Tag: HR

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective HR in Compliance: Day 1 – The Role of HR in Compliance

When it comes to operationalizing a successful compliance program, HR is an essential part of the equation. HR has many touch points with employees, from interviews to onboarding, and can be used to connect the dots in many divergent elements of a compliance and ethics program. HR can take the lead in operationalizing compliance at each of these touch points, such as pre-employment screening and interviewing, onboarding training, annual assessments and reviews, and promotions to exit strategies.

The Compliance Podcast Network’s One Month to a More Effective Compliance Program provides four steps to ensure an effective compliance program. These steps include establishing a consistent application of disciplinary actions and incentives across the organization, utilizing an incentive system to incentivize compliance and ethical behavior, and providing examples of actions taken, such as promotions and awards denied as a result of compliance and ethical considerations. Additionally, it is important to determine who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel.

HR can help operationalize a compliance program by getting the message out through their distribution channel. They can also utilize their expertise and talent to more fully communicate compliance concepts. This could include ongoing communications with prospective, newly hired, and seasoned employees about the need for ethical dealings and compliance with company values. It is also important to have a shared commitment requirement found in the commitment of senior management as well as the requirements around incentives and discipline.

The 2023 guidance from the Department of Justice Evaluation of Corporate Compliance Programs listed several HR touch points as best practices for a successful compliance program. These include senior leaders and middle management stakeholders, such as business and operational managers, finance, procurement, legal, and human resources, demonstrating their commitment to compliance and remediation efforts. HR can be one of the linchpins in spreading a company’s commitment to doing business ethically and in compliance throughout the employee base.

Incentive and discipline processes should involve participants in making disciplinary decisions for the type of misconduct at issue. Reasons for discipline should be communicated to employees. Compliance should be operationalized into the very fabric of a business. Have a cup of coffee with the head of corporate HR to find out what they do, how they do it, and what they do on a daily basis. This will help you to better understand how HR can help operationalize your compliance program.

By following the four steps outlined in the Compliance Podcast Network’s One Month to a More Effective Compliance Program, you can ensure your compliance program is successful and that your employees are aware of their responsibilities. HR can be a powerful tool in operationalizing your compliance program, and by utilizing their expertise and talent, you can more effectively communicate compliance concepts and spread the company’s commitment to doing business ethically and in compliance throughout the employee base.

Three key takeaways:

  1. What are the HR-employee touchpoints at your company?
  2. HR professionals can bring new, dynamic and innovative techniques to compliance
  3. Go down and have a cup of coffee with the head of your corporate HR department. Find out what they do and how they do it.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Greetings and Felicitations

Great Structures Week III: The Roman Arc and Resourcing Your Compliance Program

Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this special series, I consider many structural engineering concepts are apt descriptors for an anti-corruption compliance program. In this episode 3, I consider the Roman Arch and resourcing your compliance program. Highlights include:

  • Why and how was the Roman Arch such an engineering innovation?
  • What other corporate functions can a CCO look to?
  • How does HR help facilitate through all its employee touchpoints?
  • How can IT help a CCO meet its obligations under the 2020 Update to the Evaluation of Corporate Compliance Programs?
  • How can compliance use Internal Audit as a key corporate adjunct?

Resources

 “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity,” taught by Professor Stephen Ressler from The Teaching Company.

Categories
Blog

Great Structures Week III – The Roman Arch and Resourcing Your Compliance Program

I continue my Great Structures Week with focus on structural engineering innovations from ancient Rome. I am drawing these posts from The Teaching Company course, “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler who said “When I think of Rome, the first image that comes to mind is an arch.” It is present in aqueducts, in the triumphal arches that adorn the city of Rome, in the city gates and even in the Coliseum.

The arch was a major engineering advancement because the prior method for traversing horizontal distance was the beam, which was limited in its use. Ressler notes “because the arch carries its load entirely in compression, its span isn’t limited by the tensile strength of the material, the size of its stones, and it can span greater distances which might be conceived of with stone beams”. The arch itself has two essential characteristics. First it carries an entire load in compression, that is it counter-balances against itself, which allows for construction using the most basic building materials known in the ancient world: stone, brick and concrete.

