May the 4th Be Wtih YouMay 4th is universally recognized (at least in the universe I inhabit) as Star Wars Day. According to Wikipedia, “May 4 is called Star Wars Day because of the popularity of a common pun spoken on this day. Since the phrase “May the Force be with you” is a famous quote often spoken in the Star Wars films, fans commonly say “May the fourth be with you” on this day.” Given the rejuvenation of the franchise, in the form of Star Wars VII – The Force Awakens all Star Wars fans have reason to celebrate this May 4th in a manner we have not seen for some time.

The most recent entry into the Star Wars oeuvre revolves around a young girl, Rey, a scavenger who was abandoned as a child on the desert planet Jakku. She is patiently waiting for her family to return. She is completely self-sufficient and does everything for herself, until she is drawn into the intergalactic battle. It turns out The Force is strong in Rey and at the end of the movie she returns Luke Skywalker’s light sabre to him, strong implying that he is her father. Not so has intoned director J.J. Abrams, who has said publicly that Rey’s father did not appear in Episode VII. Rey is also, as my teenaged daughter informed me, “kick-ass”.

So whether you are waiting for the unfurling of the story of Rey and her family, are cheered by the return of a beloved movie franchise from its putrid depths of Episodes 1-3 or just enjoy a kick-ass, rollicking good time; we all have great reason to celebrate this May 4th.

I thought about all this in the context of the report in the Financial Times (FT) by Richard Milne, in an article entitled “Norway’s oil fund to target high executive pay votes”. Both Matt Kelly and I recently wrote about BP and its Board of Directors’ thumb-nose to its shareholders who overwhelmingly voted against a pay raise for BP’s Chief Executive Officer (CEO), Bob Dudley. Dudley effectively received a 20% pay raise in spite of a company wide ban on salary raises during the economic downturn in the energy sector. As Houston Chronicle business columnist Chris Tomlinson wrote, in a piece entitled “Times tough at BP, so chief executive gets raise, this raise was “in compensation for managing the company through a dramatic drop in share price, for laying off thousands of employees and endangering the company’s dividend.”

Tomlinson nailed it when he asked who does the Board represent, management or the shareholders? Now imagine a Board who is cozy with management and is made aware of a potential Foreign Corrupt Practice Act (FCPA) violation. If that Board has not shown the independence to even objectively evaluate the CEO’s performance in conjunction with compensation, what would give shareholders any comfort they would objectively investigate and evaluate such conduct? After all, any fine and penalty levied for a corporate FCPA violation will, at the end of the day, be borne by the shareholders to pay, not the culpable executives.

Moreover, how will such a Board attitude play out under the strictures of the Yates Memo and Department of Justice (DOJ) Pilot Program for enhanced credit for self-disclosure, investigating and remediation? One might hope that with criminal penalties hanging over their collective heads, Boards of Directors would follow their legal obligations and investigate thoroughly but if the Board is there to simply perform lip service to top management who knows?

This Board attitude also impacts employees in the trenches as well. While Tomlinson asks the basic question “Ask BP employees laid off in Houston if they got a big bonus and a doubling of retirement benefits”? I think the implication for a company’s FCPA compliance program may be equally troubling. I have often used the anecdote about the employee who is more worried about making his quarterly numbers than he is in following the Code of Conduct to make a sale.

Kelly looked at it from several angles in his article entitled “How BP’s Board Undermines Its Drive for Compliance”. I was particularly intrigued by his analysis through the prism of the COSO 2013 Framework. Kelly wrote, “Remember that one main message from regulators this year has been the board’s responsibility for corporate governance and ensuring that a “culture of compliance” exists at the business. The compliance officer plays a crucial role in supporting that culture, and in facilitating conversations among other parts of the enterprise so that culture thrives – but the board is the group with ultimate responsibility for putting the right elements in place.

If those elements sound familiar, that’s because they are all the same principles that go into the control environment of COSO’s framework for internal control. And that’s the key point here: a strong culture of compliance is a strong control environment. They are the same thing. Like any environment or any culture, they surround all the specific actions that transpire at your company every day. If they are rotten, all those actions become less effective.”

