Jay and I return for a wide-ranging discussion on some of the week’s top compliance and ethics related stories, including:

  1. The SEC charges KPMG and partner with blown oil and gas company audit. See Dick Cassin’s blog post in the FCPA Blog.
  2. BSRG raises its head again as company chief Beny Steinmetz was detained in Israel. See article in the FCPA Blog.
  3. What should be the response of the compliance community to the events in Charlottesville and the administration’s response. Tom and Matt Kelly explored in this week’s edition of Compliance into the Weeds. See Matt Kelly’s blog post, Trump Tests Corporate America’s Values. See Tom’s blog post Time For Compliance to Take a Stand. Finally for a perspective from the compliance profession, see the statement from the Ethics and Compliance Initiative entitled, To the Members and Stakeholders of the ECI Community
  4. Jeff Kaplan considers whether lawyers can be whistleblowers. See Jeff’s article in the Conflict of Interest blog.
  5. Can you do any business in Iran? A new treasury ruling complicates the matter (think Catch 22). Sam Rubenfeld reports in the WSJ Risk and Compliance Journal.
  6. Roy Snell reflects on 20 years in the compliance profession in an interview with Ben DiPietro in the WSJ Risk and Compliance Journal.
  7. This month’s podcast series on One Month to a More Effective Compliance Program is in full production. In August I am reviewing how to have greater continuous improvement in your compliance program. This week’s topics include voluntary monitoring, keeping track of current events, the Desktop Risk Assessment, using big data and controls testing. Affiliated Monitors is this month’s sponsor. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.

Chuck Duross has called the compliance profession “The Alamo” of corporate America, in that sometimes you must take a stand, draw a line in the sand and make the ultimate commitment to your values. Based upon the events in Charlottesville last weekend and the response of the administration, I think the compliance profession is at one of those points.

Corporate America in the person of multiple Chief Executive Officers (CEOs) made clear where they stand in rejecting the espoused values of hate and bigotry demonstrated in Charlottesville. The now disbanded Strategic and Policy Forum – in a prepared statement called the “intolerance, racism and violence” an “affront to core American values”. The US military made clear where it stood as the New York Times (NYT) reported that the “Five armed services chiefs — of the Army, the Air Force, the Navy, the Marines and the National Guard Bureau — posted statements on social media condemning neo-Nazis and racism in uncompromising terms.”

What should be the response of the compliance profession? I think the Ethics and Compliance Initiative (ECI) set a proper tone with its statement, entitled To the Members and Stakeholders of the ECI Community, where they said “We respect the institution of the US government and treasure its mandate to serve the public trust. That is why we encourage the leadership of the country to recognize the implications of their current rhetoric on our nation. Culture is impacted by the tone at the top. Many of you as ethics and compliance professionals are taking similar steps to communicate with your stakeholders, affirming your commitment to your core ethical values and doing the right thing. We applaud your efforts and stand with you as you endeavor to conduct your business with the highest level of integrity.”

Your corporate culture does impact how employees see they will be treated and how the organization treats them. There is no place in America for “intolerance, racism and violence”. Moreover, every corporation can fight this scourge by reaffirming its own values, mission and vision, which should be to treat employees fairly and with dignity, not spewing hatred and bigotry. This is where the compliance profession can make a difference.

I often say that Foreign Corrupt Practices Act (FCPA) compliance is the business solution to the problem outlawed by the FCPA of bribery and corruption. Corporate America initially embraced compliance as a response to a regulatory requirement but now sees compliance as a business process which leads to more efficient business process and ultimately greater profitability. The compliance profession leads this effort. Now corporate America must reaffirm its core values of as, the ECI said “innate dignity and equality of all human beings”.

Yet for the compliance profession this is a moment when we must stand and say not only will we not embrace these abhorrent values but we will actively work to treat our employees and those with whom we do business with unity and inclusion. Moreover, intolerance, bigotry and hatred are not only always wrong but they are equally bad for business. Therefore, compliance professionals have a solid business reason to push back with ethical values of equality and the willingness to stand up for these values. By doing so, you can lead the rejection of these repulsive values in your company.

The numerous CEOs who released public statements rejecting the events of Charlottesville and the administration’s response have set a tone for each of their organizations. Now it is up to each of us, as compliance professionals, to stand up to these sentiments expressed by these CEOs.

Howard Schultz, the CEO of Starbucks said to the company’s employees “The moral fiber, the values, and what we as a country have stood for is literally hanging in the abyss. We are at a critical juncture in American history. That is not an exaggeration. We are at and facing a crucible in which our daily life is being challenged and being questioned about what is right and what is wrong.” As compliance professionals, we can do our part to fight hatred and bigotry by doing compliance and taking that tone from your CEO or senior management and operationalizing it into the fabric of your organization.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode, I explore why Wells Fargo needs a true compliance expert on its Board of Directors. The Wells Fargo Board needs someone with compliance expertise to oversee of the role of the Chief Compliance Officer (CCO) and the bank’s compliance function which clearly was not up to the task of preventing illegal or even unethical conduct. With Board oversight of compliance, the senior executives provide the Board with a certain level of information and reporting which is an outcome of how senior management and the C-Suite has defined the compliance risk appetite.

My plea to the company is to hire someone with direct compliance experience for this final seat on the Board of Directors. While some Directors has experience in the regulatory world is very different from experience in the compliance realm which focuses on the mission, vision and values of a corporation through the tripartite process of prevent, detect and remediate. In addition to getting its regulatory house in order, Wells Fargo has one very large culture problem which needs compliance expertise. Even for a former Bank president, the issue of compliance is at the absolute forefront of Wells Fargo’s miasma.

