Tag: corporate culture

Categories
FCPA Compliance Report

Matt Galvin and Dan Kahn, Part 2-Reflections on the Monaco Speech

This episode of the FCPA Compliance Report begins a special two-part series with two well-known compliance professionals. Matt Galvin, most recently the CCO at AB-InBev and Dan Kahn, former acting Deputy Assistant Attorney General of the Criminal Division, Chief of the Fraud Section, and Chief of the FCPA Unit. Dan is now in private practice at DavisPolk. In this concluding Part 2, we take a deep dive into the Lisa Monaco Speech focusing on how the DOJ might look to access corporate culture, the Speech’s effect on the Benczkowski Memo, using the Monaco Speech and other external information for internal corporate presentations and the DOJ reviewing other corporate misconduct.

Resources

Matt Galvin on LinkedIn

Dan Kahn at Davis Polk

Categories
Blog

Attributes of a Toxic Corporate Culture

Corporate culture is finally being acknowledged as a key ingredient in a successful business, particularly one which operates ethically and in compliance. The Department of Justice (DOJ) formally recognized the need to assess corporate culture in the speech by Deputy Attorney General Lisa Monaco to the ABA White Collar Conference in October 2021. But what are some indicia of good culture and more importantly what are some indicia of a toxic culture? A recent article in the MIT Sloan Management Review provided some guidance. In Why Every Leader Needs to Worry About Toxic Culture, Donald Sull, Charles Sull, William Cipolli and Caio Brighenti posited that by pinpointing the elements of toxic culture in a company, its leaders focus on addressing the issues that lead employees to disengage and quit. These ideas have significant importance for the compliance function as it navigates corporate culture, both in assessing and improving it.
Moreover, the Chief Compliance Officer (CCO) and corporate compliance function were identified in the 2020 Update to the Evaluation of Corporate Compliance Programs as the keepers of institutional justice and institutional fairness. This mean recognizing and then preventing a toxic culture from spreading and infecting your entire organization is squarely in the compliance wheelhouse. The article lays out key red flags for every CCO and compliance professional to look for in assessing culture. Finally, for any company with a toxic culture, the chances are much greater to be defrauded by its own employees or to defraud others through bribery and corruption by violating such laws as the Foreign Corrupt Practices Act (FCPA).
The authors identify behaviors that they call “the Toxic Five attributes”, being “disrespectful, noninclusive, unethical, cutthroat, and abusive – poison corporate culture in the eyes of employees. While organizational culture can disappoint employees in many ways, these five elements have by far the largest negative impact on how employees rate their corporate culture and have contributed most to employee attrition throughout the Great Resignation.” As a CCO or compliance professional you need to be on the watch for them and take steps to remedy them if you see or hear about them.
Non-inclusive Behavior
This is about whether your employees are “treated fairly, made to feel welcome, and included in key decisions.” It is “the most powerful predictor of whether employees view their organization’s culture as toxic. It applies to all demographic groups; “gender, race, sexual identity and orientation, disability, and age.” It can be outright discrimination to the equally invidious but more subtle conflicts of interests of nepotism and playing favorites. The topic of non-inclusiveness includes “terms like “cliques,” “clubby,” or “in crowd” that indicate that some employees are being excluded without specifying why.”
Disrespectful Behavior
The authors found that “feeling disrespected at work has the largest negative impact on an employee’s overall rating of their corporate culture of any single topic.” Lack of respect can occur in many areas. The most obvious is the lack of a speak up culture where employees understand it is useless to raise issues to management; whether serious matters such as FCPA violations to more straight-forward ideas such as process improvement. It can also be something as simple as whether or not to return to the office on a fulltime basis and whether management listens to employees about their desires to continue working from home or utilize some type of hybrid working arrangement. The authors noted, “whether you analyze culture at the level of the individual employee or aggregate to the organization as a whole, respect toward employees rises to the top of the list of cultural elements that matter most.”
Ethical Behavior
The authors believe that ethics “is a fundamental aspect of culture that matters at both the organizational and individual levels.” Interestingly, there are several different aspects to ‘ethics’ that every CCO needs to consider. Unethical behavior is “about integrity and ethics within an organization.” It also includes dishonesty, which “employees described dishonest behavior in many ways”, from outright lying to making false promises to shading the truth to simply “sugarcoating.” Under regulatory compliance employees talked about failure to comply with applicable regulations, including failure around safety standards.
Cutthroat Behavior
I found this category fascinating as it included both uncooperative co-workers and the lack of harmonization across organizational silos. This was not simply “friction in coordination” but situations where “employees talked about colleagues actively undermining one another.” It included what the authors termed as a “vivid lexicon to describe their workplace, including “dog-eat-dog” and “Darwinian” and talked about coworkers who “throw one another under the bus,” “stab each other in the back,” or “sabotage one another.””
Abusive Behavior
Having worked in law firms long ago, I understand abusive behavior. The authors called it “sustained hostile behavior toward employees” including such actions as “bullying, yelling, or shouting at employees, belittling or demeaning subordinates, verbally abusing people, and condescending or talking down to employees.” While one would hope such behaviors do not exist in the 21st century, they apparently still do. 0.8% of the employees surveyed for the article described their manager as abusive, however, when employees did mention abusive managers, it significantly depressed a corporate culture.
What CCOs and compliance professionals should try to drive forward is a “culture that is inclusive, respectful, ethical, collaborative, and free from abuse by those in positions of power.” But the authors caution that these are really the “baseline elements of a healthy corporate culture.” Employees want more than the basics and other stakeholders in an organization want companies to have strong official core values. In an interview with LRN’s Susan Divers, she called it the ‘value in values’. From the compliance professional’s perspective in means values like integrity, collaboration, respectful, and DEI.

