Social Media 2I continue my exploration of the use of social media as a tool of doing compliance by looking at some concepts around the sharing of information. In a recent podcast on Social Media Examiner, entitled “Sharing: The Art and Science of Social Sharing”, podcast host Michael Stelzner interviewed Bryan Kramer, a social strategist and author of the book “Shareology: How Sharing is Powering the Human Economy”. Kramer talked about several concepts that I found particularly useful for a Chief Compliance Officer (CCO) or compliance practitioner to think through when considering the use of a social media strategy in a best practices anti-corruption compliance program, under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or some other compliance regime.

Kramer’s book Shareology is a study of how, what, where, when and why people and brands share. For this book, Kramer conducted more than 250 interviews with executives, marketers and social media people, as well as professors of linguistics, psychology, sociology and so on, with the question “why people share” in mind.

The answer came down to one thing: connection. He found that “People all have the desire to reach out and connect with other people, whether it’s through sharing content and having someone reply back or by sharing other people’s content and helping them out.” From this research, Kramer identified six types of people who share:

  • Altruist: Someone who shares something specific about one topic all the time.
  • Careerist: Someone who wants to become a thought leader in their own industry, so they can see their career grow.
  • Hipster: Someone who likes to try things for the first time and share it faster than everyone else.
  • Boomerang: Someone who asks a question so they can receive a comment only to reply.
  • Connector: Someone who likes to connect one or more persons to each other.
  • Selective: This is the observer.

I find all of these categories to be relevant to a CCO or compliance practitioner in considering the use of social media in their compliance program. All of these can describe not only the reasons to use social media but they can also help you to identify who in your organization might be inclined to use social media and how it can facilitate your compliance program going forward.

The Altruist, Hipster and Careerist speak to how a CCO or compliance practitioner can be seen in getting out the message of compliance throughout your organization. Whichever category you might fall into, it is still about the message or content going forward. I find nothing negative in being seen as one or the other if your message is useful. Even if you are my age, there is nothing wrong with incorporating a little Hipster into your communication skills. As my daughter often reminds me, Dad you are so uncool that you are retro, but that is cool too. Applying that maxim to your compliance regime, if you can communicate in a manner your workforce sees as interesting or even hip, it may well help facilitation incorporation of that message into their corporate DNA.

I found the Boomerang, Connector and Selective categories as good ways to think about how your customer base in compliance (i.e. your employees) might well use social media tools to communicate with the compliance function. The use of social media is certainly a two-way street and you, as the compliance practitioner, need to be ready to accept those communications back to you. Indeed some comments by your customer base could be the most important interactions that you have with employees as their comments or questions could lead you to uncovering issues which may have arisen before they become Code of Conduct or FCPA violations. More importantly, it could allow you to introduce a proscriptive solution which moves your program beyond even the prevent phase.

Kramer also has some insights about the substance of your social media message. Adapting his insights to the compliance field, I found a key message to be that the problem is that companies do not write the way they speak, and don’t speak the language of their employee base. In many ways, compliance is a brand and Kramer believes that “brands and the people representing those brands need to change their language. If they focus on the title and the quality of the content, among other things, it’ll resonate more with their audience.” He also advocates using the social media tools and apps available to you. He specifically mentions Meerkat and Periscope, Snapchat, memes and/or videos to raise the value of the content. He was quoted as saying, “If you have a blog and there are no visuals, you might as well shut it down.”

It would seem the thesis of Kramer’s work is that sharing is a primary method to communicate and connect. In any far-flung international corporation this is always a challenge, particularly for discipline which can be viewed as home office overhead at best; the Land of No populated by Dr. No at worst. Kramer says that you should work to hone your message through social media. Part of this is based on experimenting on what message to send and how to send it. Yet another aspect was based upon the Wave (of all things) where he discussed its development and coming to fruition in the early 1980s. It took some time for it to become popular but once it was communicated to enough disparate communications, it took off, literally. Kramer noted, “It’s the same thing with social media. On social media, we think something will go viral because the art is beautiful or the science is full of deep analytics, but at the end of the day it really takes time to build the community.”