In a New York Times (NYT) Dealb%k article, entitledWells Fargo Vice Chairwoman to Succeed Departing Chairman”, Stacy Cowley reported that the Wells Fargo Board of Directors Chairperson, Stephen W. Sanger, will retire at the end of the year and will be succeeded by Elizabeth Duke, a former Federal Reserve Board governor. Also, standing down are Cynthia H. Milligan and Susan G. Swenson, both who joined the Board in the 1990s. In addition to the elevation of Duke to the Chairperson role, retired PricewaterhouseCoopers (PwC) executive Juan A. Pujadas, will join the board next month. These departures leave at least one seat still open on the Wells Fargo Board.

In addition to Duke succeeding Sanger, the Board also announced that “the board’s risk committee, which is responsible for watching for potential problems, will soon be under new leadership. Next month, Karen B. Peetz, a retired Bank of New York Mellon president who joined Wells Fargo’s board this year, will take over as chairwoman of the committee, the bank said on Tuesday. Ms. Peetz will succeed Enrique Hernandez Jr., who had led the committee since 2012. He was re-elected to the bank’s board by shareholders four months ago with 53 percent of the vote, the lowest total of any director.”

My plea to the company is to hire someone with direct compliance experience for this final seat on the Board of Directors.

Ms. Duke’s experience in the regulatory world was one of the reasons touted in her elevation to the Chairperson’s role. However, experience in the regulatory world is very different from experience in the compliance realm which focuses on the mission, vision and values of a corporation through the tripartite process of prevent, detect and remediate. In addition to getting its regulatory house in order, Wells Fargo has one very large culture problem which needs compliance expertise. Even for a former Bank president, the issue of compliance is at the absolute forefront of Wells Fargo’s miasma.

The Wells Fargo Board needs someone with compliance expertise to oversee of the role of the Chief Compliance Officer (CCO) and the bank’s compliance function which clearly was not up to the task of preventing illegal or even unethical conduct. With Board oversight of compliance, the senior executives provide the Board with a certain level of information and reporting which is an outcome of how senior management and the C-Suite has defined the compliance risk appetite.

Some of the questions the Board should ask include how would management review compliance and monitor the key compliance risk of the bank? Every company and bank have a compliance risk appetite and based on that risk appetite different metrics would be set up on the different compliance risk dimensions that impact the company. How would you measure that risk? What are the benchmarks that the bank would set up? What are some of the sheet maps that they would do to gauge the sensitivity of the risk? The information would vary, yet it is geared around the outcome of the overall compliance risk appetite that the company has set up. The compliance expert would help the Board to oversee, review and monitor that risk.

In addition to the compliance risk there are the mission, vision and values types of risks which could be thought of as a peoples’ risk, reputational risk, technology risk and cyber risk. There are different risk dimensions that impact the company and having true compliance expertise leads to overall Board accountability for compliance risk, brings in someone who can understand and oversee compliance risk management systems; compliance internal controls; the information flow up to the Board and back down to the CCO; and finally, can guide the Board in shaping an appropriate tone from the very highest parts of the organization to try and restore the Bank’s tarnished reputation.

What are some of the skills and background such a person could bring to the Wells Fargo Board? The person would need good in-depth knowledge and understanding of financial institutions and their business models so they appreciate the risk challenges. Obviously financial expertise for scenarios and framework and then you need to have some technical ability to understand the stress testing dynamics and the measurement tools. The position needs to be filled by someone who has worked at the highest levels of banking or a financial institute both as an executive and a Board member. Finally, the position needs to be occupied by someone who has been in the compliance field for a significant amount of time, i.e. 20+ years. Think that is a tall order? I am certain such a person exists and Wells Fargo needs that person now.

More generally, the Office of Inspector General (OIG) has called for greater compliance expertise at the Board. In 2015, OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding a compliance member to the Board. The presence of a such a compliance professional with subject matter expertise (SME) on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.

Mike Volkov looked at it from both a practical and business perspective and has stated, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.”

Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He has stated that what regulators want to see is specific compliance expertise at the Board level. He noted, “What the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.”

Hui Chen, the former Department of Justice (DOJ) Compliance Counsel, continually talked about the need for companies to operationalize their compliance programs. Having a Board member with specific compliance expertise, heading a Board Level Compliance expert can provide a level of oversight and commitment to achieving this goal.

In the NYT piece, Cowley cited to, a professor at the University of Richmond School of Law, who noted Duke’s elevation “is a sign that the board — which has drawn criticism from some shareholders for not doing more to watch for or prevent the bank’s misdeeds — plans to continue on its current path”. He went on to state, “Things just keep coming out of the woodwork”. Clearly the bad news continues to hang a pall over Wells Fargo. By bringing in a true compliance expert, the bank can demonstrate it has begun to chart a new path which hopefully move it to an institution known for its compliance.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this very topical episode Matt Kelly and I take a deep dive into the administration’s response to the events over the weekend in Charlottesville and what it means for business leaders, compliance practitioners and others going forward. With the resignation of Ken Fraizer, CEO of Merck and multiple others from the administration’s voluntary business counsel, due to the Trump’s embrace of the alt-right and white supremacy, many CEO’s are asking the question “Where’s the upside” to publicly associating with the administration. From the compliance perspective, we explore the question in the context of a corporation’s ethical values, it business mission and statement for its employees and customers. Finally, we consider the documented ‘Trump Risk’ and how it is negatively impacting US businesses across the globe.

For more see Matt’ Blog post, Trump Tests Corporate America’s Commitment to Values on RadicalCompliance.com