Categories
Great Women in Compliance

Great Women in Compliance: Jess Nall on Defending Tech Innovators

Welcome to the Great Women in Compliance Podcast. In this episode, Hemma visits with Jess Nall, a partner at Baker McKenzie.

Jess is a leader of Baker McKenzie’s AI and Cyber practice and
leads the Firm’s government defense practice in the US heart of technological innovation, the San Francisco Bay Area. For more than twenty years, Jess has defended technology innovators in high-profile federal and state government enforcement and investigations involving AI, cyber-security, algorithmic price-fixing, economic espionage, and trade sanctions.

With two decades of tech law experience under her belt and playing a pivotal role in various global technology enforcement cases, Jess has a grounded understanding of the complexities surrounding AI compliance and enforcement. She highlights the rapidly evolving global regulation and the increasing pressure it places on compliance professionals.

Jess advocates for a proactive approach to comprehension and readiness for the enforcement and governance aspects of AI, encouraging clients to have robust good faith narratives that illustrate their compliance efforts. This perspective is formed not only from her substantial professional experience but also her deep understanding of the potential risks and malpractices related to the use of AI technology.

Key Highlights:

  • AI Regulations: Impact on Businesses and Compliance
  • Navigating Risks in AI Compliance and Enforcement
  • Deceptive AI Marketing Practices in Industry
  • Fostering Collaboration for AI Compliance Success
  • Enhancing Regulatory Compliance with AI Analytics
  • Enhancing Legal Access with AI Translation

Resources:
Join the Great Women in Compliance community on LinkedIn here.

AI Strategy: The Whole Brain Approach Will Win in forbes.com

Categories
Compliance Into the Weeds

Compliance into the Weeds: What Are Boards Doing About AI (Hint: Not Much)

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt look into corporate reports on their Boards’ oversight of AI.

As the world ventures deeper into the age of artificial intelligence (AI), the issue of corporate governance over AI is emerging as a crucial point of discussion. Tech giants such as Google are facing demands for more board-level attention to AI risk management due to concerns about the lack of transparency and oversight.

Tom highlights this lack of detailed consideration of AI at the board level, raising doubts about whether boards are suitably prepared for AI’s rapid development and potential enforcement risks. His concerns are rooted in limited mentions of AI in proxy statements of S&P 500 companies, suggesting current practices might not be sufficient for the future.

Meanwhile, Matt emphasizes the need for boards to start considering staffing, expertise, and risk management related to AI without necessarily forming dedicated AI committees at present. Kelly’s concerns stem from the lack of detail in proxy statements about what boards are currently doing with AI, especially in tech-heavy companies like Google, indicating the need for potential formation of dedicated committees or sub-specializations in the future.

 Key Highlights:

  • AI Risk Management: Tech vs. Non-Tech Perspectives
  • Enhancing Corporate Governance Through AI Oversight
  • Technology Risk Oversight in Evolving Companies
  • AI Oversight for Corporate Boards: Future Risks

Resources:

Matt on Radical Compliance

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Culture Week: Part 3 – A Toxic Culture and the Fraud Triangle

We continue our exploration of corporate culture. Today, we consider the intersection of the Fraud Triangle and a toxic culture.

The Fraud Triangle is well-known to most compliance practitioners. It is pressure, opportunity, and rationalization. When these three factors converge, there is a danger of an ethical lapse that could violate the law. Bribery and corruption under the Foreign Corrupt Practices Act (FCPA) are types of fraud in which the employee or employees do not keep the direct proceeds of their conduct but enrich the company. Of course, if their collective bonuses are drawn from fraudulent conduct, the cycle is complete around how the Fraud Triangle applies to the FCPA.

Bret Hood, writing in a Fraud Magazine article, entitled Twisted Rationalization, said the following: “We might commonly assume that fraudsters choose to commit fraud by deploying rational cost-benefit analyses of potential rewards against the consequences of being caught. However, most fraud perpetrators completely ignore this calculation. Most of their decisions are automatic and unconscious. Sometimes, others massage circumstances so the fraudulent decision maker doesn’t comprehend the ethical implications.”

That sounds suspiciously like someone who has been treated so poorly in a toxic culture that they feel like they have nothing to lose.

