As the villain Le Chiffre says to James Bond just before he began to torture him in the movie version of Casino Royal, “Sometimes the old ways are the best.” He then begins to beat Bond’s family jewels with a knotted hemp rope. It is one very painful scene to watch.
I thought of the movie line, but not the torture scene, when I read the most recent Foreign Corrupt Practices Act (FCPA) enforcement action where the Korean entity KT Corporation settled with the Securities and Exchange Commission (SEC) via a Cease and Desist Order (the Order) for “disgorgement of $2,263,821, prejudgment interest of $536,457, and a civil money penalty in the amount of $3,500,000” bringing the total fine and penalty to just over $6.3 million. The reason for the prescience of the Le Chiffre line was that the first bribery schemes in South Korea largely revolved around cash. We have not seen those ‘little brown bags’ of cash in too many recent FCPA enforcement actions. This makes the KT Corp. matter worth looking at in some detail.
In terms of financial penalties, the total amount is obviously low. However, there are multiple lessons to be garnered from the enforcement action that are worth exploring. Over the next few blog posts, I will be taking a deep dive into the enforcement action and exploring it in some detail.
Background
First a word on jurisdiction as you may be asking why is the US SEC bringing a FCPA enforcement action against Korea’s largest telecoms operator? For KT Corp., the answer is that it has American Depositary Shares, (ADRs) which are registered with the SEC and trade on the New York Stock Exchange (NYSE). Additionally, KT Corp. files periodic reports, including Form 20-F, with the SEC. If you represent companies which have ADRs in the US, you might want to inquire if they have any internal controls around the FCPA and whether they even have a compliance program.
According to the SEC Press Release announcing the resolution, KT Corp. is “South Korea’s largest telecommunications operator, engaged in multiple schemes to make improper payments in Korea and Vietnam.” However, the company did not have “sufficient internal accounting controls over charitable donations, third-party payments, executive bonuses, and gift card purchases.” This failure of internal controls leads to numerous compliance failures and FCPA violations where “high-level executives, were able to generate slush funds that were used for gifts and illegal political contributions to government officials in Korea who had influence over KT Corp.’s business. Other employees were able to make payments in connection with seeking business from government customers in Vietnam.”
Moreover, as specified in the Order, “the misconduct involved former high-level managers and executives and occurred under circumstances whereby KT had no relevant anti-corruption policies or procedures with respect to donations, employment candidates, vendors, subcontractors, or third-party agents. In certain instances, this allowed KT employees to provide benefits improperly to government officials and to seek business from government customers. As a result of this misconduct, KT violated the books and records and internal accounting controls provisions of the FCPA.”
Charles Cain, Chief of the SEC Enforcement Division’s FCPA Unit, was quoted in the SEC Press Release for the following, “For nearly a decade, KT Corp. failed to implement sufficient internal accounting controls with respect to key aspects of its business operations, while at the same time lacking relevant anti-corruption policies or procedures. Issuers must be sure to devote appropriate attention to meeting their obligations under the FCPA.” Finally, “in November 2021, South Korean authorities indicted KT Corp. and 14 executives for criminal violations related to illegal political contributions from the slush funds.”
Culture
There were multiple bribery schemes involving KT Corp., which we will detail at some length in this series. However, one thing that is made clear in this Order is the complete and total failure of a culture of compliance at KT Corp. or at least something coming close to an appearance of doing business by not paying bribes. First was the length of the bribery schemes detailed in the Order, which stated, “From at least 2009 through 2017, high-level executives of KT maintained slush funds, comprised of both off-the-books accounts and physical stashes of cash, in order to provide items of value to government officials, among others. These included gifts, entertainment and, ultimately, illegal political contributions to members of the Korean National Assembly serving on committees relevant to KT’s business.”
When this slush fund story was broken open by the Press in South Korea, the company did not take the opportunity to self-disclose, remediate the deficiencies discovered or even stop the bribery and corruption. Instead, KT Corp. officials “devised a new method to continue generating a slush fund.” Clearly this was a business that was committed to feathering its nest via bribery and corruption.
Join us tomorrow where we take a deep dive into the bribery schemes.
Tag: culture
This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to head in a different direction and provide some guidance on getting your organization’s culture right.