Yet the second characteristic of the arch is equally significant. An arch requires “both vertical and horizontal reactions to carry a load. The downward load of the arch is balanced by an upward reaction from the base”. Both the Arch of Titus and Pont du Gard aqueduct are still standing and can be seen today as magnificent examples of this Roman innovation.

I wanted to use the dual load system whereby an arch supports not only great weight but also esthetic engineering designs to discuss how a Chief Compliance Officer (CCO) or compliance practitioner might develop resources to implement a best practice anti-corruption compliance program under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery law. Funding of a compliance program is always one of the biggest challenges. Short of being in the middle of a worldwide FCPA, UK Bribery Act or other anti-corruption investigation, you are never going to receive all the funding you want or even think that you are going to need.

However, this corporate reality is not going to save you if the government comes knocking. The FCPA Resource Guide 2nd edition, provides the following, “Moreover, the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

Stephen Martin, CCO at  Skillsoft, often says that an inquiry a prosecutor might make is along the lines of the following. First what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), the next inquiry would be, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. Then the KO punch question would be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, most companies spent far more on Post-It Notes than they were willing to invest into their compliance program.

However this corporate reality will allow you to look to other areas to assist the compliance function. An obvious starting place is Human Resources (HR). There are several areas in which HR can bring expertise and, in my experience, enthusiasm to the compliance function. Some of the reasons include the fact that HR is physically located at or touches every site in the company, globally. HR is generally seen as more approachable than many other departments in a company, unfortunately including compliance. A person’s first touch point with a company is often HR in the interview process. If not in the interview process, it is certainly true after a hire is made. Use this approachability.

HR has several key areas of expertise, such as in discrimination and harassment. But beyond this expertise, HR also has direct accountability for these areas. It does not take a very long or large step to expand this expertise into assistance for compliance. HR often is on the front line for hotline intake and responses. These initial responses may include triage of the compliant and investigations. With some additional training, you can create a supplemental investigation team for the compliance department.

Clearly HR puts on training. By ‘training the trainers’ on compliance you may well create an additional training force for your compliance department. HR can also give compliance advice on the style and tone of training. This is where the things that might work and even be legally mandated in Texas may not work in other areas of the globe; advice can be of great assistance. But more than just putting on the training, HR often maintains employee records of training certifications, certifications to your company’s Code of Conduct and compliance requirements. This can be the document repository for the Document, Document, and Document portion of your compliance program.

Internal Audit is another function that you may want to look at for assistance. Obviously, Internal Audit should have access to your company’s accounting systems. This can enable them to pull data for ongoing monitoring. This may allow you to move towards continuous controls monitoring, on an internal basis. Similarly, one of the areas of core competency of Internal Audit should also be internal controls. You can have Internal Audit assist in a gap analysis to understand what internal controls your company might be missing.

Just as this corporate function’s name implies, Internal Audit routinely performs internal audits of a company. You can use this routine job duty to assist compliance. There will be an existing audit schedule and you can provide some standard compliance issues to be on each audit. Further, compliance risks can also be evaluated in this process. Similar to the audit function are investigations. With some additional training, Internal Audit should be able to assist the compliance function to carry out or participate in internal compliance investigations. Lastly, Internal Audit should be able to assist the compliance function to improve controls following investigations.

A corporate IT department has several functions that can assist compliance. First and foremost, IT controls IT equipment and access to data. This can help you to facilitate investigations by giving you (1) access to email and (2) access to databases within the company. Similar to the above functions, IT will be a policy owner as the subject matter expert (SME) so you can turn to them for any of your compliance program requirements, which may need a policy that touches on these areas. The final consideration for IT assistance is in the area of internal corporate communication. IT enables communications within a company. You can use IT to aid in your internal company intranet, online training, newsletters or the often mentioned ‘compliance reminders’ discussed in the Morgan Stanley Declination.

