In this episode I visit with Adelle Elia, the Chief Integrity Officer at Louis Berger. Some of the highlights include:

  • Why is her title “Chief Integrity Officer” as opposed to Chief Compliance Officer or Chief Ethics and Compliance Officer?;
  • What is the role of a CCO around integrity or how does she see her role at Louis Berger different that a traditional CCO?;
  • Does she have any specific initiatives around ‘integrity’?;
  • How can a Chief Integrity Officer help drives the values and culture in an organization;
  • Her academic background is not the usual one for a compliance professional, what took her in the field; and
  • How a Chief Integrity Officer is the most recent iteration of the compliance function, to Compliance 3.0.

Today focus in the Code of Conduct series is on the aspect of training on your finalized Code of Conduct. Eric Morehead, Principal of Morehead Compliance Consulting, joins me in this series. While there have been criticisms of Code of Conduct training, if you consider training as one source of your communication, the rollout of a new or updated Code of Conduct can be an opportunity. Morehead has noted that a Code of Conduct can be the “centerpiece of a broad communications and engagement plan.” The delivery of a Code of Conduct is a key element of its effectiveness. By allowing your employees and other stakeholders to engage and interact with the Code of Conduct, through live or interactive training, the effectiveness can be better monitored and measured. This can also be used as an

In a white paper, entitled “Top 5 Tips for Effective Code of Conduct Revisions, Morehead noted that often companies have a formal launch of the Code of Conduct where senior management and the corporate compliance function “conduct on-site activities across the organization to promote the launch of the new Code, or launch interactive activities such as video competitions that ask stakeholders to such submit short videos on Code topics.” However, this is not the sole manner to have such a rollout as other companies “keep the message more informal but use frequent touchpoints, for example, through email or cascading messages through line managers, to keep up the drumbeat on compliance topics and reinforce the role of compliance.” The key is to “capitalize on the opportunity a new Code gives you.”

One of area in the recently release Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs (Evaluation) that had a new emphasis was in the effectiveness of training. I think everyone would understand you do need to train but now the government’s talking to us about effective training. I asked Morehead what he has observed on what makes Code of Conduct training effective. Fortunately, from his professional background with Corpedia and the NYSC Governance Services, he is quite familiar with various types of training.

You can start with live training that can be held at the corporate headquarters with senior management and even executive involvement. Many companies will videotape a message from the Chief Executive Officer (CEO) to help celebrate the rollout. Then there is the opportunity for localized training that gives employees an opportunity to see, meet, and speak directly with a compliance officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to the Code of Conduct. It gives employees the opportunity to interact with the compliance officer by asking questions which are relevant to markets and locations outside the United States, which can often provide employees with the opportunity to have confidential in-person discussions.

An important part of in-person training is the opportunity to interact with the audience through Q&A. There are a couple different approaches to Q&A. The first is to solicit questions from the audience. However, many employees are reluctant, for a variety of different reasons, to raise their hands and ask questions in front of others. This can be overcome by soliciting written questions on cards or note pads. A second technique is to lead the audience through hypothetical examples in which the audience is broken down into small discussion groups (up to five people) to discuss a situation and propose a response. However, with a worldwide, multi-thousand person workforce with multiple languages, an entire Code of Conduct roll-out based on live training may not be feasible.

Not surprisingly, and one of the key themes in compliance, is to understand your company and tailor your compliance program, including your Code of Conduct training, for your audience. Companies have to consider their audience when considering drafting the Code of Conduct, the kind of tone it is going to have, how long it is going to be and topics you are going to cover in the Code of Conduct; the same analysis is true for your training.

Morehead believes most organizations put together custom training for their Code of Conduct rollout. It is typically online “and if it makes sense for them for their code of conduct training, and I think the same rules apply here, you want your training to really resonate with the audience that you’re trying to reach and I think the trends we see here, generally speaking, are that the code training is a lot shorter than it used to be in the past.”

He also suggested that your Code of Conduct training could be more modular in presentation. “For instance, if your company identified 12 key risk areas in the Code of Conduct, you could   train on six risk areas each year, instead of the full dozen. You could keep important topics like reporting and non-retaliation and similar aspects that always have to be talked about on an annual basis but maybe you split up the topics and try to shorten the length that way.”

