2.0If there was one theme from Compliance Week 2016 it was the continued evolution of the Chief Compliance Officer (CCO) role and the compliance profession. Long gone are the days when someone is sent over from a legal department into the compliance department or worse, some lawyer who is just given the title of CCO and this is considered to be a best practice or even sufficient. In the opening keynote presentation, representatives from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) made clear they expect a CCO to know more than simply the laws of anti-corruption, they must actually work to do compliance in an organization. A key metric of doing compliance is the independence of the CCO and compliance function.

The conference was bookended by the keynote session “The Maturing of a Profession: The Rise of Compliance 2.0” which laid out the structural changes that have occurred for the CCO and compliance profession as a whole over the past 10 years or so. The starting point for the compliance profession was when the Sentencing Guidelines were made effective in the early 1990s. Because this function was borne out of essentially a criminal law enactment, in the form of the Sentencing Guidelines, it seemed to make sense at the time to respond with a legalistic approach such as having a General Counsel (GC) also be the CCO or having the compliance function in the legal department. The response to the accounting scandals of the early 2000s led to the passage of the Sarbanes-Oxley Act (SOX), which mandated more robust compliance programs, thereby enhancing the role of the CCO. There were later updates to the Sentencing Guidelines, which also helped to change the structure of compliance.

As with most legalistic approaches, such as those to the Sentencing Guidelines, it began by corporations setting out their internal rules and regulations; first in the form of a Code of Conduct and certainly after Opinion Release 04-02 in 2004 with the implementation of a written compliance program in the form of policies and procedures. Then training, incentives and punishments were put in place. Of course such an approach did not take into account third parties and perhaps that is why the majority of Foreign Corrupt Practices Act (FCPA) cases over the past 12 years have involved third parties.

Yet now the above structure is no longer sufficient. That is reason for the nomenclature of Compliance 2.0 as a true structural change has occurred moving the compliance function out from under the legal department and separating the CCO from the GC. What are the changes in this structural component? The final keynote of Compliance Week 2016 presented five key transformations.

  1. Empowerment

Here the CCO is empowered by charter or Board direction to carry out their duties. A CCO does not have to ask the GC for permission as they are more generally reporting directly to the Board or the Audit Committee of the Board. Further, the CCO position is now a senior corporate level role, often in the C-Suite. In the corporate world titles and position matter and if your position is seen as being on the level of the corporate brass it will give you more weight to carry the day.

  1. Independence

The key change here is the independence of the mandate of compliance from that of the legal department. The legal department has and always will exist to defend the company. It is asked to opine on whether a particular act is legal; in other words can we do it, not should we do it? The compliance function exists to prevent, detect and remediate problems, in other words fix things. The compliance function also differs from the legal function in that it has a non-discretionary escalation of issues through its unfiltered access to a company’s Board of Directors, through a direct reporting line.

  1. Seat at the table

Here the key is that compliance is seen as collaborative with legal and not subordinate. Yet this takes work and agreement by both legal and compliance to carve out their respective roles so that toes are not stepped on or even worse in the corporate world, feelings are not bruised. It also entails both the CCO and the compliance function being involved in the company’s strategic planning meetings so that compliance can be proactive and not simply reactive. Of course this means involvement in risk management meetings, operational reviews and budget reviews, as that is where the corporation sets its priorities.

  1. Line of sight

This is probably the biggest change in the structure of compliance. The CCO and compliance function should be able see into the business functions directly, not through the eyes or even the lens of the legal department. Yet it also means compliance should work towards an understanding through the integration of compliance risk areas for review, with unfettered access to information. It also means the business functions need to report up to compliance through regular reporting channels. Finally, all of this, by necessity requires the tearing down of silos so that compliance has visibility up and down the chain in this line of sight.

  1. Resources

As was made clear by both Andrew Weissmann from the DOJ and Stephen Cohen from the SEC in the opening keynote, the resources made available to the CCO and compliance function are becoming a more key metric for regulatory review. Fortunately this is also a key structural change moving to Compliance 2.0. Resources most generally mean two things: budget and head count.

