In today’s edition of Daily Compliance News:
· Twitter-Musk trial set for October. (WSJ)
· Italian prosecutor drops ENI acquittal appeal. (MarketWatch)
· Layoffs hit crypto compliance personnel. (WSJ)
· DOJ puts Amazon and civil litigants in ‘Time Out’. (WaPo)
Tag: compliance
What is perhaps one of the most recognizable movie themes of all-time? One that certainly falls into that category is the James Bond theme, written by Monty Norman, who recently passed away. According to his New York Times obituary, Norman took the job only because the producer, Chubby Broccoli, offered him a trip to Jamaica to watch some of the filming, in addition to more traditional monetary compensation. Norman was “struggling to come up with the theme, he said, until he remembered a song called “Bad Sign, Good Sign,” from an unproduced musical version of the 1961 V.S. Naipaul novel, “A House for Mr. Biswas,” on which he and a frequent collaborator, Julian More, had worked.” However, the opening line had an “Asian inflection and relied heavily on a sitar, but Mr. Norman “split the notes,” as he put it, to provide a more staccato feel for what became the theme song’s famous guitar riff. Norman said, “And the moment I did ‘dum diddy dum dum dum,’ I thought, ‘My God, that’s it. His sexiness, his mystery, his ruthlessness — it’s all there in a few notes.” (Listen to the James Bond theme here.)
I was reminded of the psychological nature of this great movie theme when reading a recent article in the MIT Sloan Management Review, Summer edition, entitled “Fostering Ethical Conduct Through Psychological Safety” by Antoine Ferrère, Chris Rider, Baiba Renerte, and Amy Edmondson. In this article, the authors asked such questions as “How do organizations encourage people to speak up about ethical breaches, whether inadvertent or deliberate?” and “Why do some employees choose to remain silent when others report misconduct?” Additionally, they “analyzed the perceptions of those who report misconduct against those of “silent bystanders” to help “better understand both the drivers and derailers of speaking up — and revealed insights into how leaders and compliance officers can encourage employees to make such reports.’”
The authors believe today, “it is more essential than ever that when misconduct happens or difficult problems arise, there is a strong ethical climate for surfacing information so that leaders can respond quickly and appropriately. An environment in which employees feel comfortable reporting such issues is also vital to preventing future misconduct.” Over the next couple of posts I will be exploring this article and some of the issues it raises. In Part 1, we look at what questions you should consider to determine the amount of psychological safety in your organization.
The starting point for any analysis for psychological safety is with one of the authors, Amy Edmondson herself and her seminal work The Fearless Organization. The authors began by modifying her original 1999psychological safety scale to emphasize a specific focus on employees speaking up. Interestingly, they added “the idea of thinking before speaking up in the hope of measuring hesitation.” They did so to “capture comfort levels in speaking up, based on the intuition that in a psychologically safe climate, people tend to say something right away, and when they don’t feel psychologically safe, they are more likely to keep incidents to themselves.”
By looking at how psychologically safe an organization is, the authors posited they could then measure variance in psychological safety across teams and regions by surveying employees. They believed that this approach would allow them to then “focus efforts on teams who need the most help and to identify teams whose psychologically safe cultures may offer examples from which other teams can learn.” To do so the authors’ developed a survey which asked the following, “on a scale from 0 (completely disagree) to 10 (completely agree), their level of agreement with the following statements:”
- On my team, if you make a mistake, it is often held against you.
- Members of my team are able to bring up problems and tough issues.
- People on my team sometimes reject others for having different views.
- It is safe to take a risk on my team.
- It is difficult to ask other members of my team for help.
- I tend to think about how raising a concern will reflect on me before speaking up.
