Tag: culture

Categories
FCPA Compliance Report

FCPA Compliance Report – The 2024 ECCP on Data-Driven Culture and Engagement

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this edition, Tom Fox visits with Sam Silverstein on how compliance professionals should view the new DOJ mandate on using data to assess, manage, and improve corporate culture through data-driven compliance. The Culture Audit sponsors this podcast.

In this comprehensive discussion, Tom Fox and Sam Silverstein delve into the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP) by the DOJ. Released in September, this latest update emphasizes the importance of data analytics, culture, engagement, and trust in compliance programs. With a detailed breakdown of over 250 questions posed by the ECCP, Tom and Sam provide valuable insights on how companies can benchmark their compliance programs and prepare for potential investigations. They highlight the role of a culture audit in addressing the DOJ’s requirements, offering a detailed look into how organizations can measure and improve their compliance culture. This webinar educates compliance professionals on the latest DOJ expectations and provides practical tools and methodologies to enhance corporate compliance efforts.

Highlights in this episode:

  • Importance of Culture and Data Analytics
  • Leveraging Data for Compliance
  • Measuring and Improving Culture
  • Data-Driven Culture of Compliance
  • Understanding and Utilizing Culture Audit Data
  • Forward Steps for a Stronger Culture

Resources:

Culture Audit

Set up a call to discuss the Culture Audit, click here

Sam Silverstein and the Accountability Institute

Sam Silverstein on LinkedIn 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Creating, Strengthening, and Maintaining Corporate Culture – Lessons from The Mummy

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

What lessons does Boris Karloff’s The Mummy provide in creating, strengthening, and maintaining corporate culture?

 

Categories
Blog

Argentieri Speech and 2024 ECCP: Complying with the 2024 ECCP on AI

The Department of Justice (DOJ), in its 2024 Update, has explicitly directed companies to ensure they have robust processes in place to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, it’s crucial to integrate these mandates into your enterprise risk management (ERM) strategies and broader compliance programs. The DOJ posed two sets of queries for compliance professionals. The first was found in Section I, entitled Is the Corporation’s Compliance Program Well Designed? These are the following questions a prosecutor could ask a company or compliance professional going through an investigation.

Management of Emerging Risks to Ensure Compliance with Applicable Law

  • Does the company have a process for identifying and managing emerging internal and external risks, including risks related to the use of new technologies, that could potentially impact its ability to comply with the law?
  • How does the company assess the potential impact of new technologies, such as artificial intelligence (AI), on its ability to comply with criminal laws?
  • Is management of risks related to using AI and other new technologies integrated into broader enterprise risk management (ERM)  strategies?
  • What is the company’s approach to governance regarding the use of new technologies, such as AI, in its commercial business and compliance program?
  • How is the company curbing any potential negative or unintended consequences resulting from using technologies in its commercial business and compliance program?
  • How is the company mitigating the potential for deliberate or reckless misuse of technologies, including by company insiders?
  • To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are controls in place to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law and the company’s code of conduct?
  • Do controls exist to ensure the technology is used only for its intended purposes?
  • What baseline of human decision-making is used to assess AI?
  • How is accountability over the use of AI monitored and enforced?
  • How does the company train its employees on using emerging technologies such as AI?

The second question ties AI to a company’s values, ethics, and, most importantly, culture. It is found in Section III, entitled Does the Corporation’s Compliance Program Work in Practice?, Evolving Updates, and poses the following questions:

  • If the company is using new technologies such as AI in its commercial operations or compliance program, is the company monitoring and testing the technologies so that it can evaluate whether they are functioning as intended and consistent with the company’s code of conduct?
  • How quickly can the company detect and correct decisions made by AI or other new technologies that are inconsistent with the company’s values?

Thinking across both questions will lead to more questions and a deep dive into your compliance culture, philosophy, and corporate ethos. It will also bring about unprecedented opportunities for businesses. However, with these opportunities come significant risks, especially in the context of legal compliance. The DOJ has now explicitly directed companies to ensure they have robust processes to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, it is both crucial and even obligatory to integrate these mandates into your ERM strategies and broader compliance programs. Below are some ways a compliance professional can think through and you can effectively respond to the DOJ’s latest guidance for the first series of questions.