Finally, do not forget your business teams. You can embed a compliance champion in all divisions and functions around the company. You can take this a step further by placing a Facility Compliance Officer at every site or location where you might have a large facility or corporate presence. Such local assets can provide feedback for new policies to let you know if they do not they make sense. In some new environments, a policy may not work. If your company uses SAP and you make an acquisition of an entity which does not use this ERP system, your internal policy may need to be modified or amended. A business unit asset can also help to provide a push for training and communications to others similarly situated. One thing that local compliance champions can assist with is helping to set up and coordinate personnel for interviews of employees. This is an often over-looked function but it facilitates local coordination, which is always easier than from the corporate office.

All of these other corporate functions can greatly assist you in the actual doing of compliance. Moreover, in a resource-constrained environment, these other corporate disciplines can be used to strengthen your compliance program, in a manner similar to vertical and transverse integration of structural integrity presented in an arch. Finally, just as the arch utilized some of the most basic construction elements in existence, by using the other corporate disciplines, engaging in precisely their corporate functions, you can create a strong foundation in your compliance program going forward.

Join us tomorrow where we look at the intersection of Gothic Cathedrals and compliance incentives.

Categories
Greetings and Felicitations

Winnie the Pooh Explains Compliance: Part 2 – Kanga, Roo and the Compliance Ombudsman

This week I am exploring a five-part series on compliance as seen through the lens of Winnie the Pooh and the characters who live in the Hundred Acre Woods: Pooh, Eeyore, Tigger, Kanga & Roo, and Piglet. Winnie-the-Pooh, also called Pooh Bear and Pooh was created by English author A. A. Milne. Yesterday, we introduced Tigger and the sales function’s role in compliance. In this episode, we focus on Kanga and her son, Roo, and the Corporate Ombudsman’s role in compliance.

Kanga is a female kangaroo and the doting mother of Roo. They live near the Sandy Pit in the northwestern part of the Hundred Acre Wood. Kanga is the only female character to appear in the books. Kanga is kind-hearted, calm, patient, sensible and down to earth. She likes to keep things clean and organized and offers motherly advice and food to anyone who asks her. She is protective over Roo and treats him with kind words and gentle discipline. She also has a sense of humor, as revealed in chapter seven of Winnie-the-Pooh when Rabbit connives to kidnap Roo, leaving Piglet in his place; Kanga pretends not to notice that Piglet is not Roo and proceeds to give him Roo’s usual bath, much to Piglet’s dismay.

Roo is Kanga’s cheerful, playful, energetic son, who moved to the Hundred Acre Wood with her. His best friends are Tigger and a young Heffalump named Lumpy, who loves to play with him. Roo is the youngest of the main characters. When Kanga and Roo first come to the Hundred Acre Wood, everyone thinks Kanga is a fierce animal, but discover this untrue and become friends with her. In the book, when Tigger comes to the forest, she welcomes him into her home, attempts to find him food he likes and allows him to live with her and Roo. After this, Kanga treats him like she does her son. I want to use Kanga and Roo to consider another role in compliance. It is the creation of an ombudsman for employees to help facilitate compliance.

Kanga is the most trusted soul in the Hundred Acre Woods. She would be an ideal ombudsman and an example that the “success of these programs depends partly on getting the right person for the role. A good ombudsman is a superb listener who establishes trust in people at all levels.” They need to have the skills to think through solutions to problems. Kanga certainly has such skills. A great example is the arrival of Tigger in the Hundred Acre Woods. While Tigger claims to like everything to eat for breakfast, it is quickly proven he does not like honey, acorns, thistles, or most of the contents of Kanga’s larder. However, he discovers what Tigger likes best is the extract of malt, which Kanga has on hand because she gives it to Roo as “strengthening medicine”. This is another key trait of an ombudsman; the person must also respect senior executives and be comfortable taking issues to the Chief Executive Officer (CEO) or the Board if necessary. Understanding the corporate culture and who has influence is also important – which is why many capable people in this role are promoted from inside the company. The same can be said for Kanga in the Hundred Acre Wood.