Categories
Blog

Monaco Speech: Part 3 – Culture

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up her remarks on corporate culture. They were a small but significant part of her remarks so I will quote them in full. She said,
Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.
Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.
Although we understand the costs that enforcement actions can place on shareholders and others, our responsibility is to incentivize responsible corporate citizenship, a culture of compliance and a sense of accountability. So, the department will not hesitate to take action when necessary to combat corporate wrongdoing. [Emphasis Supplied]
I asked Affiliated Monitors Inc., (AMI) founder Vin DiCianni for his thoughts around these remarks. He said, “Last week’s announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes.  In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture.
A culture of compliance is the foundation of an organization’s compliance program. It is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by the Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Tina Rampino, Associate Managing Director at K2 Integrity, laid out some key questions to ask around culture. They included:

  • What is the tone that is set from the most senior levels of the organization?
  • Are employees motivated by doing any and all business no matter the risk?
  • Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?

She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executives and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance:

  1. Tone from the Top.
  2. Establishing and communicating enterprise-wide policies and programs.
  3. Defining clear roles and responsibilities across the three lines of defense.
  4. Ensuring adequate staffing and resources for functions responsible for compliance.
  5. Designing and implementing a comprehensive compliance training program.
  6. Establishing compliance incentives
  7. Creating efforts to embed and sustain a compliance culture.

Monaco had two additional remarks around corporate culture and a culture of compliance that bear repeating. She said, a record of corporate misconduct, even outside the FCPA, “speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.” In a remark that tied back to yesterday’s discussion of monitors she said, “Stepping back, any resolution with a company involves a significant amount of trust on the part of the government. Trust that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities. But where the basis for that trust is limited or called into question, we have other options. Independent monitors have long been a tool to encourage and verify compliance.” This last sentence would speak directly to DiCianni’s thoughts that “Unlike the previous administration’s very limited use of monitors, DAG Monaco described the value that integrity monitors bring to oversight for both the department and those entities subject to such oversight.”
Monaco noted she has sat on corporate boards when in the private sector. This experience certainly informs her approach as the DAG. The DOJ will be taking a much closer and in-depth look at corporate culture and whether there is a culture of compliance in any company which finds itself in a FCPA investigation or enforcement action. CCOs and compliance functions need to be ready to have demonstrable and documented evidence of a culture of compliance.

