To download full survey results, click here.
As you probably know, we sent a call out on all of our social media to share your Corporate Compliance & Ethics Week pictures and stories with us. Well, Jeremy Beakley, Compliance Officer from the State Procurement Office of the State of Arizona Department of Administration, answered our call…with a potluck flyer.
You see, Jeremy arranged a potluck to celebrate CC&E week. And because the potluck was on Monday, May 5th, they did a “Cinco de Compliance” theme. All of this piqued my interest, so I called Jeremy for a chat. When we spoke I learned that this was the first compliance event their office had ever held. Jeremy explained that the official compliance department is new for the procurement office and that their CC&E week event really helped spread the word. Putting a face behind compliance is one of Jeremy’s top goals this year.
Since it was their first year celebrating, Jeremy started small, inviting their 40 staff and Chief Procurement Officers from the other Arizona state agencies. The potluck idea encouraged everyone to participate, and kept the event feeling more like a celebration and less like a meeting. The biggest benefit, Jeremy said, was that once people were there, they were really engaged. So much so, that they were all for participating in some ethical role playing. Inspired by Amy Block Joy’s recent article, Ethics and “Breaking Bad”: Developing and practicing ethical skills in Compliance & Ethics Professional, Jeremy wanted to get his office thinking about ethical grey areas.
Jeremy kicked off the ethical decision making discussion by reviewing the hard and fast, black and white ethical rules. From there, participants were encouraged to role play more difficult scenarios. Because he came prepared, Jeremy had developed scenarios that he thought would engage his participants, and teach them how to think about more difficult ethical decisions. “It was very rewarding,” Jeremy said, “hearing unique points of view, and seeing how people applied our black and white policies to real ‘grey area’ scenarios.”
Y-Comply, a compliance and ethics newsletter from the SCCE
Y-Comply is intended to help communicate the value and purpose of compliance and ethics to the general workforce. You are free to copy this article to your organization’s website or electronically distribute it to your workforce; no attribution to either SCCE or the article’s original author is necessary.
written by Deann Baker, CHC, CCEP, CHRC
The last Y-Comply outlined all of the elements of an effective compliance and ethics program as defined by the Federal Sentencing Guidelines (FSG). Over the course of the next year, each of those elements will be covered more specifically. The element known as “Governance and high-level oversight” will be covered this time.
The FSG states that an organization’s governing authority shall be knowledgeable about the content of the compliance and ethics (C&E) program and exercise reasonable oversight with respect to the implementation and effectiveness of the program. This is the role of an organization’s board of directors. The FSG further states that a specific individual within the organization will be delegated the operational responsibility for the C&E program and report periodically on the effectiveness of the program to high-level personnel and, as appropriate, to the governing authority (board of directors) or a subgroup of the governing authority.
Essentially, the FSG is saying that the C&E program must be supported and led by the organization’s leadership. Rather than focus on the board’s role, the focus will be on how the compliance officer can best achieve implementation of an effective C&E program with management’s support. The most effective way an organization can weave compliance and ethics into its fabric is to prioritize the work, as it does with other projects and programs, and that is through the strategic plan. Those plans have defined goals that have to be measured, reported on, and met within a timeframe. The intent of the strategic plan and goals is to help the organization fulfill its mission, achieve growth, and/or improve results. Individual(s) on the management team are typically responsible for driving the goals, and they are evaluated by how well they performed and met or didn’t meet those goals. Some of the goals will be assigned to workforce members at every level of the organization, and they too are evaluated on how well they met the performance expectations.
The C&E program has to be developed in a very similar way to help make it important to the organization and its entire workforce. When goals are established and people are evaluated on meeting those goals, it becomes important. There is a saying “What gets measured, gets done” and this is true of compliance and ethics too. Each of the C&E elements can be measured, and performance goals can be established to evaluate the results.
Although management is typically identified as those who drive results and management is whom we think of as the leadership within the organization, we can all be leaders and drive results. If someone is able to help influence results by helping others achieve a goal, then they are a leader. We can all take the initiative to influence others, achieve results to help grow or improve programs and systems within an organization, and challenge poor or wrong behaviors. Being a leader is not just about a position or power. It is about how we influence others to help achieve goals in a right way.
by Maria Coppinger-Peters
I am a banker; there, I said it. That said, I have been in banking for 26 years and have seen many changes in the money-laundering arena. MOs are getting more sophisticated and concealed a little more carefully. Result: the development of anti-money laundering software that helps detect and deter money-laundering activities. Gone are the days of relentlessly reviewing report after report to no avail. Hit ‘run query” and all sorts of goodies pop up. Thankfully, technology has kept pace with the schemers.
AML (Anti-Money Laundering) and BSA (Bank Secrecy Act) laws are absolutely my favorite regulations. No other regulation can provide the feeling of accomplishment when money-laundering violations are found and reported. The same goes for anti-terrorist funding reports. You feel you made a difference that is valued by law enforcement and government. However, no matter what your business line is, money laundering can influence your bottom line. That said, here is a brief overview on how and what should happen when detecting and deterring money-laundering
First, there are two definitions for money laundering:
- It is the introduction of illegally obtained currency into the banking system, AND
- It is using the banking system to illegally hide currency that was lawfully obtained.
Then there are the three general methods of money laundering:
Placement – the process of depositing illegal assets into the financial industry through ANY method: wires, cash, checks, money orders, etc.
Layering – the movement of illegal assets through financial institutions to separate the assets from the origin illegal source: wire transfers, CDs, drafts, letters of credit, internal transfers, negotiable instruments, foreign exchange, ACH, etc.
