1. Get buy-in from decision makers at the highest level of the company

Your company’s highest level must give the mandate for a revision to a Code of Conduct. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort.

  1. Establish a core revision committee

You should create a cross-functional working group should head up your effort to revise your Code of Conduct. It can include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally, there should be functions within the company represented such as finance and accounting, IT, marketing and sales.

  1. Conduct a thorough technology assessment

The foundation of the revision process is how your company captures, collaborates and preserves the decisions during the revision. Use should utilize the technology available to you to do so. This is also important in your distribution plan, particularly if the Code will only be available in hard copy.

  1. Determine translations and localizations

The DOJ and SEC require a local language component. You need to use  translations experts and know what they are doing when it comes to translations. Everyone must have the same understanding of the company’s Code-no matter the language.

  1. Develop a plan to communicate the Code of Conduct

You should use the full panoply of tools available to it to publicize your new or revised Code of Conduct at roll-out. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide Code of Conduct meeting where the new or revised Code is rolled out across the company all in one day. Also remember, you must document that each employee receives it.

  1. Stay on Target

If you set realistic expectations you should be able to stay on deadline and stay within your budget. Do not be distracted by other issues that might arise during the process.

Key Takeaways

  1. When did you last revise your Code of Conduct?
  2. You must have senior management buy-in to successfully revise your Code of Conduct.
  3. Keep your eye on the ball.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.

Welcome to Day 2 of 30 Days to a Better Compliance Program. Today I consider written protocols, which are the foundation upon which an effective compliance program is built. Written protocols consist of a Code of Conduct, policies and procedures and internal controls.”

Code of Conduct

The substance of your Code of Conduct should be tailored to your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

Policies, Procedures and Controls

The written policies and procedures required for a best practices compliance program are well known and long established. You should include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and Procedures are the documents that implement these standards of conduct.

Internal Controls

They are an interrelated set of compliance control mechanisms, designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records, the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Three Key Takeaways

  1. The United Airlines domestic corruption enforcement action makes a Code of Conduct an internal control.
  2. Translate your Code of Conduct and key policies into local languages.
  3. Document, Document, Document

For more information check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, by clicking here.

In this episode Matt Kelly and I take deep dive into the United Airlines SEC enforcement action for violation of internal controls around its reinstitution of a route from Newark to South Carolina at the insistence of the then Chairman of the New York and New Jersey Port Authority David Sampson in exchange for a concession to expand its physical facilities at the Newark airport. We review the background facts, as set out in the SEC Cease and Desist Order and the Justice Department Non-prosecution. We take a look at the internal controls violation of the former UA CEO for violating the company’s Code of Conduct, the finding of a lack of internal controls around its route reinstitution protocol and finally discuss the problem of senior management override of internal controls.

For more information on this enforcement action, check out Matt’s blog post on this matter, entitled, “This Weird United Airlines Case Just Happened”  and my blog post entitled, “The Chairman’s Flight and the US Corrupt Practices Act“.

Show Notes for Episode 32, week ending December 9:

  1. United Airlines SEC enforcement action for domestic; the Chairman’s Flight and the US Corrupt Practices Act, for a copy of the Justice Department NPA, click here and for a copy of the SEC Cease and Desist Order, click here.
  2. Monetary Authority of Singapore seeks to suspend former Goldman Sachs trader in 1MDB scandal. Link to Fox blog post on Compliance Week.
  3. FATF report that US weak on beneficial ownership issues, for a copy of the report, click here.
  4. Wal-Mart up to $820MM in pre-settlement FCPA settlement spend, on Radical Compliance.
  5. Release of eBook, Trump on Compliance.
  6. SEC Director of Enforcement, Andrew Ceresny announces he will leave the SEC. See NYT article, here.
  7. GibsonDunn briefing on The Road Ahead: DOJ and Federal Enforcement in the Trump Administration predicts a Southern California centered FCPA matter will be concluded by year end.
  8. 10th Annual SEC & DOJ HOT TOPICS 2017 — Current Developments Materially Affecting Corporations, Financial Institutions, Individuals organized by Sandpiper Partners LLP and program developed by PwC, notes GibsonDunn partner Deb Yang listed as potential SEC Commissioner.
  9. Jay Rosen weekend report update.


7K0A0246Tone at the top is the single most ubiquitous phrase in compliance. However, I heard it phrased in a manner last week which not only made sense but explained why it is the most used phrase. It came from Vanessa Rossi, FCPA Due Diligence Compliance Counsel at Baker Hughes Inc. Rossi says the phrase which resonates with her is ‘tones at the tops’ because for every employee, the top is not the company Chief Executive Officer (CEO) but the supervisor immediately above them and it is this immediate ‘top’ which sets the company’s tone for the employee. It is also that supervisor who will set not only the true culture of an employee but will address any complaints that employee has about violations of the company’s self-professed culture. Finally, it may also mean there is more than one ‘tone’ in any organization. Rossi’s insight certainly explains quite a bit about the Wells Fargo scandal.