Categories
Blog

Lessons Learned from L’Affair Gruden

The fallout from the John Gruden imbroglio has widened and deepened. Many have asked why the NFL sat on the Gruden emails which were uncovered in the investigation of the toxic culture of the Washington football team, known to the NFL since the spring of this year, are only now coming into the public eye. Additionally, if the first email where Gruden disparaged the head of the NFL’s players union with a racial slur, which if it had not been brought to light by the Wall Street Journal (WSJ) on Sunday of this week, would it have been released by the NFL or Las Vegas Raiders at all? Finally, why did the NFL only send the first email to the Raiders when clearly there were many, many more that were unearthed. All good questions and they demonstrate several salient factors, not the least being as how the fallout from one event and investigation, can impact an entire industry. However, even without current answers to these and other questions there are several very important lessons for the compliance professional.
Don’t Put Stupid Stuff in Emails
Before we get to compliance, consider the most basic problem here. Not that Gruden is simply a racist, homophobe, sexist, misogynist and a person with little moral compass. We might have never known what was in his heart, if Gruden had not put those immoral values into emails over eight years. The reason he is now out of professional football, probably forever, is that he put his values into emails, in the crudest terms possible. Twenty years ago, I did corporate training on this very topic. That training is apparently still needed. Imagine how the civil litigation will look when all this gets to trial. All the plaintiff’s lawyer(s) will have to do is read the emails to demonstrate a wide variety of civil wrongs and regulatory breaches and the only question left will be damages.
Fallout from Unrelated Investigations
In the 21st century, nothing happens in a vacuum. The offending emails were uncovered in an unrelated investigation. These emails largely came from outside the entity being investigated (the Washington football team) and the investigative firm turned them over to the entity overseeing the investigation, here the NFL. As noted above, it is not clear what action the NFL might have taken against Gruden, his former employer ESPN or his current employer, the Las Vegas Raiders. Gruden’s resignation from the Raiders may well forestall an answer into those questions.
Now imagine the same scenario when the Securities and Exchange Commission (SEC) investigates Activism for its toxic work environment (or the Department of Justice (DOJ) for that matter) or when the SEC investigated Lordstown Motors for a variety of other fraud and accounting issues. What if a set of similar emails appeared, all coming from an outside 3rd party, such as Gruden’s did to the Washington football team President Bruce Allen? Would the company employing that same 3rd party receive an email from the SEC requesting all emails from the offending employee? Would the SEC want to look at all emails? How would your company respond? Is the EEOC going to get involved? Will they (or the SEC) be contacting ESPN, owned by the Walt Disney Company, a publicly traded organization about the culture at ESPN which allowed Gruden to send those emails. Are you ready to respond to them? 
What is Due Diligence?
No person wakes up in their mid-40s or 50s and thinks, today is the day I will start sending out racist, homophobic, sexist or misogynist emails and a throw away my moral compass. No one. They were like that long before they started doing so. Gruden had thought and felt those things long before he put them into print. Put another way, a leopard does not change it spots overnight. They were there for a long time.
As our colleague Candice Tal, founder of Infortal, continually reminds us, due diligence is not a one-time event nor a cursory google search. It is a sustained deep dive investigation. Gruden did not become a racist, homophobic, sexist and misogynist overnight. You can bet there are other pieces of evidence of his values and beliefs out there. The then Oakland Raiders signed Gruden to the richest professional football contract ever given to a coach, $100 million over 10 years. Yet they apparently did little to no background due diligence on him. Was there evidence of his racist, homophobic, sexist and misogynist views in the public record? Would it have mattered to the Raiders? Would the Raiders have hired him anyway? Perhaps so but at least they might have known about Gruden’s racist, homophobic, sexist and misogynist values and tried to manage that risk. Of course, they might have passed on hiring him altogether if they knew what the fallout could look like.
Culture, Culture and More Culture
What is the culture of your organization? Why did the NFL allow such a culture to flourish that would allow a Monday Night Football commentator on ESPN to hold the job and then become the highest paid professional coach? Is it because the Maga-hatter wearing NFL owners are all Trump supporters? What about the other employees who make up those organizations? Professional football players are 70% African American. What do Gruden’s remarks, the NFL’s non-response and the Raiders hiring communicate to them about how management thinks of them? Raider owner Mark Davis advised people to look to the NFL for answers.
Bill Rhoden, writing in The Undefeated, an ESPN publication, put it succinctly, “my concern is about the legion of enablers who supported Gruden all of these years. What about them? Who are they? The NFL has gotten rid of its Gruden problem. It has not gotten rid of Gruden-ism: regressive sensibilities that stand foursquare against diversity, inclusion and tolerance.” He went on to say, “The reality is that the NFL, for all of its attempts to move forward, has been revealed as a regressive organization populated by white men who hold views about race and power that are antithetical to progress and enlightenment. Trust me, Gruden is not the only person who holds these beliefs. He’s the only one stupid enough, or emboldened enough, to express them via email.”
In short, the NFL has a huge culture problem. But you cannot change unless you admit you have a problem. We have seen nothing from the NFL that indicates it believes the problem is beyond John Gruden.

