DawkinsDaryl Dawkins died yesterday. To anyone who followed the National Basketball League (NBA); Dawkins will always be remembered with the brilliant Stevie Wonder-derived moniker – Chocolate Thunder. I will also remember him for three things. First he was one of the very rare high school stars who went straight to the NBA with no college stop and was successful. The second was when he squared off to fight Maurice Lucas of the Portland Trailblazers during the 1977 NBA finals. Let’s just say Dawkins slaps at Lucas did not come close to hitting their mark. Number 3 was his thundering dunks, particularly one in a game against the Kansas City Kings at Kemper Arena on November 11, 1979, Dawkins threw down such a massive dunk that the backboard shattered. Then three weeks later he did it again.

As noted Dawkins was one of a very few high schoolers to NBAers who did even passably well. His contemporary Bill (Pugh) Willoughby had some success with Atlanta and, of course, Moses Malone had a Hall of Fame career, later taking those now Dawkins-less Philadelphia 76ers to the NBA promised land in 1983. I thought about Dawkins and his lack of college seasoning while reading the absolutely disgusting story of Art Briles, the University of Baylor, its football team and the saga of Sam Ukwuachu.

Jessica Luther and Dan Solomon have been following this sorry spectacle. In an article in Texas Monthly, entitled “Silence at Baylor”, they wrote, “That Ukwuachu transferred to Baylor in May 2013 because he had been kicked off the Boise State team for a previous incident of violence involving a female student; that Ukwuachu claimed after the transfer was announced that Baylor’s coaches “knew everything” about what happened in Idaho; and, as indicated by court documents obtained by Texas Monthly, the two programs had some communication regarding Ukwuachu in which Boise State officials expressed reticence about supporting the player’s efforts to get back on the field.”

Art Briles, the Baylor head football coach, claimed that he was never informed from anyone at Boise State about Ukwuachu’s prior incident, even implying they had covered it up. Yet Chris Petersen, then head coach at Boise State and now head coach at the University of Washington, said he had fully disclosed to Briles the details about Ukwuachu. Petersen said in a statement, ““After Sam Ukwuachu was dismissed from the Boise State football program and expressed an interest in transferring to Baylor, I initiated a call with coach Art Briles,” Petersen said. “In that conversation, I thoroughly apprised Coach Briles of the circumstances surrounding Sam’s disciplinary record and dismissal.” It is known that Boise State did not support any waiver that would have allowed Ukwuachu to play immediately for Baylor upon his transfer. In the fall of 2014 Ukwuachu sexually assaulted a female soccer player. Ukwuachu was indicted and convicted this month of second-degree sexual assault. His sentence – 180 days in jail and 10 years probation.

Briles and Baylor have claimed they are really the aggrieved party here because if Coach Petersen or anyone at Boise State had told them that Ukwuachu had been disciplined or dismissed from the Boise State team for sexual assault they would never have given him a full scholarship to Baylor. This means Briles and Baylor would have simply ignored the football facts that Ukwuachu was a Freshman All-American and highly recruited high school athlete. Indeed in early June of this year, Baylor defensive coordinator Phil Bennett said at a luncheon in Fort Worth for the Baylor Sports Network, that he expected Ukwuachu to play this year. This was in the face of a trial scheduled to begin some two months later.

All of this was overlaid by a university which, if not trying to suppress all this news about Ukwuachu, certainly did nothing to alert its student body that a scholarship athlete was on trial for sexual assault. Moreover, according to Luther and Solomon in Texas Monthly, “Meanwhile, the details about the investigation conducted by Baylor that came out during the trial reveal one that was shockingly brief: It involved reading text messages, looking at a polygraph test Ukwuachu had independently commissioned – which is rarely admissible in court – and contacting Ukwuachu, Doe, and one witness on behalf of each of them.”

I thought about all this sorry state of affairs at Baylor in the context of the Foreign Corrupt Practices Act (FCPA) and anti-corruption compliance programs. There is a clear reason why the responsibility should be on any company which wants to employ a third party to act on its behalf to do thorough due diligence on that agent. If this was not the situation, companies would make claims similar to those made by Baylor Coach Briles that “no one told me about Ukwuachu.” If Briles had accepted his responsibility for bringing a player into the university and onto his team, he might have understood the importance of knowing who you are dealing with going forward.

