In today’s edition of Daily Compliance News:
Tag: culture
Tom Fox is chatting with Jay Rosen in this week’s ESG Report. They discuss the critical factors involved in aligning your company culture with your ESG strategy.
What is Culture?
ESG considerations have been taking center stage and are now critical for sustainable success. However, a key area organizations may overlook when planning their ESG strategy is culture, which refers to the way things get done within an organization, comprising norms, beliefs, and behaviors that determine how people show up at work.
How to Shift Company Culture
“Getting culture right is essential for any successful transformation,” Jay says. Investing heavily in ESG-friendly structures, workforce strategies, and governance models only do so much, but the real change lies in educating the company around the goals of ESG, aligning hearts and minds.
Jay points out that few people are prepared to alter their attitudes and beliefs simply because senior management tells them they should. Leaders are therefore required to give people a say in culture change and make it clear to everyone in the organization why the change matters, and how it allows them to meet consumer and societal needs better.
What Makes Up the Right ESG Culture?
If a company says they’re all about ESG, then they need to show it. Internal company policies, processes, and cultures must align with their external communications. Correct behaviors can include things as little as carrying a reusable water bottle, using public transport, or avoiding unnecessary printing; these can all enhance your credibility as a leader of an ESG program. “Any sustainable change starts with a culture and mindset shift,” Jay tells Tom.
RESOURCES
Tom Fox’s email
Jay Rosen | LinkedIn
The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action. To say that the respondent company, Stericycle, Inc. (Stericycle) had a culture of non-compliance throughout its entire Latin American (LATAM) business unit belies those companies which only have a dysfunctional culture. Stericycle had a culture of corruption burned into the DNA of the LATAM business unit which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM.
Yet even with this corrupt culture, Stericycle also demonstrated how a company can take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the criminal penalty reflects a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.
The Stericycle enforcement action also provides insights into how the DOJ will implement the remarks made by Lisa Monaco last October on their new approach to FCPA enforcement. Finally, Stericycle agreed to a two-year corporate monitor under both the DOJ and SEC settlements. In short, there is much to unpack from this enforcement action which I will do so over the next few blog posts.
According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. Stericycle agreed to a criminal Information, which charged the company with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Stericycle agreed to a criminal penalty of $52.5 million. According to the DOJ Press Release, the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings, including an amount of approximately $9.3 million to resolve investigations by the Controladoria-Geral da União (CGU) and the Advocacia-Geral de União (Attorney General’s Office). According to the SEC Press Release, Stericycle consented to the SEC’s cease-and-desist order that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA, and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC’s order provides for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division said in the DOJ Press Release, “Stericycle today accepted responsibility for its corrupt business practices in paying millions of dollars in bribes to foreign officials in multiple countries. The company also maintained false books and records to conceal corrupt and improper payments made by its subsidiaries in Brazil, Mexico, and Argentina. Today’s resolution demonstrates the Department of Justice’s continuing commitment to combating corruption and protecting the international marketplace.”
Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division said, “Today’s resolution with Stericycle shows that the FBI and our international law enforcement partners will not allow corruption to permeate domestic or international markets. The consequences of violating the FCPA are clear: Companies that bribe foreign officials for business advantage will be held accountable.” Finally, Eric I. Bustillo, Director of the SEC’s Miami Regional Office, said in the SEC Press Release, “Stericycle rapidly expanded in Latin America without any meaningful oversight or compliance measures, as evidenced by widespread bribery schemes lasting for many years in most of its Latin America operations. Companies in pursuit of global expansion cannot disregard the need for appropriate controls.” Damning words all but they had lessons for the compliance professional from this matter.
As part of the DPA, Stericycle has agreed to continue to cooperate with the department in any ongoing or future criminal investigations relating to this conduct. This could well mean additional criminal charges may be brought against any number of individuals known to the DOJ, as identified in the Information. In Brazil, the following persons, Stericycle LATAM Executives 1 & 2, Stericycle Brazilian Executives 1-3, and Stericycle Argentina Executive 1 were named in the Information. Also interesting was the active assistance of sister anti-corruption enforcement groups in Brazil and Mexico, which were both identified by the DOJ and SEC as helping.
