We are back with another series of Adventures in Compliance podcasts. This week I am exploring stories from The Casebook of Sherlock Holmes. In this week’s second offering, I consider The Problem of Thor Bridge. From this story we take the Holmes utterance “We must look for consistency. Where there is want of it, we must suspect deception”. This informs our discussion on monitoring controls in a best practices compliance program.

In this story, Neil Gibson, the Gold King approaches Holmes to investigate the murder of his wife Maria in order to clear his children’s governess, Grace Dunbar, of the crime. Maria Gibson was found lying in a pool of blood on Thor Bridge with a bullet through the head and note from the governess, agreeing to a meeting at that location, in her hand. A recently discharged revolver with one shot fired is found in Miss Dunbar’s wardrobe. Holmes agrees to look at the situation in spite of the damning evidence.

From the outset, Holmes observes some rather odd things about the case. How could Miss Dunbar so coolly and rationally have planned and carried out the murder and then carelessly tossed the murder weapon into her wardrobe? What was the strange chip on the underside of the bridge’s stone balustrade? Why was Mrs. Gibson clutching the note from Miss Dunbar when she died? If the murder weapon was one of a matched pair of pistols, why couldn’t the other one be found in Mr. Gibson’s collection?

Holmes uses his powers of deduction to solve the crime, and demonstrates, using Watson’s revolver, how it was perpetrated: Mrs. Gibson, outraged and jealous of Miss Dunbar’s relationship with her husband, resolved to end her own life and frame her rival for the crime. After arranging a meeting with Miss Dunbar, requesting her to leave her response in a note, Mrs. Gibson tied a rock on a piece of string to the end of a revolver, and shot herself, the rock pulling the revolver over the side of the bridge; the revolver found in Miss Dunbar’s wardrobe was the other pistol of the pair, which had been fired off in the woods earlier, and the chip in the bridge was caused by the pistol hitting the stonework as it was pulled off by the rock. Holmes’s reconstruction reproduces the damage to the balustrade of the bridge. He asks the police to drag the lake for the revolvers of Watson and Gibson.

Compliance Takeaways

  1. How do you determine that want of consistency? Monitoring controls is one key.
  2. Consider the fifth and final Objective from the COSO 2013 Internal Control Framework is Monitoring Activitiesas a guide.
  3. Further consider Principles 16 & 17 of the COSO Framework.
  4. Monitoring Activities should bring together your entire compliance program and give you a sense of whether it is running properly.
  5. Both ongoing monitoring and auditing are tools the CCO and compliance practitioner should use in support of this objective.
  6. The most important item to note is that all the controls need to be sustainable.

Join us tomorrow as we consider The Adventure of the Creeping Man.

Jack Whitaker died last week. For myself, and many others who grew up in the 60s and 70s, he was the voice of the National Football League (NFL) and enlightened sports commentary (those two are not mutually exclusive). I can still remember looking forward to his commentary wrap up of the NLF scores each Sunday afternoon. I also greatly enjoyed the CBS Sports Spectacular, which was created to compete with ABC’s Wide World of Sports. The reason I was such a CBS sports fan? It was simple but does not exist too much in today’s world. The town I grew up in was so small we only had one television station and it was a CBS affiliate so unless I went to someone’s house who had a great antenna, it was CBS I was watching.

It was his on-air essays which garnered him his greatest fame. According to his New York Times (NYT) obituary, “he was perhaps best known for his essays about sports, inspired by writers he admired like Alistair Cooke and Heywood Hale Broun. He received an Emmy in 1979 as “outstanding sports personality” and a Lifetime Achievement Award at the Sports Emmy Awards in 2012. “I know that I’m regarded as The Talking Head,” he told Sports Illustrated in 1977. “I’d like to be exactly that and say something that people will remember or get excited about. I’d like to bring sports into the thinking process.””

Whitaker’s greatness introduces today’s blog post where I continue my multi-part series based upon the recent Harvard Business Review (HBR) Spotlight on White Collar Crime. Today, we conclude our two-part exploration of the article by Paul Healy and George Serafeim, entitled “How to Scandal Proof Your Company”. The authors set out five prescripts for making an organization do business ethically and in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA), all to help provide you the best protection against a major ethical slip-up.