David Schrieberg, writing in a Forbes.com article entitled How Does Corporate Culture Fuel Fraud? Start With Volkswagen And Wells Fargo, cited to Steve Morang, who said of those entities and their scandals, “The brains behind the strategic decisions that organizations make, whether Volkswagen or Walmart or Wells Fargo, don’t understand that those decisions, as they get implemented and trickle down the organization, could very much affect their fraud risk profile.” These comments were aimed at the culture of sales, but those same cultural morals created a toxic culture in both organizations. I believe the Fraud Triangle provides insights for compliance professionals to help adapt a compliance program to prevent fraud that leads to bribery and corruption.

Todd Haugh, an assistant professor of business law and ethics at Indiana University’s Kelley School of Business, posited in an MIT Sloan Management Review article entitled The Trouble With Corporate Compliance Programs that even best practices compliance programs fail to take into account behavioral best practices, and one important, but too often overlooked, key to strengthening both individual and overall corporate behavior is eliminating rationalizations.

Haugh’s conclusions were drawn from his long-term research on the causes of white-collar crime and more general corporate wrongdoing. His research has led him to flagrant rationalizations engaged in by those who commit white-collar crimes. This insight led him to see the behavioral aspect of compliance programs as lacking, but that can be remedied. He listed eight different types of rationalizations.

The first is simply denying responsibility. When offenders “deny responsibility by pleading ignorance, they were acting under orders, or contending that larger economic forces caused them to act.” In denying an injury, “an offender often excuses his or her behavior if no clear harm exists.” In denying a victim, the offenders claim the “victim deserved the harm; or when the victim is unknown or not clearly defined.” Through condemning the condemners, “offender’s conduct is to attack the motives of others, such as regulators, prosecutors, and government agencies.” By appealing to higher loyalties, the fraudster claims “to protect a boss or employee, shore up a failing business, or maximize shareholder value.” By using a ledger metaphor, employees claim there is a “behavioral balance sheet” whereby employees “balance out negative actions against positive accomplishments.” Through claiming entitlement offenders assert “that they deserve the fruits of their illegal behavior.” In claiming acceptability or normality, employees compare their “bad acts with those of others to relieve moral guilt.” The FCPA violator has probably several of these rationalizations going on at once. The compliance professional needs to look for ways to counter-act or overcome them.

Haugh considers the Wells Fargo scandal, not from the actions of the former Chief Executive Officer or other senior executives but from the failure of the company’s ethical culture and compliance program to stem illegal conduct. He believes the scandal occurred in large part because of multiple rationalizations at multiple levels, stating “preliminary reports suggest it allowed an environment riddled by employee rationalizations. On the heels of the bank’s $185 million settlement agreement with the Consumer Financial Protection Bureau, a number of former employees have reported that, despite ethics training and messages from headquarters to not create fake accounts, the bank’s aggressive sales culture drowned out any explicit compliance measures.”

Haugh believes the “compliance program failed to address the systemic problem of managers pressuring employees to meet unrealistic sales goals.” He cited to one former employee on the pressure employees felt, quoting “The reality was that people had to meet their [sales] goals. They needed a paycheck.” It was this push by management that led employees, under pressure to meet unrealistic goals, to rationalize their conduct by denying responsibility and claiming relative normality in creating fraudulent accounts. Also remember that the fraudulent accounts were not limited in geographic or any other scope. They were literally created across the U.S. by Wells Fargo branches.

As a prescription, Haugh recommends several steps. The first was one of the most intriguing and it was for a company to employ a behavioral specialist to take current research and theory into practice in an organization. He believes such a behavioral specialist could help multiple corporate departments construct both training and communications by creating “a behavioral compliance curriculum tailored to various groups of employees, giving all members of the organization insight into their ethical decision-making processes. Such a curriculum can become the backbone of a behaviorally cognizant compliance program.” Note how Haugh’s suggestion on a tailored approach to training echoes the language from the DOJ’s Evaluation of Corporate Compliance Programs (Evaluation) to have tailored anti-corruption training. Wedding these two types of tailored employee training, anti-corruption and anti-fraud, could be quite powerful.

Haugh’s next suggestion was to “use behavioral best practices to eliminate rationalizations.” He believes that the compliance practitioner should use behavioral insights to improve company practices. When you consider that most compliance programs were initially written by lawyers, this is not too surprising. He wrote, “This will necessarily go beyond the traditional law-driven compliance practices employed by the vast majority of Fortune 500 companies.”

