To read more, check out my blog post series on Hallmark 8.

For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.

Roman Numbers 1-10.2The FCPA Guidance has about as clear, concise and short a statement about hotlines than any other Tenet of an Effective Compliance Program. It states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” But more than simply hotlines, companies have to make real efforts to listen to employees. But you must spend time working on this issue. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.

The reason is that its own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the US Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.

What are some of the best practices for a hotline? I would suggest that you start with at least the following:

  1. Availability – a Hotline should be available 24 hours a day/7 days a week and toll-free. It should be available in the native tongue of the person utilizing it so if your work force uses more than one language for inter-company communications, your Hotline should reflect this as well.
  2. Anonymity – while some foreign jurisdictions do not allow anonymous reporting, the US is not one of them. You need to have a mechanism that allows an employee to make an anonymous report and put in safeguards which will ensure anonymity going forward should the reporting employee desire it.
  3. Escalation – after a report is received through the Hotline it should be distributed to the appropriate person or department for action and oversight. This would also include resolution of the information presented, if warranted and consistent application of the investigation process throughout the pendency of the matter.
  4. Follow-Up – there should be a mechanism for follow-up with the Hotline reporter, even if the report is made anonymously. This allows the appropriate person within your organization to substantiate the report or obtain additional information at an early stage, if appropriate.
  5. Oversight – the information communicated through the Hotline should be available to the appropriate Board Committee or Management Committee in the form of statistical summaries and that an audit trail be available to the appropriate oversight group of actions taken and resolution of any information reported through the Hotline.

In the area of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

I would emphasize, yet again, that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

What is your FCPA Investigation Protocol?

With the advent of the SEC Whistleblower Program, courtesy of Dodd-Frank, it is imperative that a company quickly and efficiently investigate all hotline reports. This means you need an investigation protocol in place so that the entire compliance function is on the same page and knows what to do. The following is a suggested starting point.

Step 1: Opening and Categorizing the Case. Under this first step, you should categorize the ethics and compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. After notification, you should assemble your investigation team for preliminary meetings and assessments. This Step 1 should be accomplished in one to three days after the allegation comes into compliance, either through your reporting structure or other means.

Step 2: Planning the Investigation. After assembling your investigation team, you should determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, or relationships need to be analyzed through relationship software programs or key word search programs, this should also be planned out at this time. These tasks should be integrated into a written investigation or work plan so that the entire process going forward is documented. Also if there is a variation from the written investigation plan, such variation should be documented and an explanation provided as to why there was such a variation. Lastly, if international travel is involved this should also be considered and planned for at this step. This Step 2 should be accomplished within another one to three days.

Step 3: Executing the Investigation Plan. Under this step the investigation should be completed. I would urge that the interviews not be effected until all documents are reviewed and ready for use in any interviews. Care should be taken to ensure that an appropriate Upjohn warning is issued and that the interviewee clearly understands that whoever is performing the interview represents the company and not the person being interviewed, whether they are the target of the investigation or not. The appropriate steps should also be taken to preserve the attorney-client privilege and attorney work product assertions. This Step 3 should be accomplished in one to two weeks.

Step 4: Determining Appropriate Follow-Up. At this step the preliminary investigation should be completed and you are ready to move into the final phases. In some investigations, it is relatively easy to determine when the work is essentially complete. For example, if the allegation is both specific and narrow, and the investigation reveals a compelling and benign explanation for the conduct alleged, then the investigation typically is complete and you are ready to convene the investigation team and the relevant business unit representatives. This group would decide on the appropriate disciplinary steps or other actions to take. This Step 4 should be completed in one day to one week. It must be cautioned that at this step, if there are findings of specific or discrete allegations of corruption and bribery, a decision must be made as how to handle such findings going forward.

Step 5: Closing the Case. Under this final step, you should communicate the investigation results to the stakeholders and complete the case report. Everything done in the above steps should be documented and stored, either electronically or in hard copy form together. The case report should be completed. This Step 5 should be completed in one day to one week.

Finally, do not forget that you cannot prevent employees from good-faith reporting to relevant government agencies, allegations of FCPA violation; either by employment contract or severance agreement language.

For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.

Check out my podcast series on the Ten Hallmarks, featuring Hallmark 8 by clicking here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

VolunteersThere are times when the universe converges in some of the oddest coincidences. It happened one day last week when two members of the original Jefferson Airplane lineup died on the same day. Most people familiar with what my teenaged daughter would call Classic Rock know the name Paul Kantner and his role in co-founding the band, Jefferson Airplane. As reported in his New York Times (NYT) obituary, “seen as the intellectual spokesman for the group, with an ideology reflected in his songs, that combined anarchic politics, an enthusiasm for mind-expansion through LSD and science-fiction utopianism.” Kantner wrote some of their top songs, including Today, Young Girl Sunday Blues and my personal favorite (Woodstock version) Volunteers. He also wrote Wooden Ships with Stephen Stills and David Crosby, which described a group of people escaping a postapocalyptic society to create its own freedom in a time and place unknown.