It was also interesting to note that under the DOJ Press Release, it noted that while “Stericycle has taken extensive remedial measures, it has not fully implemented or tested its enhanced compliance program, necessitating the imposition of an independent compliance monitor for a term of two years. Stericycle agreed to continue to enhance its compliance program and to retain an independent compliance monitor for two years, followed by self-reporting to the department for the remainder of the term.”
Regarding the final settlements with the DOJ and SEC; they both agreed to their respective resolutions with Stericycle based on several factors, including, among others, the company’s failure to voluntarily and timely disclose the conduct that triggered the investigation and the nature, seriousness, and pervasiveness of the offense. Although Stericycle did not self-disclose their illegal conduct to the DOJ or SEC, they did receive full credit for cooperation with both the agency investigations and engaged in extensive remedial measures. As noted above, this led to a 25% discount off the range suggested under the Sentencing Guidelines, saving Stericycle between $25 million to $30 million from their final criminal fine.
Finally, the Stericycle FCPA enforcement action is notable for the company’s use of code words to discuss bribery in its routine emails and other business correspondence. While chocolates and incentive payments (IPs) have been used before by other companies, cookies are now added to the bribery lexicon as a moniker for payment bribes.
Join us in our next blog where we consider the bribery schemes.
Kris Reynolds is the CEO of Arrowhead Consulting, a company that guides other organizations on managing their employees, processes, and tools. Tom Fox welcomes him to this week’s show to talk about corporate culture, strategies for post-pandemic productivity, and the future of project management.
</p>
Culture As a Focus
Corporate culture is important and must be aligned to the business’s core values. Your core values also can’t be simple slogans that you have up on walls. They have to be constantly acted on. “If you’re not really living and breathing the core values, you’re not really going to be a culture fit,” Kris tells Tom.
Post-Pandemic Strategies
Kris itemizes three strategies companies should be engaging within the post-pandemic business world: creativity, relationships and connections, and going back to basics. Creativity in advertising and marketing is key, and Kris also suggests pairing creativity with relationships. “I would encourage companies whether you’re small or large, to take the time to do more personal related touchpoints with the people that you’re trying to engage with,” he remarks. Going back to basics as a strategy is looking back at what got you to where you are as a business, and making sure that you’re accentuating those elements in your business.
Making Meetings More Efficient
Tom asks Kris to give some tips to make corporate meetings more efficient. The goal of meetings should be decision-making. Corporate meetings should be about making sure that the knowledge shared is being used to advance the respective initiative. Kris stresses having structured meeting agendas that are time-boxed and having the meetings begin with the most important topics. Having meetings commence like this enforces a sense of urgency and will encourage employees to arrive on time.
The Future of Project Management in Technology
Kris explains that there will be a greater focus on virtual reality training as opposed to Zoom meetings and PowerPoint presentations. This is because training in the future has to be experiential and hands-on. Training has to be engaging. “If we have some training spaces where we have the virtual reality, you could be training with somebody across the other side of the globe and being able to talk and work on projects together and things like that,” Kris tells Tom.
Resources
Kris Reynolds | LinkedIn | Twitter
Arrowhead Consulting
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
In Part 1 of a two-part series with Debra Sabitini Hennelly, we focus on three major themes of psychological safety, burnout and culture. In Google studies, psychological safety has been the number one factor of successful teams. It’s therefore important that we cultivate cultures with psychological safety as a critical part of our culture of integrity. Environments of psychological safety are safe places where stakeholders know that they can share their views without fear or retribution – that it is a safe place to speak freely. There also needs to be inclusiveness and a sense of belonging by members of the community and we discuss this in further detail in this episode.
Deb shares some thoughts on burnout and we emphasize that feelings of burnout do not just occur when you’re overworked and overtired. Burnout can occur when you’re going through very traumatic situations at work or at home so we keep in mind the moral injury aspect of feelings that can be present sometimes with burnout, as well as the sheer exhaustion.
These topics naturally touch on culture as a critical aspect in terms of whether you are surrounded by psychological safety or burnout and we talk about culture from many different angles in this episode from how you can own and embrace it as a population to the recent brave move of Rio Tinto making their culture survey results public as an example of courage and accountability.
The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it. You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast. Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom turn to the recent FCPA enforcement action brought by the SEC involving the Korean company KT Corp. Some of the issues we consider
- Background facts and a corrupt culture, literally from the top.
- How does the SEC have jurisdiction over KT Corp?
- Why you need a flow chart of the bribery schemes and a scorecard of the players.