It is incumbent that a company evaluates and addresses its risks regarding third parties. This means that an appropriate level of due diligence may vary depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology (IT) services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering into the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.

Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK Ministry of Justice (MOJ) stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The MOJ said that due diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”

The onus put on companies too not only do compliance but to ‘Document, Document, and Document’ that effort provides the incentive needed to comply with the law. If there was not such an incentive, you have would have corporations crying out now like Baylor Coach Briles that it was the responsibility of the school and team which dismissed him to alert them about Ukwuachu’s past misdeeds. Fortunately for FCPA compliance and the greater anti-corruption compliance community, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) do not see things in such a light.

As to Chocolate Thunder, at one point in his career Dawkins said that he was an alien from the Planet Lovetron. Alien or human, I hope you will join me in wishing a smooth trip to the great hereafter to one of the NBA’s most unique characters.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Social Media VII conclude this exploration of the uses of social media in doing compliance by exploring why the compliance function is uniquely suited to using social media tools. Long gone are the days when Chief Compliance Officers (CCO) or compliance practitioners were lawyers housed in the Legal Department or the General Counsel’s (GC’s) office writing policies and procedures and then putting on eight hour training programs on same. Donna Boehme has written passionately about CCO 2.0 and the structural change to separate the CCO role from that of the GC because of the differences in focus of a CCO and GC. Simply put, a GC and legal department is there to protect the company while the CCO and compliance function exists to solve problems before the company needs protections from them.

Freed of the constraints to write policies and procedures by lawyers for lawyers, the profession has moved to integrating compliance directly into the fabric of the company. I often say that a Foreign Corrupt Practices (FCPA) compliance program is a business solution to a legal problem. The problem is how to comply with the FCPA and other anti-corruption regimes. The solution is to burn compliance into the DNA of your company so that it is not only owned by the business unit but also acted on by the business unit in its day-to-day operations.

I think this means that we are now moving to CCO 3.0 where a CCO or compliance practitioner is putting compliance into the forefront of how a company does business. The example of safety comes to mind when every corporation I ever worked at made clear that safety was everyone’s responsibility, literally from the shop floor to top of the company. I once heard of a Executive Vice President (EVP) of a major oil and gas operating company, while touring a contractor’s facility, stop the tour to point out that a contractor carry two bags of trash down a set of stairs was an unsafe practice and required the employee to carry one bag at a time so she could hold the handrail while descending the stairs. That is the level of the awareness of safety now.

The evolution of compliance is just as dramatic. Moreover, the compliance function should be on the cutting edge of moving it forward within your company. The important thing to remember about social media tools is precisely that; they are tools that a CCO, compliance practitioner or any company can use to communicate with their employee base. Put another way, social media is but one part of the communication ecosystem which can be used to market the message of compliance.

Last week I wrote that there are still many companies who do not allow their employees access to the most popular and useful social media tools at work or even on company computers. While these companies always claim it is due to security issues, the reality is that they simply do not trust or even respect their employees. In such a company, management is much more concerned about what employees might say about an organization than trusting that they not only want to do the right thing but will execute such a strategy when provided the opportunity to do so, through the mechanism of social media. This means that companies which trust and respect their employees do not have to worry about employees releasing confidential data through social media channels because there are plenty of other ways that employees can release confidential information if they were so inclined. Indeed think of the Dodd-Frank Whistleblower provision and how many employees who report to the Securities and Exchange Commission (SEC) reported or tried to report internally before going to the SEC. Simply put if a company does not trust and respect its employee base, communicating the message of compliance throughout an organization will be more difficult but that is clearly not the signal senior management is sending to its employees.