Interestingly, the authors acknowledged relationship to whistleblowing, in the context of both psychological safety and an ethical business, they strove to make clear “an important distinction between external whistleblowing and those who speak up about perceived misconduct at work.” Moreover, recognizing the vital role external whistleblowers play in the detection prong of any best practices compliance program, if a whistleblower goes to the Securities and Exchange Commission (SEC) or other external actors, it is almost always because “they felt their concerns could not be expressed, heard, and addressed internally.” The authors believe that a “healthy organizational culture is one in which speaking up and listening go hand in hand and thereby reinforce ethical standards. If concerns are expressed, changes can be made in a timely way.” This is important because it moves from the detect prong to the prevent prong, which is by far the more important and effective prong in any compliance regime. Further ideas or innovations, rather than simply reporting of untoward actions, can make a company more efficient and more profitable. All of this means that if there truly is psychological safety a company can receive far more benefits than simply monetary fine or penalty avoidance.
Join us tomorrow in Part 2 where we consider the role of psychological safety and moving it through an organization.
Categories
Episode 37-I, Mudd
In this episode of Trekking Through Compliance, we consider episode I, Mudd, which aired on November 3, 1967, and occurred on Star Date 4513.3.
The Enterprise finds Harry Mudd (Harcourt Fenton Mudd) on a planet and the “ruler” of 500 robot women. Mudd is being studied by the robots, who are accommodating but refuse to let him go. The androids tell Kirk people from the Andromeda galaxy built them. However, the civilization that constructed them was destroyed by a supernova, so the androids were left without supervision. Now they have found a new purpose in Mudd. Spock makes inquiries and discovers that there are 207,809 androids and, most importantly, that they seem to be controlled by some central coordinating power.
The robots find people too destructive and plan to take over and “serve” all humans in the galaxy to control them. Kirk leaves Harry on the planet with his attendant robots to serve as an example of human failure to them. The robots are also reprogrammed to carry out their original task of rendering the planet fit for human life. As a final blow to Mr. Mudd, Kirk also leaves behind several android copies of his shrewish wife, Stella.
Compliance Takeaways:
- Why continuous monitoring is a mandatory part of any compliance program.
- Will AI take over compliance? (Answer: No)
- As a CCO, you are only limited by your imagination.
Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein
MissionLogPodcast.com
Memory Alpha
Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this episode, Tom and Ronnie continue their short series of provocative statements on compliance training and communications, followed by a discussion. In this episode, Ronnie channels his inner James Bond to explore why compliance by Dr. No from the Land of No is a recipe for failure. Highlights include:
· Employees Won’t Go to the Office of No
· Discuss the reputation and why that’s important
· Discuss how e-learning exacerbates the problem
· Discuss solutions
· Advertising & Branding – increasing exposure
· Coaching and training the E&C team and Ethics Advisors
· Coaching and training Leadership
Resources:
Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.
Workplace Tonight Show! Micro-learning – a library of 1-10-minutes of training and communications wrapped in the style of a late-night variety show that explains corporate risk topics and why employees should care.
Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with more engaging delivery.
Tales from the Hotline – check out some samples.
Categories
GalloCast-Episode 2
Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight on compliance brought to you by the co-CEOs of ComplianceLine. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the dinner table. Hosted by Tom Fox, the Voice of Compliance. Topics in this episode include:
- How do you incorporate ethics into business growth?
- Who are all the stakeholders in and for your organization?
- Why is talent acquisition and retention a key element for any business going forward?
- How to change an entire culture?
- How not to lay off employees.
- What are the micro-cultures in your organization, and how to use them to build your ethical muscles
- What is the EthicsVerse?
- Nick’s Book Challenge.
Resources
Nick Gallo on LinkedIn
Gio Gallo on LinkedIn
ComplianceLine
As the Compliance Evangelist, I am pleased to announce the release of the Compliance Handbook, Third Edition. It is published by LexisNexis.
This edition is an update of the Compliance Handbook, 3rd edition handbook is a must read for all ethics and compliance professionals. The Third Edition provides practical and helpful solutions on important ethics and compliance issues. It is comprehensive, accessible and a must-have for every ethics and compliance professional.
Once again, I have teamed up with the top legal publisher, LexisNexis Legal & Professional, to lead its series of compliance offerings. The Compliance Handbook 3rd edition, is designed to provide the seasoned compliance professionals, and those new to the profession, with practical, actionable guidance and tools needed to design, create, implement and continually enhance a best practices compliance program.