Integration – the movement of “laundered” funds back into the economy as legitimate funds (wire transfers, ACH, checks, Internet, etc.)
Suspicious Activity – Defined
It is impossible to define all activity that would qualify as suspicious. However, the following guidelines quantify the types of suspicious accounts/activities that should be monitored:
1. “High-risk” businesses (defined later in this article),
2. Other business with high wire transfer activity, particularly wires to foreign entities and banks,
3. Cash intensive businesses,
4. Frequent consumer foreign wire transfer activity,
5. Frequent large cash consumer deposits and withdrawals.
One of the best ways to avoid being an unknowing accomplice to money launderers is to properly identify new customers, clients and vendors.
General Procedures for Detecting Money Laundering
Accounts/activities falling into the category of “high risk” as defined by FinCEN (www.fincen.gov) or because of the individual account risk assessment process, should be reviewed for suspicious activity, money laundering and structured transactions. (Structuring is defined as making deposits and withdrawals in a series of transaction to avoid Currency Transaction Reporting requirements (http://www.fincen.gov/forms/files/fin104_ctr.pdf ). Structuring transactions is against the law, and a Suspicious Activity Report (Treasury form TDF 90-22.47) must be filed.
Detecting money laundering requires a several things. Use your technology. Review and analyze your data. Obtain supporting documentation. Retain all records relating to the case for at least 5 years. File a Suspicious Activity Report if warranted.
Certain types of business are more likely to be involved with money laundering. Examples of high-risk type accounts include but are not limited to Non-Bank Financial Institutions (NBFI’s), Professional Service Providers, Non-Governmental Agencies (non-profits) and cash intensive businesses. Accordingly, all businesses that are classified as one of the following may receive increased scrutiny of account activity.
This is not an all-inclusive list but rather samples of typical cash intensive, high-risk types of customers.
- Check cashing operations
- Currency dealer or exchanger
- Convenience stores
- Adult entertainment clubs
- Used car or motorcycle dealers that finance their own sales
- Used boat dealers that finance their own sales
- Liquor stores
- Apartment houses
- Parking garages
- Car wash facilities
- Charitable organizations
- Agent accounts for Money Service Businesses
- Money Service Businesses
- Other Professional Services (accountant, attorney, etc.)
- Privately owned ATMs and Leased ATMs
Suspicious and high-risk accounts should be monitored closely and should include site visits to determine the legitimacy of the business, business address and to determine if the business activity is consistent with the stated business activity, established at account opening.
Anti-Money Laundering & Suspicious Activities – Lending
Lending vehicles are becoming more and more popular with money launderers. Unusual or suspect actions, such as hesitancy to provide required identification, or refusal to provide the purpose for a loan, are key warning signs. Apparent unusual concern for secrecy regarding personal identity, occupation, type of business or property held. Other factors:
- Displays high level of curiosity about internal systems, policies, and controls.
- Has little knowledge of the amount and details of a transaction; provides confusing and/or inconsistent details about a transaction; or is unwilling to provide explanation about a transaction.
- Appears nervous, secretive, and reluctant to meet in person; over justifies or explains a transaction.
- Lifestyle inconsistent with known, legitimate sources of income or possesses large sums of money not consistent with known income sources.
- Use of multiple Post Office boxes or changes addresses frequently.
- Transactions with no logical economic purpose (no link between the activity of the organization or business and other parties involved in the transaction).
- Same day transactions at same depository institutions using different teller windows.
- Use of sequentially numbered money orders.
- Opening an account or loan where several persons have no apparent familial or business relationship but are designated signature authority.
- Individual is associated with a person linked to document forgery.
For more information, please visit: www.fincen.gov and http://www.fincen.gov/statutes_regs/ChapterX/pdf/ChapterXAnnotated.pdf. FinCEN’s mission is to enhance U.S. national security, deter and detect criminal activity, and safeguard financial systems from abuse by promoting transparency in the U.S. and international financial systems.
by Joshua Axelrod
Compliant behavior can increase the risk of non-compliance, particularly in large companies, where information silos are prevalent, low employee turnover is the norm, and interdisciplinary thinking and action have not been fully integrated into the company culture.
The situation is a common one. Employees work and develop experience in 1 or 2 functional areas and 1 or 2 departments of 1 company for many years. They develop skill sets allowing them to specialize in, e.g., finance, marketing, or sales, etc. Workers become very good at their particular specialties. This division of labor allows the company to gain the greatest return on the time and money spent training employees and decreases the compliance risk which accompanies functional performance of tasks. A culture is created incentivizing specialized competence and compliance.
But division of labor is inherently divisive and inconsistent with interdepartmental teamwork. Often missing is a singular, integrated, holistic, company-wide approach to value-added performance that all workers can understand and implement, collectively and individually. Also missing is a challenge to the status quo, i.e., an assessment, analysis, and remediation of the risk associated with the increasing disconnect between a constantly changing world and an increasingly insular workforce.
This status quo also conflicts with the currently prevalent, corporate cost-cutting, efficiency-based mantra of “do more with less.” How do you create jacks of all trades from masters of one, particularly with downsized, but unreplenished, functional workforces? The valued skill set now includes competence in holistic, cross-functional, facilitative management. Company procedures need to be enhanced and, unless new employees are hired, legacy employees need to be retrained. In turn, the likelihood of employees becoming overwhelmed increases. Morale declines as employees lament that new responsibilities “are not our jobs.” Employees continue to disavow problems if their particular functions are performed appropriately and do not take personal accountability for the downstream effects of their potentially compliant work.