The compliance function must engage with its customer base, AKA the employees in a company. Charlene Li, in her recent work “The Engaged Leader”, said in the introduction “In order to be truly effective today, leaders in business and society must change how they engage, and in particular how they establish and maintain relationships with their followers via digital channels.” The same is true for the compliance function. She believes that technology has changed the dynamic between leaders and their followers. In The Engaged Leader she explains:

  • Why leaders need to master a new way of developing relationships, which begins by stepping out of traditional hierarchies
  • How to listen at scale, share to shape, and engage to transform
  • The art of making this transformative mind shift
  • The science of applying the right tools to meet your strategic goals

Li believes that “This transformation is not optional. Those who choose not to make this change will be abandoned for those who inspire people to follow them.” In an interview for the podcast HBR Ideacast, entitled ““Social Media Savvy CEO” is no Oxymoron, Li further expounded on these views. She asked why a leader would be afraid to engage with those in his or her corporation? But more than simply engagement, she asked why would a leader want to cut themself off from the best source of information for them and available to them; their employee base, through social media. After all, every company strives to have an active engagement with their customer base so why not have it with employees.

Now change out Li’s language from ‘leaders’ and insert ‘CCOs or compliance practitioners’. I think it is even more critical for the CCO or compliance practitioner because doing compliance is something that should occur in the business units. Yes a CCO can put those policies and procedures in place but it is the folks in the field who must implement them going forward. If social media can be a tool to help facilitate doing compliance why not embrace it for communications, training, input, problem identification or resolution?

Yet there is another reason for the compliance function to embrace social media going forward. One of my favorite thought leaders around innovation in the legal arena is Professor David Orozco. In a blog post, entitled “Innovation in the Legal Sector”, he said, “Innovation is a big deal. It’s been a big deal ever since customers rewarded differentiation and punished companies that failed to maintain their creative edge.” The same is equally, if not more so, applicable to the compliance arena. The Department of Justice (DOJ) has consistently made clear that FCPA compliance programs should be evolving and using the newest and best tools available. That sounds suspiciously like social media to me. So if these tools are available to you and at a very reasonable cost (i.e. free) why not consider using them. If you are afraid of information getting out of your company, why not consider using the social media concepts behind your firewall in your company intranet system?

Finally, even if you cannot use some of the publicly available tools discussed earlier, there is no reason that you cannot incorporate the concepts into your compliance program. By that I mean you can use the communication ideas inside of your company for your compliance program. You can create the equivalent of a Tweet-Up where the CCO or others answer questions that employees submit. Similarly, you can live stream a Q&A session using the concepts articulated by Meerkat and Periscope for social media live streaming. Pinning compliance reminders or other information in some type of internal company bulletin board is using the basic concept of Pinterest. I am sure that you can accomplish the same by using SharePoint. Why not create an internal compliance reminder video series using the same tools that a millennial would use to create a Facebook post?

Think all of this sounds far-fetched? Think again. In this month’s issue of the Compliance Week magazine, Guest Columnist Raphael Richmond, the CCO at Ford Motor Company, in an article entitled “Compliance? There Should Be an App for That!, detailed how the company has created an app for iPhone and Android devices that “allows users to access compliance information quickly, including brief, easy-to-understand policy summaries and answers to frequently asked questions (FAQs). The app also has a “Can I … ?” tab that acts as a quick decision tree for finding specific answers to commonly asked questions. Topics in our app address a range of compliance issues, from anti-bribery guidance to Ford’s approach to gifts and favors, meals, travel, and social events. Individuals can also report a suspected violation directly from the app to the Corporate Compliance Office.” It will certainly be exciting to see how Ford develops this tool going forward.

I often say that as a CCO or compliance practitioner you are only limited by your imagination. The use of social media in your compliance function is one that is crying out for imaginative usages. As we move to CCO 3.0, the compliance function will need to avail itself of all the tools it can to communicate the message of compliance. The DOJ currently requires companies that enter into Deferred Prosecution Agreements (DPAs) to keep abreast of technological innovations in compliance. How long do you think it will take for the DOJ to start asking how much compliance communication you have both up and down the chain? If you are not using a social media tool or even a social media technique you may already be behind the 8-ball and you certainly will be left behind in the marketplace of ideas going forward.