Categories
The Affiliated Monitors Expert Podcast

What Factors Influence a Company’s Culture


In this episode, I am joined by Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. We consider what can influence an organization’s ethical culture, starting at the top with senior leadership. We consider such questions as whether your senior leaders practice what they preach as employees can spot a disconnect from a mile away.
 Highlights include:

  • A company does not have an ethical culture unless top management commits to it.
  • Equally important is a sense of organizational justice and fairness.
  • One of the key elements of effective leadership is listening and that also applies to a company’s culture.
  • Do senior leadership give their people the opportunity to be heard?
  • Do senior leaders get out of the ivory tower, go out into the field and meet with employees?
  • Are there town halls or other types of group interactions?
  • Do the employees see whether their leaders are living those kinds of values?
  • It is crucial for perception to equal reality.
  • The bottom line is there must be alignment between what top management says and the company’s core values – between what the organization says and what it does.

For more information see Jay’s blog post What Factors Influence a Company’s Ethical Culture? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. check out their website here.

Categories
The Affiliated Monitors Expert Podcast

What is Ethical Culture and Why Does it Matter


In this episode Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. begins a five-part exploration of corporate culture.  Corporate culture exists in the space between what an organization professes and what it does. It is important to pay attention to corporate culture as disconnects in this reality can be quite costly. Today, we consider what is ethical culture and why does it matter.
Highlights include:

  • An exploration of the question “what is corporate culture”?
  • Corporate culture is the way things really arein an organization and the way things really work.
  • There may be more than one culture in an organization and there might well be multiple subcultures in a company.
  • M&A due diligence around culture is critical.
  • What different kinds of cultural systems could impact a company?
  • Why is having a “speak up” culture a key indication of a strong ethical culture?
  • How can an organization hold its employees throughout the organization accountable?
  • Why must there must be an alignment between what top management says and the company’s core values to have an effective culture?

For more information see Jay’s blog post What is Ethical Culture and Why Does it Matter? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. check out their website here.

Categories
Innovation in Compliance

A Conversation with Convercent and StoneTurn: Asha Palmer on Corporate Culture

Welcome to a special five-part podcast series, A Conversation with Convercent and StoneTurn: From the Code of Conduct to Risk Assessment to Continuous Improvement. This week’s podcast series is jointly sponsored by Convercent and StoneTurn. Over the course of the series we are exploring the impacts on corporate compliance programs from the recently released 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2020 Update). We focus on investigations, data analytics, evaluating compliance programs, internal reporting and corporate culture. Participants in this podcast series include: Asha Palmer, Convercent Chief Ethics and Compliance Officer (CECO) and Executive Vice President (EVP) of CONVERGE; Rex Homme, Michele Edwards, and Stephen Martin, all Partners at StoneTurn. In this fourth episode, we take a deep dive with Palmer into corporate culture.

Join us tomorrow, as Stephen Martin, Partner at StoneTurn discusses evaluating compliance programs.
Resources
For more information on StoneTurn, check out their website, here.
For more information on Convercent, check out their website, here.
To download a copy of the Convercent Interactive Self-Assessment based on the 2020 Update to the Evaluation of Corporate Compliance Programs, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds-Episode 33, enhancing culture

Great Speech About Improving Corporate Culture“.]]>