Establish a Proactive Risk Identification Process

Managing emerging risks begins with a proactive approach to identifying potential threats before they manifest into significant compliance issues.

  • Implement a Dynamic Risk Assessment Framework. Develop a risk assessment process that continuously scans internal and external environments for emerging risks. This should include regular updates to risk profiles based on the latest technological developments, industry trends, and regulatory changes. Incorporating AI into your business and compliance operations requires that you assess its immediate impact and anticipate future risks it might pose as the technology evolves.
  • Engage Cross-Functional Teams. Ensure that your risk identification process is not siloed within the compliance function. Engage cross-functional teams, including IT, legal, HR, and operations, to provide diverse perspectives on potential risks associated with new technologies. This collaboration will help you capture a more comprehensive view of the risks and their potential impact on your organization’s ability to comply with applicable laws.

Establish Rigorous Monitoring Protocols

Monitoring AI and other new technologies isn’t just a box-ticking exercise; it’s a continuous process that requires a deep understanding of the technology and the ethical standards it must uphold.

  • Set Up Continuous Monitoring Systems. Implement real-time monitoring systems that track AI outputs and decisions as they occur. This is crucial for identifying deviations from expected behavior or ethical standards as soon as they happen. Automated monitoring tools can flag anomalies, such as decisions that fall outside predefined parameters, for further review by compliance officers.
  • Define Key Performance Indicators (KPIs). Develop KPIs that specifically measure the alignment of AI outputs with your company’s code of conduct. These include fairness, transparency, accuracy, and ethical impact metrics. Regularly review these KPIs to ensure that AI systems perform within acceptable boundaries and contribute positively to your compliance objectives.

Integrate AI Risk Management into Your ERM Strategy

The DOJ expects companies to manage AI and other technological risks within the broader context of their enterprise risk management strategies.

  • Align AI Risk Management with ERM. Ensure that risks related to AI and other new technologies are integrated into your ERM framework. This means treating AI-related risks like any other enterprise with appropriate controls, governance, and oversight. AI should not be viewed as a standalone issue but as an integral part of your organization’s overall risk landscape.
  • Develop AI-Specific Risk Controls. Establish controls that specifically address the unique risks posed by AI. These might include measures to prevent algorithmic bias, safeguards against AI-driven fraud, and protocols to ensure data privacy and security. Regularly review and update these controls to keep pace with technological advancements and emerging threats.

Implement Comprehensive Testing and Validation

Testing and validating AI technologies should be an ongoing practice, not just a one-time event during the deployment phase. The DOJ expects companies to evaluate whether these technologies are functioning as intended rigorously.

  • Stress-Test AI Systems. Subject your AI systems to scenarios that test their decision-making processes under different conditions. This includes testing for biases, errors, and unintended consequences. By simulating real-world situations, you can better understand how the AI might behave in practice and identify any potential risks before they manifest.
  • Periodic Audits and Reviews. Conduct regular audits of your AI systems to verify their continued compliance with company policies and ethical standards. These audits should include technical assessments and ethical evaluations, ensuring the AI’s decisions remain consistent with your company’s values over time.
  • External Validation. Consider bringing in third-party experts to validate your AI systems. External validation can objectively assess your AI’s functionality and ethical alignment, offering insights that might not be apparent to internal teams.

Develop a Rapid Response Mechanism

Every system is infallible; even the best-monitored AI systems can make mistakes. The key is how quickly and effectively your company can detect and correct these errors.

  • Establish a Rapid Response Team. Create a dedicated team within your compliance function responsible for addressing AI-related issues as they arise. This team should be equipped to investigate flagged decisions quickly, determine the root cause of any inconsistencies, and implement corrective actions.
  • Implement Feedback Loops. Develop feedback loops that allow for continuous learning and improvement of AI systems. When an error is detected, ensure that the AI system is updated or retrained to prevent similar issues in the future. This iterative process is essential for maintaining the integrity of AI systems over time.
  • Document and Report Corrections. Keep detailed records of any AI-related issues and the steps taken to correct them. This documentation is critical for internal tracking and for demonstrating to regulators, like the DOJ, that your company is serious about maintaining ethical AI practices.