For budgeting the change in Compliance 2.0 is that the compliance function has its own standalone budget, which should be sufficient to fulfill the compliance mandate. I think that it is beyond obvious to state that a strong compliance budget is always less expensive than a FCPA fine and penalty so the investment is sound. Head count is the corporate term for staffing but here it is more than simply bodies. It requires true subject matter experts (SMEs) either through professional experience or internal training. It also means compliance personnel reporting up to the CCO. If a company uses non-compliance department compliance champions, these folks should at least have dotted line reporting to the CCO.

I have laid out these structural changes in some detail so that you can benchmark your compliance program to see if there are gaps, which you might wish to remediate from a structural perspective. For those of you who did not feel there has not been enough evolution of the compliance function; not to worry as there is a lot more to talk about in Compliance 3.0. Stay tuned…

 

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Board of DirectorsThe Board of Directors role in the Volkswagen (VW) emissions test scandal is one that is only now being scrutinized. In an article in the New York Times (NYT), entitled “Problems at VW Start at the Boardroom”, James B. Stewart was unremitting in his criticism of the VW Board, when near the beginning of his piece he wrote, “given Volkswagen’s history, culture and corporate structure, the real mystery may be why something like this didn’t happen sooner.” He quoted Markus Roth, a professor at Phillips-University Marburg and expert in European corporate governance, for the following, “It’s been a soap opera ever since it started.”

The VW emissions testing scandal will provide many lessons for Chief Compliance Officer (CCO) or compliance practitioner. Stewart’s scathing article provided today’s focus which is on a Board of Directors in a Foreign Corrupt Practices Act (FCPA) compliance program. A Board’s duty under the FCPA is well known. In the FCPA Guidance, in the Ten Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is Hallmark No. 1, which states “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment?

There is one other issue regarding the Board and risk management, including FCPA risk management, which should be noted. The Securities and Exchange Commission (SEC) desires Boards to take a more active role in overseeing the management of risk within a company. The SEC has promulgated Regulation SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company, which fails to make it, to fines, penalties or profit disgorgement.

I believe that a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward.

For the compliance function in an organization, a clear lesson from the VW emissions testing scandal is that the Board must be engaged and asking tough questions from not only senior management but also the CCO or compliance practitioner who report to the Board. But more than simply asking questions, it is important that the CCO share information with rest of management, in advance of the Board meeting, creating transparency. As the CCO works with the General Counsel (GC), outside legal counsel and outside external audit quite closely throughout the year, you must work with them closely during the preparation of the annual compliance report. Lastly, and, from my experience always the one which is most important in any relationship with senior management or the Board, make sure there are NO SURPRISES.

 An approach suggested by Stephen Martin, who runs Baker & McKenzie Compliance Consulting LLC, is 20 questions which reflect the oversight role of directors. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and enable them to dig deeper as necessary. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization. The questions are as follows:

Part I: Understanding the Role and Value of the Compliance Committee

  1. What are the Compliance Committee’s responsibilities and what value does it bring to the board?
  2. How can the Compliance Committee help the board enhance its relationship with management?
  3. What is the role of the Compliance Committee?

Part II: Building an Effective Compliance Committee

  1. What skill sets does the Compliance Committee require?
  2. Who should sit on the Compliance Committee?
  3. Who should chair the Compliance Committee?

Part III: Directed to the Board

  1. What is the Compliance Committee’s role in building an effective compliance program within the company?
  2. How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?
  3. How long should directors serve on the Compliance Committee?
  4. How can the Compliance Committee assist directors in retiring from the board?

Part IV: Enhancing the Board’s Performance Effectiveness

  1. How can the Compliance Committee assist in director development?
  2. How can the Compliance Committee help the board chair sharpen the board’s overall performance focus?
  3. What is the Compliance Committee’s role in board evaluation and feedback?
  4. What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?
  5. Should the Compliance Committee have a role in chair succession?
  6. How can the Compliance Committee help the board keep its mandates, policies and practices up-to-date?

Part V: Merging Roles of the Compliance Committees

  1. How can the Compliance Committee enhance the board’s relationship with institutional shareholders and other stakeholders?
  2. What is the Compliance Committee’s role in CCO succession?
  3. What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?
  4. How can the Compliance Committee help the board in deciding CCO pay and bonus?