In short, interdepartmental communication and teamwork decrease, creating substantial compliance risk.
With ineffective communication as the cause of so much compliance risk, addressing this issue appropriately is a potential game-changer. So how do companies facilitate and incentivize communication among their departments and employees to achieve their new objectives and minimize and remedy the compliance risk of compliant behavior?
Companies need to customize their goals to their particular needs, of course, but generally speaking they need to ensure that all employees are working toward a singular goal. Decision making by employees should prioritize success of the organization above all else, with that success necessarily involving an integrated consideration of business, legal, compliance, and reputational interests of the company. To that end, companies need to carefully develop and implement a strategy that focuses resources and energy on the best interests of the company, not the individual, department, or function.
From a compliance standpoint, this strategy development involves a focus primarily on issues involving and activities capturing the greatest compliance risk. This is the best use of time and increases the likelihood of your message being heard and heeded, your being considered credible, and others following your lead to incorporate business and compliance into a single mind-set for all of the decisions they make. Employees want to know that what you have to say is important and focuses them on their goal.
Additionally, communicate clearly with each of the groups performing particular functions to ensure that they are part owners of the larger process and problems identified within it. Employees should make decisions knowing that they will be held accountable for them. They should also anticipate how their particular work can be misconstrued, however innocently, by others at the company. Information systems experts, attorneys, researchers, and accountants, for example, all process information differently but are all part of the process of providing one final product or service to customers. Make sure that employees know that the Compliance Department is available to provide guidance while they remedy the risk but that it does so primarily in an auxiliary role.
Also ensure that workers know that there will be regular and ongoing monitoring and auditing of their process, and so the extent to which they successfully minimize compliance risk will be measured. Subsequent monitoring and auditing activities can measure improvement in addressing the compliance risk through comparison with the results of the initial monitoring and auditing exercise. Reward employees who look beyond their particular functional responsibilities and work to ensure an overall process that is effective and minimizes the risk of inadvertent noncompliance.
I had the opportunity to attend SCCE’s Chicago Regional meeting last Friday. My desire to attend the meeting was twofold: I wanted to see what a regional meeting was like, and I wanted to connect with more of our members. I can easily say that both goals were met. I can also say that I learned some very interesting and valuable information, that has nothing to do with compliance, at least not directly.
In an afternoon session, Mike Carder spoke about adult learning and training programs. In this session, I was fascinated to learn that in order to get an adult to retain information you need to repeat that information a minimum of 7 times. Seven. My dog only needs to hear it three times (this, the same dog that eats Q-tips), but you and I need to hear it s-e-v-e-n times to truly retain it. Now, take that and think about your compliance program. Does having your organization click-through online training once a year still seem like it’s enough?
Mike also had a great list of tips on how to keep your trainees engaged:
- Discussion is better than lecture
- Use small groups
- Ask probing questions and facilitate conversation
- Have attendees answer each other’s questions – they can learn more this way than from the teacher
- Repetition is the mother of learning
- Adults need information repeated a minimum of 7 times to retain it – repeating it 21(!) times is ideal
- Concise is better than lengthy
- Break up the information every 10-15 minutes
- Tell a personal story
- Show a video
- Have participants get up and move
- Motion is better than still
- Science says that getting your blood pumping helps increase retention
- Have participants role-play
- Ask your groups to write on a flip-chart
- Out of the ordinary is better than boring
- Strike an emotional chord with your listeners
- Use humor – everyone loves to laugh
- Challenge your learners – a little conflict can be a good thing
- Less is better than more
- The fewer PowerPoint slides you have the better
- It’s even better if those few slides have minimal text
- Use pictures, charts, and graphs – they grab and hold attention
- Questions are better than saying smart things
- As a teacher, learn to wait for an answer (as excruciating as it may be)
- If a learner gives a wrong answer, dive deeper – ask why and how they came to that conclusion
- Be genuinely curious
And, finally, finish by reviewing the main points. It never hurts to repeat the good stuff.
|Editor’s Top Choice:
Business ethics begin in the boardroom
Recent business scandals and corporate collapses have brought calls for better business ethics, more training in ethics, and further regulation. But ethics in business are intrinsically part of every business decision – they begin in the boardroom. Trust in business will not be rebuilt by more rules, regulations, or corporate governance codes, but as directors create cultures that recognize and handle ethical risk.
Recent years have seen a spate of business crises and corporate collapses around the world. The actions of key executives and the attitudes of their directors have come under the public spotlight. Fraudulent management in Australia’s HIH Insurance, corruption in Italy’s Parmalat, allegations of bribery against BAE Systems and Rolls Royce, the world-wide collapse of auditors Arthur Andersen, and the rigging of interest rates by bankers provide ready examples.
Such cases have raised concerns about business ethics, which are now widespread and serious. The media focuses on companies’ social responsibilities, relations with their stakeholders, and call for more ethical business. Regulators, commentators, and business school professors push for better corporate citizenship. Recently, green credentials and sustainability have been added to the agenda.
“Decisions at every level in a company have ethical implications – strategically in the boardroom, managerially throughout the organization, and operationally in each of its activities.”
