qtq80-1I6LEsIn many ways compliance is about communication. Your role as a Chief Compliance Officer (CCO) or compliance practitioner is to communicate expectations around compliance and responding to questions from the business unit on how to do business in compliance. One of the ways to enhance communications is to market to your customer base. For any CCO or compliance practitioner that primary customer base is the organizations employees. While a compliance function has other customers of your services, such as third parties, employees will almost always be your primary customer base. There are some basic things that your compliance function can do within the corporate setting to market compliance to your primary customer base.

Sterling Miller, in his blog post entitled “Ten Things: How to Market the Legal Department to the Business”, discusses the need to “constantly market the department to the business”, I have adapted his pointers for the compliance function.

  1. Have a great compliance website. Even in the corporate world, the first contact many business folks with have with the compliance function is through your website. So make it a memorable and positive experience. As Sterling says, make it “simple, clean and practical.” He suggests a section with Frequently Asked Questions (FAQs), contact forms, clearly explaining who does what function in the compliance department and articles of interest.
  2. Communicate frequently. Obviously this includes getting out of the office to visit offices in the field. But Sterling here intones, “You ultimately want the department to be approachable and a place where employees know they can go for help.” To help achieve this goal you should strive to “communicate with the entire employee base in some manner on -at least- a monthly basis.”
  3. Send out a client satisfaction survey. You should ask your customer base how you are doing and what you might do better. Sterling suggests this be done on an annual basis to every 15 months. You should share the results with your compliance team and then institute appropriate changes to improve the delivery of compliance services.
  4. Host client compliance boot camps. While many compliance functions may come close to this idea during their annual compliance week celebrations, I think the focus here could be more in-depth for an appropriate level of management or risked base employee selection. But this technique can work as a good two-way street of communication as it allows the business unit to discuss issues which may cause the most problems and further understand how the business unit folks operate. It also continues to allow relationship building with the compliance function and their internal customer basis.
  5. Create a list of ‘What is Going On’. I have one colleague who, the Monday after the New York Times broke the Wal-Mart bribe paying in Mexico story, had created a PowerPoint slide deck for senior management and presented it to them as a lessons learned, tailored to his company’s business. But more than this you should communicate to senior management your compliance successes. Rarely does management know about how you have accomplished this so you should communicate the information to them. Sterling writes this type of communication should be made on a monthly, semi-annual and annual basis.
  6. Get a seat at the business table. This is obviously a key for making compliance a part of the DNA of any business organization. Your CCO should be on the company’s executive leadership team (ELT). But this means more than simply the top of the compliance function. Your compliance team members should be included in staff meetings, project meetings and other similar corporate meetings. This will allow not only greater visibility for compliance, to facilitate greater relationships with the business unit, but it will also allow compliance to understand, assess, evaluate and then manage risks more effectively. By putting compliance into these business processes you continually reinforce the business process nature of the compliance function.
  7. Volunteer projects. I found this to be an interesting suggestion. Jay Rosen often talks about how the volunteer work he does before each year’s SCCE annual Compliance and Ethics Institute has been very meaningful to him. Yet another facet of such work can be to establish a positive aspect to your corporate compliance program. Things you can consider are a mentor club for individuals within your company or outside as well; special projects with your company; some type of annual charity program; and, finally, training programs for employees that are not compliance centric, such as public speaking, better writing and similar themed programs.
  8. Answer the phone. This is the bane of every business person in every corporation in every country around the globe. It all starts with answering the phone and then providing an answer to the question posed. If you receive an email, respond back to it. If you are going to be out of the office or unavailable, put an out of office message on your email response and your internal company voicemail. Be sure and leave clear instructions as to who the caller or emailer can contact for assistance in your absence. As Sterling ends this section, compliance is a “service organization, so put ego and pride to the side and just focus on the fact that this is someone who needs help, what can do to help them.”
  9. Get out of the Ivory Tower. I said before to get out of that Ivory Tower in the corporate headquarters and into the field. There is nothing more powerful in the corporate world than boots on the ground, particularly if they come from a service function such as compliance. The information you receive and the relationships you build will be invaluable going forward. Even if you go to an international location, you can continue to perform work but you should take the opportunity for informal trainings such as a Lunch N’ Learn, office tours and socializing with the local team after hours.
  10. Make a buddy in finance. While this is more important for a legal department than compliance, it brings up an issue not often discussed in the compliance arena; which is budgeting. By having a compatriot in finance you can work in your budgeting forecasts and get insights into what might work but what certainly will not work in this process.