Haugh advocates that compliance programs should attack rationalizations directly, with an aim towards eliminating them. Here Haugh provided the simple yet direct example of an honesty certificate on an employee gift, travel and entertainment (GTE) reimbursement form as a starting point. I would add this has the added significance of an effective internal control. He also noted that companies should facilitate communications around fraud, rationalizations and, compliance by encouraging “employees to openly discuss rationalizations and how they affect ethical decision-making. This can be accomplished through storytelling by employees and the company. Employees should be encouraged, even required, to meet periodically in small groups to explore the potential effects of compliance violations and white-collar crimes.” To make this communication technique more powerful and to make this strategy more powerful is to fully operationalize by having business leaders guide such discussions including “topics such as what regulations are relevant to the business, common compliance pitfalls, and how some business practices produce externalities that negatively impact stakeholders.”

Finally, every compliance practitioner is well-aware of the role of financial incentives in compliance. I write about this topic on a regular basis. But Haugh takes the incentives discussion in a different direction, suggesting there are non-monetary incentives that could positively impact compliance. Haugh concludes by noting that companies should “use incentives to influence behavior in the right direction” by understanding how rationalizations come into play. Most interestingly, Haugh believes that employee “praise and expressions of gratitude motivate more than money”. Think of the cost of a good word now and then or a pat on the back. But more than a pat on the back, such an approach emphasizes that good compliance is seen as the “governing ethos” of the company where the goal is “to build a corporate culture that incentivizes the rejection of rationalizations through the creation of shared values.”

Haugh concludes by recognizing that no compliance program will always eliminate bad employee behavior. However, his article and research give the compliance practitioner new insights into how to motivate employees and to make compliance more effective in an organization. Further, many of the ideas and suggestions put forth by Haugh would help to operationalize your compliance program more fully, as specified by the DOJ in the 2023 Evaluation of Corporate Compliance Programs. Finally, the use of behavioral techniques can add a powerful tool to the compliance practitioner in more fully integrating a good culture into your organization.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Characteristics of a Toxic Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the 5 top characteristics of a toxic corporate culture.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

Culture Week: Part 2 – Attributes of a Toxic Corporate Culture

We continue our exploration of aspects of corporate culture. Today, we turn to the dark side by reviewing some of the characteristics of a toxic corporate culture. An article in the MIT Sloan Management Review provided some guidance. In Why Every Leader Needs to Worry About Toxic Culture, Donald Sull, Charles Sull, William Cipolli, and Caio Brighenti posited that, by pinpointing the elements of toxic culture in a company, its leaders focus on addressing the issues that lead employees to disengage and quit. These ideas are essential for compliance as they navigate corporate culture and assess and improve it.

Moreover, the Chief Compliance Officer and corporate compliance function were again identified in the 2023 Evaluation of Corporate Compliance Programs (ECCP) as the institutional justice and fairness keepers. This means recognizing and preventing a toxic culture from spreading and infecting your entire organization, which is squarely in the compliance wheelhouse. The article lays out vital red flags for every CCO and compliance professional to look for in assessing culture. Last but not least, for any company with a toxic culture, the likelihood that its employees will commit fraud or bribe and corrupt others by breaking laws like the Foreign Corrupt Practices Act (FCPA) is much higher.

The authors identify behaviors they call “the Toxic Five attributes,” which are being “disrespectful, non-inclusive, unethical, cutthroat, and abusive—poison corporate culture in employees’ eyes. While organizational culture can disappoint employees in many ways, these five elements have by far the largest negative impact on how employees rate their corporate culture and have contributed most to employee attrition throughout the Great Resignation.” As a CCO or compliance professional, you must be on the lookout for them and take steps to remedy them if you see or hear about them.

Disrespectful Behavior

The authors found that “feeling disrespected at work has the largest negative impact on an employee’s overall rating of their corporate culture of any single topic.” Lack of respect can occur in many areas. The most obvious is the lack of a “speak up” culture where employees understand it is useless to raise issues with management, whether serious matters such as FCPA violations or more straightforward ideas such as process improvement. It can also be as simple as whether to return to the office full-time and whether management listens to employees about their desires to continue working from home or to utilize some hybrid working arrangement. The authors noted, “Whether you analyze culture at the level of the individual employee or aggregate to the organization as a whole, respect toward employees rises to the top of the list of cultural elements that matter most.

Non-inclusive Behavior

This concerns whether your employees are “treated fairly, made to feel welcome, and included in key decisions.” It is “the most powerful predictor of whether employees view their organization’s culture as toxic. It applies to all demographic groups: “gender, race, sexual identity and orientation, disability, and age.” It can be outright discrimination against the equally invidious but more subtle conflicts of interests of nepotism and playing favorites. The topic of non-inclusiveness includes “terms like ‘cliques,’ ‘clubby, or ‘in crowd that indicate that some employees are being excluded without specifying why.