- Corruption leading to the Korean Blue House.
- Bags of cash delivered and kept in office safes.
- Was the resolution an interim step before a monitor is employed?
Resources
Tom with a 3-part series in the FCPA Compliance and Ethics Blog
Matt in Radical Compliance
As the villain Le Chiffre says to James Bond just before he began to torture him in the movie version of Casino Royal, “Sometimes the old ways are the best.” He then begins to beat Bond’s family jewels with a knotted hemp rope. It is one very painful scene to watch.
I thought of the movie line, but not the torture scene, when I read the most recent Foreign Corrupt Practices Act (FCPA) enforcement action where the Korean entity KT Corporation settled with the Securities and Exchange Commission (SEC) via a Cease and Desist Order (the Order) for “disgorgement of $2,263,821, prejudgment interest of $536,457, and a civil money penalty in the amount of $3,500,000” bringing the total fine and penalty to just over $6.3 million. The reason for the prescience of the Le Chiffre line was that the first bribery schemes in South Korea largely revolved around cash. We have not seen those ‘little brown bags’ of cash in too many recent FCPA enforcement actions. This makes the KT Corp. matter worth looking at in some detail.
In terms of financial penalties, the total amount is obviously low. However, there are multiple lessons to be garnered from the enforcement action that are worth exploring. Over the next few blog posts, I will be taking a deep dive into the enforcement action and exploring it in some detail.
Background
First a word on jurisdiction as you may be asking why is the US SEC bringing a FCPA enforcement action against Korea’s largest telecoms operator? For KT Corp., the answer is that it has American Depositary Shares, (ADRs) which are registered with the SEC and trade on the New York Stock Exchange (NYSE). Additionally, KT Corp. files periodic reports, including Form 20-F, with the SEC. If you represent companies which have ADRs in the US, you might want to inquire if they have any internal controls around the FCPA and whether they even have a compliance program.
According to the SEC Press Release announcing the resolution, KT Corp. is “South Korea’s largest telecommunications operator, engaged in multiple schemes to make improper payments in Korea and Vietnam.” However, the company did not have “sufficient internal accounting controls over charitable donations, third-party payments, executive bonuses, and gift card purchases.” This failure of internal controls leads to numerous compliance failures and FCPA violations where “high-level executives, were able to generate slush funds that were used for gifts and illegal political contributions to government officials in Korea who had influence over KT Corp.’s business. Other employees were able to make payments in connection with seeking business from government customers in Vietnam.”
Moreover, as specified in the Order, “the misconduct involved former high-level managers and executives and occurred under circumstances whereby KT had no relevant anti-corruption policies or procedures with respect to donations, employment candidates, vendors, subcontractors, or third-party agents. In certain instances, this allowed KT employees to provide benefits improperly to government officials and to seek business from government customers. As a result of this misconduct, KT violated the books and records and internal accounting controls provisions of the FCPA.”
Charles Cain, Chief of the SEC Enforcement Division’s FCPA Unit, was quoted in the SEC Press Release for the following, “For nearly a decade, KT Corp. failed to implement sufficient internal accounting controls with respect to key aspects of its business operations, while at the same time lacking relevant anti-corruption policies or procedures. Issuers must be sure to devote appropriate attention to meeting their obligations under the FCPA.” Finally, “in November 2021, South Korean authorities indicted KT Corp. and 14 executives for criminal violations related to illegal political contributions from the slush funds.”
Culture
There were multiple bribery schemes involving KT Corp., which we will detail at some length in this series. However, one thing that is made clear in this Order is the complete and total failure of a culture of compliance at KT Corp. or at least something coming close to an appearance of doing business by not paying bribes. First was the length of the bribery schemes detailed in the Order, which stated, “From at least 2009 through 2017, high-level executives of KT maintained slush funds, comprised of both off-the-books accounts and physical stashes of cash, in order to provide items of value to government officials, among others. These included gifts, entertainment and, ultimately, illegal political contributions to members of the Korean National Assembly serving on committees relevant to KT’s business.”
When this slush fund story was broken open by the Press in South Korea, the company did not take the opportunity to self-disclose, remediate the deficiencies discovered or even stop the bribery and corruption. Instead, KT Corp. officials “devised a new method to continue generating a slush fund.” Clearly this was a business that was committed to feathering its nest via bribery and corruption.
