One of the ways to operationalize compliance and to drive it into the DNA of an organization is through a performance review. Indeed, the 2012 FCPA Guidance states, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro­gram, and rewards for ethics and compliance leadership. Some organizations, for example, have made adherence to compliance a significant metric for management’s bonuses so that compliance becomes an integral part of management’s everyday concern.”

Most HR experts will opine that properly executed performance appraisals are crucial to organizational productivity as well as the development of employee skills and employee morale. Moreover, they can serve a couple of different functions for a best practices compliance program. First, and foremost, they communicate to each employee their job performance from a compliance perspective. However, one key is not to approach the performance appraisal review as an isolated event but rather a continual process. This means that instead of trying to play catch-up at the last minute, supervisors should provide feedback and assess job performance throughout the year so annual reviews are grounded in a year’s worth of experience. This includes the compliance component of each job. The second area performance appraisals impact is compensation. As noted above, the DOJ and SEC expect that your compliance program will have both discipline and incentives. But those incentives need to be based upon something. The score or other performance appraisal metrics will provide to you a standard which you can measure and use to evaluate for other purposes such as employee promotion or advancement to senior management going forward.

In an article in the Houston Business Journal entitled “6 Ways To Make Performance Reviews More Productive”; provided six points you should consider which I have adapted for the compliance component of an annual employee performance appraisal.

  1. Prioritize reviews in your schedule – You should schedule the employee performance appraisal at least several days in advance, rather than when a time slot suddenly opens up. You would make sure that you allot sufficient time for unhurried give and take between the reviewer and the employee.
  2. Review the entire year’s performance – You should resist the attempt to focus the discussion on the latest compliance experience. This is called recency bias. If a compliance issue arose in the past month or so, you need to keep it in perspective for the entire review period. Moreover, by focusing a review on a recent problem you may obscure prior accomplishments and make an employee feel demoralized. Take care not to go too much in the opposite direction as recency bias can work both ways, and one should not let a favorable recent compliance event overshadow the full review period.
  3. Do not hesitate to critique – Be generous with praise where it is warranted, but do not hesitate to discuss improvements needed in the compliance arena. Many supervisors are reluctant to confront and indeed desire to avoid confrontation. However remaining silent about an employee’s compliance shortcomings is a disservice to both the company and the employee.
  4. Do not dominate the conversation – Remember that you must give the employee time for self-appraisal and to ask questions or to comment about the feedback received from the compliance perspective. If there are specific questions or concerns raised by the employee you need to be prepared to address them as appropriate.
  5. Understand the employee’s role – You need to understand and appreciate that if the recent economy has resulted in many employees assuming the responsibilities of more than one position. If relevant to the employee, acknowledge that fact and take it into account in the review. This is certainly true from the compliance perspective as many non-Compliance Department employees have cross-functional responsibilities. If they claim not to have the time to handle their compliance responsibilities you will need to address this with the employee and perhaps structurally as well.
  6. Anticipate reprisal – Although it is rare, you can face the situation where an employee who is very dissatisfied with a review may refuse to sign it. The employee may be offered the opportunity to add a statement to the review. Also point out that the employee signature is an acknowledgement of receiving the review and does not signify agreement. If the employee still refuses to sign, have a second supervisor come in to witness the refusal. This may be particularly important from the compliance perspective.

The article ends by noting, “A proper annual review requires considerable effort from employee supervisors. It should be a full-year process involving regular guidance and feedback and perhaps several mini-reviews along the way. But rather than viewing it as onerous, supervisors should keep in mind that it is a tool for making their departments work more efficiently and yields better results for everyone involved.” I would add this is doubled from the compliance perspective. The potential upside can be significant from your overall compliance program perspective.

Three Key Takeaways

  1. To incentivize compliance, you must be able to accurately appraise senior managers and employees around compliance.
  2. Clearly communicate your compliance expectations, then fairly evaluate employees on them.
  3. Consider an ongoing review as well.

 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

There is much that a Chief Compliance Officer (CCO) or compliance practitioner can learn from Shakespeare. I have often used his plays as introductions to blog posts or as examples to inform a compliance program. Today, I want to consider the most famous venue of Shakespeare as a way to inform your compliance program, the renovated Globe Theater now 20 years old, having opened in London in 1997.

For any lover of Shakespeare, a trip to the Globe Theater is dream come true. To close your eyes and hear the Bard’s work performed in as close an approximation to how it sounded in the 1590s and 1600s is pure joy. Yet a trip to the Globe Theater brings out much more, for the audience, actors, directors and others. According to Matt Trueman, writing in the Financial Times (FT), in a piece entitled “Sphere of Influence”, the renovated Globe Theater was conceived by the man most responsible for its construction, Sam Wanamaker, as far back as 1949.