Ethical Behavior

The authors believe ethics “is a fundamental aspect of culture that matters at both the organizational and individual levels. Interestingly, there are several different aspects of “ethics that every CCO needs to consider. Unethical behavior is “about integrity and ethics within an organization. It also includes dishonesty. “Employees described dishonest behavior in many ways, from outright lying to making false promises to shading the truth to simply “sugarcoating. Under regulatory compliance, employees talked about failure to comply with applicable regulations, including failure to meet safety standards.

Cutthroat Behavior

I found this category fascinating as it included both uncooperative coworkers and the lack of harmonization across organizational silos. This was not simply “friction in coordination, but situations in which “employees talked about colleagues actively undermining one another. It included what the authors termed as a “vivid lexicon to describe their workplace, including ‘dog-eat-dog and ‘Darwinian and talked about coworkers who ‘throw one another under the bus,‘ ‘stab each other in the back, or ‘sabotage one another.'”

Abusive Behavior

Having worked in law firms long ago, I understand abusive behavior. The authors called it “sustained hostile behavior toward employees, including “bullying, yelling, or shouting at employees, belittling or demeaning subordinates, verbally abusing people, and condescending or talking down to employees. While one would hope such behaviors do not exist in the 21st century, they still do. The article’s authors reported that only 0.8% of the employees surveyed described their manager as abusive. However, when employees did mention abusive managers, it significantly depressed the corporate culture.

What CCOs and compliance professionals should try to drive forward is a “culture that is inclusive, respectful, ethical, collaborative, and free from abuse by those in positions of power. However, the authors caution that these are the “baseline elements of a healthy corporate culture. Employees want more than the basics; other organizational stakeholders want companies to have official, solid core values. In an interview with LRN’s Susan Divers, she called this emphasis on core values the “value in values.” From the compliance professional’s perspective, it means values like integrity, collaboration, respect, and DEI.

Categories
Blog

Culture Week: Part 1 – Redesigning Culture

In the FCPA Compliance and Ethics Blog this week, I will explore corporate culture from various angles. Since at least October 2021, the Department of Justice (DOJ) has made corporate culture part of its review for any company in a white-collar criminal investigation, specifically the FCPA. Today, I look at how a company can think through a process to redesign its culture.

How can you think of a different way to redesign your culture and compliance program? This is based on an article in MIT Sloan Management entitled The Four-Step Process for Redesigning Work by Lynda Gratton. Gratton believes a “fear of failure weighs heavily on many leaders tasked with managing new workplace expectations. Seeing the challenge as a process is the way forward.” Her piece provides a great way to consider the future decision to adopt hybrid or other working models.

Moreover, this fear is disrupting other areas that demand corporate attention right now and has left leaders hypersensitive to issues of retention and unsure what accommodations, if any, will attract and keep talent. They are also apprehensive about what their competitors are doing. This has a ripple effect. Because of the fear of failure, I’ve seen leaders begin to stumble on issues of inclusion, belonging, and identity. Rather than being bold and adopting an experimental mindset, they fall back to familiar operating methods and become less empathetic to what others want. When we fear failure, we retreat to the known.

I would only add that the same is true for the corporate compliance function.

In Gratton’s opinion, “Organizations need to undergo a structural overhaul, and more people than just the top leadership of an organization need to work out the task of moving forward.” Leaders who have confronted their fears and set about this task of overhaul have done it by moving through four crucial steps: understanding people, networks, and jobs; reimagining how work gets done; modeling and testing redesign ideas against core principles; and ensuring the overhaul sticks by taking action widely.”

Understand What Matters

The top fear or concern is the decision to work from home or require workers to return to the office. However, the key is “to precisely understand what matters: for example, where and how productive work takes place, what people want, and how knowledge flows.” For instance, being in the office can increase productivity for crucial tasks, particularly when it comes to individual thinking, analyzing, and writing. It turned out that being out of a busy office during lockdown was a plus for these people.

However, that is not the only equation, as “work, people, and knowledge flow differently across companies.” Gratton noted from one study participant, “Bringing ideas from all our disciplines is crucial. We have engineers, designers, planners, technical specialists, and consultants in the office. We want them to talk to each other and bounce ideas off each other.” This leadership clarity allows “an office-based way of working that would maximize highly valued cooperative behavior.”

Reimagine new ways of operating.