That is why I was absorbed when I read in Milne’s FT piece, “The world’s biggest sovereign wealth fund is launching a crackdown on executive pay, targeting high salaries at companies around the globe in an attempt to exert its influence in a debate that has been gathering pace in recent months.” As Yngve Slyngstad, chief executive of the fund, told the FT, “We have so far looked at this in a way that has focused on pay structures rather than pay levels. We think, due to the way the issue of executive remuneration has developed, that we will have to look at what an appropriate level of executive remuneration is as well.”

Excessive executive pay is certainly an issue that resonates across the globe. However now this issue has been tied to corporate governance. For if a Board of Directors, who are (in theory) in place to protect the interests of shareholders abdicates that duty to not only enrich but to protect executives, is there really any certainty that the Board will fulfill its other corporate governance duties?

One way to effect change is through enhanced regulation. Yet another effective manner is through the market. If there are large investors who believe that good corporate governance is a good business practice, this will lead the march towards more robust oversight of corporate conduct. Mike Volkov has said that he believes the increase in anti-corruption compliance programs has been one of the most significant developments in corporate governance. With the entry of the Norwegian wealth fund into a more forceful role in the corporate governance of the entities which it holds interests, how long might it be before they begin to consider compliance related issues?

With the release of Star Wars VII – The Force Awakens the Star Wars universe rejoiced. This move by the Norwegian sovereign wealth fund may equally portend a positive movement towards not only a cap on excessive executive pay but also a more rounded approach to seeing companies engage in good corporate governance.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Blackie SherrodBlackie Sherrod died last week. To any reader of sports pages across the nation and most particularly in Texas, Sherrod was about as good as it got. For me, he was right up there with Red Smith, Frank DeFord and Shirley Povich as one of the greatest sports writers of the second half of the 20th Century. His columns on the Dallas Cowboys in the 1960s and 1970s were truly pieces of art to be marveled at when savoring. He also had the good sense to hire Dan Jenkins and Bud Shrake as young sportswriters.

I thought about Sherrod when I read a recent article in the Harvard Business Review (HBR), entitled “Making Exit Interviews Count, authors Everett Spain and Boris Groysberg assert that exit interviews, when conducted with care, can be a very useful tool in two important areas: to increase employee engagement, to reveal what may not be working in the organization.

The authors believe that exit interviews can provide insight into what employees are thinking, reveal problems in the organization, and shed light on the competitive landscape. They believe that companies should focus on six goals in their exit interviews, that there must be an emphasis in both “tactics and techniques” and, finally, that the process is a continuing conversation.

I.      Overall Goals

  1. Uncover issues relating to HR. The authors find organizations “that conduct exit interviews almost always pursue this goal but often focus too narrowly on salary and benefits.” The problem with this approach is that salary concerns are not usually what drives employees to seek employment elsewhere. It is almost always something else. The article stated, “One leader from a food and beverage company told us that exit interviews inform his company’s succession planning and talent management process.”
  1. Understand employees’ perceptions of the work itself. Here the authors require that the person conducting the exit interview understand the departing employee’s job design, working conditions, culture, and peers. By understanding and questioning the employee on this information, the exit interview “can help managers improve employee motivation, efficiency, coordination, and effectiveness.”
  1. Gain insight into managers’ leadership styles and effectiveness. Leadership style is an important reason many employees depart for greener pastures. By inquiring into and understanding this dynamic, an organization can begin to “reinforce positive managers and identify toxic ones. One executive at a major restaurant chain told us that several exit interviews she’d recently conducted revealed that micromanagement was a big problem. The conversations, she said, “led to some very tangible outcomes,”” such as establishing training and development initiatives to create better managers.”
  1. Learn about HR benchmarks (salary, benefits) at competing organizations. While salaries and compensation packages are usually not the driver of departures, they certainly do play a role. You should use the exit interview to do some benchmarking. The authors cited to a HR executive at a global food and beverage who noted, “We use exit interviews to see how competitive we are against other employers: time off, ability to advance, different benefits, and pay packages. And we want to see who is poaching our people.”
  1. Foster innovation by soliciting ideas for improving the organization. The authors believe that exit interviews should go beyond the departing employee’s “immediate experience to cover broader areas, such as company strategy, marketing, operations, systems, competition, and the structure of his or her division.” They cite as one “emerging best practice is to ask every departing employee something along the lines of “Please complete the sentence ‘I don’t know why the company doesn’t just ____.’” This approach may reveal trends which can be incorporated into future innovations.”
  1. Create lifelong advocates for the organization. I found this one perhaps the most innovative, yet in many ways the most basic, which is of course to treat departing employees with dignity, respect and gratitude. Such treatment at departure may well encourage departing employees to recommend their former companies to potential employees, to use and recommend the companies’ products and services, and to create business alliances between their former and new employers. The authors cite to one North American financial services executive for the following, “You want [a departing employee] to leave as an ambassador and customer.”