As most readers will recall, a very large part of Deputy Attorney General Lisa Monaco’s October 2021 speech dealt with corporate culture. Regarding culture, Vin DiCianni, founder of Affiliated Monitors, Inc. (AMI), said of Monaco’s remarks, the “announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture is now paramount. Chief Compliance Officers (CCOs) need to focus on growing corporate culture to build the ethical foundation for a successful compliance program.
In the most recent MIT Sloan Management Review issue, Donald Sull and Charles Sull penned an article entitled “10 Things Your Corporate Culture Needs to Get Right”, in which they posited that “knowing what elements of culture matter most to employees can help leaders foster engagement as they transition to a new reality that will include more remote and hybrid work.” It is an excellent review of some of the key elements around corporate culture and how CCOs can move forward to lay the foundation of one.
In the piece the authors explored “What distinguishes a good corporate culture from a bad one in the eyes of employees?” Of course, culture always starts at the top but unfortunately, the authors noted that “an organization’s official core values signal top executives’ cultural aspirations, rather than reflecting the elements of corporate culture that matter most to employees.” It is only by listening to what employees want that you can begin to understand how to improve culture. The authors found 10 key elements of culture that mattered most to employees.
- Employees feel respected. Employees are treated with consideration, courtesy, and dignity, and their perspectives are taken seriously. This is by far and away the most important factor and “the single best predictor of a company’s culture score is whether employees feel respected at work. Respect is not only the most important factor, it stands head and shoulders above other cultural elements in terms of its importance. Respect is nearly 18 times as important as the typical feature in our model in predicting a company’s overall culture rating, and almost twice as important as the second most predictive factor.” The implications of this finding go to communications and a speak up culture and how they might be used by a compliance function.
- Supportive leaders. Leaders help employees do their work, respond to requests, accommodate employees’ individual needs, offer encouragement, and have their backs. Here the authors found “Employees describe supportive leaders as helping them do their work, being responsive to requests, accommodating employees’ individual needs, offering encouragement, and having their backs. Leaders, of course, influence all aspects of culture, but being a source of support for employees is especially critical and is the leadership trait most closely associated with a highly rated culture.” This ties back into the respect finding and also ties into a speak up culture and trust at an organization.
- Leaders live core values. Leaders’ actions are consistent with the organization’s values. While the regulators focus on this issue, employees need to see leaders not simply espousing words but actually doing deeds. Perhaps most interestingly, “Employees don’t expect leaders to live the core values, but they appreciate it when they do.”
- Toxic managers. Leaders create a poisonous work environment and are described in extremely negative terms. Nothing will kill culture faster than a toxic manager. From the compliance perspective, this can be a disaster for not only does a toxic manager poison the atmosphere of those around them, but also those who train under him or her will garner their toxic approach as a role model.
- Unethical behavior. Managers and employees lack integrity and act in an unethical manner. Once again this can portend a disaster for an organization. Integrity is the cornerstone of most organizations’ official culture and “Identifying toxic leaders, digging deeper to understand the context of their behavior, coaching them, or removing them from leadership positions are tangible actions organizations can take to root out people who are undermining corporate culture and potentially exposing the company to reputational or legal risk.”
- Benefits. Employees’ assessment of all employer-provided benefits. While initially this might not seem like a compliance issue, when you look at the DOJ mandate for corporate compliance to be the bearer of institutional justice and institutional fairness you begin to see the connection. Perhaps most interesting is that “benefits are more than twice as important as compensation. Benefits are important for all employees, but which benefits matter most depend on an employee’s job. Health insurance and benefits are a better predictor of culture rating for front-line workers, while retirement benefits such as 401(k) plans and pensions matter more for white-collar employees.”
- Perks. Employees’ assessment of workplace amenities and perks. This finding once again calls the CCO around institutional fairness and ties into the importance of talent attraction, acquisition and retention. Here the most interesting item I found for compliance was that “Among perks, company-organized social events are a particularly strong predictor of a high culture score. Even when you control for how employees talk about perks in general, social events like team-building exercises, happy hours, and picnics emerge as a reliable predictor of a high culture score. Organizing social events is a promising and relatively low-cost way executives can reinforce corporate culture as employees return to the office.” This provides insights on ongoing communications about compliance in the post-pandemic world.