 Broadcast a Clear Message That Corruption Doesn’t Pay

Here the message is for top management to broadcast not “don’t pay bribes” but “bribes don’t pay”. As the authors had previously demonstrated that business obtained through bribery and corruption does not add to the bottom line. Indeed, it actually costs a company more money. The authors’ research found that multinational companies with weak or poor compliance programs “saw lower profitability on their sales growth in weakly regulated regions than their highly rated peers did. The profitability differences were comparable in magnitude to the bribes typically paid in those regions.” Moreover, it does not end with poor sales performance, as the there is a 28% higher likelihood that a corruption scandal will break in the media. Of course, if that happens, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) will not be far behind.

Don’t Play Favorites

Everyone recognizes that institutional justice and institutional fairness are key components of any compliance program and ethical business system. The reason is painfully obvious, if you are not going to succeed by playing by the rules and will only succeed in an organization by lying, cheating and stealing; employees will get the message. Witness Wells Fargo and the fraudulent accounts scandal, where a “postmortem revealed that much of the illegal behavior had been prompted by pressure to hit overly aggressive sales targets linked to bonuses and promotions… Yet leaders of the retail bank had blamed a few bad employees for the problems.”

But institutional justice and institutional fairness are more than simply hitting your numbers. If the company says illegal conduct will not be tolerated, then those who engage in such conduct must be punished severally. It means that those who cut corners should not be promoted to senior leadership positions or rewarded with bonuses. Finally, it also means that if employees are fired in Argentina for cheating on their expense accounts, the top producers in the US who engage in the same conduct must also be terminated.

Recruiting Leaders with a Record of Integrity

If it really does begin with the top, if you want to change a culture, the authors advocated “to change the culture of a company plagued by systemic crime, you need to bring in new leaders with a reputation for honesty.” The pointed to the example of Siemens AG who hired a new Chief Executive Officer (CEO) “Peter Löscher, an executive from the pharmaceutical industry. One key factor in Löscher’s appointment, cited in the press release (in a rare move for such announcements), was “his upright character.”” But it was more than simply bringing in Löscher, who brought in a team of top lieutenants known for their commitment to doing business ethically and in compliance who led the company turnaround from their FCPA scandal.

Requiring Employees to Make Tough Decisions in Groups

When one person or a small tight-knit group becomes hyper-focused on the bottom line, it can lead to serious problems. The authors quoted one senior executive who had gone through a corruption scandal at his company, who told them “one lesson from that scandal was that employees were much more likely to cut corners and do the wrong thing when they made calls on their own.” This is because “making a tough decision in a group requires people to have “open and honest discussions”.” But it is more than simply group decisions, “employees must have faith that other group members are committed to hearing and valuing their opinions and that the firm’s leaders will support the group’s decisions, even if they have adverse financial consequences. If leaders don’t inspire that trust, simply relegating decisions to groups is unlikely to solve the problem.” In other words, there must be real psychological safety.

Champion Transparency

The authors conclude with the well-known disinfectant of the light of day, shined into the darkest corporate corners. The authors cite to Statoil ASA (now Equinor ASA) who made the decision to publicize the payments the company made to foreign governments. Another way to champion transparency is to investigate and report on corruption as that demonstrates to employees the company is serious about doing business ethically and in compliance.

The authors conclude that leaders who are committed to doing business ethically and in compliance with laws such as the FCPA, even when operating “in high-risk countries or sketchy industries, set high standards and practice what they preach. They don’t just install strong compliance systems; they also support training programs and performance-feedback and whistle-blowing systems; create an atmosphere where it’s psychologically safe to speak up when something seems wrong; and engage their industry peers to fight corruption together. Our research indicates that organizations with such leaders don’t pay a high financial price for their integrity. Although they may not grow as quickly as their less-scrupulous peers, their growth is more profitable.”

Yet the authors point to less widely discussed benefits. They believe, “Many employees who have chosen to work at high-integrity companies in high-risk countries and industries have told us that they did so because of those firms’ values. Some people even told us that they accepted lower pay from those employers. Such companies and their leaders have the respect of their customers, regulators, and communities. They are more likely to prosper and endure.” Finally, I have long posited that more effective compliance leads to more efficient business processes and at the end of the day, greater business profitability. Stay tuned….