II.     Tactics and Techniques

The authors believe that leaving such exit interviews simply to the Human Resources (HR) function is too simplistic an approach because “this approach marginalizes the process and suggests that it is an operational duty rather than a strategic opportunity. Human resources may administer the program day to day, but it is imperative that the right line leaders participate in the interviews and that the executive committee oversees the program’s design, execution, and results.”

The authors believe that exit interviews conducted by “Second-line managers (direct supervisors’ managers) typically receive more-honest feedback precisely because they’re one step removed from the employee. Also, these managers are in a position to follow up immediately and effectively. Their participation signals that the company cares about the opinions of departing employees.” Beyond this level, the authors believe that someone other than in the direct line should conduct the additional interview. I would suggest that this would be an appropriate location for the compliance department to become directly involved.

The specifications of who should be interviewed should also be considered. As departing employees can certainly be ambassadors for the organization, high level or senior management should be listed. However, from the compliance perspective, any employee who comes from a high-risk area, sector, market or geography should also be considered.

The authors point to the timing of the interviews as a key to productivity. They have seen interviews during the mid point between the announcement to depart and the actual departure date as a good time. (Of course, this assumes a policy more enlightened than asking an employee to leave immediately in such circumstances.) Yet some companies have waited until after the employee has departed because, as one person interviewed for the article noted, “They normally tell us very honestly why, and often we respond with programs to work on the problems.”

While a face-to-face interview is always deemed the most appropriate, if an employee has departed, this may not be feasible. The authors noted that some companies conduct telephone interviews or even online surveys. Nonetheless whichever method is used should have structure around the questions and questioning because “the strength of standardized interview questions is that the make it easier to spot trends.”

The penultimate issue is how will your company use this information? The authors write that the distribution of the information obtained “should respect the sensitivity of the data and protect interviewees’ candor, particularly about their bosses.” Moreover the “the distribution of data should be timed according to the executive decision cycle.”

Ultimately, always remember this is a continuing conversation that the authors call “retention conversations”. Think about using the exit interview questions and techniques with existing employees to build upon the internal data you might analyze during transaction analysis. These retention conversations, together with exit interviews can be not only a useful tool but also a critical one as well for the compliance function.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

 

 

OthelloWhich play in Shakespeare’s cannon presents the biggest clash of cultures, which leads to the most catastrophic result? I would have to opine Othello, one of the great tragedies in all of Shakespeare. Othello, a Moor and General in the service of the Venetian republic, wins great honors on the fields of battle with the Turks. He also wins the hand of the lovely Desdemona. However, off the battlefields, Othello falls prey to the whiles of Iago, who convinces Othello of the infidelity of his bride. Othello murders his wife and then, realizing his mistake, takes his own life.

There are many culture clashes going on in the play. The military ethos vs. the deceit of civilian life, African tribal culture vs. the isolation of life in Venice, and even the warm bloodedness of a Moor vs. the chilly civilization of 16th century Venice. Yet it all leads to one thing – destruction.