This means that you will need to work to hone your message but also continue to plug away to send that message out. I think the Morgan Stanley Declination will always be instructional as one of the stated reasons the Department of Justice (DOJ) did not prosecute the company as they sent out 35 compliance reminders to its workforce, over 7 years. Social media can be used in the same cost effective way, to not only get the message of compliance out but also to receive information and communications back from your customer base, the company employees.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

ThirdManHarry Lime is back, although he really never left us. As reported by Kristin M. Jones in a Wall Street Journal (WSJ) article, entitled “Harry Lime Reborn”, the glorious British film noir The Third Man, written by Gra ham Greene and directed by Carol Reed, has been restored in a new digital version. It opens this week at select theaters and will tour the country this summer. The screenplay was adapted from the book of the same name by the author, Greene. It is the rare movie that is at least as good as the book. Greene himself noted that the story “was never written to be read but only to be seen.”

The story revolves around protagonist Holly Martin (played by Joseph Cotton) who goes to post-war Vienna at the behest of his college buddy Harry Lime (played with aplomb by Orson Welles). Martin arrives after a funeral for Lime and finds out that Lime was dealing in the black market. Martin searches for Lime, meeting his girlfriend and assorted shady characters along the way. He ends up leading the Military Police occupying the city to Lime and there is a final noir-classic chase through the sewers of Vienna.

What’s my favorite scene? There are way too many to name but the clown’s head shadow is one of the great cinematic visions of undulated terror. The final chase through the sewers of Vienna is a classic. The dialogue is both chilling and funny. Chilling when Lime asks Martin, while they are atop the apex of a Ferris wheel, whether he would refuse money to make the dotlike figures of humans below stop moving; Funny when Lime say that in 200 years of warfare between the Borgias, the Medicis and continual conflict in Italy it produced the flowering of the Renaissance, while 500 years of peace in Switzerland produced the Cuckoo Clock. Finally, is the haunting musical score of Anton Kara’s use of the Zither . The movie definitely makes my Top 10 greatest movies of all-time.

I thought about this movie in the context of the ongoing debate in the compliance world about whether a company could or should combine or separate the role of the Chief Compliance Officer (CCO) from that of the General Counsel (GC). There has traditionally been a split in companies on whether the CCO should report into a legal function and the GC or report directly to a company’s head officer. Mike Volkov noted that “According to the last PWC Compliance Survey, only 29 percent of CCOs have made it into the C-Suite but that will increase. Only 27 percent of CCOs continue to report to the general counsel while 34 percent report directly to the CEO.” Whichever path your company employs it is imperative that the CCO speak from a position of authority.

A consistent voice for the importance of the role and voice of the CCO in any organization is noted compliance expert, Donna Boehme. She writes and speaks consistently on the characteristics for a successful CCO. Writing in the SCCE magazine, Compliance & Ethics Professional, in an article entitled “Five essential features of the Chief Ethics and Compliance Officer position”, Boehme articulated five essential features required for a CCO to be successful in an organization.

  1. Independence

It is incumbent that any CCO must have “sufficient authority and independence to oversee the integrity of the compliance program.” Some indicia of independence would include a reporting line to the company’s Board of Directors and Audit/Compliance Committee but more importantly “unfiltered” access to the Board. There should also be protection of employment including an employment contract with a “nondiscretionary escalation clause” and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.

  1. Empowerment

A CCO must have “the appropriate unambiguous mandate, delegation of authority, senior-level positioning, and empowerment to carry out his/her duties. Such can be accomplished through a “board resolution and a compliance charter, adopted by the board.” Additionally the CCO job description should be another manner in which to clarify the CCO “mandate, and at a minimum should encompass the single point accountability to develop, implement and oversee an effective compliance program.” All of the above should lead in practice to a “close working relationship with an independent board committee.”