Strengthen AI Governance and Accountability

Governance is key to ensuring that AI and other new technologies are used responsibly and in compliance with the law.

  • Create a Governance Framework for Technology Use. Develop a governance framework outlining how AI and other emerging technologies will be used within your organization. This framework should define roles and responsibilities, set clear guidelines for the ethical use of technology, and establish protocols for monitoring and enforcement. Ensure that this framework is aligned with your company’s code of conduct and compliance objectives. Ensure these guidelines are communicated clearly to all stakeholders, including AI developers, compliance teams, and business leaders.
  • Enforce Accountability. Accountability for the use of AI should be clearly defined and enforced. This includes assigning specific oversight roles to ensure that AI systems are used as intended and that any deliberate or reckless misuse is swiftly addressed. Establish a chain of accountability spanning from the C-suite to the operational level, ensuring all stakeholders understand their responsibilities in managing AI risks.

Mitigate Unintended Consequences and Misuse

The DOJ is particularly concerned with the potential for AI and other technologies to be misused, deliberately or unintentionally, leading to compliance breaches.

  • Monitor for Unintended Consequences. Implement monitoring systems that can detect unintended consequences of AI use, such as biased decision-making, unethical outcomes, or operational inefficiencies. These systems should be capable of flagging anomalies in real-time, allowing your compliance team to intervene before issues escalate.
  • Restrict AI Usage to Intended Purposes. Ensure that AI and other technologies are used only for their intended purposes. This involves setting clear boundaries on how AI can be applied and establishing controls to prevent misuse. Regular audits should be conducted to verify that AI systems operate within these defined parameters and that any deviations are promptly corrected.

Ensure Trustworthiness and Human Oversight

As Sam Silverstein continually reminds us, culture is all about trust. The same is true for the use of AI in the workplace. AI’s trustworthiness and reliability are paramount in maintaining compliance and protecting your company’s reputation.

  • Implement Trustworthiness Controls. Develop controls to ensure the trustworthiness of AI systems, including regular validation of AI models, thorough testing for accuracy and reliability, and ongoing monitoring for performance consistency. These controls should be designed to prevent the AI from producing outputs that could lead to legal or ethical violations.
  • Maintain a Human Baseline. AI should complement, not replace, human judgment. Establish a baseline of human decision-making to assess AI outputs and ensure that human oversight is maintained where necessary. This could involve having human review processes for high-stakes decisions or integrating AI outputs into broader decision-making frameworks that involve human input.

Train Employees on Emerging Technologies

As AI and other technologies become more prevalent, employee training is essential to ensure that your workforce understands both the benefits and risks.

  • Develop Comprehensive Training Programs. Create training programs that educate employees on using AI and other emerging technologies, focusing on compliance and ethical considerations. Training should cover the potential risks, the importance of adhering to the company’s code of conduct, and the specific controls to mitigate those risks. Employees should understand how the technology works and how to identify and address any decisions that may conflict with company values. Regular training sessions reinforce the importance of ethical AI use across the organization.
  • Promote a Culture of Awareness. Encourage a culture where employees are vigilant about the risks associated with new technologies. This involves fostering an environment where employees feel empowered to speak up if they notice potential issues and are actively engaged in ensuring that AI and other technologies are used responsibly.
  • Promote a Speak-Up Culture. Encourage employees to report concerns about AI-driven decisions, just as they would report other misconduct. A robust speak-up culture is critical for catching ethical lapses early and ensuring that AI systems remain aligned with company values.

The DOJ’s mandate on managing emerging risks, particularly those related to AI and other new technologies, underscores the need for a proactive, integrated approach to compliance. Compliance professionals can confidently navigate this complex landscape by embedding AI risk management within your broader ERM strategy, strengthening governance and accountability, mitigating unintended consequences, ensuring trustworthiness, and investing in employee training. The stakes are high, but with the right plan in place, your organization can harness the power of AI while staying firmly on the right side of the law.