One of the more difficult things to predict in a merger and acquisition (M&A) context is how the cultures of the two entities will merge. Further, while many mergers claim to be a ‘merger of equals’ the reality is far different as there is always one corporate winner that continues to exist and one corporate loser that simply ceases to exist. This is true across industries and countries; witness the debacle of DaimlerChrysler and the slow downhill slide of United after its merger with Continental.

In the Foreign Corrupt Practices Act (FCPA) space this clash of cultures is often seen. One company may have a robust compliance program, with a commitment from top management to have a best practices compliance program. The other company may put profits before compliance. Whichever company comes out the winner in the merger, it can certainly mean not only conflict but if the winning entity is not seen as valuing compliance, it may mean FCPA investigations and possibly even FCPA violations going forward.

A recent article by Andrew Hill, in the On management column in the Financial Times (FT), entitled “Dealmakers need new tools to predict M&A culture clash”, he focused on the fact that the “potential for cultural mismatch is usually one of the first red flags raised over complex deals.” He went on to state, “There is a crying need to improve the supposedly softer side of dealmaking and cut the great financial and psychological cost of finding out too late that the partners do not get on.”

Hill recognizes it is often difficult to begin such a discussion without engaging in cultural anecdotes or even cultural stereotypes, such as the French and the Americans will never get along or even appreciate how the other does business. Even such tried and tested methods based on “observation and interview can be unsystematic or prone to bias.” He also points out the problems with self-reported surveys that “go stale quickly or suffer from self-censorship.” This is even truer when one company has an ethos of punishing those who actually answer surveys honestly or report incidents. Finally, Hill notes that even questions by one group towards the other can bring a certain biting critique.

Of course all of this comes in the context of the employees from the acquired side that may be fearful for their jobs and employment prospects going forward. I once asked a friend going through a takeover what it was like and he said it was every employee for him or herself, each wondering when they would get axed. Certainly that is not positive either.

Yet even when working towards merging cultures in systematic manner, companies can make miss-steps. Hill points to the Hewlett-Packard acquisitions of Compaq as a classic example. He noted that after the two entities had “poured hours into their due diligence on their contrasting cultures before the deal was complete” which included 138 focus groups, consisting of 127 executives and 1600 staff in 22 countries, they still could not get it right. He pointed to the Compaq cultural value of keeping in touch with all employees through routine reports of what projects they were working on, clashing with the HP culture which saw this same action as “being micromanaged and not trusted.”

The quandary of how to determine cultural clashes is an ongoing problem during any acquisition. However, Hill reported that a new approach may provide some insight. A study, by University of California Professor Sameer Srivastava and Stanford University Professor Amir Goldberg, looked at it from a different angle; the email angle. They crunched “the language in 10.3m internal emails sent over five years by staff at a medium-sized technology company. Comparing the results against personnel records, they were able to map the trajectory of staff as they joined, got used to the culture and stayed, quit or were forced out. Among the findings: the reciprocal use of swear words in emails is one important clue to cultural fit; so are message exchanges about families.”

As Hill dryly noted, “Such studies are valuable not only for those building sweary or homely teams. They could tell managers more about subgroups within supposedly monolithic organisations”. I have previously written about Catelas, a software company that can review your internal emails to determine patterns that might detect nefarious conduct. If you couple the power of such software with the insights of Professors Srivastava and Goldberg, you might be able determine areas of compliance trouble in a merged entity.

This is all the more important with the compressed time frames required after an M&A to complete the acquisition integration as set out in the Ten Hallmarks of An Effective Compliance Program, as laid out in the 2012 FCPA Guidance. Coupled with the Opinion Release 08-02, involving Halliburton and two enforcement actions, Data Systems & Solutions LLC (DS&S) and Johnson and Johnson (J&J), the time frames for your post-acquisition, integration, investigation and any remediation are quite tight. The DOJ makes clear that rigor is needed throughout your entire compliance program, including M&A. This rigor should be viewed as something more than just complying with the FCPA; it should be viewed as just making good business sense.