  1. Seat at the Table

The CCO must “have formal and informal connections into the business and functions of the organization – a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided.” She argues that, at a minimum, the CCO should participate in “budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews, and risk and crisis management meetings.”

  1. Line of Sight 

The CCO should have “unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively.” This does not mean that the CCO should have veto power over functions such as safety or environmental or that such functions must report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role to allow it visibility into these areas will help the CCO coordinate compliance convergence training.

  1. Resources 

It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to “get the job done.” I have worked at places where the CCO had neither and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicia, to the independence of the CCO from the GC “rather than a shared budget”. This can also bleed over to ‘headcount’ and shared or dotted line reporting resources. There should be independent resources reporting into the compliance function.

Whichever way a company decides to go on this question, it must meet Requirement No. 6 of the Department of Justice’s (DOJ’s) minimum best practices requirement for a Foreign Corrupt Practices Act (FCPA) based compliance program, which reads:

The company will assign responsibility to one or more senior corporate executives for the implementation and oversight of the company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to independent monitoring bodies, including internal audit, Company’s Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy. 

Additionally this is reiterated in the 2011 Amendments to the US Sentencing Guidelines, §8B2.1 (b)(2)(C), which states:

Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

If you have the chance to see The Third Man this summer I urge you to do so. For a schedule of its showings across the country click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Golden Gate BridgeToday, we celebrate one of the greatest engineering achievements of the century. On this date in 1937, the Golden Gate Bridge opened. At 4200 feet long, it was at the time the world’s longest suspension bridge. But not only was it an engineering and architectural milestone, its aesthetic form was instantly recognized as classical and to this day is one of the most iconic structures in the US if not the world. With just a few years until its 80th birthday, it demonstrates that a lasting structure is more than simply form following function but contains many elements that inform its use and beauty.

I use the Golden Gate Bridge as an entrée to my continued discussion on the series on steps that you can use in your compliance program if you find yourself, your company or your industry in an economic downturn. Whether you are a Chief Compliance Officer (CCO) or compliance practitioner, these steps are designed to be achieved when you face reduced economic resources or lessened personnel resources going forward due to a downturn your economic sector. Yesterday, I discussed mapping your current and existing internal controls to the Ten Hallmarks of an Effective Compliance Program so that you can demonstrate your compliance with the Foreign Corrupt Practices Act’s (FCPA) internal control prong to the accounting procedures. Today I want to discuss the issues surrounding the inevitable layoffs your company will have to endure in a downturn.

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce, both in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for a wide variety of complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

Before you begin your actual layoffs, the compliance practitioner should work with your legal department and HR function to make certain your employment separation documents are in compliance with the recent SEC v. KBR Cease and Desist Order regarding Confidentiality Agreement (CA) language which purports to prevent employees from bringing potential violations to appropriate law or regulatory enforcement officials. If your company requires employees to be presented with some type of CA to receive company approved employment severance package, it must not have language preventing an employee taking such action. But this means more than having appropriate or even approved language in your CA, as you must counsel those who will be talking to the employee being laid off, not to even hint at retaliation if they go to authorities with a good faith belief of illegal conduct. You might even suggest, adding the SEC/KBR language to your script so the person leading the conversation at the layoff can get it right and you have a documented record of what was communicated to the employee being separated.

When it comes to interacting with employees first thing any company needs to do, is to treat employees with as much respect and dignity as is possible in the situation. While every company says they care (usually the same companies which say they are very ethical), the reality is that many simply want terminated employees out the door and off the premises as quickly as possibly. At times this will include an ‘escort’ off the premises and the clear message is that not only do we not trust you but do not let the door hit you on the way out. This attitude can go a long way to starting an employee down the road of filing a claim for retaliation or, in the case of FCPA enforcement, becoming a whistleblower to the Securities and Exchange Commission (SEC), identifying bribery and corruption.