But business ethics are not an optional exercise in corporate citizenship, they are fundamental to the governance and management of every organization. Decisions at every level in a company have ethical implications – strategically in the boardroom, managerially throughout the organization, and operationally in each of its activities. Ethics reflect behaviour in business and the behaviour of business. In business, ethics involve the recognition and management of risk. Read more
Other Featured Picks of the Week
IESE Insight writing for the Eurasia Review writes, “Ethics has gained prominence in debates around social capital creation. According to social learning theory, employees learn standards of appropriate behavior by observing the behavior of role models.
To explore these behavioral links, IESE’s Miguel A. Ariño and David Pastoriza of HEC Montreal surveyed 408 Spanish, French and Portuguese MBA students who were working while studying part-time. They were asked to rate their supervisors on ethical leadership and their firms on internal social capital.
Using structural equation modeling, the authors found that the ethical leadership of supervisors does indeed exert a significant influence on the creation of social capital in the organization, particularly in three areas.
Ethical leadership means higher willingness of employees to share. This extends not only to employees’ one-on-one relationships with their supervisors but also to their relationships with the rest of the organization…” Read more
What’s culture got to do with it?: A guide for leadersFrom Deborah Himsel of the American Management Association, “Culture is a complex and critical component of leadership. Yet many leaders underestimate its impact or fail to deal effectively with it in conjunction with growth strategies and other business initiatives. As CEO Lou Gerstner said about IBM’s culture during a period of transformation, “I came to see, in my time at IBM, that culture isn’t just one aspect of the game—it is the game.”
One of the biggest challenges for leaders charged with evolving their organizations is that the same characteristics that once made a company great can also derail key business objectives. Even when cultures need to evolve, changing them too quickly or radically can destroy the spirit of an organization. There are many fine lines leaders must walk when it comes to culture, so let’s start out by exploring how culture connects business goals to organizational norms and environments.
Culture has many definitions, but for our purposes here, let’s agree that it consists of a company’s norms and values; it manifests itself in “the way things are done around here” and includes both the formal and informal rules of the game. In most established companies of at least moderate size, certain identifiable traits cut across geographic and functional boundaries. At the same time, subcultures can exist within departments or regional offices. For instance, a marketing or accounting culture may have distinct characteristics that aren’t shared with the larger corporate culture. Similarly, the culture in a company’s Hong Kong office may be different from that of the one in Paris… Read more
You’re fired—by email?Bruce Weinstein of The Huffington Post writes, “Which of the following are ethically acceptable ways to fire an employee?
If your answer included “B,” you’re in good company. According to an interview with Fortune, George Zimmer, former CEO of The Men’s Wearhouse, was told via e-mail that his services would no longer be needed.
This isn’t a rude way to let someone go. It’s unethical. Here’s why…” Read more
Law and ethics can’t keep pace with technologyVivek Wadhwa, of MIT Technology Review: “Employers can get into legal trouble if they ask interviewees about their religion, sexual preference, or political affiliation. Yet they can use social media to filter out job applicants based on their beliefs, looks, and habits. Laws forbid lenders from discriminating on the basis of race, gender, and sexuality. Yet they can refuse to give a loan to people whose Facebook friends have bad payment histories, if their work histories on LinkedIn don’t match their bios on Facebook, or if a computer algorithm judges them to be socially undesirable.
These regulatory gaps exist because laws have not kept up with advances in technology. The gaps are getting wider as technology advances ever more rapidly. And it’s not just in employment and lending—the same is happening in every domain that technology touches.
“That is how it must be, because law is, at its best and most legitimate—in the words of Gandhi—‘codified ethics,’ says Preeta Bansal, a former general counsel in the White House. She explains that effective laws and standards of ethics are guidelines accepted by members of a society, and that these require the development of a social consensus.…” Read more
If you are not yet a subscriber to the weekly business ethics email, click here to sign up for the free news and information delivered to you weekly.
HCCA Director of Communication Margaret Dragon interviewed Nancy Gordon (firstname.lastname@example.org), HCCA Managing Editor. Nancy also oversees Corporate Compliance and Ethics Week products and information.
MD: Please tell us about Corporate Compliance & Ethics Week, when is it held, and its history.
NG: The idea for Corporate Compliance and Ethics Week grew from conversations among active members of HCCA back in 2002. They were looking to find new ways to educate employees about the compliance and ethics program and its importance. Someone suggested if they had a designated day called Compliance Day, they could have a “hook” around which several activities could be planned, which would have more impact. By coordinating with department leaders, they could do some individualized training and then hold a big compliance celebration event to reinforce the organization’s commitment to compliance and ethics. For those organizations that were much too large to do all that in a day, the concept was expanded to a Compliance Awareness Week.
Two members who had success with this idea, Gene DeLaddy and Cheryl Atkinson of the Carolinas HealthCare System, wrote about their experiences in the December 2002 issue of Compliance Today. Many compliance and ethics professionals responded by holding their own events. The HCCA Board of Directors and the SCCE Advisory Board decided they liked the idea so much they wanted to help even more members benefit from it.
They created the first National Corporate Compliance and Ethics Week, which was held May 22-28, 2005. At that time, they worked to have a resolution passed in the U.S. Senate, which would have allowed a National Corporate Compliance and Ethics Week to be officially recognized by Congress. Unfortunately, the senators who were sponsoring the resolution left office before it made its way through. But by that time, the week had taken hold among compliance and ethics professionals.
The name was shortened to Corporate Compliance and Ethics Week in following years. Then in 2009, the event was moved from the last week of May to the first full week of May, to avoid the overlap with Memorial Day that so often happened. We will celebrate the 10th annual Corporate Compliance and Ethics Week on May 4-10, 2014.