Another mechanism Morehead has observed over the past few years is more interactive training. When audience members are required to answer questions on an ongoing basis it can foster more engagement. It can also help to meet the DOJ requirement to demonstrate the effectiveness of training. He also noted that “gamification which kind of goes hand in hand with interactivity has been talked about a lot over the last few years.” His understanding is that gamification and interactivity make “it a little bit more effective for millennial members of the workforce.”

At the end of the day, the reality is that just as with different types of codes making sense for different types of organizations the same is true for interactive training. As Morehead noted, “It may make sense for your population. It may not.” But it does mean you should consider your population, “take a look at the offerings that are out there to consider how does it fit into your organization.”

Morehead ended by noting that your “training really ought to bear some resemblance to the way you communicate in the Code and the topics that you communicate in the Code of Conduct.” It really does your organization no good, “If it’s completely divorced from that then you’re missing an opportunity to drive people from training to the Code and from the Code to you know better understanding the training. So you kind of missed, to use an overused term you’ve missed some synergy there if they are divorced from each other and they don’t really speak to the same topics or speak in the same way about those topics. So I would try to keep them similar and I guess that’s another call for considering a custom implementation rather than an off the shelf implementation”.

Whatever approach is used, one of the critical factors is the length of time of the training session. Although lawyers and ethics and compliance professionals can (sometimes) sit through a multi-hour Code of Conduct, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation and number of PowerPoint slides must be kept to a manageable length before the attendee’s eyes start to glaze over.

Tomorrow I will conclude this week’s series by looking at a Code of Conduct update as a way to operationalize your compliance regime.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

I am dedicating this week to an exploration of the Code of Conduct. I am joined in this journey by Eric Morehead, Principal at Morehead Compliance Consulting. Today I want to consider the evolution of the structure and format of a best practices Code of Conduct, through what Morehead sees in his practice and in the marketplace.

Structure

My experience with Codes of Conduct were they were initially written by lawyers, largely for lawyers. This included basically ‘thou shalts’ and ‘thou shalt nots’ liberally sprinkled throughout a lengthy written document. This was what is now referred to as Code 1.0. The compliance community then evolved into Code 2.0, where at least the writing was less turgid and we moved to more employee friendly language and then somewhere along the line we started putting in hyperlinks and pictures. I asked Morehead if that evolution is what he currently sees in the marketplace.

Morehead has observed “a little bit of a divergence” at this point. He agreed the starting point was a written .pdf based document but some companies have moved beyond this up to the brink of having a fully interactive online Code of Conduct. He noted that whether your organization has a .pdf or interactive Code of Conduct, at the end of the day it comes down to whether there is “commitment to keep with it and update it on a regular basis or it’s going to be ultimately disappointing to you in the long run.”

Morehead said there are two factors which a company should consider on the structure of Code of Conduct. The first is to consider how your organization generally communicates, overlaid with the most effective manner in which to communicate with the various stakeholders who will read and use the Code of Conduct. These stakeholders can include such diverse groups as employees, shareholders and third parties on both the sales and supply side of your business. Morehead put it this way, “if you’re going to spend a lot of time and do a web based Code of Conduct does that really suit your stakeholders, your employees and everybody else you want to review and use the it, because if they don’t that’s not really going to work for them and you’re better off with a more traditional, for lack of a better term, document.”

In his second point, he stretches you to really think about the future in asking “are you going to be able to keep it up?” With the rapidly evolving technology, how will your Code of Conduct be viewed and used going forward? A simple example is the switch to mobile devices as a mainstay of corporate communications. Think about how laptops are viewed as the primary vehicle through which most employees and stakeholders interact with training and resources for many organizations. Morehead explained, “we’re going to tablets and mobile. I don’t think it’s really happened to a great extent yet but, it’s hard to know where we’re going to be when that next iteration comes around.”

Morehead believes this has led many companies to review current technology and decide they are not ready to fully commit to a totally interactive Code of Conduct. He further noted many companies “conclude it is still appropriate to do a more traditional document but to make it as interactive as possible. With a current Adobe .pdf platform for instance, you can have a .pdf document because it is the easiest thing to provide to people who are looking at it on a phone on a PC on a tablet or want to print it out and actually hold the pieces of paper as it is the most compatible format out there. Also, you can embed some interactivity into a .pdf document.” With such technology, Morehead said “you can kind of dip your toe in. So, I think we’re kind of, we’re at that edge of being you know completely interactive completely digital but I don’t see everybody buying in yet.”