The techniques and tactics described by Miller translate well to the compliance sphere. His larger point is do not be an imperial corporate office function. It will not help you to develop the types of relationships to effectively do compliance inside a corporation. It takes effort to establish yourself and your function as a part of a living, breathing corporate entity. Take those opportunities to do so and the return may well be immeasurable.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

qtq80-cmKgXJSometimes, as a leader it is important to say something numerous times, to repeat your message so that it will come through loud and clear. For any Chief Executive Officer (CEO) it is incumbent to continually reinforce your message of doing business ethically. The same is true for any Chief Compliance Officer (CCO) but I think the message should be more tailored to doing compliance. I thought about these ideas when I read a recent Corner Office column in the New York Times (NYT) by Adam Bryant where he featured John Lilly, a partner at Greylock Partners, which is a Silicon Valley venture capital firm. I thought Lilly had some interesting insights which the CCO or indeed any compliance practitioner could use going forward.

Compliance is about people

Lilly was an Air Force brat whose father was a tinkerer. Once when the family needed a new television, instead of simply purchasing one, his father bought a kit and they constructed it. Lilly obtained a very interesting insight from this experience and said, “in retrospect, it taught me that everything is made by people. We look at our technology now, like iPhones, and I think a lot of people see them as magical obelisks from the mountains that Steve Jobs bestows on us.”

An insight that is rarely discussed is that as much as compliance revolves around policies and procedures, including internal controls, at the end of the day compliance is about people. Your employee base must understand that your company will only tolerate those who do business without breaking laws; whether those laws be prohibiting the opening of fraudulent bank accounts or paying bribes to make sales. Certainly having a detection prong is a part of any best practices compliance program but the lead prong, which is prevent, will aid in keeping corporate blood pressure at a much lower.

Keep your message simple

Lilly next turned to messaging itself. He noted an early leadership lesson was “the role of simplicity and messaging early on. One of the things that happened at one of my start-ups was that I would get bored saying the same thing every day. So I decided to change it up a little bit. But then everybody had a different idea of what I thought because I was mixing it up.” So his takeaway was “the importance of a simple message, and saying it the same way over and over. If you’re going to change it, change it in a big way, and make sure everyone knows it’s a change. Otherwise keep it static.”

For both the CEO and the CCO, this is a very critical insight. While ‘stay on message’ has become a catch-phrase for any politician who wants to avoid answering a question posed to him by a reporter, there is a larger point which can be drawn from Lilly’s insights. Another way to phrase it might be to Keep It Simple Sir (KISS). Keep your message of doing compliance simple and straight forward.

What are you missing?

Another interesting insight for the CCO comes from Lilly’s role as a venture capitalist (VC). He said, “The one thing that’s profoundly different about being a V.C. compared to an operator is that V.C.s talk a lot about FOMO — fear of missing out. You turn things down all the time, and you worry, what did I miss and what did I get wrong? As an operator, you focus 100 percent on what you’re doing. As a V.C., you wonder what you’re not doing. It’s a difference in perspective.” This is similar to a CCO because the things you worry the most about are those which you know nothing about or those you know the least about.

To overcome this Lilly asks most individuals who seek funding from him about their leadership style and the culture of their organization. He explained that on one level it is “who is this person and how do they behave? The other is a contextual assessment, which is, am I any good for this person? There are some amazing C.E.O.s who I just don’t know how to interact with because of stylistic differences.” Yet, on a deeper level, it is because “You have to have both because you want to make good investments, but you also want to make good investments where you can work with the person. I ask a lot of questions, but I almost don’t care what the questions are.”