Categories
Blog

Tone at the Top Week: Part 5 – CCOs Using Town Halls to Build Compliance

This week, we have been exploring how Chief Executive Officers and other senior executives can set an appropriate Tone at the Top by actually walking-the-walk of compliance rather than simply talking-the-talk of compliance. For any corporate compliance program to succeed, the commitment of senior leadership is essential. When establishing and maintaining the right Tone at the Top, few opportunities are as effective and personal as town hall meetings.

Town halls provide CEOs and senior executives with a direct platform to engage with employees across the organization, offering an authentic way to reinforce the importance of compliance. Unlike emails or formal reports, town halls allow real-time interaction, allowing leadership to connect directly with employees and make compliance a part of the company’s culture.

In this concluding blog post from this 5-part series, we will explore how CEOs and other corporate leaders can use town hall meetings to establish and maintain an appropriate tone at the top for a best practices compliance program. From including compliance in every meeting to addressing specific ethical challenges and fostering open dialogue, these strategies will help create a culture where compliance is seen as a shared responsibility and a driver of long-term success.

  • Include Compliance in Every Town Hall

One of the most effective ways to reinforce the importance of compliance is to make it a regular topic of discussion in every town hall meeting. Whether covering updates on regulatory changes, sharing new company policies, or discussing recent compliance issues, consistently integrating compliance into your messaging demonstrates that it is a key part of the company’s business strategy.

The obvious significance is that when compliance is a constant in company communications, employees start to understand that it is not a separate, siloed responsibility but a core element of the business’s operations. Regularly addressing compliance issues signals to employees that ethical behavior is as critical to the company’s success as financial performance or market expansion.

How to Implement

  • Dedicate a section of each town hall to discussing compliance. This could include updates on new business regulations, how the company adapts to changing legal landscapes, or reminders of key compliance policies.
  • Use the platform to highlight how compliance contributes to business objectives. For example, explain how maintaining compliance with environmental regulations helps the company avoid penalties while supporting sustainability goals.
  • Regularly including compliance topics also shows that leadership views compliance as proactive rather than reactive and that ethical behavior is a forward-thinking component of company strategy.

By consistently including compliance in town hall discussions, you reinforce its value and ensure it stays at the top of employees’ minds.

  • Address Specific Ethical Challenges

Town halls are an ideal venue to address specific compliance or ethical challenges the company may be facing. Whether dealing with emerging regulatory risks, handling a recent compliance breach, or navigating ethical dilemmas in high-stakes business decisions, discussing these issues openly with employees helps build trust and foster transparency.

It is not so much that employees need to know that leadership is aware of compliance challenges and actively working to address them. Discussing these challenges openly sends a message that compliance is a shared responsibility across the organization. This approach also helps demystify the compliance process and shows employees that issues are handled systematically and transparently.

How to Implement

  • When a new compliance challenge emerges—whether it’s a change in industry regulations, a data privacy issue, or a new ethical dilemma in business operations—use the town hall to explain the issue clearly. Describe what the company is doing to address it and what is expected of employees to help navigate the challenge.
  • Emphasize that compliance is not just the responsibility of the legal or compliance team but requires every employee’s involvement. This ensures that compliance issues are not seen as external or distant from day-to-day operations.
  • Consider sharing examples of companies or industries where a failure to address ethical challenges led to significant risks or damages. This helps illustrate the real-world consequences of neglecting compliance.

By openly addressing specific ethical challenges, you build a culture of accountability in which employees feel empowered to participate in compliance efforts.

  • Invite Questions About Compliance

One of the most powerful aspects of town hall meetings is their interactive nature. Inviting employees to ask questions about compliance-related topics shows that leadership is open to dialogue and committed to resolving concerns. This openness encourages a culture where employees feel safe raising potential compliance issues and know their voices will be heard.

As I have said many times, the flip side to a culture of speaking up is a culture of listening up. Nothing shows this better than soliciting questions at a town hall, for encouraging questions demonstrates compliance as a collaborative effort. It shows employees that leadership values their input and is willing to engage in a two-way conversation about ethical issues. This is especially important for fostering an environment where employees feel comfortable reporting concerns, knowing that leadership will take them seriously.