Form

We next turned to the form of the Code of Conduct. What form should the document take to have the institutional strength to form the backbone of any best practices compliance program? To do so, must it be based in legalese, written by lawyers for lawyers or can it move to being something that, if not actually fun, can be presented so the user’s experience is more enjoyable?

“The key as to whether it’s fun or or not has to do with the personality of your organization.” Morehead related that if your organization is one where communication is more free flowing and there is more free-wheeling internal communications, that should be reflected in your Code of Conduct form. Morehead provide the example where he “was working with a client last year where we all know that you know part and parcel of a code of conduct these days is at least to have a discussion of company values. Well this company one of their five or seven values was actually fun. The term fun and so we had to figure out, if nothing else we had to figure some way to get the term fun into their Code of Conduct. So, I think a lot of this how it plays how it’s meant to play is really the audience expecting.”

“This means if your company is a tech startup in Silicon Valley or in Austin you know, there may more playful attitude and a more playful way to communicate sometimes very serious topics is probably part and parcel about how they typically communicate about those things. Conversely if you work for a hierarchical energy services company, which communicates in a top down strategy, such playfulness is not appropriate. What you should strive for is a consistent communications strategy. If your employees and other stakeholders are accustomed to receiving communications in a certain style and manner it would appropriate to maintain that style in your Code of Conduct.”

Morehead emphasized, “the key thing here is to really take a step back and consider how not just the compliance department and not just the legal department but how does the internal communication at the organization happen and what is, how does HR communicate to people, how does the executive group communicate to people.” Such inquiry would also include how do the operations people and marketing, other corporate disciplines communicate. You should strive for a consistent communication strategy in your Code of Conduct.

Think about the evolution of the Code of Conduct from the type of document that was akin to an annual report to one that now address a corporate culture. A Code of Conduct must speak to the typical important concepts such as values that define the ethical culture or should define the ethical culture of the company. Some Code of Conducts have been as long as 12,000 to 14,000 words but Morehead has seen others “that were very short that, you know some, I’ve worked on a couple codes of conduct that were only four to five thousand words long which is really as you know very short for a code of conduct.” It all means there is no set length and the style of writing can vary. But it must ring true with your employees, stakeholder and shareholders.

Morehead ended by considering the Code of Conduct readable. This is beyond simply eliminating legalese. It is writing English at a grade level that is sufficient for your employee population. It may be that an eighth-grade language level is appropriate for your work force. However, if you have a population consisting primarily of professionals, such as an “engineering company where English is their primary language or you’re translating it into the appropriate languages then maybe you don’t have to be grade level eight.” The same is true around the elimination of duplicate language. Morehead believes that you do not “have to say the same thing five different ways, I think that what you have to do is look at, again look at your population.”

Tomorrow, I will consider designing your Code of Conduct.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode, Jay and I have a wide-ranging discussion on compliance and ethics. We discuss:

  1. Why powerful people fail to stop bad behavior by their underlings. Click here for the article.
  2. Some policy management lesson, courtesy United Airlines. Click here for Matt Kelly’s article on Radical Compliance.
  3. Why you shouldn’t linger too long in the wrong compliance position. See Julie DiMauro’s blog post on the FCPA Blog.
  4. Bribe recipient in the Gerald and Patricia Green FCPA case gets 50 years in prison. See article in the FCPA Blog.
  5. Using data to operationalize your compliance program. Read Tom’s blog post, by clicking here.
  6. What the New York state Department of Financial Services new regulation on cybersecurity for financial services companies means for compliance officers. See Tom’s blog post by clicking here.
  7. Jay previews his weekend report.

Jay Rosen new contact information:

Jay Rosen, CCEP

Vice President, Business Development

Monitoring Specialist

Affiliated Monitors, Inc.

Mobile (310) 729-6746

Toll Free (866)-201-0903

JRosen@affiliatedmonitors.com

Under the Evaluation of Corporate Compliance Programs, Prong 2, it states:

  1. Senior and Middle Management

Conduct at the Top – How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?

This requirement is more than simply the ubiquitous ‘tone-at-the-top’ as here the Justice Department wants to see a company’s senior leadership actually doing compliance. How can senior management operationalize compliance going forward? One of the best places to start is the article from the Harvard Business Review by Professor Lynn Paine entitled, “Managing for Organizational Integrity”. Larry Thompson, former PepsiCo Senior Vice President of Governmental Affairs, General Counsel and Secretary, discussed the work of Professor Paine in citing five factors, which he believed were critical in establishing an effective integrity program and to set the right “Tone at the Top”.