I hope that you have enjoyed this six-part series on the use of social media in your compliance program as much as I have enjoyed researching it, writing and posting it. If you are currently using social media tools, concepts or techniques in your compliance program please contact me, as I would appreciate the opportunity to learn more about what your organization is up to in that realm. Also, please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

TrainingI am pleased to announce the initiation of my FCPA Master Class training sessions. I will put on a two-day Foreign Corrupt Practices Act (FCPA) training class, which will be unlike any other class currently being offered. The focus of the FCPA Master Class will be on the doing of compliance. For it is only in the doing of compliance that companies have a real chance of avoiding FCPA liability.

The FCPA Master Class will provide a unique opportunity for any level of FCPA compliance practitioner, from the seasoned Chief Compliance Officer (CCO) to the practitioner who is new to the compliance profession. If you are looking for a training class to turbocharge your knowledge on the nuts and bolts of a FCPA compliance program going forward, this is the class for you to attend.

As one of the leading commentators in the FCPA compliance space for several years, I will bring a unique insight of what many companies have done right and many have done not so well over the years. This professional experience has enabled me to put together a unique educational opportunity for any person interested in FCPA compliance. Simply stated, there is no other FCPA training on the market quite like it. Armed with this information, at the conclusion of the FCPA Master Class, you will be able to implement or enhance your compliance program, with many ideas at little or no cost.

The FCPA Master Class will move from the theory of the FCPA into the doing of compliance and how you must document this work to create a best practices compliance program. Using the Ten Hallmarks of an Effective Compliance as a guide, you will learn the intricacies of risk assessments; what should be included in your policies and procedures; the five-step life cycle of third party risk evaluation and management; tone throughout your organization; training and using other corporate functions to facilitate cost-effective compliance programs.

Highlights of the will include:

  • Understanding the underlying legal basis for the law, what is required for a violation and how that information should be baked into your compliance program;
  • What are the best practices of an effective compliance program;
  • Why internal controls are the compliance practitioners best friend;
  • How you can use transaction monitoring to not only make your compliance program more robust but as a self-funding mechanism;
  • Your ethical requirements as a compliance practitioner;
  • How to document what you have accomplished;
  • Risk assessments – what they are and how you can perform one each year.

You will be able to walk away from the FCPA Master Class with a clear understanding of what the FCPA is and what it requires; an overview of international corruption initiatives and how they all relate to FCPA compliance; how to deal with third parties, from initial introduction through contracting and managing the relationship, what should be included in your gifts, travel, entertainment and hospitality policies; the conundrum of facilitation payments; charitable donations and political contributions, and trends in compliance. You will also learn about the importance of internal controls and how to meet the strict liability burden present around this requirement of FCPA compliance.

The FCPA Master Class will be based around my book, Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which focuses on the creation, implementation and enhancement of a best practices compliance program. Each participant will receive a copy of my book, as well as all training materials to keep and use for reference purposes going forward.

The first FCPA Master Class will be held in Houston, TX on September 10 and 11 at the offices of Merrill Brink International, 315 Capitol St #210, Houston, TX 77002. A Certificate of Completion will be provided to all who attend in addition to the continuing education credits that each state approves. The cost to attend is $1,195 per person. Group pricing is available. Breakfast, lunch and refreshments will be provided both days. For more information or a copy of the agenda, contact Tom Fox via email at tfox@tfoxlaw.com or telephone at 1-832-744-0264. Additional information and registration details are available on my website, Advanced Compliance Solutions.

There will be additional FCPA Master Class training sessions at other locations across the US later this year. I hope that you can join me for one of them.







To find out what type of student you are, please take this Quiz by clicking here.

HemingwayOn this day in 1899, Ernest Hemingway was born. To me, he was the greatest Man of Letters the US has produced. Probably like most of you all, I was introduced to Hemingway in high school through The Son Also Rises. It remains my favorite of his works but I have enjoyed many more of his novels, short stories and non-fiction work. I particularly enjoyed his Nick Adams short stories as I found them crisply written and with a conciseness of language that is not often found today, or perhaps in any other time. Hemingway was awarded the Pulitzer Prize in 1953 and the Nobel Prize for Literature in 1954. He died via suicide in 1962.