How to Implement

  • Set aside time during each town hall for a Q&A session focused on compliance. Let employees know they are welcome to ask about compliance issues related to company policies, regulatory changes, or ethical dilemmas.
  • Ensure that responses to compliance-related questions are thoughtful and demonstrate a commitment to transparency. If an employee raises a concern, provide an actionable response or explain how the company will investigate further.
  • Follow up after the town hall on any unresolved questions. This shows that leadership is committed to addressing compliance concerns beyond the meeting and reinforces trust.

Inviting questions and engaging in meaningful dialogue helps build a culture of openness and encourages employees to take an active role in compliance.

  • Highlight Compliance Success Stories

Town halls also provide an excellent opportunity to celebrate successes. By sharing stories of how compliance actions have helped the company avoid risks or achieve positive outcomes, you reinforce the idea that compliance is a value driver, not a burden. Highlighting these stories shows employees that compliance is not just about avoiding penalties but enabling the company to thrive in a complex regulatory environment.

This is one of the time-honored ways to build incentives in an organization. Sharing success stories helps build employee buy-in and engagement with the compliance program. When employees see the tangible benefits of compliance, they are more likely to view it as a positive and necessary part of their work. This also helps combat the perception that compliance is simply about limiting risk or avoiding punishment.

How to Implement

  • Use town halls to share specific examples of compliance successes. For instance, you might highlight how the company avoided a regulatory fine by proactively addressing a compliance risk or how strong compliance practices helped secure a valuable business partnership.
  • Frame compliance successes in a way that shows how they contribute to broader company goals, such as market expansion, reputation management, or innovation.
  • Recognize the individuals or teams who contributed to these compliance successes. This public recognition reinforces that the organization values and rewards ethical behavior.

You highlight compliance success stories and demonstrate that compliance drives long-term value and growth.

  • Building a Strong Compliance Culture Through Town Halls

Town hall meetings are one of the most powerful tools CEOs and senior executives can use to establish and maintain an appropriate tone at the top for a best practices compliance program. By including compliance in every meeting, addressing specific ethical challenges, inviting questions, and sharing success stories, leaders can foster a culture where compliance is not just a requirement but a shared responsibility and a source of competitive advantage.

When employees hear directly from leadership about the importance of compliance, they are more likely to internalize the message and make ethical behavior part of their daily work. Through regular and open communication in town halls, CEOs can build a strong compliance culture that drives long-term success for the organization.

I hope you have enjoyed and found this five-part series on Tone at the Top. Equally importantly, I hope this more outline format will allow you to cut and paste this information into a Memo you can send to your CEO and other senior executives to give them some concrete steps they can take to improve your organization’s culture so that your organization will do business ethically and in compliance. Additionally, it will give you an audit trail on this issue if a regulator ever comes knocking.

Categories
Blog

Tone at the Top Week: Part 4 – CCOs Using Team Meetings to Further Compliance

We continue our blog post series on how CEOs and top senior executives can demonstrate the ubiquitous Tone at the Top. Setting the tone of doing business ethically and in compliance is one of the most critical responsibilities for CEOs and senior executives. While large-scale communications such as town halls and corporate-wide emails certainly play an essential role, there is one venue where the tone can be effectively set in a more actionable and intimate way: team meetings.

Team meetings, often focused on operational topics, provide a unique opportunity for leaders to engage directly with their teams on compliance matters. These smaller, more focused settings allow meaningful discussions about ethical behavior, compliance risks, and policy adherence. By strategically incorporating compliance into team meetings, executives can ensure that ethical considerations are baked into daily operations and decision-making processes. This post will explore how CEOs and senior leaders can leverage team meetings to reinforce compliance and establish the right tone at the top.

  • Make Compliance a Standing Agenda Item in Leadership Team Meetings

Leadership team meetings often involve high-level business strategy, performance metrics, and operational objectives. However, these meetings are also an opportunity to highlight the importance of compliance. Senior executives and department heads are role models within the organization. When they treat compliance as a priority in their discussions, it signals to their teams that ethical behavior and adherence to the law are non-negotiable elements of the company’s operations.

How to Implement

  • Ensure that compliance is a standing agenda item in leadership team meetings. This could include updates on compliance program initiatives, discussions of recent compliance risks, or analysis of how regulatory changes might impact the business.
  • Encourage leaders to cascade these compliance messages to their direct reports, ensuring the organization is aligned at all levels.
  • Use these meetings to identify areas where compliance could be strengthened within each department and provide executives with the necessary resources to address these gaps.