MD: What is the purpose and value of this specifically designated week for the Compliance department?
NG: As you know, employee education is one of the seven elements required for an effective compliance and ethics program. By having a designated week, compliance and ethics professionals can take the opportunity to build awareness in ways that reinforce not just specific rules and regulations, but the overall culture of compliance. It is much easier to promote compliance and ethics topics when a spotlight is already focused on Corporate Compliance and Ethics Week. Also, when employees see that the organization’s top executives and managers are supporting and taking part in the week’s celebrations, the message is clear: Compliance and ethics are a big priority.
MD: How do SCCE & HCCA support Corporate Compliance & Ethics Week?
NG: Each year we develop a new logo for the week that includes a compliance-related theme. The theme for 2014 is Compliance Makes a Difference. The logo is available free on our website.
Over the years, we have tried to facilitate the sharing of ideas that our members have used to successfully capitalize on the week. We have published many articles in Compliance Today and sponsored web conferences by our members who share what has worked for them. New this year, we have created a free “train-the-trainer” kit that can help members have a place to start their planning efforts. In it, you will find sample newsletter ideas and templates focused on compliance and ethics awareness, sample newsletter articles and e-mail blasts promoting Corporate Compliance & Ethics Week, event planning ideas and activity instructions, etc. And finally, we provide low-cost posters and promotional products to use in conjunction with Corporate Compliance and Ethics Week celebrations. These are all available in our Corporate Compliance and Ethics Week section of the website.
MD: When you communicate with those who order supplies, do they discuss the activities they are planning and how they plan to maximize the week to benefit their compliance and ethics program? If so, would you mind sharing their plans with us?
NG: We don’t really get full descriptions of their events, but sometimes they will share how they used a particular product with an activity. For instance, many people have told us they like to offer the flashlights for a “shine the spotlight on compliance” theme. And I’ve heard the sticky flags have been used for a “flag those errors” theme. And one member told me she has every official Corporate Compliance and Ethics Week poster we have issued, and she’s lined a hallway in her department with all of them in a row.
MD: Would you tell us about some of the items HCCA will have available for members to order in 2014 and how soon can they order supplies?
NG: We actually have our 2014 promotional items available now—we wanted to give members more time to plan and budget for their events. They will find a lot of new items we’ve never offered before, including all new inspirational quote posters, awareness bracelets, mini-tool sets, smart-phone stands, and table tents. Plus we have the old favorites—pens, sticky flags, flashlights, stress balls, and mugs.
MD: Is there information available about events and programs others have developed to celebrate Corporate Compliance & Ethics Week and if so, where?
NG: We have put all the tools available to help with planning Corporate Compliance and Ethics Week in one section on the website. That means past articles and web conferences, downloadable logos, and train-the-trainer kits, as well as our online store to order promotional items. You can find them at SCCE’s Corporate Compliance & Ethics Week Resources page.
MD: Thank you for taking the time to tell us about Corporate Compliance and Ethics Week.
Educating your board is imperative to your compliance role. Not only does the board protect your company, they may have personal liability by matter of their participation as directors. Not only that, it’s the board’s responsibility to oversee compliance programs, and to take (sometimes personal) responsibility for the compliance program.
The first step in educating your board of directors is to understand their role in your organization. Know that your board exists to provide value to shareholders, hire and fire your CEO, and to protect your business from its greatest risks.
As a compliance professional, you’re well-versed in your organizations biggest risks. You’ve identified them and built programs around them. You are in the best position to detail this to your board, so do that. Do as often as you can. Take any chance you can get to connect how your compliance program mitigates or—if you’re lucky—eliminates those risks.
When you get the opportunity to speak to your board keep the following in mind:
- Give them a history lesson – they simply don’t care
- Talk about obscure legal theories – they don’t care about those either
- Ignore the procedure to make it easy for them
- Try to fit everything in one session – make information bite-sized
- Make your presentation relevant and current
- Tie it to the company’s biggest risks
- Explain why your program is different & better than everyone else’s
- Have a “Top 10” list, and boil it down to the 3 things your board member’s should never do
- Make the most of your time – time on the board agenda is precious, treat it as such
Finally, and possibly most important, make your presentation personal. Everyone’s favorite word is “you.” Flat out tell them, “As a board member, in order to avoid personal liability you need to know…” It will get their attention, and keep them engaged, which is what you need.
To be most effective, Corporate Monitors have to be experts on corporate compliance and ethics programs. A recent article in the NY Times promulgated many misperceptions about Corporate Monitors, which I chose to respond to through a post on my personal blog (www.TheFraudGuy.com). Because parts of what I wrote may have some relevance to compliance and ethics professionals here, I’ve re-posted it below in its entirety for your convenience.
As an expert in the field of Corporate Monitors and a passionate advocate of Monitor reform (in the form of Standards and “best practices”), I follow news about Monitors very closely. An article recently published in the NY Times by Steven M. Davidoff (“In Corporate Monitor, a Well-Paying Job but Unknown Results”) deserves comment by a knowledgeable and experienced person from this field. Unfortunately, there are many misperceptions about Monitors that mask and hinder from constructive deliberation the real issues that should be highlighted, discussed, and considered for reform in this field.
Among the most prominent of these issues is the Monitor selection and appointment process. The misperception that has evolved is that this is a “good old boy network” where current DOJ or other government agency officials give “lucrative” contracts to former co-workers or friends.