The Compliance Handbook 3rd edition provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:
- Compliance and business ventures
- Third party risk management
- The Board’s Role in Compliance
- Continuous improvement
- Compliance innovation
- And much more
The Compliance Handbook 3rd edition also takes a close look at the role of all professionals with compliance responsibility, from Compliance Officers and Boards of Directors, to Human Resources to Internal Audit and Internal Controls and Communications and Training professionals. Understanding compliance responsibility across the organization continues to be a key theme of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). With this 3rd edition, I expand on the concepts articulated in the original editions of operationalizing your compliance program.
What’s new for the 3rd edition?
- The role of compliance in ESG
- Key FCPA enforcement actions from 2022
- Key innovations in compliance which came out of the Covid-19 pandemic
- New strategies in training and communications
- Looking forward to compliance in 2025 and beyond.
The Compliance Handbook 3rd edition incorporates the most current government pronouncements governing best practices compliance programs including the 2019 Evaluation of Corporate Compliance Programs released by the DOJ Fraud Section and its 2020 Update; the updated FCPA Resource Guide 2nd edition; the Framework for OFAC Compliance Commitments; the 2019 DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust and most significantly the speech by Deputy Attorney General Lisa Monaco, reinstituting the requirements from the Yates Memo, the renewed use of monitors, all encapsuled in the Monaco Doctrine.
The Compliance Handbook 3rd edition is available in both print and eBook editions. LexisNexis Legal & Professional is giving a discount of 20% for any presale purchase. Use the code FOX20 and go here.
Categories
Caremark Claims, Part 2
Welcome to The Woody Report, where Washington & Lee School of Law Associate Professor Karen Woody and host Tom Fox discuss issues on white collar crime, compliance issues, international corruption, securities and accounting fraud, and internal corporate investigations. From current events to topical issues to academic research and thought leadership, Karen Woody helps lead the discussion of these issues on the new and exciting podcast. Today in Part 2, Tom and Karen look at cases in the wake of Marchand, including Clovis Oncology, Boeing and Cardinal Health.
Resources
Karen Woody on LinkedIn
Karen Woody at Washington & Lee, School of Law
I am looking at what skills will be needed for the mid-century Chief Compliance Officer (CCO). Moving into the CCO chair today is far beyond compliance expertise and legal knowledge. In Part 1 of this two-part series, I reviewed the soft skills most current CCOs have. In part 2, I want to consider the strong social skills a CCO will need as we move into 2030 and beyond. In a recent Harvard Business Review article (HBR), entitled “The C-Suite Skills That Matter Most”, authors Raffaella Sadun, Joseph Fuller, Stephen Hansen, and PJ Neal looked at this issue in the context of the Chief Executive Officer (CEO) position. I have adapted their work for the CCO role.
Training for new CCOs must change as well. No longer will a law school degree with one course in the Foreign Corrupt Practices Act (FCPA) be sufficient as a basis for a CCO. CCOs will need to systematically build social skills. This can certainly start in law or business school, but companies need to consider this role in their internal development for CCO candidates and indeed their entire corporate compliance function. This means going beyond simply preparing up and grooming compliance professionals to become a CCO through developing a “deep competence in a variety of administrative and operational roles.” This is because the mid-century CCO will need to “form constructive relationships with colleagues, customers, regulators, and suppliers” to fulfill the obligations of a corporate compliance function going forward.
As I noted earlier in Death of Dos Santos and Leadership at the Top, the background due diligence process around CEOs is becoming more important. But more than computer assisted research for background checks, the authors believes that “getting references is also problematic.” Most CCO searches are conducted with a high degree of confidentiality. However, the people conducting CCO interviews and those providing references are likely to be part of the “same small, homogeneous networks as most of the candidates, which significantly heightens the risk of bias in the decision-making process. They might mistakenly assume that those individuals possess broadly applicable social skills simply because they connected easily with them in interviews.”