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019

In this episode I visit with Matt Galvin, Vice President, Ethics & Compliance at Anheuser-Busch InBev and Peter Grossman, Co-Founder, Chief Strategist at Labyrinth Training about their work on compliance training to influence behavior at Ab-InBev.  Highlights from the podcast include:

  1. How did they create some of the most innovative compliance training?
  2. How can innovative training be effective training?
  3. How can compliance training influence behavior?
  4. Why does Galvin (and Ab-InBev) emphasis compliance training so robustly?
  5. How can non-traditional approaches to compliance training be effective?
  6. Why compliance officers should always be curious?
  7. How did Matt and Peter come together to create this innovative training regime?

For more information on Peter Grossman, check out his LinkedIn profile here. For more information on his company Labyrinth Training, click here. For more on Labyrinth’s work with Ab-InBev on training, click here.

Jay kisses good-bye to the Red Sox season and says hello to the Patriots title defense. Tom enjoys the Astros having  one of the best records in baseball. Together they are back  to discuss some of this week’s top compliance and ethics stories which caught their collective eyes.

  1. Should compliance lead the data privacy charge? Jessica Willburn says yes, on Navex Global’s Ethics and Compliance Matters blog.
  2. How does the right to be forgotten impact monitoring in compliance programs. Antenor Madruga, Ana Belotto and Adriano Teixeira explore on NYU’s Compliance and Enforcement Blog.
  3. What are the Governance Implications of the Equifax and Facebook Settlements? Michael W. Peregrine explores on Harvard Law School Forum on Corporate Governance.
  4. How improved processes can drive CCPA compliance. Steven O’Donnell in CCI.
  5. Designing the Tesla of compliance. Adam Shinder in CCI.
  6. Corruption and assurance. Matthew Stephenson in Global Anticorruption Blog.
  7. What is the intersection of dealers and the FCPA? Matt Kelly explores in Radical Complinace.
  8. The importance of PR in the anticorruption fight. Jason Kohn in Global Anticorruption Blog.
  9. What’s the international map for whistleblowers look like? Tinker Ready on the Whistleblower Protection Blog.
  10. In a special 5-part podcast series, Jay Rosen explores everything you want to know about monitors but were afraid to ask. Check out the following: Monday-Introduction; Tuesday-post-resolution monitorships; Wednesday-pre-settlement monitorships; Thursday-Considerations when hiring a monitor; and Friday-costs. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Megaphone,YouTube, Spotify and Corporate Compliance Insights,  Compliance Podcast Networkand now on the C-Suite Radio Network.
  11. Join Tom and Jay and a host of other great speakers and guest at Converge19 in Denver October 2 & 3. Listeners to this podcast can obtain a complimentary ticket by using the promotion code foxvip, for registeration and information, click here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

On this day, 50 years ago began the most famous of all rock and roll music festivals, the Woodstock music festival that opened on 600 acres of farmland owned by Max Yasgur, in not in Woodstock NY but near White Lake, a hamlet in the upstate New York town of Bethel. Promoters John Roberts, Joel Rosenman, Artie Kornfield and Michael Lang originally envisioned the festival as a way to raise funds to build a recording studio and rock-and-roll retreat near the town of Woodstock, New York. The longtime artists’ colony was already a home base for Bob Dylan and other musicians. Despite their relative inexperience, the young promoters managed to sign a roster of top acts, including the Jefferson Airplane, The Who, The Grateful Dead, Sly and The Family Stone, Janis Joplin, Jimi Hendrix, Creedence Clearwater Revival and many more.

The ticket price was $18 for the three days but the promoters had no idea either how many tickets they sold nor the size of the crowd coming to the event. Early estimates of attendance increased from 50,000 to around 200,000, but by the time the gates opened on Friday, August 15, more than 400,000 people were clamoring to get in. Those without tickets simply walked through gaps in the fences, and the organizers were eventually forced to make the event free of charge.

Though Woodstock had left its promoters nearly bankrupt, their ownership of the film and recording rights more than compensated for the losses after the release of a hit documentary film in 1970. Later music festivals inspired by Woodstock’s success failed to live up to its standard, and the festival still stands for many as an example of America’s 1960s youth counterculture at its best. Unfortunately that era of good feelings ended less than six months later at Altamont.