The reality is that, since 2008/2009, the DOJ has done an effective job of preventing this from happening with Monitors and that the selection process is, as I will explain more fully later, now driven by customary and effective professional service industry business development practices. The real issues and concern lies within the Monitor selection and approval process of those outside of the DOJ, who utilize Monitors more frequently than the DOJ and are presently significantly more susceptible to nepotism and/or potential abuse.
There are no hard numbers on this, but as one who tracks it as best as I am able, I would estimate that the DOJ accounts for maybe 20% (that is on the high side) of Monitors among all the agencies that use them. The rest is spread out among other federal law and regulatory enforcement agencies (particularly in the suspension & debarment area), state & local agencies, the Courts, and non-government oversight organizations (i.e. World Bank). As is often the case, the DOJ may get the most press on the topic, but that’s only because they have the most high profile matters, not the most matters.
After the Zimmer Holdings controversy led to congressional inquiry and threatened law-making in early 2008, DOJ responded with what is commonly referred to as the “Morford Memo,” which is DOJ’s most widely known policy regarding the selection and use of corporate monitors in pre-trial diversion agreements. That policy was furthered by another, lesser publicly known and/or referenced Criminal Division memo, issued by Lanny Breuer on June 24, 2009 entitled “Selection of Monitors in Criminal Division Matters.” In both Memos, the pool of candidates for a Monitorship comes from the Company, not the DOJ.
According to several GAO reports ordered by the congressional inquiry, the DOJ was following its policy on Monitors quickly after institution. For those with interest, I have linked them here: June 2009, November 2009, and December 2009.
Here’s the reality – there is presently no indication of any political favoritism playing any role whatsoever in the selection and appointment process for Monitors in DOJ matters by the DOJ. None. To the contrary, DOJ goes to extraordinary lengths, including applying the Morford and Breuer memos more conservatively than they require, to avoid any appearance of favoritism. To this point, though each memo could be read as to permit the DOJ to take a more active role in determining the Monitor and/or pool of Monitor candidates, the DOJ does not – it instead requires the Company to propose a pool of Monitor candidates and refuses to provide any candidate names, even if asked.
There is a simple and wholly commercial reason why many Monitors come from the ranks of former federal prosecutors. It is because the white-collar defense attorneys who represent the companies needing Monitors also come mostly from the ranks of former federal prosecutors! Business development in the white-collar defense world relies on referrals – a Monitorship is simply a business referral. This is no different than if they represent a company and refer the representation of company individuals to people in their legal network whom they ordinarily make back-and-forth referrals to and believe qualified to do a good job.
In the SAC Capital Advisors matter, there is no indication whatsoever that the DOJ gave a “gift” to the proposed Monitor, Bart Schwartz, a former federal prosecutor, as Davidoff suggests. It appears that Mr. Schwartz was proposed by the company in accordance with the DOJ policies described and hyperlinked earlier. Moreover, his approval appeared to be subject to judicial approval as well, adding an additional level of scrutiny and further removing it from DOJ’s ability to “manipulate.” As it regards Mr. Schwartz, it’s not as though he is fresh out of the government and has no relevant experience in the area. To the contrary, he is a highly qualified Monitor candidate who left government service decades ago. Much like with “expert witnesses,” who need not have necessarily been so qualified previously in order to be retained in a matter, many of those proposed as Monitors have never been a Monitor before. Though this is common, unavoidable, and necessary, it also provides greater opportunity for controversy, disagreement, and discord. Mr. Schwartz is a very experienced Monitor and likely to avoid such issues and be more effective and efficient than someone lacking Monitor experience. It is perfectly reasonable to expect that companies would find such persons independent of the government and propose them as Monitor candidates.
Transparency is another issue worth exploring. If you read the Breuer Memo that I referenced and hyperlinked earlier, you will see that significant documentation should exist within and around the Monitor selection process in the DOJ’s Criminal Division. I am aware that such documentation is prepared and does exist, but I do not believe that it is something likely to be shared publicly. I’ve never filed a FOIA request, but I wouldn’t bet on getting those documents if I did so. I fully appreciate the pros and cons on this issue and would like to see the DOJ explore ways to provide greater transparency in this regard.
Outside of the DOJ, where Monitors are used more commonly and frequently, transparency is largely non-existent. Many, if not most other agencies that utilize Monitors have little or no written policy around any parts of the process, from selection through reporting. Much less do they create any documentation during that process that would provide insight into how a particular Monitor was nominated, selected, and/or approved. The same goes for the Courts (i.e. Judges).
I have noticed a “practice-shift” over the last couple of years where Federal Agencies (outside of DOJ, but perhaps following in DOJ’s footsteps) have begun refusing to provide the names (i.e. more than one – a “pool” of names) of potential Monitor candidates to organizations, even when those organizations request it, for fear of running afoul of “endorsement” prohibitions under 5 C.F.R. §2635.702. I wrote the US Office of Government Ethics earlier this year asking specifically about the application of any ethical requirements and/or guidance specific to Corporate Monitors, but as one might expect, received no response at all. I am not an attorney and may well be wrong about this, but I personally do not believe that §2635.702 applies in this context, so long as there is no “private gain” for the relevant government officials. I would like to see the Government Ethics Office examine this and provide specific guidance as to whether or not a government agency can provide a pool of names of Monitor candidates to a company, particularly when so requested by the company.
Greater transparency and policy/practice documentation is a real issue, particularly as more and more agencies are beginning to appreciate the value of and use Monitors in resolving issues.