In their executive development programs, companies today need a systematic approach to building and evaluating social skills for all executives, including compliance professionals and specifically CCOs. The authors believe such skills “may even need to prioritize them over the “hard” skills that managers presently favor because they’re so easy to assess. Companies should place high-potential leaders in positions that oblige them to interact with various employee populations and external constituencies and then closely monitor their performance in those roles.”
Beyond the assessment of social skills, companies need to highlight social skills development for the compliance function and potential CCO candidates. Interestingly, the authors believe that it is “inherently risky to put an outsider—even someone carefully vetted—in a senior role. Companies thus will benefit from a “grow your own” approach that allows internal up-and-comers to hone and demonstrate a range of interpersonal abilities.”
Moving forward the authors believe that more often, companies are “on the lookout for people with highly developed social skills—especially if their organizations are large, complex, and technologically intensive.” It is the final intensive technical requirement that many compliance professionals and CCO-types are lacking in; most particularly those with a legal education. Somewhat deflatingly, the authors report it is an “open question” as to whether companies will succeed in making hires with the requisite social skills going forward. They write, “The answer will depend in part on whether they can figure out how to effectively evaluate the social skills of job candidates, and whether they decide to make the cultivation of social skills an integral component of their talent-management strategies.”
But the business reality is that companies must do so to remain competitive. Talent acquisition and retention will be one of the most important keys for businesses to survive and thrive into the 2030s and beyond. Developing internal talent with these skills would clearly be the optimum approach for an organization to take. The authors also believe that companies should encourage law and business schools “to place more emphasis on social skills in their MBA and executive-level curricula, and they should challenge search firms and other intermediaries to devise innovative mechanisms for identifying and assessing candidates.”
But this is beyond simply internal development of the top candidates from law and business schools. When “recruiting and evaluating outside talent, they must prioritize social skills. The same is true when it comes to measuring the performance of current [CCOs] and setting their compensation. In addition, firms should make strong social skills a criterion for promotion, and they should task supervisors with nurturing such skills in high-potential subordinates.”
As much as the compliance profession has evolved over the past 10 years, this evolution will only continue with greater speed going forward. Simply consider how much business has changed forever since the Russian invasion of Ukraine and you can begin to see why a CCO, and compliance professional, will need a much wider variety of social skills. Change in the way Supply Chain risk will be managed; how trade and economic sanctions will play a more strategic role in each organization, anti-corruption detection, prevention and enforcement has now become a national security issue of the United States, cybersecurity and data privacy are on the front plate of every organization and environmental, social and governance (ESG) will lead many corporate efforts going forward.
The bottom line is that the business world has changed and not only must CCOs change with it but the manner in which companies acquire and retain compliance talent must change as well.
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we deep dive into the recent New York Department of Financial Services enforcement action against Carnival Cruise Lines for failures in its cybersecurity reporting obligations. Highlights include:
· Why is Carnival Cruise Lines subject to the DFS?
· What violations occurred?
· Why were there false certifications?
· What were the tactical cyber security violations?
· Were they material?
· Lessons for the compliance professional.
Resources
Matt in Radical Compliance
What skills will be needed for the mid-century Chief Compliance Officer (CCO) [yes just a few more years to 2030 and ‘mid-century’]. Moving into the CCO chair today is far beyond compliance expertise and legal knowledge. What CCOs need even more as we move into 2030 and beyond are strong social skills. Compliance is becoming more complex and tech-centered; workforce diversity is growing; and firms face greater public scrutiny than ever before. These requirements are far beyond a Foreign Corrupt Practices Act (FCPA) or even compliance course in law school. Going forward, CCOs will need to be adept communicators, relationship builders, and people-oriented problem solvers. To succeed in the future, companies will need to focus on those skills when they evaluate CCO candidates and develop in-house talent in their compliance function. In a recent Harvard Business Review article (HBR), entitled “The C-Suite Skills That Matter Most”, authors Raffaella Sadun, Joseph Fuller, Stephen Hansen, and PJ Neal looked at this issue in the context of the Chief Executive Officer (CEO) position. I have adapted their work for the CCO role.
