|Why Managers Share the Responsibility for Poor Employee Performance
|Cancel Meetings and Keep Doughnuts? Corporate Culture Counts
Guy Kawasaki was the Chief Evangelist for Apple and a part of the team that helped give birth to the Macintosh. Since then he’s been something of a technology guru. He’s also a genius, although he doesn’t know it, in providing insight to compliance and ethics professionals.
I heard him speak at the Email Evolution Conference on the topic of creating enchanting email. He thought he was speaking to a bunch of email marketers. But his words were highly valuable for ethics and compliance officers.
While we don’t tend to think that way, compliance professionals, like email marketers (including the HCCA and SCCE) are in the persuasion business. Compliance’s job is to persuade the organization to do the lawful and ethical thing. We build systems and controls, but when the critical decision is made whether or not to collude with a competitor or pay a bribe, we have to hope that our previous messages were persuasive enough to stop the wrongdoing from occurring.
Here are some of the more intriguing points he made put into a compliance context:
- Agree on Something. Once people find a common ground, there’s the opportunity to create trust and a stronger relationship. So even if you have a message that the business people won’t like, think about including information that everyone has in common. Start, perhaps, with the organization’s core values and put the message into that context. Talk about a business goal and managing the risks. Find something you can agree on, and it makes you and your message more compelling.
- Use salient points. Kawasaki points out that the side of a bag of potato chips lists the number of calories. We understand that more is worse, but it’s still a little abstract. Now imagine if they listed the number of miles you would have to run to work off that bag of chips? Most people would eat a lot less chips. Same thing with compliance. Saying something could result in a fine of $x is meaningful, but it may be more salient to put the fine as the number of quarters of lost profits.
- Present well. We’re getting used to increasingly customized marketing. More mass emails are personalized. Shop on a website for a new printer, and everywhere on the web you start seeing ads for printers. Customization can be incredibly powerful, especially when it starts the conversation. So even if you’re delivering the same in-person training to 50 groups in your organization, always start by recognizing that group specifically so that they know the message is for them. Even in your email, something as simple as a slight customization of the email by location or department may help the reader say, “This message is aimed at me, I better pay attention.”
In sum, remember that compliance is about following the law. But to get people to do that, you first need to persuade them.
Rebecca Walker (email@example.com) is a Partner at the law firm of Kaplan & Walker LLP, in Santa Monica, CA and Princeton, NJ.
Embedding compliance and ethics (C&E) programs “in the business” has always been one of the bigger challenges facing C&E programs and C&E professionals. Although the Compliance profession has long debated the appropriate positioning of the chief ethics and compliance officer (CECO), regardless of to whom the CECO reports, the position is typically a corporate function, housed at headquarters. It is a perennial challenge to make compliance an everyday part of the business, in part in light of the central positioning of the function and the fact that the function is typically very leanly staffed.
Some organizations have had success in extending the reach of their C&E programs through the use of C&E liaisons (CELs). CELs can also help localize C&E programs and can provide useful input to the C&E office regarding how the program is working “on the ground.” A survey by the Corporate Executive Board in late 2012 found that 54% of responding companies use CELs, so this is an increasingly common practice. However, for many of those organizations that have created CEL positions, there continues to be room for learning what works best in this area. And many organizations are still considering whether to implement a CEL network, and, if so, how to structure it.
In attempting to create or enhance a CEL network, it is important to ensure that CEL responsibilities are adequately articulated; that CELs have adequate time, resources and accountability to perform their CEL responsibilities; and that the CEL structure has the appropriate level of support from senior leadership, in particular of those functions that CELs are part of. As part of the ongoing conversation regarding important characteristics of CEL networks and how best to structure them, what follows is an exploration of various aspects, including (1) common organizational structures; (2) who typically serves as CELs; (3) the amount of time CELs typically spend on C&E duties; (4) common CEL responsibilities; and (5) CEL training.
