This week I have been considering the LRN Corporation’s 2016 Ethics and Compliance Program Effectiveness Report (LRN Report) by outlining some of its general findings. Today, I want to conclude by using the Report as a road map which allows a Chief Compliance Officer (CCO) or compliance practitioner to make more effective and better operationalize a corporate compliance program. With the Department of Justice’s (DOJ’s) recently released Evaluation of Corporate Compliance Programs (Evaluation) emphasis of operationalizing your compliance regime, the Report is an important tool for you to use in this journey. I am joined by Susan Divers, Senior Advisor at LRN, who I interviewed for this series.

The process of designing, creating and implementing is a process which the LRN Report characterizes as “a journey, involving far more than an off-the-shelf product, and it is certainly more than a matter of running through a checklist. It requires patience, a willingness to look at problems candidly and the courage to tackle them.” It lists six steps to help you moving forward.

  1. New metrics: assess what’s wrong. A company be willing to look at itself critically but without assessing blame. Divers said that it begins as “The first is really numetrics. Again, when I was a chief compliance officer, I was lucky if I got three questions on the annual employee survey, so there wasn’t any way to really ask searching or interesting questions on the culture side. If you really want to know what your culture is, you have to ask, I think, very searching questions. You have to be willing to hear the answers, and we describe it as deep listening.”
  1. Catalyze new ways of leading. The LRN Report detailed more forward-looking companies’ approaches to Corporate leading the discussion around compliance. For Divers, “The second box in this chart is catalyzing new ways of leading. I think 20 years ago it was okay to always focus where it was the done thing, to always focus on what are the numbers. I think a lot of boards still really only evaluate corporate leaders based on, “what are the numbers?” What we’re seeing, in the broader kind of cultural movement in this country and in the corporate community, is that companies that actually espouse their values and make that part of how they do business, they do better based on our How Report, which is on our website, in the end they hire levels of innovation. They also set the tone throughout the organization that values matter and how we do it is as important as what we do.”
  1. Formulate more effective frameworks. Divers believes “this is where organizational justice comes in, in particular we see the companies that keep you accountable and then make that known, really for the highest on trust and a good, healthy culture. She provided the example of GE which “every year does a video of ethical lapses and they always have the most senior executive responsible on camera, talking about what happened, why it happened, and what’s been done. That’s the most downloaded video internally in the company. That’s a really excellent example of making sure that you not only hold people accountable, but that everybody knows that you’re doing that, and clearly companies like Volkswagen really still fail to do that.”
  1. Build ethics and compliance into operations. Commentators as diverse as former Deputy Attorney General Lanny Breuer to Arnold & Porter partner Stephen Martin have long advocated continuous improvement, update and evolution to a best practices compliance program. Divers added that moving your program forward “can never be one and done. It’s not the annual certification or any annual ethnics training. It’s integrating E&C considerations as part of how the company does business. That really is I think, part of changing that leadership model that looks only at the numbers.” This is the component of operationalizing compliance going forward.
  1. Rethink communications, engagement and policy accessibility. Long gone are the days when your compliance policy and procedures should be written by lawyers for lawyers because if you do so the average employee stands no chance of plowing through them and coming out with a clear idea of what actual behaviors the company is trying to achieve. Divers noted, “Some companies like Eli Lilly have done amazing work at simplifying their policies, basing them on values rather than a litany of rules and do’s and don’ts, and then translating those also for foreign employees, and making those the centerpiece of their compliance program. That can be a really transformative thing to do, in our experience.”
  1. Innovate in the way you educate. Here Divers stated long gone are the days of “Soviet-style education” or what I would call “do it because I am lecturing to you.” Divers cited to a colleague Melissa Barnes for the following, “You can have a value for every occasion, but you can’t have a rule for every occasion.” She went on to state, “our training focuses on short vignettes you can watch on your phone when you’re checking in at the airport even, and that dial up the key considerations that you have to know if you’re looking at public procurement or gifts and entertainment, and they focus on the values rather than the rules. Because if people-people get the values, then that’s really what makes the difference.”

The LRN Report was based on information developed and assessed before the release of the DOJ Evaluation. Therefore the LRN Report does not use the word operationalize in it. However the concepts that LNR assessed and reviewed around assessing the effectiveness of compliance programs are spot on and speak directly to what the DOJ wants to see in corporate compliance programs going forward. In this three-part series I have laid out what LRN found to be indicia of an effective compliance program and then detailed concrete steps a CCO can take to improve the effectiveness of a corporate compliance program going forward. This LRN Report is both significant and important, made even more so in light of the DOJ Evaluation which stresses the operationalization of a compliance program.

Finally, one of the overarching themes in the Report is that of trust. For if there is not trust in a company, it really does not matter what the compliance program says on paper or what the CCO says in public. If employees do not trust the company, there cannot be an effective compliance program. Trust leads to whether or not employees are willing to raise their hands and speak up about instances of conduct before they become full Foreign Corrupt Practices Act (FCPA) violations. Trust is that people who violate your company values will be disciplined appropriately and consistently across the organization. Trust also speaks to the level of respect in an organization by those at the top to the rest of the company.

Tomorrow I will begin a short series considering how a company can build a greater culture of trust in an organization.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017