He uses this type of discussion to determine both style and substance but also how someone reacts when things might get close to the edge. Lilly stated, “You start to expand the scope of the questions to try to see two things. One is the quality of their thought process. And the other is how they interact with you. Do they become defensive? Do they become aggressive? Are they listening? You’re trying to get a sense of whether, in a complicated situation with a lot of things going on, can they be honest and candid and still get to a productive place. Sometimes you get honest and candid, and sometimes you get antagonistic or defensive.”

The insights Lilly provides are useful for every CCO and companies which seek to do business with others through a variety of business forms and arrangements such as joint ventures (JVs), teaming agreements, traditional third party relationships or any other form of business relationships. Do the people you are going into the relationship with have a style you can work with and does their culture mesh with your culture? You can ask some of the basic questions Lilly puts forward to help determine the answer to both.

Of course if you are looking to enter into such a relationship, it is obviously easier to do so if you have that type of ethical culture that is committed to doing business in compliance with laws and norms. Going into business with another party requires just as much from the company seeking the funding. If you have such compliance programs in place, it would certainly go a long way demonstrating your commitment to doing business the right way. If a VC like Lilly comes along, you would be able to demonstrate your commitment.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

In this episode, Matt Kelly and I take a deep dive into a couple of issues surrounding the new Trump administration. The first is the ‘Trump Risk’ disclosure that several companies have made since the election. The second is around Dodd-Frank and the SEC going forward. When Trump speaks about repealing Dodd-Frank, it means easing rules for capital formation, not the whistleblower program or other more traditional compliance related roles and issues. We discuss Paul Adkins, who is heading up the Trump transition at the SEC and what his prior tenure at the SEC may portend. Finally we discuss why the SEC whistleblower program is not going away but there may be a change in focus from the current aggressive approach under Chairman Mary Jo White.  We wave good-bye to Kevin O’Connor who was in then out on the Trump DOJ transition team. For more reading see Matt’s blog posts:

1.Compliance in the Trump Era, Part I: The SEC

2. It’s Starting: Disclosure of ‘Trump Risk’

Show Notes for Episode 1

At the SCCE 2016 Compliance and Ethics Institute, I sat down with four of the top compliance commentators in the field for my first roundtable-style podcast. It was so successful that I persuaded the gang to come back together every couple of weeks for a formal podcast, which is entitled Everything Compliance. The premier episode is available for your listening pleasure today. I will post a new episode every two weeks.

I host these four well-known compliance practitioners and commentators:

  • Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at jay.rosen@ulgroup.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery Compliance Limited in London. Armstrong can be reached at armstrong@corderycompliance.com.

The format is a roundtable discussion where I throw out a question to one commentator to lead the discussion. From that starting point we will all join in. I also include an “On My Mind” segment where each participant discusses what is on the forefront of their mind. This podcast is longer than my others, coming in at around 60 minutes, which allows us to explore the week’s issues in depth.

In the inaugural episode we discuss the following subjects:

  1. Mike Volkov leads a discussion of the unintended consequences of the Yates Memo/Pilot Program for internal investigations. We explore the issue of “de-confliction” where the government asks a company to halt its own internal investigation for the government to be the first to interview witnesses. We explore de-confliction in the context of a requirement of cooperation to gain the benefits of the pilot program and how such a request from the Department of Justice (DOJ) could lead companies to be unable to disclose to other agencies or to shareholders and keep a Board in the dark about the alleged wrongdoing. What does this mean for the company and the internal investigator?

For Volkov’s post on conflicts of interest (COI) in internal investigations after the Yates Memo, click here.