Depending on the size and diversity of the particular organization, CEL networks may be organized by business unit, by geography, or by business unit and geography. CEL networks are often structured along the same lines as other functions at an organization, such as the legal and HR functions. This is logical both because it can help align CEL networks with company structure and culture, and because CELs are often drafted from these other functions.
With respect to geographical organization, CELs may be appointed for each country of operation or for geographic regions (e.g., Asia, Middle East/Africa, Western Europe, Eastern Europe), typically corresponding to the way in which the organization is geographically organized for business purposes. Because one of the primary purposes of a CEL network is to create “local” representation for the C&E program, CELs are typically physically located in the region or country that they serve.
Who serves as CELs?
Because C&E is often a very leanly-staffed function, CELs are often also members of other compliance-related functions, such as Legal, HR, Internal Audit or Finance. Such positions are natural candidates for CELs, because their existing job responsibilities typically include CEL-type duties, such as training, audits, and conducting investigations. However, some organizations appoint CELs from operations. When organizations appoint CELs from operations or the business, they tend to be high-potential employees who are appointed as CELs for a fixed (e.g., two-year) term in order to allow the individual to “rotate” through a C&E position. This can be a helpful way to create greater C&E traction in the business more generally.
Several considerations are important to determining who at an organization should serve as CELs. First, CELs obviously need to have an adequate amount of time and resources to satisfy their CEL responsibilities. If members of the business simply would not have the ability to spend time focusing on CEL responsibilities, it likely makes sense to look elsewhere to fill these positions. Second, CELs need an appropriate level of independence and authority to be able to perform their job responsibilities. For example, if CELs will be responsible for conducting investigations, they need to have access to documents and witnesses without intervention, and to make determinations free of any inappropriate influences. The same requirements hold for conducting C&E audits and assessments.
Another important factor in determining the identity of CELs is the position of the potential CEL within the business unit that he/she will serve. Just as the appropriate positioning of the CECO is critically important to the ability of that position to function effectively, a CEL needs to be positioned appropriately in order to be effective. Ideally, the CEL will have readily-available access to both the head of the business unit that he/she serves and to the CECO.
Full- or part-time CELs typically serve in their C&E roles on a part-time basis. In a benchmarking survey of a dozen organizations with CEL networks (conducted by Kaplan & Walker LLP last year), the majority of participating organizations reported that part-time CELs spend between 15% and 20% of their time on CEL responsibilities, although some organizations reported that part-time CELs spend as much as 60% of their time on compliance. In addition, depending on the size and level of complexity of the particular business, some organizations have some full-time CELs, instead of or in addition to part-time CELs.
In the Kaplan & Walker benchmarking study, one of the factors that respondents denoted as most challenging in implementing an effective CEL network is ensuring that CELs have the time necessary to perform their CEL responsibilities. Obviously, the amount of time required of CELs will vary with their responsibilities, but, because this is often a “second job” for CELs, it is critically important that organizations proactively ensure that CELs have the time necessary to satisfy their CEL responsibilities.
For most organizations, CELs report directly to their functions (e.g., Legal, HR) or the business, with a dotted-line reporting relationship to the C&E office. For some organizations, this means that the C&E office has no input into a CEL’s performance evaluation. Because CEL responsibilities are often a second job, when the CEL’s responsibilities do not configure in a CEL’s performance evaluations, there is an obvious negative impact on effectiveness. Many organizations have long experienced this same phenomenon when using non-C&E functions to perform C&E investigations. When C&E is not able to provide feedback regarding the performance of investigations, it can result in the investigations’ not being given priority in time or quality.
However, at some organizations, the CECO or the enterprise-wide C&E committee does provide input into the CELs’ performance evaluations, and at other organizations, the local C&E officer (as opposed to the enterprise-wide CECO) or local C&E committee provides input. At one organization that participated in Kaplan & Walker’s benchmarking survey, the local C&E committees (of which the CELs are the members) have a dotted line to the enterprise-wide C&E Committee, and are required to produce the minutes of their meetings to that committee, but the CELs do not have any individual reporting obligations to the C&E Office. However it is achieved, it is important to create some level of accountability for CELs with respect to their performance of C&E responsibilities.