Let’s talk fees now. I seem to always see the word “lucrative” associated with Monitorship agreements in press articles – another broad and inaccurate stereotype born out of the Zimmer Holdings controversy. Certainly some of the biggest Monitorships cost organizations a sizeable amount, but that is the nature of professional hourly work in complex matters within large organizations. One could apply the term “lucrative” as well to the fees charged by external defense counsel, subject-matter experts, forensic accountants, information technology consultants, corporate compliance & ethics consultants, e-discovery professionals, document reviewers, marketing professionals, and a whole host of others whom organization’s engage long before a Monitor ever comes into the picture.
For the SAC matter, Davidoff’s suggestion that the Monitor’s fees “will probably run in the millions, if not tens of millions, of dollars” is illogical and wholly out of touch with reality. This estimate of fees seems to be more of a sensationalistic reference to the Zimmer Holdings matter (which the article brings up later) than to what any reasonable person would expect having read the scope of the “Compliance Consultant” within the SAC Plea Agreement. Under this Agreement, SAC’s Compliance Consultant will only perform two (2) assessments and file two (2) reports, all done within six (6) months. A third assessment and report may be required, if deemed necessary by the government.
Keep in mind that SAC Capital (now Point72) is not a mammoth organization with thousands of employees all over the world facing a multitude of risk areas. To the contrary, it appears to me that SAC is now practically nothing in terms of size and will only manage the money of its owner – meaning that the Monitor’s assessments should not be very big or difficult at all, nor will they extend over a lengthy period of years, as is common to many Monitorships. SAC is hardly a traditional Monitorship and certainly not a large one likely to generate millions of dollars in fees.
Another common question relates to whether or not a Monitor actually has any impact on the organization monitored. Though I can personally fall back on my own experience as a Monitor to satisfy myself that we do, I can also look to more objective studies that support the real and positive impact of Monitors. In addition to the GAO reports I linked above, some of which address that question directly with companies that were monitored, one of the best studies that I have seen on the question is a white paper entitled “Can Corporate Monitorships Improve Corporate Compliance?” by Cristie Ford and David Hess (I would love to see them update that paper!). Short answer – Monitors can and do have an impact, though much of that impact relies on the substance and terms of the underlying Agreements, which really drive the scope, authority, purpose, and role of a Monitor.
Speaking of that, another important and greatly misunderstood issue is the role, authority, purpose, and scope of a Monitor. Davidoff writes: “He is the ostensible key to ensuring that Point72 will remain on the straight and narrow. A compliance monitor or consultant is a creation of the last decade. When a corporation accused of wrongdoing agrees to settle the charges or is sentenced to probation, it is often required to pay for a monitor to ensure that it does not break the law again. The corporate monitor is to supervise the compliance procedures of the company as well as beef them up.”
Monitors are not a creation of the last decade. While there has been an increased visible use of Monitors by the DOJ within the last ten years, Corporate Monitors go back at least two decades. Also, as previously mentioned, many people mistakenly think that Monitors are only used by the DOJ, which is just the opposite of the reality.
When a company settles a matter, a Monitor is only required around 20% to 30% of the time (even outside of DOJ), certainly not “often,” as Davidoff suggests. In fact, this percentage has declined within the DOJ since 2008, though it shows signs of increasing, particularly as standards and best practices continue to develop around the field. Also, there is a developing trend of the DOJ and other government agencies requiring what I call a “hybrid-Monitor,” which is exactly the case with SAC Capital Advisors. As best as I can tell, though the title used in these Agreements may not even contain the word “Monitor,” the DOJ continues to apply Morford and Breuer principles and process and other agencies still treat the role as they would a “Monitor.”
The purpose and role of a Monitor is largely misunderstood, leading to false and unrealistic expectations. Davidoff promulgates several scope-related misperceptions that have no basis in reality – such that Monitors are in place to ensure that a company “will remain on the straight and narrow” or that we “ensure that it (the organization) does not break the law again” or that we “supervise the compliance procedures of the company as well as beef them up.”
The purpose and role of a Monitor is to verify an organization’s timely and effective compliance with the Terms of an Agreement. An Agreement, by the way, that the Monitor had no part in devising. These Agreement Terms are most frequently associated with an organization’s remediation and improvement efforts in the areas of corporate compliance & ethics programs and internal controls, largely because §8B2.1 of the United States Sentencing Guidelines (“Effective Compliance and Ethics Program”) has made those areas the measuring stick of corporate liability. As a result, the Monitor’s assessments and scope are often heavily weighted, in accordance with the Terms of the Agreement(s), on corporate compliance and ethics programs.
Because an Agreement is exactly that, an Agreement, the parties could choose and agree to include Terms that provide the Monitor with authorities far exceeding that which I have described as a Monitor’s general purpose and role. If the parties so choose and agree, they could give the Monitor significant authority beyond merely verification and reporting, such as operational decision-making, contracting approval/disapproval, etc…. This level of authority is extraordinarily rare among all monitorships and presently non-existent among DOJ Agreements requiring a Monitor.
Absent some remarkably unusual Term(s) in an Agreement requiring it of a Monitor, a Monitor’s purpose and role is NOT to ensure that the company “will remain on the straight and narrow” or “ensure that it (the organization) does not break the law again.” Nobody can do that. Nobody expects that.
The Terms of the Agreement (not the Monitor) are responsible for ensuring, in principle, that the organization will have a compliance and ethics program that, in accordance with §8B2.1(a)(2) of the US Sentencing Guidelines, “…shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct.”
To recognize and emphasize that all fraud cannot be prevented, §8B2.1(a)(2) continues: “The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.”