By making compliance a regular part of leadership conversations, you normalize it as part of the company’s strategic considerations.

  • Lead by Example in Your Own Meetings

One of the most powerful ways to set the tone at the top is to demonstrate your commitment to compliance in team meetings. Senior executives must embed compliance into every conversation about business decisions, strategies, and performance metrics.

This is crucial because people tend to imitate their leaders’ behavior. When executives consistently incorporate compliance considerations into discussions about business operations, it becomes clear that ethical behavior is not a separate initiative but part of how the company functions.

How to Implement

  • When reviewing business strategies, ask questions about managing compliance risks. For example, if a new product is being launched, inquire about the regulatory requirements and whether the company is meeting them.
  • During performance reviews, assess how managers and employees adhere to the company’s compliance policies. Reward ethical behavior, not just financial or operational results.
  • Be transparent about the compliance challenges the company may face and how you expect the team to address them.

Leading by example shows that compliance isn’t just the responsibility of the legal or compliance department—it’s everyone’s responsibility.

  • Conduct Regular Compliance Check-ins with Department Heads

CEOs and senior executives should meet regularly with department heads or team leaders to discuss how compliance is integrated into their teams’ day-to-day operations. These check-ins provide an opportunity to evaluate how well the company’s compliance program functions. Compliance risks vary by department, so it’s important to ensure that leaders at every level actively manage them. Regular check-ins provide insight into how compliance initiatives are being implemented and whether additional support is needed.

How to Implement

  • Schedule monthly or quarterly meetings with department heads to discuss compliance. Topics should include how well the department is adhering to company policies, any challenges they face in meeting compliance requirements, and potential risks.
  • Ask for updates on compliance training within each department—are employees attending, and is the training effective? Offer resources and assistance if certain areas need more focus.
  • Use these check-ins to identify potential areas of non-compliance or emerging risks and take steps to address them before they escalate.

Regular compliance check-ins create accountability among department leaders and ensure that compliance is continuously monitored across the organization.

  • Reinforce Compliance Training and Policies in Team Meetings

One of the most practical ways to integrate compliance into team meetings is by reinforcing the importance of compliance training and company policies. While formal training sessions are crucial, ongoing reminders help ensure compliance stays at the top of employees’ minds. Compliance is an ongoing process, not a one-time event. Reminding employees about training sessions, policy updates, and regulatory changes helps keep the compliance program fresh and relevant.

How to Implement

  • Use team meetings to remind employees of upcoming compliance training sessions. Personalize your message by explaining how these training sessions directly relate to their roles and the risks they may encounter.
  • Discuss any recent updates to company policies or new regulations affecting the business. Ensure that everyone understands the implications of these changes and how they should adjust their behavior accordingly.
  • Endorse compliance training by sharing examples of how it has helped the company avoid risks or improve operations. Your endorsement will increase employee engagement with these programs.

Reinforcing training and policies regularly helps ensure that employees remain aware of their compliance obligations.

  • Open the Floor for Compliance-Related Concerns and Questions

The final and arguably most important way to set the right tone at the top is by encouraging open dialogue about compliance. Team meetings offer an opportunity to create a safe space where employees feel comfortable raising compliance concerns or asking questions. Always remember that part of a Speak Up culture is listening.

This point is of the utmost significance. When employees are afraid to speak up about compliance issues, small problems can quickly escalate into major risks. By fostering a culture of openness, you encourage employees to address potential problems proactively before they become serious.

How to Implement

  • At the end of each meeting, allocate time for employees to ask questions or raise concerns related to compliance. Make it clear that you take these issues seriously and that there will be no retaliation for speaking up.
  • Encourage managers to follow up on any concerns raised and ensure that they are addressed promptly. If necessary, escalate issues to the compliance team for further investigation.
  • Lead by example by actively engaging with any compliance concerns during the meeting. Show that you are approachable and willing to help resolve compliance issues.

Creating an environment where employees feel empowered to speak up reduces the likelihood of compliance breaches and strengthens the company’s overall integrity.