Join us tomorrow where we take a deep dive into the bribery schemes.
This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to head in a different direction and provide some guidance on getting your organization’s culture right.
As most readers will recall, a very large part of Deputy Attorney General Lisa Monaco’s October 2021 speech dealt with corporate culture. Regarding culture, Vin DiCianni, founder of Affiliated Monitors, Inc. (AMI), said of Monaco’s remarks, the “announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture is now paramount. Chief Compliance Officers (CCOs) need to focus on growing corporate culture to build the ethical foundation for a successful compliance program.
In the most recent MIT Sloan Management Review issue, Donald Sull and Charles Sull penned an article entitled “10 Things Your Corporate Culture Needs to Get Right”, in which they posited that “knowing what elements of culture matter most to employees can help leaders foster engagement as they transition to a new reality that will include more remote and hybrid work.” It is an excellent review of some of the key elements around corporate culture and how CCOs can move forward to lay the foundation of one.
In the piece the authors explored “What distinguishes a good corporate culture from a bad one in the eyes of employees?” Of course, culture always starts at the top but unfortunately, the authors noted that “an organization’s official core values signal top executives’ cultural aspirations, rather than reflecting the elements of corporate culture that matter most to employees.” It is only by listening to what employees want that you can begin to understand how to improve culture. The authors found 10 key elements of culture that mattered most to employees.
- Employees feel respected. Employees are treated with consideration, courtesy, and dignity, and their perspectives are taken seriously. This is by far and away the most important factor and “the single best predictor of a company’s culture score is whether employees feel respected at work. Respect is not only the most important factor, it stands head and shoulders above other cultural elements in terms of its importance. Respect is nearly 18 times as important as the typical feature in our model in predicting a company’s overall culture rating, and almost twice as important as the second most predictive factor.” The implications of this finding go to communications and a speak up culture and how they might be used by a compliance function.
- Supportive leaders. Leaders help employees do their work, respond to requests, accommodate employees’ individual needs, offer encouragement, and have their backs. Here the authors found “Employees describe supportive leaders as helping them do their work, being responsive to requests, accommodating employees’ individual needs, offering encouragement, and having their backs. Leaders, of course, influence all aspects of culture, but being a source of support for employees is especially critical and is the leadership trait most closely associated with a highly rated culture.” This ties back into the respect finding and also ties into a speak up culture and trust at an organization.
- Leaders live core values. Leaders’ actions are consistent with the organization’s values. While the regulators focus on this issue, employees need to see leaders not simply espousing words but actually doing deeds. Perhaps most interestingly, “Employees don’t expect leaders to live the core values, but they appreciate it when they do.”
- Toxic managers. Leaders create a poisonous work environment and are described in extremely negative terms. Nothing will kill culture faster than a toxic manager. From the compliance perspective, this can be a disaster for not only does a toxic manager poison the atmosphere of those around them, but also those who train under him or her will garner their toxic approach as a role model.
- Unethical behavior. Managers and employees lack integrity and act in an unethical manner. Once again this can portend a disaster for an organization. Integrity is the cornerstone of most organizations’ official culture and “Identifying toxic leaders, digging deeper to understand the context of their behavior, coaching them, or removing them from leadership positions are tangible actions organizations can take to root out people who are undermining corporate culture and potentially exposing the company to reputational or legal risk.”
- Benefits. Employees’ assessment of all employer-provided benefits. While initially this might not seem like a compliance issue, when you look at the DOJ mandate for corporate compliance to be the bearer of institutional justice and institutional fairness you begin to see the connection. Perhaps most interesting is that “benefits are more than twice as important as compensation. Benefits are important for all employees, but which benefits matter most depend on an employee’s job. Health insurance and benefits are a better predictor of culture rating for front-line workers, while retirement benefits such as 401(k) plans and pensions matter more for white-collar employees.”
- Perks. Employees’ assessment of workplace amenities and perks. This finding once again calls the CCO around institutional fairness and ties into the importance of talent attraction, acquisition and retention. Here the most interesting item I found for compliance was that “Among perks, company-organized social events are a particularly strong predictor of a high culture score. Even when you control for how employees talk about perks in general, social events like team-building exercises, happy hours, and picnics emerge as a reliable predictor of a high culture score. Organizing social events is a promising and relatively low-cost way executives can reinforce corporate culture as employees return to the office.” This provides insights on ongoing communications about compliance in the post-pandemic world.