Duties and responsibilities
To help ensure effectiveness, CELs should be provided with clearly articulated, documented responsibilities for their C&E roles. Based on the benchmarking survey referenced above, CEL responsibilities typically include some or all of the following:
- Assisting in and contributing to the risk assessment process;
- Advising on the creation and distribution of the code of conduct, company policies, training, and communications;
- Providing training and communications to employees;
- Tracking employee C&E training and certifications;
- Serving as a resource to address business conduct questions within their area of responsibility;
- Determining conflicts of interest and/or gifts and entertainment pre-approval or waiver decisions;
- Receiving allegations of violations of the code of conduct and other allegations of non-compliance;
- Escalating allegations to the enterprise C&E office as appropriate;
- Conducting and/or overseeing C&E investigations, including tracking completion;
- Determining or advising on disciplinary decisions when violations are determined to have occurred; and
- Reviewing the effectiveness of the C&E program within their area of responsibility and suggesting modifications and improvements to the program.
With respect to tasks such as assisting in and contributing to the risk assessment process, CELs obviously need to be guided in their contributions. C&E offices should prepare and provide explicit instructions to CELs to ensure effective contributions to such projects. Some organizations have created websites that contain a variety of resources for use by CELs, such as sample communications, guidelines on conducting investigations, FAQs regarding company policies, etc.
Training and practice sharing
Many organizations train CELs upon initial appointment. Training may be conducted via teleconference, videoconference, or face to face. Some organizations host annual CEL training conferences, where CELs gather in person for a day or up to several days to learn and share practices. In addition, some organizations host periodic (e.g., quarterly) video or teleconferences for CEL training, practice sharing, and question and answer sessions. At some organizations, a member of the C&E department makes periodic visits to the CELs to assist them in their responsibilities and provide them with ongoing training. Some organizations also encourage CELs to become active in the C&E community and attend C&E conferences. And, as noted above, many organizations also provide CELs with materials that guide them in their roles.
CELs can serve an important role in extending the reach of a C&E program to an organization’s different geographies and businesses. The C&E profession continues to advance our understanding of how to structure a CEL network effectively, but if CELs are provided with clear and detailed responsibilities as well as the resources, authority, and independence required to conduct their duties effectively, CELs can add a tremendous amount of value to C&E programs.
 Abbott Martin: “Four Traits of Leading Compliance and Ethics Programs.” March 5, 2013. CEB Blogs. Available at http://www.executiveboard.com/blogs/four-traits-of-leading-compliance-and-ethics-departments/.
by Peter Crosa
I’ve met many a vendor who has a story about buyers on the take. The topic comes up in almost all of my workshops and no ethics & compliance program would be complete without addressing the matter.
To be sure, embezzlement in industry doesn’t start with buyers. I once investigated a loss on behalf of a major corporation who insured the fidelity of the Board of Directors of a hybrid Miami health insurer. The hybrid group specialized in selling health insurance plans to small businesses at incredibly low rates. Unfortunately, one or some or all of the board members absconded with the $75 Million in premium they’d collected. One of the men, I later determined, was a Colombian logistics entrepreneur (think about it) whose nephew drove a Maserati to his exclusive Coconut Grove private prep school. When policyholder employees started submitting medical claims there were no funds available for the payment of claims.
I remember investigating a vendor who furnished a “VIP buyer lounge” in a special room above his warehouse. There were desks set-up for buyers to do their paper work, refrigerators loaded with snacks and adult beverages. Buyers were invited to come in any day of the week and encouraged to bring their files to work in privacy, away from the bustle of their office, ringing phones, and other distractions in order to get some paper work done. Of course, this was the vendor’s attempt to get a foot in the door on the next major purchase.