- Learning and development. Employees’ assessment of opportunities for formal and informal learning. This finding also portends well for compliance in terms of both formal and information compliance training and messaging.
- Job security. Perceived job security, including fear of layoffs, offshoring, and automation. Most compliance functions do not consider job security as part of corporate culture. However, the authors note, “Job insecurity, however, weighs heavily on employees’ minds when they assess corporate culture. The larger the percentage of employees who talked about layoffs, outsourcing, or the possibility of getting fired, the lower the company ranked on culture.”
- Reorganizations. How employees view reorganizations, including frequency and quality. I found this not too surprising, but the authors did note, “Virtually no one has any good things to say about reorganizations.” Further, “the fewer people who mention reorganizations, the higher a company’s culture score. While you might associate the mention of reorganizations with layoffs and job instability, the data reveals that employee concerns on this issue speak to wider strategic issues for companies.”
CCOs and compliance functions face a series of challenges while navigating the post-COVID-19 return to work. Through corporate culture, companies must maintain a healthy culture as mandated by the DOJ. The authors conclude, “Understanding the elements of culture that matter most to employees can help leaders maintain employee engagement and a vibrant culture as they transition to the new normal.”
Please join us tomorrow where we will look at why you need a career coach in compliance.
In this episode of the FCPA Compliance Report, I am joined by fan favorite James Koukios, partner at Morrison and Foerster. In this episode we take a deep dive into the Lisa Monaco speech from October and related remarks from other DOJ representatives about the DOJ refocus on white collar enforcement and related issues. Highlights of this podcast include:
· Who is the DAG and what does that position entail?
· Reinstatement of Yates Memo.
· Does this change an investigation focus?
· The new focus on culture and how do you assess corporate culture?
· What about reports of all violations, enforcements and even investigations even is outside FCPA?
· What are the implications of this change?
· How will all this work with current FCPA Corporate Enforcement Policy?
· The revocation of Benczkowski Memo. What are the implications?
· The new focus on monitorships?
· What about recidivists or those who fail to meet the obligations of their DPA/NPA?
Resources
James Koukios on the MoFo website.
Welcome to the only roundtable podcast in compliance. The entire gang was also thrilled to be honored by W3 as a top talk show in podcasting. In this episode, we have the quintet of Karen Woody, Jonathan Armstrong, Tom Fox, Matt Kelly and Jay Rosen. We discuss some of the key issues from the Activision Blizzard acquisition by Microsoft in the context of the BeeGees. We also have a special tribute section to Meatloaf as well as Shout Outs and Rants.
1. Karen Woody used Staying Alive to look at the SEC angle on the acquisition. Karen shouts out to workers in the travel industry for getting travelers home during the holidays. Woody paid tribute to Meatloaf’s acting career, the Rocky Horror movie and the song Hot Potootie Bless My Soul which her father still loves and is played annually at his birthday.
2. Jay Rosen reviewed To Love Somebody in asking what role can a monitor play in this matter? Rosen ranted about longtime Boston sportswriter Dan Shaughnessy who voted against David Ortiz for the HOF and shouted out to Big Papi’s response. Jay paid tribute to You Took the Words Right Out of My Mouth, Meatloaf’s acting and SNL performances.
3. Matt Kelly considered Massachusetts to consider the anti-trust angles and whether Microsoft can turn the corruption culture at Activision around. Kelly laments the missing child Heather Montgomery and all the officials who did not take her mother’s report of her disappearance seriously. Matt paid tribute to those listeners who are too young to remember Meatloaf.
4. Jonathan Armstrong used How Can You Mend a Broken Heart to look at EU and UK anti-trust issues as well as data privacy concerns under GDPR. Armstrong shouts out artist Tracy Emin for demanding No. 10 pull her artwork due to the corruption of BoJo. Jonathan paid tribute to Meatloaf’s financial support of Jonathan’s local football club Hartlepool United.
5. Tom Fox considered the role of the Microsoft Board of Directors in the acquisition. He shouted out to the Joel Coen movie Macbeth and started Oscar buzz by further shouting out to Kathryn Hunter for her portrayal of the 3 sisters. Tom paid tribute to Paradise by the Dashboard Lights.