Whichever approach that you employ, the CCO must lay out a clear and logical program for a Board of Directors not only to understand its role in the compliance function but to play an active role. Any best practices compliance program has several moving parts, a CCO to lead the compliance program, a Compliance Department to execute the strategy and an engaged Board of Directors who oversee and participate. It would certainly have been helpful to VW.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

In a story first reported in the Wall Street Journal (WSJ), entitled Halliburton Says Court Approved Corruption Lawsuit Settlement, Sam Rubenfeld reported that Halliburton has settled a shareholder derivative action which had been filed in state district court in Houston, Texas. The lawsuit, the consolidation of actions brought by two institutional shareholders and one individual shareholder against the company and its Board of Directors individually, had alleged that “the board’s failure to stop the activity caused the company to have to pay hundreds of millions of dollars in settlements and fines, and it damaged Halliburton’s reputation”.

The settlement is interesting for several reasons. Initially, it should be noted that Halliburton will not pay any damages but more than that, Rubenfeld reported that “the plaintiffs said in the settlement they faced “very steep hurdles” in establishing that the directors named in the suit were liable for the illegal activity, and that it was unlikely they would win damages “even closely approaching” what they sought in litigation”. In the settlement, Halliburton agreed to make changes to its corporate governance structure “including a clawback of compensation for board members who were involved in or approved the activity, beefing up its compliance program and strengthening the roles of its board members.” In other compliance areas, the company agreed to publish “newsletters and internal bulletins to include at least six articles per year addressing ethics and compliance issues.” Finally, Halliburton agreed that it’s “code of conduct has to be revised so as a layperson can understand it, and it has to be changed to specifically prohibit the use of bribes and kickbacks.”

I.                   Clawback Provisions

There were several specific provisions relating to clawbacks which may well now become standard provisions for officers and directors of companies going forward. They related to both monetary compensation and non-monetary compensation, such as stock. All the provisions turn on the following:

  1. If an officer or director is named for “substantially participating in a significant violation of the law”;
  2. And either a company investigation determines the officer’s or director’s conduct was “not indemnifiable”; OR
  3. The officer or director “does not prevail at trial, enters into a plea arrangement…or otherwise admits to the violation in a legal proceeding.”
  4. Then the clawback is triggered.

 II.                Greater Oversight of Compliance

The settlement specifies several steps the Audit Committee of the Board should take to enhance its role in the compliance function including holding more regular meetings and reporting to the full Board on issues relevant to compliance and risk management in general. The settlement also specified that a Management Compliance Committee shall be created and detailed investigation and reporting protocols for any “Significant Violation of any federal or state law”.

III.             Compliance Program Enhancements

Here the settlement specified that for employees working in high risk countries “who have job descriptions associated with business development and procurement activities [emphasis mine] they should have annual compliance training. The settlement also specified Halliburton to rewrite its Code of Business Conduct in plain English “so that it is written in a manner as is commonly understood by a layperson.” The Code of Business Conduct rewrite is to be expanded to make clear that foreign bribery and kickbacks are prohibited and will not use agents recommended by foreign governmental officials, unless such agents are screened through appropriate due diligence. As noted by Rubenfeld’s article Halliburton agreed to publish newsletters and provide email updates and intranet postings, which will address compliance at least six times per year. The company agreed to strive to maintain a ratio of one “Audit Service position for every 5,000 employees” and to certain restrictions in hiring a Chief Financial Officer (CFO).

In a section specified “To assure that its compliance program be deemed “effective” under the revised Federal Sentencing Guidelines” the company agreed to have a compliance program which would be designed to detect an offense “before discovery outside of the organization or before discovery was reasonably likely”. If there is a determination that such conduct occurs the company will take steps to prevent it from reoccurring. Halliburton agreed to take “reasonable steps to remedy the harm from criminal conduct”. Lastly, the Chief Compliance Officer (CCO) was given direct reporting authority to the Board and directed to report “no less than annually on the implementation and effectiveness of Halliburton’s compliance program.”