  1. Matt Kelly leads a discussion on compliance and corporate governance. We explore the issue of compliance being involved in issues around pricing and sales in companies like Valeant and Wells Fargo. We discuss the role of compliance in areas outside of strict legal compliance but may move towards reputational risk, going into such areas as the new revenue recognition standards and executive compensation.

For Kelly’s blog post on the intersection of CEO pay and Chief Compliance Officers (CCOs), click here.

  1. Jonathan Armstrong leads a discussion of funding and the UK Serious Fraud Office (SFO), in the context of the recent announcement that the SFO has received additional or supplemental funding to investigate Unaoil. Why does the SFO need supplemental funding and how does it obtain it? What does all of this mean for the continued existence of the SFO in light of a former critic now being PM? Finally, Armstrong ties all of this into Brexit, his recent interview of Max Schrems and issues surrounding Privacy Shield.

For Armstrong’s interview with Max Schrems, click here and Cordery’s FAQs on Privacy Shield, click here.

  1. Jay Rosen takes us through the compliance conference scene. For those of you who are avid attenders of the various conferences, he discusses some of the key differences in the types observed, such as the nuts and bolts types (SCCE) and others which focus more on commentary (FCPA Blog NYC Conference). He discusses the relative strengths of each and how a compliance professional should think about selecting one or more to attend. He ends with his thoughts on why compliance certification is a plus (or minus).

For Rosen’s blog post Designing Your 2017 Ethics, Compliance & FCPA Conference Schedule, click here.

This new podcast Everything Compliance joins the four other podcasts I have on different aspects of compliance. The original FCPA Compliance and Ethics Report focuses on the nuts and bolts of compliance. Unfair and Unbalanced – is a podcast I do with SCCE CEO Roy Snell. In it we focus on wide ranging issues for the compliance profession. Compliance into the Weeds – is a podcast I do with Matt Kelly where we take a deep dive into the weeds of a compliance issue, typically technology, internal controls or GRC. We both indulge our inner geekiness in this podcast. Jay Rosen and I wrap up each week in FCPA, compliance and ethics with This Week in FCPA. All of these podcasts are available to you on my site, FCPAcompliancereport.com, and are available on iTunes under the same name.

 

 

everything-complianceAs many of you knew I am an avid fan of podcasts and today I am thrilled to announce I have added another podcast to the growing network of podcasts available here at the FCPA Compliance Report and on the same named site on iTunes. At the SCCE 2016 Compliance and Ethics Institute, I sat down with four of the top compliance commentators in the field for my first roundtable-style podcast. It was so successful that I persuaded the gang to come back together every couple of weeks for a formal podcast, which is entitled Everything Compliance. The premier episode is available for your listening pleasure today. I will post a new episode every two weeks.

I host these four well-known compliance practitioners and commentators in a roundtable format:

  • Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Jay helps his clients develop efficient and cost effective solutions for Foreign Corrupt Practices Act (FCPA), Ethics & Compliance legal language needs for global investigations and Governance, Risk Management and Compliance (“GRC”) matters. Jay is my podcast partner for our weekly Friday podcast This Week in FCPA. Jay also curates weekly top FCPA and Ethics & Compliance stories for “Jay Rosen’s Weekend Read” which is available on LinkedIn Pulse. Rosen can be reached at rosen@ulgroup.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Mike has over 30 years of experience in practicing law, is a former federal prosecutor and veteran white collar defense attorney, he has expertise in areas of compliance, internal investigations and enforcement matters. Volkov maintains the highly popular FCPA blog – Corruption, Crime & Compliance. He is a regular speaker at events around the globe, and is frequently cited in the media for his knowledge on criminal issues, enforcement matters, compliance and corporate governance. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Matt is an independent compliance consultant who studies corporate compliance, governance, and risk management issues. On his blog,  RadicalCompliance.com, he writes on the intersection of business issues, compliance, governance, and risk topics. Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in the inaugural class of 2008 and named on Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77). Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out (but certainly not least) is our UK colleague, who is an experienced lawyer with Cordery Compliance Limited in London. His practice concentrates on compliance and technology issues, including advising multinational corporations on matters involving risk, compliance and technology across Europe. He has handled legal matters in more than 60 countries involving allegations relating to bribery, whistleblower complaints, corporate governance, ethics code implementation, reputation, internal investigations and data privacy matters. Armstrong can be reached at armstrong@corderycompliance.com.

