In today’s edition of Daily Compliance News:
Tag: culture
This week we have been exploring the recent Securities and Exchange Commission (SEC) Cease and Desist Order (Order) entered into last week with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Today we conclude with some lessons learned for the compliance professional.
Culture Matters
It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. As I have cited to multiple times in this exploration of WPP, the Order stated, “WPP had no compliance department during the relevant period”. If your company will not have a compliance function, it speaks about as highly as one can about the values and culture of your organization. It could not be put more simply, with no compliance program, your organization does not value having a culture of compliance. Throughout the Order are examples of this lack of value. From the perfunctory first investigation into allegations in India, to the paper compliance program in place, to the lack of preacquisition due diligence from the compliance perspective; it is clear WPP put no value into having a culture of compliance.
Investigations
The Order made clear that after the initial whistleblower report, “which identified CEO A by name as the architect of the scheme”; WPP then tasked part of the group involved in the actions to investigate the allegations. That group then hired “an Indian partner firm of an international accounting firm ostensibly to investigate the allegations and review India Subsidiary’s processes regarding government contracts and transactions involving government clients.” [emphasis supplied] Who did this investigator rely on for information? The very leaders of the corruption scheme, the WPP-India Chief Executive Officer (CEO) and Chief Financial Officer (CFO).
What were other key deficiencies in the investigation?
- There was no contact with the identified recalcitrant 3rd
- The investigative firm relied on information from the parties identified in the whistleblower report.
- There was no independent verification.
- There were no conclusions related to the bribery allegations brought forward by the whistleblower.
The WPP matter is an excellent teaching tool for how NOT to perform an investigation.
Mergers and Acquisitions (M&A)
Here WPP apparently engage in none of the M&A components of even a minimum standard for compliance. There was no preacquisition due diligence into any of the entities acquired. Simply doing acquisitions in a high-risk environment is not verboten. But doing so with no compliance is. Moreover, there was apparently no integration of the acquired entities into the WPP compliance program, such as it was. Once again without a compliance function to drive this to the finish, there was no corporate group tasked to finish it out. Obviously, there was no forensic compliance audit of the acquired entities after acquisition as well. I cannot point to a shortcoming of WPP as there were no shortcomings in execution, as there was no effort.
Incentives
When do sales or remuneration incentives become perverse incentives? For Wells Fargo, it came when the corporate hierarchy determined that the proper number of Wells Fargo products was eight per customer and employees continued employment and compensation would depend on hitting that inane number. (Remember the CEO, John Stumpf, said “8 is great!”) WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption. When you couple that with no effective controls, no culture of compliance and outright fraud, you see how WPP came to Foreign Corrupt Practices Act (FCPA) grief.
Whistleblower Reports
The bribery schemes were so blatant that in India there were seven internal whistleblower reports. As stated in the Order, “From July 7, 2015 through September 2, 2017, WPP received seven anonymous complaints alleging – with increasing specificity – two bribery schemes related to India Subsidiary’s work for DIPR.” That is seven, count them seven documented whistleblower reports which had details including names of the participants and the bribery schemes. This failure simply boggles the mind, yet is axiomatic of the culture of WPP.
It is still not clear how WPP came to the attention of the SEC. We do know if it was not through self-disclosure. It may well have been an internal whistleblower. For companies who decry whistleblowers who go public, WPP is Prime Example 1 of why. Moreover, how many whistleblowers would have the continued drive to continue to report illegal conduct after the first report which was dismissed through a sham investigation?
We are now at the end of the WPP sage from the perspective of the SEC enforcement action. I began this series with several questions which still remain open. They include:
- How was the SEC made aware of WPP’s bribery and corruption?
- Is there a parallel Department of Justice (DOJ) enforcement action?
- Where is the Serious Fraud Office (SFO)?
- How did WPP avoid a monitor?
As these questions remain open, we may well be revisiting WPP again.
Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series, we will break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 1, I am joined by Tina Rampino who breaks down the big picture on culture.
We began with the basics: that a culture of Compliance is the foundation of an organization’s compliance program. Rampino said it is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by an institution’s Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Rampino detailed some key questions to ask, such as “What is the tone that is set from the most senior levels of the organization? Are employees motivated by doing any and all business no matter the risk? Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?” She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
An effective compliance training program can help to ensure that an institution is regularly addressing new issues and emerging risks. It also helps to ensure that employees have the right knowledge and skills necessary to perform their roles, so they understand the risks within the institution and their business area as well as the consequences of non-compliance. Rampino detailed some of the areas your organization should focus on with the following questions, “Do our training programs match the risks of our institution, and the variety of functions within it?”; “Do our employees have the right experience and training to do their jobs?” and “Are we regularly addressing new issues and ensuring our programs help our teams deal with emerging risks?”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executive and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance.
- Tone from the Top.
- Establishing and communicating enterprise-wide policies and programs.
- Defining clear roles and responsibilities across the three lines of defense.
- Ensuring adequate staffing and resources for functions responsible for compliance.
- Designing and implementing a comprehensive compliance training program.