I thought about Hemingway and his writing style when reading the most recent Corner Office column by Adam Bryant in the New York Times (NYT), entitled “To Work Here, Win the ‘Nice’ Vote”, where he profiled Peter Miller, the Chief Executive Officer (CEO) of Optinose, a pharmaceutical company. Miller has some interesting leadership concepts that are applicable to the position of Chief Compliance Officer (CCO) 2.0 and how a CCO 2.0 could use influence to lead, not only in the compliance function but also across an organization.

Miller talked about one thing you rarely hear in the corporate world, which is to be nice. He garnered this concept because as a “young sales manager at Procter & Gamble. I had five salespeople working for me, and one of the guys was 55 and another guy was 48. They were really successful salespeople, so I realized that I couldn’t teach these guys anything about selling. Since I couldn’t teach them anything, I tried to cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way.”

Yet this apparent inability to lead in precisely the area he was tasked in leading led Miller to formulate “a very important core value of mine, which is that you can and should try to create friends at your company.” But more than simply becoming friends, Miller came to the understanding that underlying the friendship “is this concept of trust and respect. When you get that as a team, that’s when great things happen. And that comes from creating a culture of openness, of authenticity, of being willing to have fearless conversations. It’s about being yourself, not being afraid to say what’s on your mind.”

As a CCO, you need to be able to have that type of conversation with those both up and down your chain of command. Certainly it is always beneficial to have type of relationship with your team that allows the full flow of communication. Miller said, “Think about how people are with their best friends. You want them to succeed. And sometimes that means having really hard conversations. If that’s what’s motivating you — and you’re really trying to help everybody around you in a company as if they were great friends of yours — that’s really powerful.”

I was interested in using some of Miller’s insights in the managing up role for any CCO. You have to be able to have some very frank conversations with your CEO and Board members about your compliance program and any issues that may arise under it. As CCO if you “cultivate trust and respect by working really hard at figuring out how I could help them in a meaningful way” as Miller used with his more senior sales team members, it should certainly help you going forward when you have to manage up your chain.

I also thought about this somewhat enlightened approach as contrasted with another style that I read about in a recent On Work column by Lucy Kellaway in the Financial Times (FT) entitled, “Wrong skillset excuse masks coup at the top of Barclays, where she discussed the recent termination of Antony Jenkins from Barclays Bank. The newly installed chairman of the company’s Board, John McFarlane, who simultaneously promoted himself to CEO, Jenkins former position, fired Jenkins. The reason Jenkins was fired; he no longer had the right “set of skills” for the organization. Chairman McFarlane explained to Kellaway that there were four skills going forward which (apparently) were lacking in Jenkins: “a) strategic vision; b) charisma; c) the ability to put plans in place that deliver shareholder value; and d) ability to ensure results were delivered.” Ironically, Kellaway noted that lawyers for Kleiner Perkins had said that Ellen Pao “was an employee who never had a skillset.”

Kellaway noted the obvious when she wrote “To invoke skillsets in hiring is not only ugly, but dangerous. Find the right person to run a very big bank is very hard, and having a list of skills that you are matching an applicant against is not necessarily the best way of going about it.” More ominously, she noted that the head of such bank would have to be able to reign in the traders and investment banker types who brought Barclays its unwanted regulatory scrutiny. More critically from the compliance perspective, I think it says much more about Chairman McFarlane that he did not say anything about a new CEO running the business ethically, in compliance or in any other manner which could help to prevent Barclays from another very large fine or penalty from the regulators.

McFarlane’s dictum is one that will certainly be noted by regulators on both sides of the Atlantic going forward. After the disastrous run by former Barclays’ head Bob Diamond, the bank was moving in the direction of regulatory compliance while securing the profits demanded by shareholders. However, McFarlane’s sacking of Jenkins could well derail the bank’s focus on ethics and compliance and engender the former attitude which led to the bank’s fine in the LIBOR scandal.