The members of the Everything Compliance are:
• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
• Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.
Hannukah came early this year and we are now in the full holiday swing of things. Tom and Jay are back to look at some of the week’s top compliance and ethics stories this week in the Happy Holidays edition.
Stories
1. New Biden Administration anti-corruption strategy revealed. Matt Kelly in Radical Compliance.
2. Mike Volkov asks where are the FCPA enforcement actions? In Corruption Crime and Compliance.
3. Global ESG efforts and compliance. Mike Munro in explores in the FCPA Blog.
4. More on the OECD recommendations. Jessica Tillipman in the FCPA Blog.
5. DOL proposal may change ESG game. Melissa Khan in Harvard Law School Forum on Corporate Governance.
6. Nurturing ethical culture. Matt Kelly in Risk and Compliance Matters.
7. Is Italy a safe haven for bribe payors? Rick Messick asks in GAB.
8. How to avoid a dystopian office culture. Rob Shavell in CCI.
9. Top ethics and compliance failures in 2021. Jaclyn Jaeger in Compliance Week (sub req’d).
10. When is a potential fine a threat? Keith Paul Bishop in California Corporate and Securities Law.
Podcasts and Events
11. The recent announcement by DAG Monaco on the refocus of the DOJ’s use of monitors has caused much consternation. To analyze, Affiliated Monitors sponsored a 5-part podcast series this week Not Your Father’s Monitor. In this Episode 1, Bethany Hengsbach considers this change in monitorships from the white-collar enforcement and defense perspective. In Episode 2, Mikhail Reider Gordon looks at global aspects of the new DOJ monitor’s focus. In Episode 3, Cristina Revelo discusses how E&C assessments help drive more compliant companies. In Episode 4, Jesse Caplan brings his views on the intersection of the twin topics of antitrust and healthcare compliance. In Episode 5, Vin DiCianni looks at where monitors and monitorships are going in 2022 and beyond.
12. Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In our final episode, we wrap up what we learned from the series.
13. In November on The Compliance Life, I visit with Matt Silverman, Director of Trade Compliance at VIAVI. Matt is the first Trade Compliance Director I have hosted on TCL. In Part 1, Matt details his academic career and early professional life.
14. The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Once Upon a Trading Law: The History of Insider Trading. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. Check out Episode 1, which looks at the beginnings of insider trading.
15. Join Tom, Mike Volkov, Carrie Penman, Dr. Pat Harned and Skip Lowney (an all-star panel if there ever was one) for the ECI webinar on the intersection of compliance and E&C programs. Wednesday, December 15, from 2-3:30 ET. Registration and information here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
This week I have been writing about the speech Deputy Attorney General (DAG) Lisa O. Monaco gave as a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to end with what it all might mean for the compliance professional. First note the emphasis on culture. Monaco’s remarks were, “Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.” This means that the DOJ will be assessing the entirety of corporate culture. As a compliance practitioner how do you demonstrate culture? Or to phrase the question using the Tom Fox mantra, how did you Document, Document, and Document your culture? Culture obviously starts at the top, but it must imbue and be embedded into an organization.
Equally important is compliance. Here Monaco said, “Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” Note the significance of “company can fulfill its fiduciary duty to shareholders”.
This is a clear tip of the hat to Caremark and other legal requirements for a compliance program based upon civil statutes. This is not the DOJ saying we will punish a company for simply not having a compliance program. Yet make no mistake that if a company does not have a compliance program, not only will there be a very large chance of regulatory violation such as under the FCPA; if your organization does not have a compliance program, it will not receive credit when the penalty phase comes around. Monaco is pointing out as clearly as she can do so the potential legal costs not only from civil shareholder lawsuits but also from regulatory fines and penalties.
Another area which is new to the compliance function will be the DOJ’s review of all corporate malfeasance when assessing a company’s culture, commitment to compliance and possible fines and penalties. Here Monaco stated, “Today, the department is making clear that all prior misconduct needs to be evaluated when it comes to decisions about the proper resolution with a company, whether or not that misconduct is similar to the conduct at issue in a particular investigation. That record of misconduct speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.”