The Woodstock music festival informs today’s topic of succession planning from the compliance perspective and is another area where compliance can play a key role. A.G. Lafley and Noel M. Tichy, in a 2011 Harvard Business Review (HBR)article,The Art and Science of Finding the Right CEO”, discussed the issue of succession planning at Procter & Gamble (P&G). Many of the concepts and issues that Lafley discusses within the context of succession planning in general are applicable to the concern of compliance within this area.

Lafley makes clear that succession planning is just as significant as governance, enterprise risk and strategic oversight. In other words, it is just as important. Sadly, many companies fail to give it the attention it requires. Indeed, in a PricewaterhouseCoopers (PwC) survey, cited in the foreword, nearly one-half of the more than 1,000 directors gauged reported dissatisfaction with their companies’ succession plans. Imagine what that number would be if they took into account the compliance aspect of succession planning.

Borrowing from Lafley, I have adapted his box for an analysis of some of the characteristics that should be considered in succession planning from the compliance perspective.

Personal Judgment Team Judgment Organizational Judgment Stakeholder Judgment
People Personal judgments about overall compliance goals Judgments regarding your team members regarding compliance Judgments on organizational systems for assessing compliance with the organization Judgments about how to engage stakeholders regarding compliance
Strategy Personal judgments regarding compliance in your career Judgments about how your team evolves in its compliance approaches as new compliance challenges arise Judgments about how to engage and align all organization levels in compliance Judgments in leading stakeholders to execute compliance strategies
Crisis Personal judgments regarding compliance in times of crisis Judgments in how your team operates regarding compliance in times of crisis Judgments about how to work with your overall organization in compliance in times of crisis Judgments about dealing with key stakeholders regarding compliance in times of crisis

Lafley makes clear that succession planning does not begin at the time a Chief Executive Officer (CEO) decides to retire. It should be at the time a CEO is hired. This is to prevent a decision at the last minute or, worse yet, “to be left with effectively no decision.” As well as the process being started at the time of hiring it must also fully engage the Board of Directors. Lafley provides several key points, all of which are applicable to the compliance component of succession.

Lafley defines the criteria that the evaluation process is ongoing, not episodic process. In addition to a “broad and deep pipeline of qualified leaders” the candidates should be put through a variety of roles. In the compliance context, this would provide an opportunity to review the initiatives and responses in several different areas. In addition to running large and small business units, such candidates should oversee several different functions, as broadly as the Chief Financial Officer (CFO) to Human Resources (HR).

In many ways, evaluating a compliance criterion is as much an art as it is science. However, Lafley states that a specific list of “must-haves” is appropriate. It is not as simple as whether there was a violation or not. It is broader than that binary calculus.

Lafley defines this as “how the future might look”. You might explore a new geographic market with a candidate or a new product line, either of which might bring new compliance challenges. Being a part of a team to perform a risk assessment might indicate that new or different compliance safeguards need to be considered. Should monitoring, through continuous controls monitoring or other more sophisticated tools, be utilized as the compliance program evolves be considered?

Lafley points out that the choice of “a successor isn’t a done deal until the votes are cast and the announcement is made.” He advocates continuing to provide challenging projects, which would include those in the compliance arena, can continue to provide feedback and guidance from the compliance perspective. As one division President once told me “You are always being evaluated.” And so it should be. The selection of a new CEO is a substantial investment by a large company. Having the right person in the position from the compliance perspective is an important element in an overall evaluation. Remember – it all starts with the “Tone from the Top”.

Every time I perform a risk assessment and speak to the company’s HR lead, they immediately understand the role than can play in moving forward a company’s compliance program. Even if the HR role is limited in the hiring process, they can ask potential candidates their views to determine underlying business ethics. HR can also begin the compliance inculcation process, even pre-hiring, by talking about the company’s values in the interview process. This sets an expectation that can be built upon if a candidate is selected and in every HR touch point going forward, including looking at employees in the succession planning process.

Woodstock Day 1 (the folk day) Set List (all from YouTube)

Richie Havens – Freedom

Joan Baez – Joe Hill

Tim Harden – If I Were a Carpenter

Brett Sommer – Jennifer

Arlo Guthrie – Coming into Los Angeles

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019