FCPA Post-Acquisition Time Frame Summary 

Time Frames Halliburton 08-02 J&J DS&S
FCPA Audit 1.     High Risk Agents – 90 days

2.     Medium Risk Agents – 120 Days

3.     Low Risk Agents – 180 days

18 months to conduct full FCPA audit As soon “as practicable
Implement FCPA Compliance Program Immediately upon closing 12 months As soon “as practicable
Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon “as practicable

Using the approach laid out by the Professors might well give you a leg up on any potential problems that need to be investigated, remediated and reported so that you can receive the benefits of meeting the post-acquisition time lines for a safe harbor. Such an analysis might also tell you if an acquired company or merger partner is as serious about compliance as your company is going forward.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

SantayanaThe philosopher George Santayana is usually best remembered for the pithy saying, ‘Those who cannot remember the past are condemned to repeat it.” Santayana was an essayist, poet, professor and novelist. According to Wikipedia, Santayana was Spanish-born but was raised and educated in the United States. He wrote in English and is generally considered an American man of letters. At the age of forty-eight, Santayana left his position at Harvard, where he had been a Professor of Philosophy for over 20 years and returned to Europe, never to return to the United States.

While Santayana inspires what begins a two-part blog series, the lead quotation to theme these posts comes from the Oscar winning animator, Chuck Jones who, in describing two of his well-known creations, Roadrunner and Wily E. Coyote, used Santayana’s description of fanaticism when he articulated these cartoon characters as “redoubling your effort after you’ve forgotten your aim”.

Both of these two Santayana revelations are appropriate to introduce the Novartis Foreign Corrupt Practices Act (FCPA) enforcement action brought last week by the Securities and Exchange Commission (SEC). As noted by the FCPA Professor, this was the 22nd FCPA enforcement action brought against health care companies involving health care professionals. You might think those companies would begin to get the message that their conduct would be scrutinized for FCPA violations. Yet once again we see with Novartis, “redoubling your effort after you’ve forgotten your aim”. Even if the Chuck Jones observation is too ethereal for your company, if you do not study the past, you are condemned to repeat your mistakes.

Over the next two days I will explore at length the Novartis FCPA enforcement action. In today’s blog post, I will review the underlying conduct that got the company into FCPA hot water. Tomorrow I will look at what the company did in response to the revelations of FCPA misconduct and present some lessons to be learned by the compliance practitioner.

As noted in the SEC Cease and Desist Order (the Order), “From at least 2009 to 2013, certain employees and agents of Novartis subsidiaries conducting business in China engaged in transactions and provided things of value to foreign officials, principally healthcare professionals (“HCPs”). These payments took varied forms and were intended to influence the HCPs and thereby increase sales of Novartis pharmaceutical products. Employees and managers in the involved subsidiaries attempted to conceal the true nature of the transactions through the use of complicit third parties and by improperly recording the relevant transactions on the books and records of the respective subsidiaries, which were consolidated in the financial reports of Novartis. Examples include improperly recording the payments as legitimate expenses for travel and entertainment, conferences, lecture fees, marketing events, educational seminars, and medical studies. Novartis also failed to devise and maintain an effective system of internal accounting controls or an effective anti-corruption compliance program.”

Novartis fell afoul of the FCPA through two of its subsidiaries doing business in China, Shanghai Novartis Trading Ltd. (Sandoz China) and Beijing Novartis Pharma Co, Ltd. (Novartis China). The actions of each subsidiary are instructive for the compliance practitioner so they will be taken up separately.

Sandoz China

Sandoz China’s plan was to increase sales of generic products. They endeavored to do so by targeting selected HCPs to “influence”. To accomplish this influence “certain sales representatives provided HCPs with such things as cash and gifts, which were funded through the submission of false expense reports.” The false expense reports were created to create a pot of money to pay for gifts and entertainment. Needless to say, these expenses were not booked properly in the company’s books and records.

This was not a situation where an individual, rogue employee or even a group of nefarious actors hid a bribery scheme from management but a focused, targeted campaign approved by the management of Sandoz China. The Order goes on to state, “certain employees maintained projections in spreadsheets that directly linked a certain cash value to be provided to HCPs in exchange for a certain number of prescriptions per month. In certain instances, these planned amounts were referred to as “investments,” between several hundred and several thousand dollars annually, and the HCPs were in some instances categorized into and tracked by different tiers, including one tier described as “money worshippers.””

