Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up her remarks on corporate culture. They were a small but significant part of her remarks so I will quote them in full. She said,
Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.
Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.
Although we understand the costs that enforcement actions can place on shareholders and others, our responsibility is to incentivize responsible corporate citizenship, a culture of compliance and a sense of accountability. So, the department will not hesitate to take action when necessary to combat corporate wrongdoing. [Emphasis Supplied]
I asked Affiliated Monitors Inc., (AMI) founder Vin DiCianni for his thoughts around these remarks. He said, “Last week’s announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture.
A culture of compliance is the foundation of an organization’s compliance program. It is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by the Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Tina Rampino, Associate Managing Director at K2 Integrity, laid out some key questions to ask around culture. They included:
- What is the tone that is set from the most senior levels of the organization?
- Are employees motivated by doing any and all business no matter the risk?
- Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?
She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executives and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance:
- Tone from the Top.
- Establishing and communicating enterprise-wide policies and programs.
- Defining clear roles and responsibilities across the three lines of defense.
- Ensuring adequate staffing and resources for functions responsible for compliance.
- Designing and implementing a comprehensive compliance training program.
- Establishing compliance incentives
- Creating efforts to embed and sustain a compliance culture.
Monaco had two additional remarks around corporate culture and a culture of compliance that bear repeating. She said, a record of corporate misconduct, even outside the FCPA, “speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.” In a remark that tied back to yesterday’s discussion of monitors she said, “Stepping back, any resolution with a company involves a significant amount of trust on the part of the government. Trust that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities. But where the basis for that trust is limited or called into question, we have other options. Independent monitors have long been a tool to encourage and verify compliance.” This last sentence would speak directly to DiCianni’s thoughts that “Unlike the previous administration’s very limited use of monitors, DAG Monaco described the value that integrity monitors bring to oversight for both the department and those entities subject to such oversight.”
Monaco noted she has sat on corporate boards when in the private sector. This experience certainly informs her approach as the DAG. The DOJ will be taking a much closer and in-depth look at corporate culture and whether there is a culture of compliance in any company which finds itself in a FCPA investigation or enforcement action. CCOs and compliance functions need to be ready to have demonstrable and documented evidence of a culture of compliance.