The second founding member of Airplane is much less well known. Signe Toly Anderson was the original female vocalist for Jefferson Airplane. As reported in Consequence of Sound, an online publication, Anderson joined Jefferson Airplane shortly after their formation in 1965 and sang on their debut album, Jefferson Airplane Takes Off. She left the band following the birth of her first child, due to an unwillingness to tour. Grace Slick replaced her and the Airplane had their classic lineup in place. In a statement another Airplane co-founder, Marty Balin said, “One sweet Lady has passed on. I imagine that she and Paul woke up in heaven and said ‘Hey what are you doing here? Let’s start a band’.”

While I did not purchase all the Airplane studio albums and listen to them as I did when The Eagles co-founder Glenn Frey died last month, I did purchase a couple and grooved out to them over the weekend. One of the clear things expressed to me was the evocative song writing, in a word communication. I have been thinking about communication in compliance programs, specifically around hotlines since I read an article in the most recent edition of Harvard Business Review (HBR) by James R. Detert and Ethan R. Burris, entitled “Can Your Employees Really Speak Freely?” One of the key points from the article was the need to focus on communications throughout your organization; both up and down the line.

They stated the problem, as they saw it, was that while leaders try “to make it easier for employees to share ideas and concerns-they usually end up doing the opposite.” They cited two key reasons: (1) fear of retaliation and (2) lack of responsiveness. They provided a list of several programs and policies that a company could implement which they believed might address these shortcomings. I found their list useful for a Chief Compliance Officer (CCO) or compliance practitioner to consider in not only their whistleblower program but as greater communications enhancements in any company.

Make feedback a regular, casual exchange 

This means get out and meet with the troops. The authors suggest, “Schedule regular meetings with your employees, and don’t cancel every time you don’t have an agenda. In fact, you might occasionally announce that the top item on the agenda will be employee feedback. Tell people in advance what sort of conversation you’ll be having (a brainstorming meeting, for instance, or a planning session), and explain the kinds of problems or possibilities you want to discuss.” Equally important is that you actually implement an appropriate suggestion from such meetings, i.e. bonus points giving credit to the employee who suggested it.

Be transparent 

For a CCO or compliance practitioner, one of the most important things you bring to any employee interaction is credibility. Part of this credibility is in being transparent. The authors suggested a transparent timetable for triage, implementation and feedback. They noted, “Spelling out guidelines and commitments up front made contributing feel less daunting and futile to employees.”

Reach out 

This is more than simply the ‘duh’ moment of getting out of the office. It means to seek out new ideas and new opinions. Yet the authors had a fresh slant on it when they said, “When you do ask for feedback, go to the people who know something you don’t. The folks in your immediate network probably are similar to you in background, perspective, and knowledge—so branch out. Counteract the all-too-common norm of expecting new people to quietly fit in until they understand “how we do things around here.” New people can tell you how other organizations operate and will have a fresh perspective on your firm’s strengths and weaknesses.”

Soften the power cues 

Power can not only squelch communications but can kill it outright. Coming from the energy industry, with its hierarchical nature, I certainly understand the power dynamic. Here the authors are concerned with the symbols and vestiges of power, down to things like the office setting. Of course, there is always the concern when you are seen going into the CCO office so the authors suggest, “take steps to make your guests feel more comfortable. Add a small table with chairs of the same size and quality so that when someone comes to talk, you can sit together. Table shape matters, too. It’s usually easy to guess who has the most power at an oval or a rectangular table, but there’s no “head” at a round table. And consider your attire: Do you really need a tie for meetings with the creative team? You want employees to feel you’re one of them.”

Avoid sending mixed messages 

If you beat up people who present ideas, people will stop presenting them to you. Moreover, if you put constraints on the size and dimension of information that can be presented to you, it may well be seen as a negative signal. The authors wrote, “Even informal “blue-sky” sessions were stifled by reminders to use the company’s standard PowerPoint template and adhere to rules about maximum words per slide, which reinforced the feeling that people needed to stay within certain bounds.”

Be the example 

This does not mean, as Chevy Chase intoned in Caddyshack to be the ball; but instead means advocate for those who bring suggestions. As the authors stated, “Employees feel inspired when they see you advocating for them. That message came through quite clearly when we spoke with people at a real estate firm.” If you cannot advocate for them, explain to them why you cannot do so.

Close the loop 

Feedback, feedback and feedback. One of the surest ways to close down employee input is not to provide feedback or as the authors said, “If you don’t want people to think their ideas went straight to the trash can, make sure you tell them what you did next and what they can expect as a result. In surveys of more than 3,500 employees in multiple companies, we found that bosses’ failure to close the loop increased subordinates’ belief that speaking up was futile by 30%. But if managers had closed the loop in the past, their reports spoke up 19% more frequently—even after we accounted for any increase that happened simply because managers were perceived as open, interested, and willing to make changes.”

While the authors overall attack on hotlines was certainly not merited, they did provide some solid suggestions for any two-way street of communications. The techniques they posit are useful for any compliance practitioner who is communicating up or down the chain.

While you are thinking about it, check out this YouTube clip of Jefferson Airplane playing Volunteers at Woodstock.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Golden Gate BridgeToday, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015