Unlike Peter Miller at Optinose, it does not appear that Chairman McFarlane appreciates the trust and respect style of leadership. I fear things may well turn out badly for Barclay’s yet again with the newly found emphasis on profits, profits and profits.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

great pyramid of giza

I continue my Great Structures Week with a focus on great structures from the earliest times, ancient Egypt and Greece. I am drawing these posts from The Teaching Company course, entitled “Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity”, taught by Professor Stephen Ressler. From Egypt there are of course the Pyramids, of which Ressler says, “They’re important, not just because they’re great structures, but also because they represent some of the earliest human achievements that can legitimately be called engineering. The Great Pyramid of Giza stands today as a testament to the strength and durability of Egyptian structural engineering skills.”

From Greece we derive what Vitruvius called the “Empirical Rules for Temple Design” which define a “single dimensional module equal to the radius of a column in the temple portico, then specify all other dimensions of the building in terms of that module.” These rules are best seen in Greek temples, largely consisting of columns, which are defined as “a structural element that carries load primarily in compression” and beams, which are “structural elements subject to transverse loading and carry load in bending.” My favorite example of the use of columns is seen in the Parthenon; the most famous of all Greek temples still standing.

In many ways these two very different structures stand as the basis of all structural engineering and Great Structures that come later throughout history. For any anti-corruption compliance regime based on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-bribery statutes, the same is true for a Code of Conduct and written policies and procedures. They are both the building blocks of everything that comes thereafter.

In an article in the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual, 2nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”Parethnon

There are several purposes identified by the authors that should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, I suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the FCPA Guidance, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Another way to think of policies, procedures and controls was stated by Aaron Murphy, now a partner at Foley & Lardner, in his book “Foreign Corrupt Practices Act”, when he said that you should think of all three as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Borrowing from an article in the Houston Business Journal (HBJ) by John Allen, entitled “Company policies are source and structure of stability”, I found some interesting and important insights into the role of policies in any anti-corruption compliance program. Allen says that the role of policies is “to protect companies, their employees and consumers, and despite an occasional opposite outcome, that is typically what they do. A company’s policies provide a basic set of guidelines for their employees to follow. They can include general dos and don’ts or more specific safety procedures, work process flows, communication guidelines or dress codes. By establishing what is and isn’t acceptable workplace behavior, a company helps mitigate the risks posed by employees who, if left unchecked, might behave badly or make foolhardy decisions.”

Allen notes that policies “are not a surefire guarantee that things won’t go wrong, they are the first line of defense if things do.” The effective implementation and enforcement of policies demonstrate to regulators and the government that a “company is operating professionally and proactively for the benefit of its stakeholders, its employees and the community it serves.” If it is a company subject to the FCPA, by definition it is an international company so that can be quite a wide community.

Allen believes that there are five key elements to any “well-constructed policy”. They are:

  • identify to whom the policy applies;
  • establish the objective of the policy;
  • explain why the policy is necessary;
  • outline examples of acceptable and unacceptable behavior under the policy; and
  • warn of the consequences if an employee fails to comply with the policy.

Allen notes that for polices to be effective there must be communication. He believes that training is only one type of communication. I think that this is a key element for compliance practitioners because if you have a 30,000+ worldwide work force, the logistics alone of such training can appear daunting. Consider gathering small groups of employees, where detailed questions about policies can be raised and discussed, as a powerful teaching tool. Allen even suggests posting Frequently Asked Questions (FAQ’s) in common areas as another technique. And do not forget that one of the reasons Morgan Stanley received a declination to prosecute by the Department of Justice (DOJ) was that it sent out bi-monthly compliance reminder emails to its employee Garth Peterson for the seven years he was employed by the company.

The FCPA Guidance ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” Allen puts a bit differently in that “it is important that policies are applied fairly and consistently across the organization.” He notes that the issue can be that “If policies are applied inconsistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated.” This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

For a review of what goes into the base structures of a best practices compliance program, I would suggest you check my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week. You can review the book and obtain a copy by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015