The Power of Team Meetings in Compliance Leadership

Establishing the right tone at the top for a best practices compliance program is not a one-time event; it requires ongoing engagement and consistent messaging. Often viewed as operational, team meetings offer a critical venue for CEOs and senior executives to reinforce their commitment to compliance in an actionable, intimate setting.

By making compliance a standing agenda item, leading by example in your meetings, conducting regular check-ins, reinforcing training, and opening the floor for concerns, senior leaders can build a culture where compliance is not just an expectation but a fundamental part of how the company operates.

Ultimately, this consistent, hands-on approach builds trust, fosters accountability, maintains compliance, and becomes an organizational competitive advantage.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 5 – A Case Study for Compliance

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I have explored the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration included the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. You can check out the full Everything Compliance episode here. We conclude our series with a summary of lessons learned for compliance and how compliance can use those lessons going forward.

The scandal at BoA involving the excessive hours worked by junior employees highlights a profound crisis in corporate culture that has significant implications for compliance professionals. Despite previous promises of reform following similar incidents, BoA’s failure to address these issues effectively reveals systemic problems that transcend mere policy implementation. The tragedy of junior banker Leo Lukenas, who died after working over 100 hours a week for multiple weeks in a row, underscores the urgent need for stronger internal controls, better communication between management levels, and a culture that genuinely prioritizes employee well-being.

This situation at BoA serves as a critical case study for compliance professionals, illustrating the dangers of a disconnect between senior management’s intentions and the actions of middle management. While senior executives may set policies to limit overwork, middle managers often circumvent these rules, perpetuating a toxic work environment. BoA’s manual control system’s failure, ineffective internal audits, and HR oversight further exacerbate the problem. Compliance professionals must ensure that internal controls are implemented, actively monitored, and enforced to prevent similar issues in their organizations.

A key lesson from the BoA crisis is the importance of addressing the role of incentive structures. In high-stakes environments like investment banking, where bonuses and career advancement are tied to deal closures, there is a significant risk of overwork becoming normalized. Compliance officers must advocate for realigning incentives to balance business goals with ethical standards and employee well-being. This involves addressing the symptoms of such crises and tackling the root causes, such as toxic corporate culture and misaligned incentives.

The BoA scandal highlights the critical role of internal controls in maintaining a healthy and sustainable corporate culture. Relying on self-reporting as a key control mechanism in this high-risk environment proved ineffective, as employees were pressured to underreport their hours. Compliance professionals must recognize that self-reporting should be supplemented with independent verification methods, such as automated time tracking and regular audits, to ensure accurate data collected and controls are effective.

A holistic approach to risk management and compliance must be considered. Internal controls must be integrated into a broader framework, including solid ethical leadership, ongoing employee education, and clear channels for reporting concerns. The failure of BoA’s control environment, monitoring, and remediation efforts allowed a culture of overwork to persist, ultimately leading to repeated tragedies. For compliance professionals, this underscores the need for continuous improvement and active management of internal controls.

The role of the board of directors in overseeing corporate culture is crucial. The BoA crisis demonstrates that board members must go beyond surface-level management reports and engage directly with employees to understand workplace challenges. A proactive approach, including regular reports on employee well-being metrics and internal audits focused on workplace culture, can help prevent such crises. Moreover, creating a culture where employees feel safe to voice concerns is essential for identifying and addressing risks before they escalate.

The Bank of America scandal is a stark reminder of the human cost of a toxic work culture and the vital role that compliance professionals play in safeguarding both employees and organizations. The lessons from this tragedy should guide efforts to create healthier, more sustainable work environments. Compliance is not just about preventing legal and regulatory risks but also about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning business metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Asking Questions for Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the technique of asking questions to improve both culture and compliance at your organization.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 1 – A Case Study in Failure

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. The full Everything Compliance episode will be posted on Thursday, August 29.

In Part 1, we set the stage and then delve into the factors contributing to BoA’s toxic culture, the implications for compliance officers, and the lessons we can draw to prevent similar issues in your organizations.