The notion that a Monitor can prevent and/or uncover all fraud within an organization, is utterly absurd. It is so unconscionable that suggesting it defies all common sense.
The real scope issue lies within the Terms of the Agreement(s) underlying the Monitorship, which as noted previously, the Monitor had no part in drafting. Having been a Monitor and having read every Agreement requiring a Monitor that I can get my eyes on, it is my opinion that most of these Agreements are not constructed sufficiently so as to ensure that the monitored organizations have compliance and ethics programs that adequately comport with §8B2.1 of the US Sentencing Guidelines. While DOJ’s Agreements have improved drastically in this regard over the last few years, they still too narrowly focus on the underlying issues (i.e. bribery, false claims, insider trading, etc…) and not on the whole compliance and ethics program, which is what §8B2.1 covers.
As a result of this, while a company may significantly improve, for example, its anti-corruption compliance program component under an Agreement with the DOJ, it may utterly fail in other risk areas subject to criminal misconduct and/or abuse. In other words, DOJ risks missing the forest for the trees by too narrowly focusing on the underlying issues and not on the overall compliance and ethics program, which if designed appropriately and implemented effectively, would address all fraud and compliance risks and better prevent recidivism. Isn’t that the real spirit of what everyone wants to accomplish?
Additionally, as a compliance and ethics program expert, I feel that in these Agreements (particularly those requiring a Monitor) the DOJ and most other agencies overly focus on compliance program components and not enough on ethics and ethical tone. The title of §8B2.1 is “Effective Compliance and Ethics Program” (emphasis added) and §8B2.1(a)(2) specifically relates to ethical tone, yet rare is the instance that one of these Agreements obliges a Monitor to assess and report on an organization’s ethical tone! Ethical tone and compliance programs are symbiotic – one cannot succeed without the other – and the government does not yet seem to have come to a full appreciation of it.
Another issue alluded to in Davidoff’s article related, generally, to the concept(s) of “self-monitoring” and/or government monitoring. In self-monitoring, the company assesses its own performance against the terms of an Agreement and reports to the government. Government monitoring is where the relevant government agencies conduct the monitoring.
In my opinion, “self-monitoring” is an oxymoron and cannot be generally relied upon to ensure either effective compliance with the Terms of an Agreement or that the organization establishes a compliance and ethics program that achieves the desired end-results (“spiritual compliance”) of an Agreement. Though many might think that trust and objectivity are the primary concerns in this regard, I have found that the real problem with self-monitoring is technical competence. When an organization is left to its own to make these assessments, the in-house people assigned to make and/or review such assessments often simply lack the requisite corporate compliance and ethics industry experience and knowledge necessary, leading to a “check the box” process or attitude that can hinder effective and/or “spiritual compliance” with the Agreement. This is not to suggest that a Monitor should always be required, only that greater consideration of an organization’s technical competence needs to be incorporated into the decision matrix as to whether or not a Monitor should be utilized.
For example, when an Agreement requires that an organization conduct some type of specific compliance training of employees, the company may genuinely believe it has effectively done so simply because they offered a training session (hence, “check the box”) and therefore report successful compliance with that Term of the Agreement to the government. What I frequently find, as a Monitor and compliance consultant, is that such training was not effective – meaning that those employees at risk to a compliance issue could not reasonably recognize the relevant compliance and ethics risk(s) or apply the relevant policies within the context of their role(s) (hence my term, “spiritual compliance”).
The same lack of compliance & ethics industry technical competence exists within the ranks of relevant government agencies as well, where it is exacerbated by agency budget/resource issues, making fruitful and effective compliance monitoring by the government unrealistic, if not impossible. The agencies that have the combination of technical competence and resources are very few (i.e. HHS) and even those utilize Monitors from time to time.
Self-monitoring and/or government monitoring assumes an expertise that is presently uncommon among organizations and government agencies – the whole compliance and ethics industry itself is barely out of its infancy, though it is growing and progressing rapidly. Monitors fill this void perfectly, often playing the role of teacher and guide to both the organization and government.
I much appreciate Davidoff’s dislike that Monitor reports cannot usually be obtained. There are many who argue that Monitor reports, as a general rule, should be publicly available, albeit with appropriate redactions, primarily to protect proprietary, sensitive, and/or personal information that such reports might contain. Also, how willing organizations might be to enter into Agreements where they know a Monitor’s reports will be available to the world could have a very chilling impact on both the willingness to enter into such an Agreement and the degree to which the organization might more openly and fully work with a Monitor towards “spiritual compliance.”
Balancing the obligation for the Monitor to inform (report to) the government against the risks of such information being used or misused by outside interested parties is a very difficult task, whose consequences could easily outweigh the public interest as it concerns access to a Monitor’s reports. For a more recent general exploration of these issues, I suggest “Minding the Monitor: Disclosure of Corporate Monitor Reports to Third Parties” by Karen Green and Timothy Saunders of Wilmer Hale.
There are a myriad of important issues that still exist around Corporate Monitors that yet need to be pointed out, deliberated, and resolved. I never even touched on “independence,” which is certainly one of the big ones! As someone who is passionate about and intimately involved in the development of Standards and “best practices” for Monitors, I hope that writings such as this may bring attention to the important and real Corporate Monitor issues, allay misperceptions, and lead to a greater appreciation for Monitors – an extraordinarily effective and largely under-utilized means by which government and/or other oversight bodies can better achieve long-lasting success in resolving corporate misconduct, fraud, waste, and/or abuse.