This settlement is a welcome addition for the compliance practitioner. First and foremost, the no payment of damages is a welcome change from such claims. Moreover, the enhancements agreed to by Halliburton give both compliance practitioners and company specific guidance on good corporate government practices in the compliance arena and specific ways to tie a compliance program to the US Federal Sentencing Guidelines.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I.                   The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials INPP Officials Subcontractors
Exec A – VP of Marketing and Business Development (BD) Official 1 – Deputy Head of Instrumentation and Controls Department Subcontractor A – Simulation Technology Products and Services
Official 2 – Head of Instrumentation and Controls Department Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
Official 3 – Director General at INPP Subcontractor C – Shell company used a funneling entity to pay bribes
Official 4 – Head of International Projects at INPP
Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

  •       Payment of bribes by Subcontractors to Officials on behalf of DS&S;
  •       Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
  •       Creation of fictional invoices from the Subcontractors to fund the bribes;
  •      Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
  •      Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
  •       Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
  •      Purchase of a Cartier watch as a gift.

II.                The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

 

  • Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
  • Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
  • Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
    • Termination of company officials and employees who were engaged in the bribery scheme;
    • Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
    • Instituting a rigorous compliance program in this newly constituted subsidiary;
    • Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
    • Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
    • Strengthening of company ethics and compliance policies;
    • Appointment of a company Ethics Representative who reports directly to the CEO;
    • The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
    • A heightened review of most foreign transactions.
    • Enhanced Compliance Program. More on this in the next section.
    • Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III.             Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV.              Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Lin-sanity still reigns and it may well now have reached its penultimate level. What evidence do I have of this cultural phenomenon? It is that both US President Barack Obama AND Sarah Palin are now on the Lin-sanity bandwagon. Palin, who played basketball in high school, is pictured at the left with the highly coveted Lin gear outside her Manhattan hotel. Not to be outdone, last week on the B.S. Report, a weekly podcast hosted by the Sports Guy Bill Simmons, held at the White House, President Barrack Obama talked about Lin-sanity and his fellow Harvard alum Jeremy Lin.

The President made an interesting comment, which I thought spoke to an ongoing issue in the compliance world. His observation was that Lin’s in-game success did not happen overnight, so question for you where were all of the ubiquitous NBA coaches all through his practices during the 15 months he has been in the NBA? The President thought that some coach, should have seen something, which indicated Lin had some talent. While we can ponder the wisdom of the 30+ coaches, between the Warriors and Rockets, who all blew that one, one of the things that the President’s comment brought up for me is the role of training in any best practices compliance program. Why you might ask? The answer is because one of focuses within an organization is to not only develop talent, but to evaluate talent in everyday work situations; similar to evaluating a basketball player in practice. So the Lin-sanity Lesson III is that one of the areas of training is to teach business unit employees to coach and evaluate compliance talent in an organization.

This is an area that Human Resources (HR) can be of great assistance to the Compliance Department. Compliance can take the lead in training on the substance of compliance. However, HR can assist in training managers to evaluate and audit employees on whether they conduct themselves within a culture of compliance and ethics. This is the traditional role of HR. While there is a training requirement for any minimum best practices compliance program, based upon the requirements in the US Sentencing Guidelines, I would submit that there is an opportunity to bring additional and more focused HR based training to bear which would enable a company to develop leaders who are thoroughly grounded in compliance and ethics.

Under the US Sentencing Guidelines, companies are mandated to “take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.” This requirement would also suggest that training results should also be evaluated and once again HR can fill this role. As part of this evaluation, a candidate for promotion can be assessed in not only their interest in the area but their retention of the materials going forward. Lastly, HR can evaluate how a candidate for promotion incorporates compliance and ethics not only into his or her work but how the candidate might help to foster a culture of compliance in the company.

President Obama’s remark about Jeremy Lin and what he may have shown in practice brought up the day-to-day work that any NBA player must go through which is watched by numerous NBA coaches. This concept is the same in a business organization. The day-to-day practices equate to how employees comport themselves whilst doing the routine and daily business of their companies. It’s a good bet that if an employee acts in an ethical manner in his or her routine dealings, they will do so in a situation which requires conducting business through a culture of compliance. HR is a part of the corporate organization that can evaluate these day-to-day scenarios. HR can also train business unit employees to evaluate personnel on compliance and ethics issues. You should not miss this opportunity to watch and evaluate your employees!

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012