Wanamaker’s vision and persistence began with research and pushed Shakespeare scholarship forward. It led to “an explosion of research into period architecture and timber craftsmanship.” His vision eventually led to the excavation of the original Globe Theater in 1989. From this exaction, long lost or forgotten construction techniques were revived for the renovated Globe Theater, what Trueman termed “learn by doing.”

This is a key insight for any CCO or compliance practitioner. It means you have to learn the business to come up with appropriate compliance solutions for the business. This not only means understanding the risks of your company’s business but also how it delivers on that business; its sales models. The best way to garner that understanding is by getting out in the field; observing, talking and listening to your business development (BD) team. Not only will this approach give the insights derived by doing but it should garner closer business relationships between compliance and BD going forward.

If you have had the privilege of attending a performance at the Globe Theater, the most apparent difference in almost any other performance in any other theater is the groundlings or the audience which stands, literally on the ground floor immediately in front of the stage. The cast does not simply perform for the groundlings, in many ways they perform with the groundlings, “Talk directly to one groundling, for instance, and the whole audience tunes in.” The groundlings interact back with the actors in ways which do not change the dynamics of the performance but interact with it. The actors must respond to shouts and taunts but must do so, in Shakespearian language and tied to the play being performed.

This is one of the finest examples of operationalizing theater you can see in the modern world, all tied to the 16th century theater-going experience. Shakespeare’s soliloquies are a prime example. If you read a soliloquy, you consider it as an inner monologue. Yet performed at the Globe Theater, the actors are forced to address them directly to the audience and it changes the perception of people and how you interact with them. This focus on interaction is another key insight for the compliance practitioner. It is more than simply how you interact with BD but how does your compliance regime interact into the overall operation of your business.

Another key component of the Globe Theater experience is what Trueman calls “shared light” for not only is the theater open air but as Farah Karim-Cooper, the Globe’s head of higher education and research noted, “visibility is very much a part of the furniture of [Elizabethan] dramaturgy.” She went on to say, “All you have to do is drop a play in the Globe and its basic features come to life. You can take the plays out of the playhouse, but you can’t take the playhouse out of the plays.”

That is a fascinating insight for every CCO and compliance practitioner. The architecture of your company can speak directly to the requirements of your compliance program. Here consider the structure of Wells Fargo which contributed to the fraudulent account scandal. It was de-centralized to the extreme; leading to a business unit head telling her functional reports they could not share information with their direct superior reports in corporate. It also led to this same business unit leader feeling she could mislead and obstrufrucate to the company’s Board of Directors.

There is nothing wrong with having a de-centralized command structure or business unit structure. The Globe Theater analogy means that compliance must adapt its delivered compliance program to the company structure and not vis-versa. As Trueman noted, “strip the set back, admit the architecture”. You should work to operationalize your compliance program into the manner in which your company is constructed. By doing so you will do as the renovated Globe Theater has done and make your compliance program seamless with your business. This is the essence of operationalization.

The final point in Trueman’s article is about the ticket prices at the Globe Theater and how this is “at the heart of audience engagement.” From the start back in 1997, the ticket prices for groundlings were set at £5. This pricing has cascaded through English theaters and now even the West End is “safeguarding cheap seats”. Shakespeare, like a corporate compliance program is for everyone. Even if everyone hears, sees, feels and experiences Shakespeare differently. Your fully operationalized compliance program is for your entire employee base. As the 2012 FCPA Guidance said, compliance is from the Board room to the shop floor.

This may be the biggest, best and final lesson from the Globe Theater. Trueman ended his article with, “For the talk of reviving the past, it has helped to open the theater up to the audience of the future.” The same is true of an operationalized compliance program. You can use compliance to make your company run better, more efficiently and at the end of the day more profitably.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Joseph Wiseman, was most famous for his role in the first James Bond film adaptation, playing the title character of Dr. No. In the compliance world, Dr. No is famous for many a business development (BD) specialists’ moniker of a compliance professional, that being “Dr. No from the Land of No”. Yet the character Dr. No was innovative, brilliant and marvelously evil, all the while originating a series of ruthless and diabolical Bond villains which continues up to this day.

How agile is your compliance program? How does this fit into the operationalization requirement laid out in the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (Evaluation)? While many have argued that compliance programs should lead to greater productivity and efficiencies, it may be that agility is equally critical. How often do you consider agility in the context of your compliance regime?