- Establishing compliance incentives
- Creating efforts to embed and sustain a compliance culture.
An institution’s leadership must support all those elements to ensure that employees have what is needed to effectively manage their compliance risk.
We concluded by considering the role both training and communication have in a culture of a compliance program. Interestingly, Rampino said it maybe “the MOST important role because it is a means by which these critical messages are delivered to all employees.” The reason is that a comprehensive compliance training program “not only ensures that employees are aware of their responsibilities, it provides them with detailed information on how they should identify, mitigate, escalate, and report risk.” Moreover, “the most important asset to an institution’s compliance program is truly each and every employee.” Comprehensive and well thought-out training should assist in creating awareness, developing, and refining skills needed to ensure compliance. The training program should reflect the risks within the organization and should evolve as emerging risks are identified.
In terms of an effective communications program, institutions should ensure robust and recurring communication. “One and done” is not an effective way to deliver communications or develop an organizational culture. A robust program issues clear messages in a recurring fashion. Rampino concluded with some key takeaways on communications. First, institutions that want to create a culture of compliance should issue policy alerts and remind staff of changes. Second, information should then be easily accessible and readily available for employees. Finally, town halls, quarterly newsletters, and even short video messages explaining changes can be effective ways to ensure that all staff members understand what they must do to support the institution’s focus on compliance.
For more information, go to K2 Integrity.
As we witness the evolution of work environments in the new normal, what will not change is the importance of building culture. Every successful compliance program takes roots in an organization’s values and principles that determine how employees behave and approach situations. In today’s episode of The Compliance Handbook Podcast, host Thomas Fox is joined by industry experts Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI), and Eric Feldman, Senior Vice President of AMI.
Major takeaways discussed in the episode:
Feldman reminds us that culture is a foundational internal control without which all other controls will fail. The question is not “why do people commit fraud?” but “why do people comply?”
Aspire for a culture that motivates rather than just people working for compliance. Incentivize people who make decisions based on ethics and create the kind of environment that makes people want to follow the rules.
To change an entire company’s culture, you can’t just do it at the top of the organization.Leadership needs to be brought in at different levels of the organization to make it a team approach and effectively apply ethical changes.
Independent integrity monitors need to be brought in as a third-party assessment to help companies maintain a great culture proactively.
Be constantly reminded that messaging should be consistently made from the top to the bottom of the organization to establish the culture.
The “Nuts and Bolts” for Creating a Comprehensive Compliance Plan
This chapter of this unique work lays out a succinct yet thorough one month approach to operationalizing a company’s compliance regimen. Beginning with a section on what 2020 brought to the compliance landscape, each chapter methodically outlines best practices for everything from establishing policies, procedures, and internal controls, to assessing risk, training, handling investigations, and more. Each day ends with three key takeaways you can implement at little or no cost.
Understanding Compliance Responsibility Across the Organization
The Compliance Handbook also takes a close look at all professionals’ roles with compliance responsibility, from Compliance Officers and Boards of Directors to Human Resources, to Internal Audit and Internal Controls and Communications and Training professionals.
In-Depth Treatment of Hot Topics and Trends
The Handbook provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:
- Compliance and business ventures
- Third-party risk management
- The Board’s Role in Compliance
- Continuous improvement
- Compliance innovation
- And much more
Incorporating Current Government Pronouncements
The Second Edition incorporates the most current government pronouncements governing best practices compliance programs, including the 2019 Evaluation of Corporate Compliance Programs released by the Fraud Section of the Department of Justice, and its 2020 Update; the updated FCPA Resource Guide 2nd edition; the Framework for OFAC Compliance Commitments; and the 2019 DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust.
eBooks, CDs, downloadable content, and software purchases are non-cancellable, non-refundable, and non-returnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis + for further legal research options. A valid subscription to Lexis + is required to access this content.
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25
In this episode, I am joined by Jay Rosen, VP of Business Development for Affiliated Monitors, Inc.. Corporate culture exists in the space between what an organization professes and what it does. today, we examine any key aspect of corporate culture, including why it matters, what influences culture, the CCOs role in culture, assessing corporate culture and how to use that information to improve culture. We consider how to assess your corporate culture.
Highlights include:
- Who should perform the assessment of corporate culture?
- An in-house resource may be seen as more ongoing monitoring than culture assessment.
- Conversely an independent outside expert may be able to garner more fulsome information of the true state of your corporate culture.
- Tools to assess the culture of an organization include employee surveys, conversations, visits to field operations.
- What are the differences, if any, which must be considered when assessing a global company?
- Why do you need to “fine-tune” a cultural survey to get a good understanding of the company’s culture and obtain meaningful metrics?
- The bottom line is you should take the temperature of your employees internally by doing regular monitoring of your company to understand its culture and what needs to be done.
For more information on Affiliated Monitors, Inc. check out their website here.
For more information see Jay’s blog post How does a company assess its culture? on Corporate Compliance Insights.
