Over the next two weeks I will be revisiting the Ten Hallmarks of an Effective Compliance program, as laid out in the 2012 A Resource Guide to the U.S. Foreign Corrupt Practices Act ( FCPA Guidance) authored by the Criminal Division of the U.S. Department of Justice [DOJ] and the Enforcement Division of the U.S. Securities and Exchange Commission [SEC]. I still find it to be one of the most useful articulations of a best practices compliance program. Each day the blog post will be partnered with a 10 minute podcast featuring the same Hallmark. These offerings are designed to give you a good summary of not only the government’s expectations but also some basics in meeting these expectations. This series is based upon my seminal book, Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, available through Compliance Week. At the end of this series you will not only have a good summary of the basics of a best practices compliance program but information that you can incorporate into your compliance regime.
The FCPA Guidance states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company. Managers and employees take their cues from these corporate leaders. Thus, DOJ and SEC consider the commitment of corporate leaders to a “culture of compliance” and look to see if this high-level commitment is also reinforced and implemented by middle managers and employees at all levels of a business.” But the DOJ and SEC expect more than simply to have senior management say the right things. They both expect that such message will be pushed down the ranks of an enterprise so that “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards. Compliant middle managers, in turn, will encourage employees to strive to attain those standards throughout the organizational structure. In short, compliance with the FCPA and ethical rules must start at the top. DOJ and SEC thus evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
Tone at the Top has become a phrase inculcated in the compliance world. The reason it is so important to any compliance program is because it does actually matter. Any compliance program starts at the top and flows down throughout the company. The concept of appropriate tone at the top is in the US Sentencing Guidelines for organizations accused of violating the FCPA; the FCPA Guidance; the UK Bribery Act’s Six Principles of Adequate Procedures; and the OECD Good Practice Guidance on Internal Controls, Ethics and Compliance (OECD Good Practices). The reason all of these guidelines incorporate it into their respective practices is that all employees look to the top of the company to see what is important.
The FCPA world is riddled with cases where the abject failure of any ethical “Tone at the Top” led to enforcement actions and large monetary settlements. In two of the largest monetary settlements of FCPA enforcement actions to date, Siemens and Halliburton, the government specifically noted the companies’ pervasive tolerance for bribery. In the Siemens case, for example, the SEC noted that the company’s culture “had long been at odds with the FCPA” and was one in which bribery “was tolerated and even rewarded at the highest levels”. Likewise, in the Halliburton matter, the government noted that the Halliburton subsidiary involved, KBR, had a “tolerance of the offense by substantial authority personnel” that was pervasive throughout the organization. Yet tone at the top is still a major issue for many corporations. Simply scan today’s headlines and you will see evidence of such failures and they will be costly.
At The Top
So how can a company overcome these employee attitudes and set, or re-set, its “Tone at the Top”? David Lawler, writing in his book Frequently Asked Questions in Anti-Bribery and Corruption, boiled it down as follows “Whatever the size, structure or market of a commercial organization, top-level management’s commitment to bribery prevention is likely to include communication of the organization’s anti-bribery stance and appropriate degree of involvement in developing bribery prevention procedures.” I once had a Chief Executive Officer (CEO) of a client who described his role at the company as “the ambassador for compliance.” I can think of no better description of the role of a CEO for a best practices compliance program.
In the Middle
A company must have more than simply a good ‘Tone-at-the-Top’; it must move it down through the organization from senior management to middle management and into its lower ranks. This means that one of the tasks of any company, including its compliance organization, is to get middle management to respect the stated ethics and values of a company, because if they do so, this will be communicated down through the organization.
What should the tone in the middle be? Put another way, what should middle management’s role be in the company’s compliance program? This role is critical because the majority of company employees work most directly with middle, rather than top management and consequently, they will take their cues from how middle management will respond to a situation. Moreover, middle management must listen to the concerns of employees. Even if middle management cannot affect a direct change, it is important that employees need to have an outlet to express their concerns. Therefore, your organization should train middle managers to enhance listening skills in the overall context of providing training for their ‘Manager’s Toolkit’. This can be particularly true if there is a compliance violation or other incident which requires some form of employee discipline. Most employees think it important that there be “organizational justice” so that people believe they will be treated fairly. Without this organization justice, employees typically do not understand outcomes but if there is perceived procedural fairness then an employee is more likely accept a decision that they may not like or disagree with the final result.
Tone at the Bottom
Even with a great ‘Tone-at-the-Top’ and in the middle, you cannot stop. One of the greatest challenges for a compliance practitioner is how to affect the ‘tone at the bottom’. To do so, you must work to engage those at the front lines, including training, communication and the tools to accomplish these tasks. A key question is how to tap into this belief system? I think the answer is to engage employees in a manner which allows you to not only find out what the employees think about the company compliance program but use their collective experience to help design a better and more effective compliance program. It is my belief that employees want to do business in an ethical manner. Given the chance to engage in business the right way, as opposed to cheating; will win the hearts and minds of your employees almost all of the time.
The bottom line is that not only must a company ‘talk-the-talk’ of compliance but it must also ‘walk-the-walk’ of compliance. It really is about the culture of compliance in your organization because the real issue is whether or not that culture has embedded itself in middle and lower management. A company’s culture is reflected in the values and beliefs that are exhibited throughout your company. You must find a way to articulate and then drive the message of ethical values and doing business in compliance with such anti-corruption laws such as the FCPA from the top down, throughout your organization.
For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.
You can listen to a podcast on this Hallmark No. 1 by clicking here.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2016