But it was far more than simply the purchase of a few gifts for targeteddecision- makers. Sandoz China used travel to the US as another excuse to provide illegal benefits. The company claimed these trips were “educational events” but the Order noted, “in many instances, the actual trips did not include an educational purpose or the scientific/educational components were minimal in comparison to the sightseeing or recreational activities, and were instead a method of influencing the HCPs. The related expenses were approved and paid with little or no supporting documentation.”

A prime example set out was an alleged conference in Chicago, yet there was a side trip to Niagara Falls, a mere 530 miles away from the conference site. Sandoz China paid the travel expenses for spouses too.. And in one of the great compliance notations of all time, the company paid for “cover charges at a strip club.” I guess we can assume the Chinese entertained were male. There were also instances were Sandoz China simply billed the corporate office approximately $25K for events and there was no evidence the events ever occurred.

Sandoz China even came up with a new mechanism to engage in illegal bribery and corruption. They paid monies to officials “to collect and analyze patient medical data for the stated purpose of better understanding the use and reaction of a particular Novartis drug among patients.” Leaving aside the issue of whether this action violated any patient privacy rights in China, the Order said, “the studies did not provide any legitimate medical data, but rather were used to financially reward HCPs who had prescribed the drug.” These payments totaled over $500K in 2009-2010.

Novartis China

This entity appears to have used the well-known Chinese vehicle of ‘travel agencies’ to further its bribery and corruption schemes. The Order stated, “The payments were made through event planning and travel companies retained by Novartis China ostensibly to arrange transportation, accommodations and meals for HCPs in connection with educational conferences and other business activities. Through the use of these complicit vendors, HCPs were provided with improper inducements to prescribe or recommend Novartis products. The subsidiary recorded these payments as legitimate selling and marketing costs in its books.” These events were both inside and out of China. In addition to the use of travel agencies to engage in corrupt activities, there was no due diligence or even rudimentary compliance review of these third parties from a compliance perspective.

Finally there were insufficient compliance internal controls around both subsidiaries in China. There was insufficient training of the Chinese staff in both hiring and retention of third parties and in managing these relationships after their contracts were signed. These controls were not “sufficient and appropriate support for the selling and marketing expenses submitted by these vendors.”

Tomorrow I will continue my review of the Novartis FCPA enforcement action to see what the company did when it found out about these deficiencies and what lessons can be gleaned by the compliance practitioner.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

George KennedyGeorge Kennedy died this week. He was one of the few actors who went from playing tough guys to being a hit in comedies. According to his obituary in the New York Times (NYT), Kennedy played “vicious killers, bumbling lawmen, saddle tramps, bank robbers, scowling bullies – anybody you’d be foolish to mess with or trust in an emergency who played tough guys, oafs, G.I.’s and a bonanza of cowboys as one of Hollywood’s most versatile and durable character actors. He portrayed them all in more than 200 films and television productions in an acting career that spanned nearly five decades. He also won an Oscar as the best supporting actor of 1967 for his performance in the Paul Newman film “Cool Hand Luke”(pictured left).

In a late career twist he moved to ironic comedy starring in the “cult favorite “The Naked Gun: From the Files of Police Squad!” (1988) and its sequels, “Naked Gun 2 ½: The Smell of Fear” (1991) and “Naked Gun 331/3: The Final Insult” (1994), Mr. Kennedy played Capt. Ed Hocken, wincing and grimacing at the wreckage wrought by Mr. Nielsen’s bumbling Lt. Frank Drebin.” Sometimes to win all you need is a real cool hand.

One of the things Chief Compliance Officers (CCOs) and compliance practitioners face is how to scale up a compliance program for dramatic growth, which can occur organically and sometimes inorganically through acquisitions. However, in both situations a CCO, who is a single compliance resource for a company, may need to scale up quickly. A recent Harvard Business Review (HBR) article authored by Ranjay Gulati and Alicia DeSantola, entitled “Start-Ups That Last”, looked at this scalability issue in the context of start-ups.