Treating employees with respect means listening to them and not showing them the door as quickly as possible with an escort. From the FCPA compliance perspective this could also mean some type of conversation to ask the soon-to-be parting employee if they are aware of any FCPA violations, violations of your Code of Conduct or any other conduct which might raise ethical or conflict of interest concerns. You might even get them to sign some type of document that attests they are not aware of any such conduct. I recognize that this may not protect your company in all instances but at least it is some evidence that you can use later if the SEC (or Department of Justice (DOJ)) comes calling after that ex-employee has blown the whistle on your organization.

I would suggest that you work with your HR department to have an understanding of any high-risk employees who might be subject to layoffs. While you could consider having HR conduct this portion of the exit interview, it might be better if a compliance practitioner was involved. Obviously a compliance practitioner would be better able to ask detailed questions if some issue arose but it would also emphasize just how important the issue of FCPA compliance, Code of Conduct compliance or simply ethical conduct compliance was and remains to your business.

Finally are issues around hotlines, whistleblower and retaliation claims. The starting point for layoffs should be whatever your company plan is going forward. The retaliation cases turn on whether actions taken by the company were in retaliation for the hotline or whistleblower report. This means you will need to mine your hotline more closely for those employees who are scheduled or in line to be laid off. If there are such persons who have reported a FCPA, Code of Conduct or other ethical violation, you should move to triage and investigate, if appropriate, the allegation sooner rather than later. This may mean you move up research of an allegation to come to a faster resolution ahead of other claims. It may also mean you put some additional short-term resources on your hotline triage and investigations if you know layoffs are coming.

The reason for these actions are to allow you to demonstrate that any laid off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you layoff the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also if you do demonstrate that you are sincerely interested in a meritorious hotline complaint, it may keep this person from becoming a SEC whistleblower.

Just as the Golden Gate Bridge provides more to the human condition than simply a structure to get from San Francisco to Marin County, layoffs in an economic downturn provide many opportunities to companies. If they treat the situation appropriately, it can be one where you manage your FCPA compliance risk going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

 

Garo YepremianGaro Yepremian died this past week. For anyone who grew up watching National Football League (NFL) games in the late 1960s or 1970s; this was a name quite familiar to you even if you had trouble pronouncing it. Yepremian was a left-footed field goal kicker who went from the heights of glory such as once kicking six field goals in one game and ending the NFL’s longest game; the Miami Dolphins-Kansas City Chiefs 1971 playoff game which he won with a field goal in the second sudden death overtime. Unfortunately it is not these achievements that he is best known for. That rather ignominious distinction was when he had a field goal blocked in the 1973 Super Bowl against the Washington football team; then picked it up and tried to pass it only to have it slip from his hands into the arms of Mike Bass who ran it in for a touchdown. Read More

Wrongful TerminationThis week the Houston Texans unceremoniously cut the franchise’s greatest player in its short history, receiver Andre Johnson. This was after his being hauled into the office of the head coach and being told that he would only need to work half as hard next year. As reported by Jerome Solomon in the Houston Chronicle article entitled “Move inevitable, but team bungles its handling”, Head Coach Bill O’Brien told Johnson that his catch total would drop from the 84 he has averaged in his 12 year career with the Texans down to “around 40 passes next season.” But O’Brien went on to add the team’s certain Hall of Fame receiver “wasn’t likely to be a starter next season, definitely not for all of the games.” So much for playing your best player at his position on a full-time basis, but hey, at least the information was made public.

Now imagine you are a Chief Compliance Officer (CCO) and have been one of your company’s senior management for the better part of the past 12 years. While you may not have been the most important member of the management team you certainly have helped navigate the company through rough compliance waters. Now imagine the company Chief Executive Officer (CEO) who tells you that although he has no one in mind to replace you (other than a less experienced and a smaller-salaried compliance specialist) your services will only be needed half the time in the coming year. What if this is in response to advice the head of the company did not like? What should the response be?