Understanding the focus of your compliance team can be a key driver of productivity. Still, it can also lessen “fears about pushing for an office-based way of working and enable them to be imaginative and bold.” For instance, you might create opportunities for some employees to work anywhere for three months. Once again, this might not work for all companies, but if your compliance tasks can lend themselves to this approach, it could be helpful for you to consider it going forward.

The author reported, “Unilever reimagined the employee contract—the set of promises employers make to their people.” To that end, “the conglomerate reimagined how to enable employees to work for Unilever while engaging in other activities such as starting a business, traveling, or caring for a family member. In this model, called U-Work, some employees receive a monthly retainer and earn assignment pay. Importantly, they also get pension support and access to health insurance.” This allows flexibility “between being a full-time employee and being a contractor or agency worker from a third-party organization.”

Model and test new ways of working

Any model work should be aligned with the company’s purpose or business strategy. Unfortunately, that means treating your employees like children in many top-down businesses. But if you succeeded during the pandemic (and you had to), you should be able to determine a hybrid way of working that could have a longer-term impact.

For compliance, that might mean a fuller determination of what “customer-centric means and how hybrid work would have to align with changing customer needs.” Of course, for a compliance professional, your customers could be a variety of stakeholders, such as employees, Supply Chain vendors, or other third parties. The author’s point is to “be bold and courageous in your attempt… in the spirit of being experimental.”

Act and create

An explicit concern is that new work models may become fads that are never really embedded into the company’s culture or will be discarded at the first sign of a recession or cost-cutting. While senior leadership is critical in supporting such initiatives, Gratton identified four ways to deepen engagement and support throughout an organization for such a change.

1. Managers must be engaged. A series of workshops with them helped create a managerial playbook.

2. Communication to describe how these new work models would positively impact talent attraction and retention while supporting the strategic aim of the business.

3. Managers should have open and active communication channels with their teams to reach agreements on details, such as when employees will work together in the office and when they will engage in focused work at home.

4. Managers should support each other through peer networks to support and learn from each other.

Gratton ended her piece by challenging leaders to ask themselves three questions: “Where are you now on redesigning work? Are there steps you need to take to reengage more purposefully? Are you clear about what your biggest priorities are? Your actions will create your signature work model and define the deal you are making with your employees and customers.” The same applies to a Chief Compliance Officer, the corporate compliance function, and culture.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Redesigning Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how you can think of a different way to redesign your corporate culture.

For more information on the Ethico ROI Calculator and a free White paper on the ROI of Compliance, click here.

Categories
Sunday Book Review

Sunday Book Review: April 28, 2024 Books on Trust Edition

In the Sunday Book Review, Tom Fox considers books that would interest the compliance professional, the business executive, or anyone who might be curious.

It could be books about business, compliance, history, leadership, current events, or anything else that might interest me.

In today’s edition of the Sunday Book Review, we look at some of the top books on compliance you should read in 2024.

  • The Book of Trust by Yoram Solomon
  • Building Trust by Josh McQueen
  • Digital Body Language by Erica Dhawan
  • The Four Factors of Trust by Ashley Reichheld & Amelia Dunlop

Resource:

18 Must-Read Books on Building Trust for Your Business and Brand

For more information on Ethico and a free White Paper on ROI for your compliance program, click here.

Categories
Creativity and Compliance

Creativity and Compliance: Global Engagement Strategies

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection all require creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices that people use to consume information in their everyday, non-work lives, and applies it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

Today Ronnie and Tom consider global engagement strategies for a multi-national corporation.

Global engagement strategies encompass a broad and evolving discipline that requires innovative and adaptive mechanisms to effectively connect with a diverse, multinational workforce. Tom highlights the limitations of a “one size fits all” approach and the importance of incorporating engaging elements such as humor and entertainment in global engagement strategies. His perspective is shaped by the belief that it is more effective to tailor content to specific audiences, thus cultivating a library of diverse and engaging content.

Ronnie emphasizes the significance of employing a variety of creative and entertaining approaches, including humor, animation, music, and interactive elements. His experiences underline the notion that traditional methods may not always be the most effective and that leveraging different tools, even if it involves taking risks, can lead to a greater understanding and engagement in a global context.

Key Highlights:

  • Creative Engagement Techniques for Global Workforce
  •  Global Resonance: Music in Communication Strategies
  • AI-Enabled Multilingual Content Transformation
  • AI Subtitling: Cost-Efficient Global Content Localization

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Compliance and Corporate Principles

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we explore how compliance can help navigate through the minefield of corporate principles.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.