Join me tomorrow when I consider Eeyore and the role of corporate legal in compliance.

Categories
Blog

Day 21 of One Month to Better Compliance Through HR-Human Resources Gap Analysis for Compliance Issues

  • Does the HR department have an inventory of policies, procedures, laws, and regulations covering employees and employment-related matters applicable to the company’s business?
  • If yes, do you have a specified person in charge of updating the inventory?
  • If not, what system does the HR department utilize to ensure that it is aware of the various compliance laws and regulations and has a process to comply with them?
  • What evidence would the HR department be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
  • What types of compliance training are mandatory for all employees, which are optional, and how do HR track and document completion? How is the training performed? Is it provided in the native language of the employee or only in English?
  • What enforcement actions predominate in the compliance arena for your industry or where your organization does business? How is such data tracked in your company?
  • Are employees within the HR department specifically trained to understand compliance requirements applicable to your organization?
  • Does the HR department provide senior management with periodic updates on monitoring results, key risks, and compliance violations within HR?
  • Has the HR department established escalation criteria to ensure that high-risk compliance issues are reviewed at the corporate level?
  • Does the HR department have compliance monitoring standards in place?
  • Does the HR department perform periodic audits to ensure that the policies and procedures are complied with?

These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company. My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance, and document, document, and document.

Three Key Takeaways

  1. A gap analysis is a key component in the risk assessment process.
  2. The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
  3. The role of the compliance department is to oversee, provide subject matter expertise, and coordinate.

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering, the “Compliance Alliance,” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes an FCPA and compliance boot camp, a one-month podcast series sponsorship, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision-makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

Categories
Daily Compliance News

February 28, 2020, the Mental Toughness edition


In today’s edition of Daily Compliance News:

  • Does HR exist to help employees or exploit them? (FT)
  • Trump Administration moves to muzzle CDC announcements on Coronavirus. (NYT)
  • New database to expose companies which force employees to arbitrate harassment claims. (Washington Post)
  • They brought it on themselves. Why this season will be so mentally tough on the Astros. (com)
Categories
31 Days to More Effective Compliance Programs

The Role of Human Resources in Incentivizing Compliance


One of the key points that representatives of the DOJ and Securities and Exchange Commission (SEC) have continually raised when discussing any best practices compliance program. The 2012 FCPA Guidance is clear that there should be incentives for not only following your own company’s internal Code of Conduct but also doing business the right way, i.e., not engaging in bribery and corruption. On incentives, the 2012 FCPA Guidance said, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.” But it also recognizes that incentives need not only be limited to financial rewards as sometimes simply acknowledging employees for doing the right thing can be a powerful tool as well
Incentives can be integrated into the DNA of a company through the hiring and promotion processes. There should be a compliance component to all senior management hires and promotions up to those august ranks within a company. Your HR function can be a great aid to your cause in driving the right type of behavior through the design and implementation of such structures. Employees know who gets promoted and why. If someone who is only known for hitting their numbers continually is promoted, however they accomplished this feat will certainly be observed by his or her co-workers.
 Three key takeaways:

  1. The DOJ 2019 Guidance specifically calls out incentives for doing business ethically and in compliance.
  2. HR can lead the efforts around incentives.
  3. Incentives go beyond financial rewards.

 

Categories
31 Days to More Effective Compliance Programs

Using the Reference Check to Operationalize Compliance


As far back as 2004, in Opinion Release 04-02, the DOJ realized this was an important part of an overall compliance program when it approved a proposed compliance program that had the following requirement, “Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.” One tool that is often overlooked in the hiring process is the reference check. Many practitioners feel that a reference is not of value because prospective candidates will only list references that they believe will provide glowing recommendations of character. This leads to a pro forma reference check.