Typically, compliance dealt with anti-corruption compliance, trade compliance, anti-trust compliance and perhaps others. However now a CCO must be apprised of all corporate misconduct as it will be reviewed by the DOJ. For any multi-national organization, that alone will be daunting as how many compliance professionals have visibility into tax, Equal Employment Opportunity Commission (EEOC) claims, labor relations issues or the myriad of other legal issues that every corporate faces every day, literally across the globe? Yet Monaco said that prosecutors would look at just that, stating “A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant.” This is literally a sea change.
Finally, what might be the changes in how corporations are assessed under the FCPA Corporate Enforcement Policy, enacted by prior DAG Rod Rosenstein? Will there continue to be a presumption of declination if you (1) self-disclose; (2) extensively remediate; (3) thoroughly cooperate; and (4) disgorge any ill-gotten gains? If there is no presumption, will there be robust self-disclosure? There is nothing illegal about failing to self-disclose but if a whistleblower then steps forward or the DOJ then opens an investigation based upon other sources and it determines a violation has occurred the opportunity for a declination may well be out the window. Moreover, if there is no self-disclosure and the issue reappears or the remediation is not successful, the company now appears to have actual knowledge of a violation, once again potentially increasing the penalty.
As I wrote yesterday, there are many open questions from these changes. One thing is clear to me, the CCO role and job of the compliance function just got much more challenging.
Categories
Monaco Speech: Part 3 – Culture
Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up her remarks on corporate culture. They were a small but significant part of her remarks so I will quote them in full. She said,
Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.
Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.
Although we understand the costs that enforcement actions can place on shareholders and others, our responsibility is to incentivize responsible corporate citizenship, a culture of compliance and a sense of accountability. So, the department will not hesitate to take action when necessary to combat corporate wrongdoing. [Emphasis Supplied]
I asked Affiliated Monitors Inc., (AMI) founder Vin DiCianni for his thoughts around these remarks. He said, “Last week’s announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture.
A culture of compliance is the foundation of an organization’s compliance program. It is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by the Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Tina Rampino, Associate Managing Director at K2 Integrity, laid out some key questions to ask around culture. They included:
- What is the tone that is set from the most senior levels of the organization?
- Are employees motivated by doing any and all business no matter the risk?
- Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?
She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executives and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance:
- Tone from the Top.
- Establishing and communicating enterprise-wide policies and programs.
- Defining clear roles and responsibilities across the three lines of defense.
- Ensuring adequate staffing and resources for functions responsible for compliance.
- Designing and implementing a comprehensive compliance training program.
- Establishing compliance incentives
- Creating efforts to embed and sustain a compliance culture.
Monaco had two additional remarks around corporate culture and a culture of compliance that bear repeating. She said, a record of corporate misconduct, even outside the FCPA, “speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.” In a remark that tied back to yesterday’s discussion of monitors she said, “Stepping back, any resolution with a company involves a significant amount of trust on the part of the government. Trust that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities. But where the basis for that trust is limited or called into question, we have other options. Independent monitors have long been a tool to encourage and verify compliance.” This last sentence would speak directly to DiCianni’s thoughts that “Unlike the previous administration’s very limited use of monitors, DAG Monaco described the value that integrity monitors bring to oversight for both the department and those entities subject to such oversight.”
Monaco noted she has sat on corporate boards when in the private sector. This experience certainly informs her approach as the DAG. The DOJ will be taking a much closer and in-depth look at corporate culture and whether there is a culture of compliance in any company which finds itself in a FCPA investigation or enforcement action. CCOs and compliance functions need to be ready to have demonstrable and documented evidence of a culture of compliance.
Categories
Lessons Learned from L’Affair Gruden
The fallout from the John Gruden imbroglio has widened and deepened. Many have asked why the NFL sat on the Gruden emails which were uncovered in the investigation of the toxic culture of the Washington football team, known to the NFL since the spring of this year, are only now coming into the public eye. Additionally, if the first email where Gruden disparaged the head of the NFL’s players union with a racial slur, which if it had not been brought to light by the Wall Street Journal (WSJ) on Sunday of this week, would it have been released by the NFL or Las Vegas Raiders at all? Finally, why did the NFL only send the first email to the Raiders when clearly there were many, many more that were unearthed. All good questions and they demonstrate several salient factors, not the least being as how the fallout from one event and investigation, can impact an entire industry. However, even without current answers to these and other questions there are several very important lessons for the compliance professional.