You can consider the departure from MF Global of its Chief Risk Officer, the financial services equivalent of a CCO. As reported in a New York Times (NYT) article entitled “MF Global’s Risk Officer Said to Lack Authority” Ben Protess and Azam Ahmed reported that the company replaced its Chief Risk Officer, Michael Roseman, after he “repeatedly clashed with Mr. Corzine [the CEO] over the firm’s purchase of European sovereign debt.” He was given a large severance package and left the company. When he left, there was no public reason given. His replacement was brought into the position with reduced authority.

If you are a public company, you may well need to heed the advice of fraud and compliance expert Jonathan Marks, a partner at Crowe Horwath LLP, who advocates that any time a CCO, a key executive, is dismissed it should be an 8K reporting event because the departure may be a signal of a change in the company’s attitude towards compliance or an alleged ethical breach had taken place. A similar view was expressed by Michael W. Peregrine in a NYT article entitled “Another View: MF Global’s Corporate Governance Lesson”, where he wrote that a “compliance officer is the equivalent of a “protected class” for governance purposes, and the sooner leadership gets that, the better.” Particularly in the post Sarbanes-Oxley world, a company’s CCO is a “linchpin in organizational efforts to comply with applicable law.” When a company fires (or asks him/her to resign), it is a significance decision for all involved in corporate governance and should not be solely done at the discretion of the CEO alone.

In its Code of Ethics for Compliance and Ethics Professionals, the Society for Corporate Compliance and Ethics (SCCE) has postulated Rule 1.4, which reads, “If, in the course of their work, CEPs become aware of any decision by their employing organization which, if implemented, would constitute misconduct, the professional shall: (a) refuse to consent to the decision; (b) escalate the matter, including to the highest governing body, as appropriate; (c) if serious issues remain unresolved after exercising “a” and “b”, consider resignation; and (d) report the decision to public officials when required by law.” As commentary to this rule, the SCCE said, “The duty of a compliance and ethics professional goes beyond a duty to the employing organization, inasmuch as his/her duty to the public and to the profession includes prevention of organizational misconduct. The CEP should exhaust all internal means available to deter his/her employing organization, its employees and agents from engaging in misconduct. The CEP should escalate matters to the highest governing body as appropriate, including whenever: a) directed to do so by that body, e.g., by a board resolution; b) escalation to management has proved ineffective; or c) the CEP believes escalation to management would be futile. CEPs should consider resignation only as a last resort, since CEPs may be the only remaining barrier to misconduct. A letter of resignation should set forth to senior management and the highest governing body of the employing organization in full detail and with complete candor all of the conditions that necessitate his/her action. In complex organizations, the highest governing body may be the highest governing body of a parent corporation.”

What about compensation? The Department of Justice (DOJ) has made clear that it expects a CCO to resign if the company refuses advice and violates the Foreign Corrupt Practices Act (FCPA). The former head of the DOJ-FCPA unit Chuck Duross went so far as to compare CCOs and compliance practitioners to the Texans at the Alamo. To be fair to Duross, I think he was focusing more on the line in the sand part of the story, while I took that to mean they were all slaughtered for what they believed in. But whichever interpretation you may choose to put on it, the DOJ clearly expects a CCO to stand up and if a CEO does not like what they say, he or she must resign. This puts CCOs and compliance practitioners in a very difficult position, particularly if there is no exit compensation for doing the right thing by standing up.

I think the next step should be for the DOJ and Securities and Exchange Commission (SEC) to begin to discuss the need for contractual protection of CCOs and other compliance practitioners against retaliation for standing up against corruption and bribery. The standard could simply be one that protects a CCO and other compliance practitioners against termination without cause. Just as the SEC is investigating whether companies are trying to muzzle whistleblowers through post-employment Confidentiality Agreements, I think they should consider whether CCOs and other compliance practitioners need more employment protection. I think the SEC should also consider the proposals of Marks regarding the required 8K or other public reporting of the dismissal or resignation of any CCO. Finally, I would expand on Peregrine’s suggestion and require that a company Board of Directors approve any dismissal of a CCO. With these protections in place, a CCO or compliance practitioner would have the ability to confront management who might take business decisions that violate the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015