The hiring of someone who will perform business activities in compliance with anti-corruption laws such as the FCPA will continue to be as much art as science because the hiring of quality employees for senior management positions is similarly situated. But that does not mean a company cannot work to not hire those persons who might have a propensity to engage in bribery and corruption if the situation presented itself. The hiring process is just one more tool that can be utilized to build an effective and operationalized compliance program.

Three key takeaways:

  1. The hiring process is the first step in operationalizing your compliance program.
  2. The DOJ spoke to hiring as part of a best practices compliance program as far back as 2004.
  3. Reference checks are an underutilized part of the hiring process and a key internal HR control.
Categories
31 Days to More Effective Compliance Programs

The Hiring Process as a Step to Operationalize Compliance


One of the conventional wisdoms about compliance training is that you will never be able to reach 5% of your workforce with compliance training because they are predisposed to lie, cheat and steal anyway. Whether they are simply sociopaths, scumbags or just bad people; it really does not matter. No amount of training is going to convince them to follow the rules, as they do not think such laws apply to them. They will lie, cheat and steal no matter what industry they are in and what training you provide to them. But knowing such people exist and they may be able to lie, con or otherwise dissimilate their way into your organization does not protect your company from FCPA liability when they inevitably violate the law by engaging in bribery and corruption. It is still the responsibility of your company to prevent and detect such conduct and then remediate if it occurs.
This is where your HR function has a dual role, with both their traditional hiring role and in a compliance function. They can work to help weed out such miscreants and to communicate your corporate values of doing business ethically, in compliance and aligned with your corporate values of integrity.
Through a structured series of questions, however, a properly trained HR professional can begin to assess whether an employee might have a propensity to engage in bribery and corruption. By adding information about your company’s values towards doing business ethically and in compliance, you can introduce this topic at either the interview evaluating process or in the promotion process. While true sociopaths will most certainly lie to you, perhaps even convincingly, by introducing the topic at such a pre-employment stage, they may be encouraged to take their skills elsewhere
Three key takeaways:

  1. Use the interview process to determine who will be an ethical and compliance fit for your organization.
  2. Consider the skill, will and fit approach.
  3. Ask open-ended questions.
Categories
Blog

Day 21 of One Month to Better Compliance Through HR-Human Resources Gap Analysis for Compliance Issues

  • Does the HR department have an inventory of policies, procedures, laws and regulations covering employees and employment-related matters applicable to the company’s business?
  • If yes, do you have a specified person who is in charge of updating the inventory?
  • If no, what system does the HR department utilize to ensure that it is aware of the various compliance laws and regulations and has a process to comply with them?
  • What evidence would the HR department be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
  • What types of compliance training are mandatory for all employees, which are optional and how does HR track and document completion? How is the training performed? Is it provided in the native language of the employee or only in English?
  • What types of enforcement actions predominate in the compliance arena for your industry or where your organization does business? How is such data tracked in your company?
  • Are employees within the HR department specifically trained to understand compliance requirements applicable to your organization?
  • Does the HR department provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within HR?
  • Has the HR department established some type of escalation criteria to ensure that high-risk compliance issues are reviewed at the corporate level?
  • Does the HR department have compliance monitoring standards in place?
  • Does the HR department perform periodic audits to ensure that the policies and procedures are being complied with?

These are only a few of the questions that you may want to ask to begin the process of assessing how compliance and the role of HR apply to your company. My final suggestion is to work with HR to create a consolidated Human Resources Compliance Audit Checklist that can be used to audit (and document) the company’s HR Compliance Program. The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and document, document, and document. Three Key Takeaways

  1. A gap analysis is a key component in the risk assessment process.
  2. The ultimate responsibility should lie with the business units and functional discipline to fully operationalize compliance.
  3. The role of the compliance department is to oversee, provide subject matter expertise and coordinate.

[tweet_box design=”default” url=”http://wp.me/p6DnMo-3iM” float=”none”] How a gap analysis can help you to operationalize your compliance program. [/tweet_box] This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.  ]]>