Previously, companies could look for good technical skills in a CCO. But today, companies need to seek out and hire CCOs “who are able to motivate diverse, technologically savvy, and global workforces; who can play the role of corporate statesperson, dealing effectively with constituents ranging from sovereign governments to influential NGOs; and who can rapidly and effectively apply their skills in a new company, in what may be an unfamiliar industry, and often with other colleagues in the C-suite whom they didn’t previously know.” Getting it wrong can be a disaster for the company. Witness the train wreck involving the Activision Blizzard, Inc. CCO, when that company’s scandal broke.
Previously, the CCO had to use influence to try and get compliance accomplished in an organization. In the early part of the past decade, Jenny O’Brien talked about about techniques for a CCO to employ to help influence decision-making within an organization.
- Understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
- Active Listening. Work constantly at active listening, which is listening, thinking and then speaking.
- Connections with other functions in an organization.
- The CCO does not need center stage.
- Make a win look like a win for everyone.
- The Triple ‘C’- Calm, cool and collected. Don’t let them see you sweat.
- Know your stuff.
However, the authors demonstrate that these soft skills are no longer enough for a CCO, even one with high technical competence in compliance programs. A critical first step is to develop greater clarity about what it now takes for a CCO to succeed as the range of necessary skills appears to have expanded. This is more than the ‘soft-skills’ approach articulated by O’Brien but more ‘social skills,’ “including a high level of self-awareness, the ability to listen and communicate well, a facility for working with different types of people and groups, and what psychologists call “theory of mind”—the capacity to infer how others are thinking and feeling.”
By looking at the reasons for these changes, the authors identify several areas that CCOs previously were not required to understand but are now mandatory for a mid-21st century compliance program.The focus on social skills is especially evident in large companies. This is even more true “at publicly listed multinational enterprises and those that are involved in mergers and acquisitions. These patterns are consistent with the view that in larger and more complex organizations, top managers are increasingly expected to coordinate disparate and specialized knowledge, match the organization’s problems with people who can solve them, and effectively orchestrate internal communication. For all those tasks, it helps to be able to interact well with others. It also reflects the web of critical relationships that leaders at such firms must cultivate and maintain with outside constituencies.” This of course includes the five sets of stakeholders identified in the Business Roundtable’s Statement on the Purpose of a Corporation. Again this reality is even considered in the 2013 COSO Internal Control-Integrated Framework.
There is no bigger change to the skill set of the CCO than around information and information-technology systems, i.e., data and data analytics. The authors cited to Peter Drucker for the following, “The more we automate information-handling, the more we will have to create opportunities for effective communication.” This means the CCOs and corporate compliance programs which “rely significantly on information-processing technologies today also tend to be those that need leaders with especially strong social skills.”
In compliance, when companies automate routine compliance tasks, “their competitiveness hinges on capabilities that computer systems simply don’t have—things such as judgment, creativity, and perception. In technologically intensive firms, where automation is widespread, leaders have to align a heterogeneous workforce, respond to unexpected events, and manage conflict in the decision-making process, all of which are best done by managers with strong social skills.” The authors conclude, “as more tasks are entrusted to technology, [CCOs] with superior social skills will be in demand at all levels and will command a premium in the labor market.”
Another new area is in social media and networking technologies. As companies move away from shareholder primacy and focus more broadly on stakeholder capitalism, as outlined in the Statement on the Purpose of a Corporation, CCOs will be expected to be public figures. They will meet and “interact with an increasingly broad range of internal and external constituencies but to do so personally and transparently and accountably.” Moreover, CCOs, and other corporate officers, will be required to operate in “real time, thanks to the increasing prevalence of both social media (which can capture and publicize missteps nearly instantaneously) and network platforms such as Slack and Glassdoor (which allow employees to widely disseminate information and opinions about their colleagues and bosses).” CCOs will be required to “be constantly attuned to how their decisions are perceived by various audiences. Failing to achieve their intended purposes with even a handful of employees or other constituents can be damaging.”
Join us tomorrow where we consider the way forward for the CCO role at mid-century.