I remember listening to an interview of a senior buyer. He was recounting how someone he knew (I’m sure he was describing himself) was at a law firm Christmas party and walked in to use the men’s room. One of the attorney hosts walked in and stood at the adjacent urinal, pulled an envelope from his coat pocket and handed the buyer an envelope with eleven one hundred dollar bills. Three thoughts struck me. First, why eleven $100.00 bills? Why not ten or fifteen or twenty? Second, why at the urinal? Don’t even speak to me if I’m standing at a urinal. Third, I thought, wow attorneys do this too? So much for my naïve perception of attorneys being the pillars of our society.
Those events are generally a thing of the past. Today you’ll occasionally read headlines in the trade papers about a bailee who tipped off looters to a high value shipment or buyers who created phantom vendors, wrote checks in payment of merchandise, and converted the checks to cash for their own private use. In today’s environment of electronic paper trails, audits, and other covert detection methods, that method of embezzlement is INSANITY. But, admittedly it happens. And, almost always, investigators will develop a perpetrator with a tragic flaw such as a cocaine habit gone awry, a mistress, or a G-String Diva. No offense to strippers but I’ve investigated dozens of cases of embezzlement and there’s almost always a stripper driving the crime.
One more story involving a fairly big ticket item. A vendor financed a $40,000.00 addition to a buyer’s home; free of charge. The justification, according to the vendor, was “that buyer gave us over a million dollars in business last year.” Of course, upon further inquiry I learned that after the addition was built, the buyer was so nervous about continuing work with that vendor that the flow of business ceased. The moral of the story is: if you want to kill the goose that lays golden eggs, build an addition onto his house.
Now fast forward to 2011. Earlier this year I was speaking with a jewelry vendor about his efforts to increase his market share of business to retail buyers. At some point he tossed into the conversation a comment that stopped me in my tracks. The dialogue was something like this:
Vendor: Of course I know you’ve got to be ready to pay off the buyer.
PJC: Well, that was a thing of the past and doesn’t really happen anymore. It’s unlikely a buyer is going to hit you up for cash.
Before I could finish the “sh” in cash, he said “Oh no it does happen. We just lost an account because the buyers were pressuring us for cash kick-backs.”
I told him that it was dangerous to even do business with buyers who were so blatant about demanding cash for business and that there are other ways to influence buyers (while helping them stay on the high ground). Incidentally, I’m not outraged by a vendor thinking he has to pay off a buyer. After all, we do engage in promo and entertainment expense and to an enterprising vendor, there may be little difference in taking a client to dinner or giving him the equivalent cash or a gift certificate. But to the corporate entity, and generally speaking, society, there is a difference. The money to influence buyers can be directly linked to increased costs to their employer and ultimately, to the end consumer.
The bottom line here is that, whereas I hadn’t personally heard of any such activity for several years, I’m hearing it again and more often. Is it possible the economic crisis of recent times is having an effect on the supply chain throughout industries, industries that normally safeguard their integrity and reputation with the utmost care? This could mean we’re in a treacherous environment.
So, here’s some advice. Ethics & compliance operatives must insist on frequent review and adherence to established policies on vendor/buyer relationships. Frankly, it would not break my heart to see very rigid “zero tolerance” rules on vendor promo & entertainment. The following admonition is applicable to both buyer and vendor: If a vendor/ buyer pressures you or tries inappropriate influence, that person is a loose cannon and will eventually slip up and sabotage themselves just before throwing you under the bus.
Second, vendors may think that influencing buyers is a necessary reality in order to be competitive. Ethics & compliance operatives should be aware that inappropriate vendor influence is not always blatant and easy to spot. Here are some examples of promo & entertainment that may be overlooked by corporate ethics & compliance folks:
- Sponsoring a little league or softball sports team or other charitable cause
- Lunch or dinner
- Drinks, a vendor may rationalize, “how many times have I bought strangers a drink (and who cares),”
- A birthday or holiday card and gift to the buyer’s home
- Sports or concert tickets
- A complimentary visit to the vendor’s vacation home
Corporations that staff a “buyer or acquisitions” department need to be cautious about their rules and how compliance is verified and enforced. Compliance alone is not the end all. Ethics and Compliance must be promoted on a personal level. All ethics is personal. It stands with one person and can fall with one person.