Bank of America has faced intense scrutiny following a series of harrowing articles, in a story broken by the Wall Street Journal (WSJ), outlining a toxic workplace culture within its investment banking division. This culture of overwork has had tragic consequences, including the death of junior banker Leo Lukenas, who had been working over 100 hours a week leading up to his untimely death. Disturbingly, this is not an isolated incident. A similar event occurred in 2013 when an intern, Moritz Erhardt, who worked in BoA’s London office, also died after working excessive hours. Despite promises for reform, these practices have persisted, indicating deep-seated issues within the company’s corporate culture.

One of the key issues is the disconnect between senior management’s intentions and the actions of middle management. While senior executives at BoA have voiced their concern for the well-being of their junior bankers and have set policies to limit overwork, middle managers have often circumvented these rules. Instead of enforcing the 80-hour workweek cap, they instructed employees to underreport their hours, ignoring internal controls and perpetuating a sweatshop-like environment.

This phenomenon is not simply a BoA problem; it’s a stark example of how middle managers can sabotage well-intentioned corporate policies. It underscores the importance of effective communication and alignment between all levels of management.

A glaring issue in this case is the failure of internal controls. In today’s technologically advanced age, middle management should have responded more to BoA’s manual control system for logging hours. Automated systems for tracking work hours could have prevented such blatant disregard for policies. Moreover, there was a lack of adequate internal audits and HR oversight. This highlights the necessity of robust, automated internal controls and regular audits for compliance professionals to ensure adherence to corporate policies.

Another critical aspect discussed is the culture of retaliation against employees who try to report overwork or seek help. In some instances, employees have been punished for following the rules, such as by having to work on holidays or receiving criticism from their managers. This toxic environment discourages whistleblowers and perpetuates the cycle of abuse.

For compliance officers, tackling this issue involves fostering a culture where employees feel safe to speak up without fear of retaliation. Senior management must impose real consequences for middle managers who violate policies and ensure consistent disciplinary actions to reinforce the importance of compliance.

The long-term implications of such a dysfunctional culture are profound. Junior employees trained in an environment where rules are routinely ignored may carry these attitudes into future roles, potentially spreading unethical practices across the industry. For compliance professionals, it’s essential to address immediate issues and cultivate an ethical corporate culture that will yield trustworthy leaders in the future.

The situation at Bank of America serves as a sobering case study of the importance of comprehensive compliance programs and the need for alignment across all management levels. By understanding and addressing the root causes of such corporate culture failures, we can better safeguard our organizations and foster environments prioritizing ethical behavior and employee well-being. As compliance professionals, we must ensure that the lessons learned from BoA’s crisis are not ignored and that we remain vigilant in building and maintaining robust compliance frameworks.

Let’s hope that in another decade, we are not revisiting this same issue at BoA or elsewhere. Instead, all compliance professionals should strive for systemic improvements that prevent such tragedies and promote a healthier, more ethical corporate culture.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Using Communications to Drive Speak Up

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the role of communications in your entire hotline reporting system.

 

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Toxic Workplace Culture at Bank of America

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the toxic workplace culture at Bank of America (BoA) around hours worked by junior employees, in spite of senior management saying the right things.

BoA’s investment banking division has long been plagued by a toxic work culture, characterized by overworked junior employees and severe health crises, despite repeated assurances of reform. Tom Matt discuss these pervasive issues within BoA’s work environment. Fox highlights the tragic consequences of this toxic culture, such as the deaths of junior employees, and criticizes the company’s failure to implement effective reforms, attributing this to a lack of accountability and ethical leadership. Kelly echoes this sentiment, emphasizing the necessity for senior management to set clear expectations and consequences for middle managers who perpetuate unethical behavior. Both stress the need for senior management to address the deep-seated cultural dysfunction, impose consequences, and foster a healthier, rule-abiding workplace to prevent further tragedies and promote employee well-being.

Key Highlights:

  • Toxic Workplace Culture at Bank of America
  • Proactive Controls for Preventing Employee Overwork
  • Consequences of Middle Managers in Corporate Culture
  • Cultural Impact: Negative Attitudes in Organizations

Resources:

Matt in Radical Compliance

How Bank of America Ignores Its Own Rules Meant to Prevent Dangerous Workloads, by Alexander Saeedy in the WSJ

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn