforced. They must be part of a broader effort to create a culture of integrity and accountability. Perhaps most importantly, they must be seen as a dynamic system that requires constant attention and adjustment to remain effective. In a world where pressure on employees is greater than ever, robust internal controls are not just a regulatory requirement but a moral imperative.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Communicating Across Cultural Boundaries

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how to break through the internal cultural boundaries in your organization by creating cultural bridges.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 2 – Lessons Learned for Compliance

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 2, we journey through some key lessons learned for compliance professionals.

In the high-stakes world of investment banking, where deals are won or lost in hours, the pressure to perform can push individuals to the brink. Unfortunately, that brink has meant a premature end to some people’s lives. The recent tragedy at BoA, where a junior banker named Leo Lukenas died after working over 100 hours a week for weeks on end, has cast a harsh light on a decade-long problem. This is not the 2013 scandal revisited; it’s an ongoing crisis, a corporate culture problem that has festered for years. The lessons from this ongoing debacle are critical and chilling for compliance professionals.

Lukenas was not the first casualty of this toxic culture. In 2013, an intern in Bank of America’s London office, Moritz Erhardt, met a similar fate after enduring a grueling workload. Following that incident, the bank promised to implement policies to prevent such tragedies from recurring. Yet, a decade later, Lucas’s death is a stark reminder that those policies have either failed or were never truly enforced.

The investment banking division at Bank of America has been likened to a “white-collar sweatshop,” a description that, sadly, fits too many high-pressure work environments. While the term “sweatshop” might conjure images of factories in developing countries, overwork and exploitation can happen in plush office towers just as easily. Lucas’s death has brought into sharp relief the human cost of such environments, where the relentless pursuit of profit eclipses the well-being of employees.

What is particularly concerning is that this issue is separate from a single office or even a single country. The WSJ’s reporting has revealed that overwork at Bank of America is a pervasive issue, affecting employees in New York, London, Tokyo, and Latin America. Former employees have cited overwork as a primary reason for leaving the bank, underscoring that this is not a localized problem but an enterprise-wide failure of corporate culture.

This brings us to a crucial question: Where was compliance? Why have the policies and controls put in place to prevent overwork ineffective? The answer lies in a deep-seated cultural issue that transcends mere policy implementation. Middle management has tolerated if not outright encouraged, this culture, which senior management has failed to address with the necessary urgency.

Middle management is often described as the “meat grinder” of corporate culture, where good intentions from the top can get mangled into toxic behaviors at the bottom. In the case of Bank of America, middle managers were reportedly telling their subordinates not to report excessive working hours to HR, effectively bypassing the controls that were supposed to prevent overwork.

This is a classic example of what can happen when senior management fails to engage effectively with middle management. Senior executives may have genuinely wanted to prevent overwork, but their message could have been more focused and addressed by those in the middle tasked with enforcing it. This disconnect is where corporate culture often fails. Compliance professionals understand that policies are only as good as their enforcement, and enforcement is only as good as the people who are responsible for it. For the compliance professional, this means you must directly connect what senior management has laid out as policy and not simply put procedures in place to implement the policy but then monitor the implementation to ensure the policy is being followed. Sadly, that was not the case at BoA.

Another critical factor in this crisis is the role of incentive structures. It is no secret that high-stakes deals and intense pressure to produce results drive investment banking. But the stage is set for disaster when bonuses and career advancement are tied to closing deals, even at the cost of employee health.

This misalignment of incentives is a fundamental issue that any compliance officer must address. If the financial rewards for middle managers are tied to delivering results, irrespective of the human cost, then it should be no surprise that overwork becomes a pervasive problem. Incentive structures must be reexamined and realigned with the organization’s ethical and operational goals.

As compliance professionals, it is imperative not just to address the symptoms of such crises but to dig deeper and identify the root causes. This case’s root cause is clear: a toxic corporate culture prioritizes results over people. But beyond that, it is about senior management’s failure to enforce a healthy work culture and the misalignment of incentives that drives middle managers to push employees to the brink.

Organizations need to examine their culture, management practices, and incentive structures to prevent such tragedies in the future. This is not just a problem for Bank of America; it’s an industry-wide issue that requires a collective response. Compliance officers have a crucial role in advocating for stronger controls, better communication, and a culture that truly values employee well-being.

The ongoing crisis at BoA is a sobering reminder of the human cost of a toxic work culture. For compliance professionals, it serves as a call to action. A culture that values employees as people, not just as cogs in a machine, is necessary for enforcing and supporting policies; having them on paper is not sufficient.

As we progress, the lessons from this tragedy should guide our efforts to create healthier, more sustainable work environments. Compliance is not just about ticking boxes; it’s about ensuring our values are reflected in our organizations’ day-to-day operations. Ultimately, it’s about protecting the organization and the people who make it what it is.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Multiplying The Influence of Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today we discuss how to maximize the influence of your compliance program throughout your organization.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Sunday Book Review

Sunday Book Review: August 25, 2024, Books on Incentives Edition

In the Sunday Book Review, Tom Fox considers books that would interest the compliance professional, the business executive, or anyone who might be curious. It could be books about business, compliance, history, leadership, current events or anything else that might interest me.

In today’s edition of the Sunday Book Review, we look at four new books on financial and non-financial incentives for compliance professionals.

  • The Beekeeper by Katie P. Desiderio and Michael G. Frino
  • Mixed Signals: How Incentives Really Work, by Uri Gneezy
  • Profit Works by Alex Freytag and Tom Bouwer
  • The New CEO, by Ty Wiggins

For more information on Ethico and a free White Paper on ROI for your compliance program, click here.

Categories
Creativity and Compliance

Creativity and Compliance: Nudges and Compliance Training

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices that people use to consume information in their everyday, non-work lives, and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies and resources more accessible.

In this episode of Creativity and Compliance, hosts Tom Fox and Ronnie Feldman discuss the concept of nudges in compliance.

Ronnie defines nudges as positive reinforcements or gentle pushes that influence behavior and decision-making. They explore how nudges can extend learning, influence culture, and promote ethical behavior. They emphasize the importance of reinforcing learning over time and using effective communication channels to nudge employees. They also discuss the unconscious nature of nudges and the role of leaders in influencing behavior. The episode concludes with a discussion on the Newcastle honesty box study, which demonstrates the power of subtle nudges.

Key Highlights:

  • What are nudges?
  • Nudges can extend learning, influence culture, and promote ethical behavior
  • Reinforcing learning over time is key to successful nudges
  • Nudges can be unconscious and rely on automatic default thinking
  • Leaders play a crucial role in influencing behavior and promoting a culture of compliance

Resources:

Ronnie

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Using Communications to Drive Speak Up

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the role of communications in your entire hotline reporting system.

 

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.