I found that their insights could be useful for the compliance professional who might confront the issue. This is because scaling up your compliance function does not mean the CCO should disavow who is personable and accessible. Nonetheless you need to be prepared to manage that corporate growth and to learn new ways of operating and behaving. This will provide a stronger and more effective compliance program in the long term.

For a single source compliance functionary, who knows everyone and is accessible to everyone in the organization, it is sometimes difficult to begin to delegate out. The egalitarian nature of such an operation cannot be denied. Moreover, there tends to be consistency when one person makes the decisions. However this situation can lead to bottlenecks when there is simply too much work to do. The authors note, “organizations spin out of control as centralized authority becomes a bottleneck that hinders information flow, execution and decision making.”

Hierarchy is not always bad. The key is to put structures in place that remain flexible enough to keep the company moving forward in the right direction but does not discourage solo contribution. However, the CCO must work to keep from having too many layers in the decision making process while provided the second set of eyes and that any best practices compliance program requires. You should try to find the balance between formal structures with informal communications up and down your chain. Such a communication system can help streamline and make more efficient the process of compliance. Finally, this will help you to embed compliance within the fabric of your organization.

The next area the authors discuss is not one usually considered by a CCO or compliance practitioner. It is planning and forecasting with discipline. In the compliance realm, we usually will posit a risk assessment and use the results as a road map for a 1, 3 or 5 year game plan. However, if you can move from this process to more robust forecasting, you can have a framework in place that allows you to test how new compliance initiatives are received and also react more dynamically to the business market, “with an eye towards larger objectives and sustaining” compliance.

You need to begin with strategic planning. This is moving beyond simply ‘what I want to be when I grow up’ to regular goal-setting to build your long-term compliance vision for the company. You can sit down with your business lead counter-parts and ask what is there strategic vision for both products and markets? If they identify Brazil as a huge growth opportunity, then you will need to forecast out what their team will need from the compliance perspective. More pointedly, what processes and protocols can you put in place that will allow the business team to move into Brazil seamlessly, both on the operational and tactical level?

Here technology can be a real leg up for you and your compliance program. By using both data analytics and transaction monitoring, you can be more nimble to deliver a proscriptive compliance solutions going forward. Further, once a solution is determined you can then scale that solution companywide, as circumstances dictate. The authors note, “Setting clear goals and guidelines, systemically gathering and sharing information to shed light on performance and enable better forecasting, and creative processes instead of relying on key individuals” are all hallmarks that your program is running more efficiently.

A final area the authors consider is how to sustain a culture when scaling up. This is something near and dear to every CCO or compliance practitioner’s heart as we are motivated to do the most business in compliance with our company’s ethics and ethos. Obviously it will be important to sustain this cultural ethos during times of rapid growth. You must work to codify and then reinforce this cultural ethos going forward. Obviously a robust Code of Conduct and written compliance programs are important first steps but they must be reinforced in the face of rapid business and personnel growth. Indeed, it starts with the hiring process as your first touch point to communicate the company’s expectations around compliance and weed out those who may not have the same business ethics that you stand for going forward.

Equally important is to continue this communication, with founding members or senior executives of the company being ambassadors for compliance. This is more than simply good tone at the top. This is senior management holding town halls around your ethical culture, holding compliance moments and using social media tools to talk to and listen to employees about issues around compliance.

I once worked at a software company that held ‘Final Friday’s’ where employees could all get together and visit with senior management. Initially these were held weekly. However, as the company grew they were moved to monthly and then quarterly and even as they became less frequent, they actually gained in popularity because it not only reminded everyone of some far off nostalgic days that may never have actually existed but it allowed everyone to get together in a collegial atmosphere. You can try something like that through the social media tools of Blab or Periscope.

As a CCO who is the sole member of a corporate compliance department, you may have created something very special and unique. The authors end with the comment, “Between the extremes of ad hoc and prescriptive organizing, there’s a useful middle ground.” By moving towards this place, you, as the CCO, can make your company more nimble, more efficient and may well provide to your company a market differentiator.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016