Don’t Put Stupid Stuff in Emails
Before we get to compliance, consider the most basic problem here. Not that Gruden is simply a racist, homophobe, sexist, misogynist and a person with little moral compass. We might have never known what was in his heart, if Gruden had not put those immoral values into emails over eight years. The reason he is now out of professional football, probably forever, is that he put his values into emails, in the crudest terms possible. Twenty years ago, I did corporate training on this very topic. That training is apparently still needed. Imagine how the civil litigation will look when all this gets to trial. All the plaintiff’s lawyer(s) will have to do is read the emails to demonstrate a wide variety of civil wrongs and regulatory breaches and the only question left will be damages.
Fallout from Unrelated Investigations
In the 21st century, nothing happens in a vacuum. The offending emails were uncovered in an unrelated investigation. These emails largely came from outside the entity being investigated (the Washington football team) and the investigative firm turned them over to the entity overseeing the investigation, here the NFL. As noted above, it is not clear what action the NFL might have taken against Gruden, his former employer ESPN or his current employer, the Las Vegas Raiders. Gruden’s resignation from the Raiders may well forestall an answer into those questions.
Now imagine the same scenario when the Securities and Exchange Commission (SEC) investigates Activism for its toxic work environment (or the Department of Justice (DOJ) for that matter) or when the SEC investigated Lordstown Motors for a variety of other fraud and accounting issues. What if a set of similar emails appeared, all coming from an outside 3rd party, such as Gruden’s did to the Washington football team President Bruce Allen? Would the company employing that same 3rd party receive an email from the SEC requesting all emails from the offending employee? Would the SEC want to look at all emails? How would your company respond? Is the EEOC going to get involved? Will they (or the SEC) be contacting ESPN, owned by the Walt Disney Company, a publicly traded organization about the culture at ESPN which allowed Gruden to send those emails. Are you ready to respond to them?
What is Due Diligence?
No person wakes up in their mid-40s or 50s and thinks, today is the day I will start sending out racist, homophobic, sexist or misogynist emails and a throw away my moral compass. No one. They were like that long before they started doing so. Gruden had thought and felt those things long before he put them into print. Put another way, a leopard does not change it spots overnight. They were there for a long time.
As our colleague Candice Tal, founder of Infortal, continually reminds us, due diligence is not a one-time event nor a cursory google search. It is a sustained deep dive investigation. Gruden did not become a racist, homophobic, sexist and misogynist overnight. You can bet there are other pieces of evidence of his values and beliefs out there. The then Oakland Raiders signed Gruden to the richest professional football contract ever given to a coach, $100 million over 10 years. Yet they apparently did little to no background due diligence on him. Was there evidence of his racist, homophobic, sexist and misogynist views in the public record? Would it have mattered to the Raiders? Would the Raiders have hired him anyway? Perhaps so but at least they might have known about Gruden’s racist, homophobic, sexist and misogynist values and tried to manage that risk. Of course, they might have passed on hiring him altogether if they knew what the fallout could look like.
Culture, Culture and More Culture
What is the culture of your organization? Why did the NFL allow such a culture to flourish that would allow a Monday Night Football commentator on ESPN to hold the job and then become the highest paid professional coach? Is it because the Maga-hatter wearing NFL owners are all Trump supporters? What about the other employees who make up those organizations? Professional football players are 70% African American. What do Gruden’s remarks, the NFL’s non-response and the Raiders hiring communicate to them about how management thinks of them? Raider owner Mark Davis advised people to look to the NFL for answers.
Bill Rhoden, writing in The Undefeated, an ESPN publication, put it succinctly, “my concern is about the legion of enablers who supported Gruden all of these years. What about them? Who are they? The NFL has gotten rid of its Gruden problem. It has not gotten rid of Gruden-ism: regressive sensibilities that stand foursquare against diversity, inclusion and tolerance.” He went on to say, “The reality is that the NFL, for all of its attempts to move forward, has been revealed as a regressive organization populated by white men who hold views about race and power that are antithetical to progress and enlightenment. Trust me, Gruden is not the only person who holds these beliefs. He’s the only one stupid enough, or emboldened enough, to express them via email.”