Agility begins with the ability to adapt and change to ever evolving business circumstances. The key to having such agility at the corporate level is a robust risk management process; consisting of forecasting, risk assessment and risk based monitoring. Jonathan Marks, a partner in the firm of Marcum LLP, said the following about risk assessments in his 13-step FCPA Compliance Action Plan, “A comprehensive assessment of the potential bribery and corruption risks – both existing and emerging risks – associated with a company’s products and services, customers, third-party business partners, and geographic locations can serve as the basis for the compliance program. The risk assessment determines the areas at greatest risk for FCPA violations among all types of international business transactions and operations, the business culture of each country in which these activities occur, and the integrity and reputation of third parties engaged on behalf of the company.”

It is through the understanding of these risks that allows a company to be agile. If you understand the risks, you can manage them through adequate monitoring more efficiently and at a level closer to your businesses front lines. A recent article by Andrew Hill in the Financial Times (FT) entitled “The drive for success: Michelin’s revolutionary experiment in trust provides some interesting fodder on how a company might drive such agility to increase efficiencies. The Michelin initiative was around the manufacture and sales of tires but I found it had several important insights into the compliance space.

The Michelin program is named responsabilisation and it is designed to shift responsibility to the company’s workers. An example Hill provided was that a “team plans production a week in advance, deciding how it should organise itself to meet targets and absorb absences. As a by-product, staff solve safety problems and cut waste more quickly.” This is the essence of risk management systems.

It all started with trust. It was trust that the workers knew what they were doing and, if given the right tools, they could plan out the details of the manufacturing process. Barbara Brooks Kimmel and her entity Trust Across America continually articulates the need for trust in business and the Hill piece reinforces that point yet again. Here the trust is that the team leader will trust the workers to get it right. This does not mean there is no oversight but it does mean managers do not micromanage. It also means there are metrics which can be verified by managers in an oversight role. It is mixture of both empowerment and accountability.

What are some of the benefits Michelin has observed? Hill reports these included “team agreement; shared knowledge; improving results; pride; team’s leaders trust”. Moreover, it allows the front-line business and other corporate functions to become more directly engaged in the doing of compliance. This is the very essence of operationalizing compliance. It is moving compliance down into the heart, fabric and DNA of your company.

It also allows a more holistic approach to compliance as each function discipline within an organization integrates compliance into their day-to-day operations. Consider the lifecycle of the employment relationship which Human Resources (HR) oversees. Not only does HR have more touchpoints to discuss corporate values, culture and compliance but you can further operationalize compliance into HR by having internal controls from the compliance perspective. If you are going to hire the family member of a foreign government official, such hiring decisions must be going through the regular hiring process without an exception being granted for a family member who does not meet your standard hiring requirements. If an exception is granted it must be explained in writing and have appropriate management and compliance oversight and sign-off going forward. If a red flag appears, such as a top regional BD person lobbying for such a candidate to be hired, a Chief Compliance Officer (CCO) should determine if there is contract or other business advantage the company is seeking to obtain through the hiring of the family member.

For the CCO or compliance practitioner, it means that in addition to oversight, there should be a focus on long term compliance strategy. Jean-Dominique Senard, the Michelin’s chief executive explained, “It’s not about delegating everything. Big strategic decisions are taken at the appropriate level. It’s not too much to do with self-management…it’s independence in a strategic framework.” For a CCO, this could be decisions about more or greater technological developments and tools or it could be greater efficiencies in the risk management process.

Just as Michelin had to overcome resistance to its responsabilisation program you may face push-back as well from groups who do not believe in the basic premise that a compliance based initiative will improve business agility and from those who do not understand how it all will tie together. This will require education from both compliance and management. It will also require front line BD folks to trust that management will support them with oversight and not micro-management or pronouncements from “Dr. No from the Land of No”.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Another area where compliance can play a key role is in succession planning. A.G. Lafley and Noel M. Tichy, writing in the Harvard Business Review, in an article entitled The Art and Science of Finding the Right CEO”, discussed the issue of succession planning during his tenure as the Chief Executive Officer of Procter & Gamble (P&G). Many of the concepts and issues that Lafley discusses within the context of succession planning in general are applicable to the concern of compliance within this area.

Lafley makes clear that succession planning is just as important as governance, enterprise risk and strategic oversight. In other words, it is just as important. Sadly, many companies fail to give it the attention it requires. Indeed, in a PricewaterhouseCoopers survey, cited in the foreword, nearly one-half of the more than 1,000 directors gauged reported dissatisfaction with their companies’ succession plans. Imagine what that number would be if they took into account the compliance aspect of succession planning.

Borrowing from Lafley, I have adapted his box for an analysis of some of the characteristics that should be considered in succession planning from the compliance perspective.