In this podcast I am joined by Jay Rosen, VP of Business Development for Affiliated Monitors, Inc. In this episode, we consider to what extent the Chief Compliance Officer (CCO) should be involved in shaping a culture of ethics and driving ethical behavior. Highlights include:
- Who bears the responsibility for culture?
- The duty most often falls to the CCO, so both the CCO and the entire compliance function need to be able to coordinate the various inputs and support mechanisms that guide employee behavior.
- The CCO is often the face of the ethics program for the company – kind of the spokesperson for the company who helps to drive behavior.
- In hiring and recruiting, a CCO can create a culture where an organization would only hire the right type of people as employees.
- When managing upward, the CCO has an equally critical mandate through unfettered access to provide information to the Board regarding the compliance and ethics posture at the company, specifically including the culture.
- What are the warning signs of an unethical culture?
- It is up to the CCO to understand and have their finger on what the culture is, where the challenges are and what needs to be done to continually strengthen the culture.
For more information see Jay’s blog post What is the CCO’s Role in Strengthening the Organization’s Culture of Ethics? on Corporate Compliance Insights.
For more information on Affiliated Monitors, Inc. check out their website here.
In this podcast, I visit with Feldman on what is ethical culture and why it matters. Over the past few months, senior leaders at both the Department of Justice (DOJ), Deputy Attorney General Rod Rosenstein and Securities and Exchange Commission (SEC) Chairman Jay Clayton, have given speeches discussing the need for appropriate corporate culture around compliance. We therefore begin with the question of ‘what is corporate culture?’ It is not simply a social science question as Feldman believes “culture is everything” for an organization. Culture is a foundational internal control, without which all your other controls are likely to be ineffective. He went on to explain that this mean corporate culture is the way things really are in an organization and the way things really work. While corporate culture can be reflective of the core values of a company, this usually only occurs if a company operationalizes those values throughout an organization.
Feldman emphasized that there can be more than one culture in an organization and that there might well be multiple subcultures in a company. Moreover, you simply cannot force one culture throughout an entire organization. This is because you are dealing with different inputs in every company. He stated, “Culture is made up of all the different people that work for that organization, which means that it’s going to differ by necessity based on population and geography.” This could mean that different locations will have different cultures. Feldman believes that “the linkage between culture and compliance, is that it drives ethical behavior.” Every employee you hire, up to every organization you acquire will change your culture. This is why mergers and acquisitions (M&A) due diligence is so critical.
I asked Feldman about the different kinds of cultural systems which could impact a company. He said it could “involve locations, languages, rituals of heroes and role models and other informal mechanism for building a particular culture. Yet even with subcultures in an organization and throughout the world, the significant thing is to have some overarching key themes of that culture.” This involves being consistent with the core values, integrity and ethical behavior. You must also work to serve your stakeholders.
Another indicium of a strong ethical culture is having a speak up culture. This leads to more formal cultural systems and processes which also impact culture. Here Feldman emphasized the hiring process; who you hire, how you train people and what performance management systems are used throughout the employment tenure. This also leads to the Fair Process Doctrine and whether it is consistently applied within the culture. Finally, are you incentivizing, through measurement, compensation and recognition, the right kind of behavior?
I asked Feldman about holding employees throughout the organization accountable. Feldman responded that it is no longer just top management’s responsibility. There still must be an appropriate tone at the top, but there should also be an appropriate mood at the middle management of an organization as well as a buzz at the bottom of the company about compliance, ethics and values. This is because employees are more influenced by their immediate supervisor and their peers than a faceless CEO, even if that CEO is saying all the right things.
The key is that there be an alignment between what top management says, coupled with the company’s core values and what the organization says, together with what the organization does. This all comes from senior management getting out of the ivory tower and talking to employees in the field to see not only what they think but how they feel. No company aspires to be unethical and most assuredly employees do not want to engage in unethical behavior but if senior management does not talk to employees they will not know how their messages are being received.
Feldman says that it does not take long to see when there is a disconnect between what senior management says and what the employees take away. He finds its disconcerting how little top management really understand their employees. Because of this, senior leaders do not know what messages they are receiving, both verbal and non-verbal.
Categories
Episode 013–Shannon Walker
On this episode of The Ethics Experts, we speak with Shannon Walker about whistleblowing, culture, and why speaking up should be more than a talking point…it should be an action.
Check out more episodes, and don’t forget to subscribe on your favorite podcast platform!
Richard Lummis and I are back. Today, continue our annual review of Oscar winning Best Pictures and the leadership lessons drawn from them. Over the next four weeks we will consider the following movies: Casablanca, Rocky, The Greatest Show on Earth and Out of Africa. Today, we conclude our series with Out of Africa.
Highlights of this podcast include:
- What are our favorites scenes from the movie?
- What are the leadership lessons from Karen Blixen?
- What are the leadership lessons from Denys Finch Hatton?
- Is your business resilient?
- Culture outside the US?
- Do these lessons from this movie hold up today?
Resources
Leadership Lessons from Out of Africa
Study Guide to Out of Africa
A Historian Goes to the Movies
Out of Africa – 10 Inspirational Quotes from Karen Blixen
