Under the Evaluation of Corporate Compliance Programs, Prong 2, it states:

  1. Senior and Middle Management

Conduct at the Top – How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?

This requirement is more than simply the ubiquitous ‘tone-at-the-top’ as here the Justice Department wants to see a company’s senior leadership actually doing compliance. How can senior management operationalize compliance going forward? One of the best places to start is the article from the Harvard Business Review by Professor Lynn Paine entitled, “Managing for Organizational Integrity”. Larry Thompson, former PepsiCo Senior Vice President of Governmental Affairs, General Counsel and Secretary, discussed the work of Professor Paine in citing five factors, which he believed were critical in establishing an effective integrity program and to set the right “Tone at the Top”.

  1. The guiding values of a company must make sense and be clearly communicated.
  2. The company’s leader must be personally committed and willing to take action on the values.
  3. A company’s systems and structures must support its guiding principles.
  4. A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions.
  5. Managers must be empowered to make ethically sound decisions on a day-to-day basis.

David Lawler, in his book, Frequently Asked Questions in Anti-Bribery and Corruption  boiled it down as follows “Whatever the size, structure or market of a commercial organization, top-level management’s commitment to bribery prevention is likely to include communication of the organization’s anti-bribery stance and appropriate degree of involvement in developing bribery prevention procedures.” Lawler went on to provide a short list of points that he suggests senior management engage in to communicate the type of tone to follow an anti-corruption regime.” I had a CEO of a client, who after I described his role in operationalizing his company’s compliance program observed the following, “You want me to be the ambassador for compliance.” I immediately averred in the affirmative. The following is a list of things that a CEO can do as an ‘Ambassador of Compliance’

  • Reject a ‘do as I say, not as I do’ mentality;
  • Not just ‘talk-the-talk’ but ‘walk-the-walk’ of compliance;
  • Oversee creation of a written statement of a zero tolerance towards bribery and corruption;
  • Appoint and fully resource, with money and headcount, a Chief Compliance Officer;
  • Oversee the development of a Code of Conduct and written compliance program implementing it;
  • Ensure there are compliance metrics on all key business reports;
  • Provide leadership to middle managers to facilitate filtering of the zero tolerance message down throughout the organization;
  • Not only have a whistleblowing, reporting or speak up channel but celebrate it;
  • Keep talking about doing the right thing;
  • Make sure that you are seen providing your Chief Compliance Officer with access to yourself and the Board of Directors.

Coming at it from a different perspective, author Martin Biegelman provides some concrete examples in his book entitled, “Building a World Class Compliance Program – Best Practices and Strategies for Success”. Biegelman begins the chapter discussed in this posting with the statement “The road to compliance starts at the top.” There is probably no dispute that a company takes on the tone of its top management. In this chapter Biegelman cites to a list used by Joe Murphy of actions that a CEO can demonstrate to set the requisite tone from the Captain’s Chair of any business. The list is as follows:

  1. Keep a copy of the Constitution on your Desk. Have a dog-eared copy of your company’s Code of Conduct on your desktop and be seen using it.
  2. Clout. Make sure your compliance department has authority, influence and budget within the company. Have your Chief Compliance Officer (CCO) report directly to the Board of Directors.
  3. Make them Accountable. At Senior Executive meetings, have each participant report on what they have done to further the compliance function in their business unit.
  4. Sticks and Carrots. Have both sanctions for violation of company compliance and ethics policies and incentives for doing business in a compliant manner.
  5. Don’t do as I say, Do as I do. Turn down an expensive dinner or trip offered by a vendor. Pass on a gift that you may have received. Turn down a transaction based upon ethical considerations.
  6. Be a Student. Be seen at intra-company compliance training. Take a one or two day course or attend a compliance conference outside your organization.
  7. Award Compliance. You should recognize outstanding compliance efforts with companywide announcements and awards.
  8. The Board. Recruit a nationally known compliance expert to sit on your company’s Board and chair the audit or compliance committee.
  9. Independent Review. Obtain an independent, outside review of your company’s compliance program and report the results to the Board’s Audit Committee.
  10. Mandate that all vendors in your Supply Chain embrace compliance and ethics as a business model. If not, pass on doing business with them.
  11. Talk to others in your industry and your peers on how to improve your company’s compliance efforts.

Many companies struggle with some type of metric which can be used for upper management regarding compliance and communication of a company’s compliance values. One technique might be to require the CEO to post companywide emails or other communications once a quarter on some compliance related topic. The CEO’s direct reports would then also be required to email their senior management staff a minimum of once per quarter on a compliance topic. One can cascade this down the company as far as is practicable. Reminders can be set for each communication so that all personnel know when it is time to send out the message. If these communications are timely made, this metric has been met.

Three Key Takeaways

  1. Senior management must actually do compliance; walk-the-walk, not simply talk-the-talk.
  2. Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.
  3. CEO as Compliance Ambassador.


This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.