In short, the NFL has a huge culture problem. But you cannot change unless you admit you have a problem. We have seen nothing from the NFL that indicates it believes the problem is beyond John Gruden.
This week we have been exploring the recent Securities and Exchange Commission (SEC) Cease and Desist Order (Order) entered into last week with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Today we conclude with some lessons learned for the compliance professional.
Culture Matters
It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. As I have cited to multiple times in this exploration of WPP, the Order stated, “WPP had no compliance department during the relevant period”. If your company will not have a compliance function, it speaks about as highly as one can about the values and culture of your organization. It could not be put more simply, with no compliance program, your organization does not value having a culture of compliance. Throughout the Order are examples of this lack of value. From the perfunctory first investigation into allegations in India, to the paper compliance program in place, to the lack of preacquisition due diligence from the compliance perspective; it is clear WPP put no value into having a culture of compliance.
Investigations
The Order made clear that after the initial whistleblower report, “which identified CEO A by name as the architect of the scheme”; WPP then tasked part of the group involved in the actions to investigate the allegations. That group then hired “an Indian partner firm of an international accounting firm ostensibly to investigate the allegations and review India Subsidiary’s processes regarding government contracts and transactions involving government clients.” [emphasis supplied] Who did this investigator rely on for information? The very leaders of the corruption scheme, the WPP-India Chief Executive Officer (CEO) and Chief Financial Officer (CFO).
What were other key deficiencies in the investigation?
- There was no contact with the identified recalcitrant 3rd
- The investigative firm relied on information from the parties identified in the whistleblower report.
- There was no independent verification.
- There were no conclusions related to the bribery allegations brought forward by the whistleblower.
The WPP matter is an excellent teaching tool for how NOT to perform an investigation.
Mergers and Acquisitions (M&A)
Here WPP apparently engage in none of the M&A components of even a minimum standard for compliance. There was no preacquisition due diligence into any of the entities acquired. Simply doing acquisitions in a high-risk environment is not verboten. But doing so with no compliance is. Moreover, there was apparently no integration of the acquired entities into the WPP compliance program, such as it was. Once again without a compliance function to drive this to the finish, there was no corporate group tasked to finish it out. Obviously, there was no forensic compliance audit of the acquired entities after acquisition as well. I cannot point to a shortcoming of WPP as there were no shortcomings in execution, as there was no effort.
Incentives
When do sales or remuneration incentives become perverse incentives? For Wells Fargo, it came when the corporate hierarchy determined that the proper number of Wells Fargo products was eight per customer and employees continued employment and compensation would depend on hitting that inane number. (Remember the CEO, John Stumpf, said “8 is great!”) WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption. When you couple that with no effective controls, no culture of compliance and outright fraud, you see how WPP came to Foreign Corrupt Practices Act (FCPA) grief.
Whistleblower Reports
The bribery schemes were so blatant that in India there were seven internal whistleblower reports. As stated in the Order, “From July 7, 2015 through September 2, 2017, WPP received seven anonymous complaints alleging – with increasing specificity – two bribery schemes related to India Subsidiary’s work for DIPR.” That is seven, count them seven documented whistleblower reports which had details including names of the participants and the bribery schemes. This failure simply boggles the mind, yet is axiomatic of the culture of WPP.
It is still not clear how WPP came to the attention of the SEC. We do know if it was not through self-disclosure. It may well have been an internal whistleblower. For companies who decry whistleblowers who go public, WPP is Prime Example 1 of why. Moreover, how many whistleblowers would have the continued drive to continue to report illegal conduct after the first report which was dismissed through a sham investigation?
We are now at the end of the WPP sage from the perspective of the SEC enforcement action. I began this series with several questions which still remain open. They include:
- How was the SEC made aware of WPP’s bribery and corruption?
- Is there a parallel Department of Justice (DOJ) enforcement action?
- Where is the Serious Fraud Office (SFO)?
- How did WPP avoid a monitor?
As these questions remain open, we may well be revisiting WPP again.