Personal Judgment Team Judgment Organizational Judgment Stakeholder Judgment
People Personal judgments about overall compliance goals Judgments regarding your team members regarding compliance Judgments on organizational systems for assessing compliance with the organization Judgments about how to engage stakeholders regarding compliance
Strategy Personal judgments regarding compliance in your career Judgments about how your team evolves in its compliance approaches as new compliance challenges arise Judgments about how to engage and align all organization levels in compliance Judgments in leading stakeholders to execute compliance strategies
Crisis Personal judgments regarding compliance in times of crisis Judgments in how your team operates regarding compliance in times of crisis Judgments about how to work with your overall organization in compliance in times of crisis Judgments about dealing with key stakeholders regarding compliance in times of crisis

Lafley makes clear that succession planning does not begin at the time a CEO decides to retire. It should being at the time that a CEO is hired. This is to prevent a decision at the last minute or, worse yet, “to be left with effectively no decision.” As well as the process being started at the time of the hiring of a new CEO it must also fully engage the Board of Directors. Lafley provides several key points, all of which are applicable to the compliance component of succession.

Lafley defines the criteria that the evaluation process is an ongoing, not episodic process. In addition to a “broad and deep pipeline of qualified leaders” the candidates should be put through a variety of roles. In the compliance context, this would provide an opportunity to review the initiatives and responses in several different areas. In addition to running large and small business units, such candidates should oversee several different functions, as broadly as the Chief Financial Officer  to HR.

In many ways, evaluating a compliance criterion is as much an art as it is science. However, Lafley states that a specific list of “must-haves” is appropriate. It is not as simple as whether there was a violation or not. It is broader than that calculus. Paul McNulty’s three Maxims for evaluating a corporate compliance program are: (1) what did you do to prevent it; (2) what did you do to detect it; and (3) what did you do when you found out about it? Compliance for the CEO candidate is more than the third prong. How did you inculcate compliance into the business unit that you are managing? What controls did you put in place? And then what did you do when you found out about it? Indeed Department of Justice Compliance Counsel Hui Chen, recently remarked about the importance of ‘facetime’ by a Chief Compliance Officer with a President or Chief Executive.

Moreover the 2015, BNY Mellon’s FCPA enforcement action points towards the need to follow establish protocols, even in HR. If you have a process in HR for evaluation around succession planning, that process should be followed. If any exception is made, it is encumbent the exception be documented, justified, then reviewed and approved by an appropriate level of management.

Lafley defines this as “how the future might look”. You might explore a new geographic market with a candidate or a new product line, either of which might bring new compliance challenges. Being a part of a team to perform a risk assessment might indicate that new or different compliance safeguards need to be considered. Should monitoring, through continuous controls monitoring or other more sophisticated tools, be utilized as the compliance program evolves be considered?

Lafley points out that the choice of “a successor isn’t a done deal until the votes are cast and the announcement is made.” He advocates continuing to provide challenging projects, which would include those in the compliance arena, which can continue to provide feedback and guidance from the compliance perspective. As one division President told me “You are always being evaluated.” And so it should be. The selection of a new CEO is a substantial investment by a large company. Having the right person in the position from the compliance perspective is an important element in an overall evaluation. Remember – it all starts with the “Tone from the Top”.

Every time I perform a risk assessment and speak the company’s HR lead, they immediately understand the role than can play in moving forward a company’s compliance program. Even if the HR role is limited in the hiring process, they can ask potential candidates their views to determine underlying business ethics. HR can also begin the compliance inculcation process, even pre-hiring, by talking about the company’s values in the interview process. This sets an expectation that can be built upon if a candidate is selected and in every HR touch point going forward, including looking at employees in the succession planning process.

Three Key Takeaways

  1. Succession planning is just as important as governance, enterprise risk and strategic oversight
  2. Do not begin your succession planning when a senior manager announces their retirement.
  3. You are always being evaluated (or you should be).

 

This month’s series is sponsored by Advanced Compliance Solutions and its new service offering the “Compliance Alliance” which is a three-step program that will provide you and your team a background into compliance and the FCPA so you can consider how your product or service fits into the needs of a compliance officer. It includes a FCPA and compliance boot camp, sponsorship of a one-month podcast series, and in-person training. Each section builds on the other and provides your customer service and sales teams with the knowledge they need to have intelligent conversations with compliance officers and decision makers. When the program is complete, your teams will be armed with the knowledge they need to sell and service every new client. Interested parties should contact Tom Fox.

 

 

In this episode Matt Kelly and I take a deep dive into the cutting edge topic of artificial intelligence in many areas, including compliance. We discuss the uses of Artificial Intelligence in compliance. We consider how AI has progressed and what it means now for the compliance practitioner and what it will mean in the future.

For Matt’s blog post on the topic go to Don’t Outsmart Yourself: AI and Compliance

For Tom’s blog post on the topic go to AI for Risk Management: A New Business Advantage