  1. The guiding values of a company must make sense and be clearly communicated.
  2. The company’s leader must be personally committed and willing to take action on the values.
  3. A company’s systems and structures must support its guiding principles.
  4. A company’s values must be integrated into normal channels of management decision-making and reflected in the company’s critical decisions.
  5. Managers must be empowered to make ethically sound decisions on a day-to-day basis.

David Lawler, in his book, Frequently Asked Questions in Anti-Bribery and Corruption  boiled it down as follows “Whatever the size, structure or market of a commercial organization, top-level management’s commitment to bribery prevention is likely to include communication of the organization’s anti-bribery stance and appropriate degree of involvement in developing bribery prevention procedures.” Lawler went on to provide a short list of points that he suggests senior management engage in to communicate the type of tone to follow an anti-corruption regime.” I had a CEO of a client, who after I described his role in operationalizing his company’s compliance program observed the following, “You want me to be the ambassador for compliance.” I immediately averred in the affirmative. The following is a list of things that a CEO can do as an ‘Ambassador of Compliance’

  • Reject a ‘do as I say, not as I do’ mentality;
  • Not just ‘talk-the-talk’ but ‘walk-the-walk’ of compliance;
  • Oversee creation of a written statement of a zero tolerance towards bribery and corruption;
  • Appoint and fully resource, with money and headcount, a Chief Compliance Officer;
  • Oversee the development of a Code of Conduct and written compliance program implementing it;
  • Ensure there are compliance metrics on all key business reports;
  • Provide leadership to middle managers to facilitate filtering of the zero tolerance message down throughout the organization;
  • Not only have a whistleblowing, reporting or speak up channel but celebrate it;
  • Keep talking about doing the right thing;
  • Make sure that you are seen providing your Chief Compliance Officer with access to yourself and the Board of Directors.

Coming at it from a different perspective, author Martin Biegelman provides some concrete examples in his book entitled, “Building a World Class Compliance Program – Best Practices and Strategies for Success”. Biegelman begins the chapter discussed in this posting with the statement “The road to compliance starts at the top.” There is probably no dispute that a company takes on the tone of its top management. In this chapter Biegelman cites to a list used by Joe Murphy of actions that a CEO can demonstrate to set the requisite tone from the Captain’s Chair of any business. The list is as follows:

  1. Keep a copy of the Constitution on your Desk. Have a dog-eared copy of your company’s Code of Conduct on your desktop and be seen using it.
  2. Clout. Make sure your compliance department has authority, influence and budget within the company. Have your Chief Compliance Officer (CCO) report directly to the Board of Directors.
  3. Make them Accountable. At Senior Executive meetings, have each participant report on what they have done to further the compliance function in their business unit.
  4. Sticks and Carrots. Have both sanctions for violation of company compliance and ethics policies and incentives for doing business in a compliant manner.
  5. Don’t do as I say, Do as I do. Turn down an expensive dinner or trip offered by a vendor. Pass on a gift that you may have received. Turn down a transaction based upon ethical considerations.
  6. Be a Student. Be seen at intra-company compliance training. Take a one or two day course or attend a compliance conference outside your organization.
  7. Award Compliance. You should recognize outstanding compliance efforts with companywide announcements and awards.
  8. The Board. Recruit a nationally known compliance expert to sit on your company’s Board and chair the audit or compliance committee.
  9. Independent Review. Obtain an independent, outside review of your company’s compliance program and report the results to the Board’s Audit Committee.
  10. Mandate that all vendors in your Supply Chain embrace compliance and ethics as a business model. If not, pass on doing business with them.
  11. Talk to others in your industry and your peers on how to improve your company’s compliance efforts.

Many companies struggle with some type of metric which can be used for upper management regarding compliance and communication of a company’s compliance values. One technique might be to require the CEO to post companywide emails or other communications once a quarter on some compliance related topic. The CEO’s direct reports would then also be required to email their senior management staff a minimum of once per quarter on a compliance topic. One can cascade this down the company as far as is practicable. Reminders can be set for each communication so that all personnel know when it is time to send out the message. If these communications are timely made, this metric has been met.

Three Key Takeaways

  1. Senior management must actually do compliance; walk-the-walk, not simply talk-the-talk.
  2. Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.
  3. CEO as Compliance Ambassador.

 

This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.