- Learning and development. Employees’ assessment of opportunities for formal and informal learning. This finding also portends well for compliance in terms of both formal and information compliance training and messaging.
- Job security. Perceived job security, including fear of layoffs, offshoring, and automation. Most compliance functions do not consider job security as part of corporate culture. However, the authors note, “Job insecurity, however, weighs heavily on employees’ minds when they assess corporate culture. The larger the percentage of employees who talked about layoffs, outsourcing, or the possibility of getting fired, the lower the company ranked on culture.”
- Reorganizations. How employees view reorganizations, including frequency and quality. I found this not too surprising, but the authors did note, “Virtually no one has any good things to say about reorganizations.” Further, “the fewer people who mention reorganizations, the higher a company’s culture score. While you might associate the mention of reorganizations with layoffs and job instability, the data reveals that employee concerns on this issue speak to wider strategic issues for companies.”
CCOs and compliance functions face a series of challenges while navigating the post-COVID-19 return to work. Through corporate culture, companies must maintain a healthy culture as mandated by the DOJ. The authors conclude, “Understanding the elements of culture that matter most to employees can help leaders maintain employee engagement and a vibrant culture as they transition to the new normal.”
Please join us tomorrow where we will look at why you need a career coach in compliance.
In this episode of the FCPA Compliance Report, I am joined by fan favorite James Koukios, partner at Morrison and Foerster. In this episode we take a deep dive into the Lisa Monaco speech from October and related remarks from other DOJ representatives about the DOJ refocus on white collar enforcement and related issues. Highlights of this podcast include:
· Who is the DAG and what does that position entail?
· Reinstatement of Yates Memo.
· Does this change an investigation focus?
· The new focus on culture and how do you assess corporate culture?
· What about reports of all violations, enforcements and even investigations even is outside FCPA?
· What are the implications of this change?
· How will all this work with current FCPA Corporate Enforcement Policy?
· The revocation of Benczkowski Memo. What are the implications?
· The new focus on monitorships?
· What about recidivists or those who fail to meet the obligations of their DPA/NPA?
Resources
James Koukios on the MoFo website.
Welcome to the only roundtable podcast in compliance. The entire gang was also thrilled to be honored by W3 as a top talk show in podcasting. In this episode, we have the quintet of Karen Woody, Jonathan Armstrong, Tom Fox, Matt Kelly and Jay Rosen. We discuss some of the key issues from the Activision Blizzard acquisition by Microsoft in the context of the BeeGees. We also have a special tribute section to Meatloaf as well as Shout Outs and Rants.
1. Karen Woody used Staying Alive to look at the SEC angle on the acquisition. Karen shouts out to workers in the travel industry for getting travelers home during the holidays. Woody paid tribute to Meatloaf’s acting career, the Rocky Horror movie and the song Hot Potootie Bless My Soul which her father still loves and is played annually at his birthday.
2. Jay Rosen reviewed To Love Somebody in asking what role can a monitor play in this matter? Rosen ranted about longtime Boston sportswriter Dan Shaughnessy who voted against David Ortiz for the HOF and shouted out to Big Papi’s response. Jay paid tribute to You Took the Words Right Out of My Mouth, Meatloaf’s acting and SNL performances.
3. Matt Kelly considered Massachusetts to consider the anti-trust angles and whether Microsoft can turn the corruption culture at Activision around. Kelly laments the missing child Heather Montgomery and all the officials who did not take her mother’s report of her disappearance seriously. Matt paid tribute to those listeners who are too young to remember Meatloaf.
4. Jonathan Armstrong used How Can You Mend a Broken Heart to look at EU and UK anti-trust issues as well as data privacy concerns under GDPR. Armstrong shouts out artist Tracy Emin for demanding No. 10 pull her artwork due to the corruption of BoJo. Jonathan paid tribute to Meatloaf’s financial support of Jonathan’s local football club Hartlepool United.
5. Tom Fox considered the role of the Microsoft Board of Directors in the acquisition. He shouted out to the Joel Coen movie Macbeth and started Oscar buzz by further shouting out to Kathryn Hunter for her portrayal of the 3 sisters. Tom paid tribute to Paradise by the Dashboard Lights.
The members of the Everything Compliance are:
• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
• Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.