The format is a roundtable discussion where I throw out a question to one commentator to lead the discussion. From that starting point we will all join in. I also include an “On My Mind” segment where each participant discusses what is on the forefront of their mind. This podcast is longer than my others, coming in at around 60 minutes, which allows us to explore the week’s issues in depth.

I am pleased to announce the first podcast is up and the inaugural episode includes the following discussion topics:

  1. Mike Volkov leads a discussion of the unintended consequences of the Yates Memo/Pilot Program for internal investigations. We explore the issue of “de-confliction” where the government asks a company to halt its own internal investigation for the government to be the first to interview witnesses. We explore de-confliction in the context of a requirement of cooperation to gain the benefits of the pilot program and how such a request from the Department of Justice (DOJ) could lead companies to be unable to disclose to other agencies or to shareholders and keep a Board in the dark about the alleged wrongdoing. What does this mean for the company and the internal investigator?

For Volkov’s post on conflicts of interest (COI) in internal investigations after the Yates Memo, click here.

  1. Matt Kelly leads a discussion on compliance and corporate governance. We explore the issue of compliance being involved in issues around pricing and sales in companies like Valeant and Wells Fargo. We discuss the role of compliance in areas outside of strict legal compliance but may move towards reputational risk, going into such areas as the new revenue recognition standards and executive compensation.

For Kelly’s blog post on the intersection of CEO pay and Chief Compliance Officers (CCOs), click here.

  1. Jonathan Armstrong leads a discussion of funding and the UK Serious Fraud Office (SFO), in the context of the recent announcement that the SFO has received additional or supplemental funding to investigate Unaoil. Why does the SFO need supplemental funding and how does it obtain it? What does all of this mean for the continued existence of the SFO in light of a former critic now being PM? Finally, Armstrong ties all of this into Brexit, his recent interview of Max Schrems and issues surrounding Privacy Shield.

For Armstrong’s interview with Max Schrems, click here and Cordery’s FAQs on Privacy Shield, click here.

  1. Jay Rosen takes us through the compliance conference scene. For those of you who are avid attenders of the various conferences, he discusses some of the key differences in the types observed, such as the nuts and bolts types (SCCE) and others which focus more on commentary (FCPA Blog NYC Conference). He discusses the relative strengths of each and how a compliance professional should think about selecting one or more to attend. He ends with his thoughts on why compliance certification is a plus (or minus).

For Rosen’s blog post Designing Your 2017 Ethics, Compliance & FCPA Conference Schedule, click here.

This new podcast Everything Compliance joins the four other podcasts I have on different aspects of compliance. The original FCPA Compliance and Ethics Report focuses on the nuts and bolts of compliance. Unfair and Unbalanced – is a podcast I do with SCCE CEO Roy Snell. In it we focus on wide ranging issues for the compliance profession. Compliance into the Weeds – is a podcast I do with Matt Kelly where we take a deep dive into the weeds of a compliance issue, typically technology, internal controls or GRC. We both indulge our inner geekiness in this podcast. Jay Rosen and I wrap up each week in FCPA, compliance and ethics with This Week in FCPA. All of these podcasts are available to you on my site, FCPAcompliancereport.com, and are available on iTunes under the same name.

Finally, I have a separate podcast on business leadership for both the compliance professional and broader business leader, 12 O’Clock High – A Podcast on Business Leadership with Tom Fox. It is hosted by Richard Lummis and each week I take a deep dive into a different area of business leadership; such leadership lessons from Dr. Frankenstein to managing a culture transformation.  It has is hosted on a separate site, click here, and is also available on iTunes under the same name.

Go to the first episode of Everything Compliance

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016