Today, I continue my exploration of the Consumer Financial Protection Bureau (CFPB) enforcement action against Wells Fargo. Yesterday, I wrote about how something as benign as the cross-selling of banking products and services can become a very high risk proposition if not managed properly. Today I want to consider the culture at Wells Fargo and how it contributed to the bank creating some 2 million false and fraudulent accounts which led to some 5,300 employees being fired and the CFPB (and others) fine of $185MM.

On its public website, Wells Fargo has a Code of Conduct available for inspection and download. The document is entitled Our Code of Ethics & Business Conduct – Living Our Vision & Values. In his cover letter introducing the document, CEO John Stumpf says the following, “We are all responsible for maintaining the highest possible ethical standards in how we conduct our business and serve customers. After all, our culture is centered on relationships, and those relationships are built on trust. Our customers have high expectations of us, and we have even higher expectations of ourselves.”

The Code itself has a section entitled Ethics, subtitled “Our ethics are the sum of all the decisions each of us makes every day”, the first sentence reads, “We have a responsibility to always act with honesty and integrity.” In the next section entitled What’s right for customers, subtitled “We want to be approachable and caring, exceed our customers’ expectations, and invest in relationships that last a lifetime”, the first three sentences read, “Our customers are always our priority. Our customer focus is one of the characteristics that distinguishes us from our competitors. We do what’s right for our customers”. The very next section, entitled Making the Right Choice, has a first sentence which reads, “If you’re faced with an ethical dilemma and you’re not sure what to do, ask these questions:


The section ends with the following, “If your answer to any of these questions is “No,” don’t do it.” So it appeared that Wells Fargo said the right things. Indeed, CEO Stumpf, in a Wall Street Journal (WSJ) article by Emily Glazer and Christina Rexrode, entitled “Wells Boss Says Staff at Fault for Scams”, says, “It was the employees’ fault” and “There was no incentive to do bad things.”

Wells Fargo did not have a ‘paper Code’ like Enron; sitting there for all to see but never trained upon. In a New York Times (NYT) article, entitled “Warned About Excesses, Then Prodded to Sell”, Michael Corkery and Stacy Crowley wrote, “The message to the dozens of Wells Fargo workers gathered for a two-day ethics workshop in San Diego in mid-2014 was loud and clear: Do not create fake bank accounts in the name of unsuspecting clients. Similar warnings were being relayed from corporate headquarters in San Francisco to regional bankers in Texas, as senior management learned that some Wells employees had been trying to meet exacting sales goals by creating sham bank accounts and credit cards instead of making legitimate sales.”

Yet, in spite of this training, statements made by Stumpf to the WSJ and the sections on ethics in the Wells Fargo Code of Conduct point to a clear disconnect between the values articulated in the corporate headquarters with those out in the field, in the branch offices selling consumer banking products across America. This points to a major disconnect between the corporate office and the field. What was important at the corporate office as a cultural value was not so important to those with their jobs on the line out in operations. The WSJ quoted one former Wells Fargo teller who was critical of this corporate message, who was quoted in the piece, said, “It was all management, their boss, then their boss, then their boss. They are putting pressure on employees and it’s sad. People need their jobs.”

The reason company employees continued to break the law is seemingly straightforward. The pressure put on employees was to cross-sell, cross-sell and then cross-sell. The NYT piece said, “Wells continued to push sales goals that caused employees to break the rules in the first place.” Moreover, “The biggest problem, the former employees say, has been Wells Fargo’s aggressive sales culture, which was nurtured and honed over decades at the bank’s highest levels.” The pressure to cross-sell was relentless. One former Wells Fargo employee, Sharif Kellogg, was cited stated, ““The branch managers were always asking, ‘How many solutions did you sell today?’ They wanted three to four a day. In my mind, that was crazy — that’s not how people’s financial lives work.””

Wells Fargo apparently noticed something was askance several years ago. The Los Angeles Times first reported on scam allegations coming out of Los Angeles branches back in 2013. The company knew it had a problem and hence the compliance and ethics training. But branch managers (the immediately tops above the consumer sales force) continued to push cross-selling. The NYT piece noted, “former Wells employees swapped grim stories about the dichotomy between their ethics training — where they were formally told not to do anything inappropriate — and the on-the-job reality of a relentless push to meet sales goals that many considered unrealistic.” Another former employee said, “During our training we go through SO much training about ethics and how you CANNOT do that. I got threatened to be fired as a teller with them because I wasn’t meeting my numbers. I told them I didn’t believe in trying to convince someone to spend money they don’t have, get what they don’t need.”

The bottom line was that Wells Fargo employees were hounded by the immediate managers to meet clearly unrealistic sales quotas. What was the pressure those branch managers were under? Going in another direction, one former Wells Fargo employee basically said the branch managers were getting rich off the back of their employees when they joked on a YouTube spoof video, ““If tellers and bankers make those sales numbers each day, at the end of the month everybody in the branch will get a $5 gift card to McDonald’s. The district manager will get a $10,000 cash bonus.””

Even with a robust and specific Code of Conduct, a CEO allegedly committed to doing business the right way and specific training the ‘tone’ of the organization came from the employees’ immediate bosses. If a branch manager wanted you to cross-sell products to customers who did not want them, did not need them, could not afford them or did even know they had been assigned the products; that is what the employees did. If not, they would be fired. In the corporate world, that is the clearest statement of culture a company can have.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016