Peter Crosa is a philosophizing private detective out of Tampa Bay, FL. He can be reached at firstname.lastname@example.org.
|Okay to Cheat at Home but Not Okay to Cheat on the Field?
There is a difference between education and training, although they are related. Education provides the knowledge of an area, whereas training provides the skills to apply it. Both are necessary and often go hand in hand. Regardless of what we call it, there are times many of us feel overwhelmed by all the compliance assignments, let alone other training assignments. So is it all really necessary, who decides, and how?
Contemplate how you would feel if you learned that the organization you were doing business with did not require their workforce to complete training, perhaps even training required to convey knowledge of current requirements that had to be maintained? What if that company provided you with the general contractor that oversaw the construction of your home? Would you worry about the quality of work or your safety? What would your response be as a customer?
Many of us maintain licenses or credentials, and with that comes the expectation for us to complete a certain amount of continuing education credits (CEUs) within a period of time. The reason behind that is to ensure we remain knowledgeable about our areas of expertise and to protect those we serve in our professional capacity. The consequence for not completing the correct number of CEUs on time is that we lose our license or credentials. When something is important, it typically has requirements that have to be met and consequences when they are not met. It’s no different with compliance training. Many organizations have chosen to tie completion of compliance training to employee performance evaluations, because it’s that important.
Compliance training is an element defined by the Federal Sentencing Guidelines (FSG) for Effective Compliance and Ethics Programs. Organizations are sometimes evaluated against these standards to determine whether or not they have an effective compliance program. Each element, including compliance training, has culpability scores that define how well or how poorly an organization met criteria. The FSG states in Section (4) (A) & (B): “The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subparagraph (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.”
If an enforcement agency were to evaluate the effectiveness of your organization’s compliance training program, they would assess the percentage of workforce participation and completion of compliance training. This is why compliance training is often tied to workforce members’ performance; it’s intended to incentivize completion of training. What percentage of participation do you think would be deemed an effective training program by an enforcement agency?
Organizations develop training because they value their workforce and recognize the benefits. A great deal of time and effort goes into identifying, developing, and disseminating education and training to ensure the workforce remains aware of the organization’s requirements that have to be met. Some industries are more regulated than others, and thus require more training. Most organizations develop education and training that is role based and for new and existing workforce. Sometimes training may be assigned to address compliance findings. Compliance training helps us be more successful in our roles, because we are able to provide higher quality services in alignment with standards, and this assists our organization in fulfilling its mission. Essentially, everyone benefits from completing compliance training.
Meaningful Change Takes Time & Dedicated Effort
Recently I was reading an article about the Minneapolis School District and how difficult it has been for the school board to implement change. They had a small graphic accompanying the article. That graphic got me thinking. Although the challenges this particular school district is facing are unique (at least to school districts), their struggle is universal. Simplified, the struggle is change.
It’s an old adage that change is inevitable, and it’s true. Whether in your persona life, or in your organization, change is going to happen. Below is a chart that shows what I’m calling the 8 Stages of Organizational Acceptance.
Stage 1 is simple; it’s the old way of doing things, the status quo. Everyone is comfortable and there is predictability.
Stage 2 is when an organization realizes there is an issue and that it needs to be addressed. Often this stage is the result of a problem being brought to the attention of management. The severity of the problem may determine the degree of urgency in addressing it. If you have investigators or regulators breathing down your neck, you’re likely to seek more urgent change.
Stage 3 is resistance. Resistance can stem from any level of an organization—top to bottom. People like routine and predictability. As soon those things are disrupted, there will be resistance, regardless of what the change actually is or the reasoning behind it.
Stage 4 is a period of disruption. As with all organizational change (from implementing a new code of conduct to switching from Pepsi to Coke in the vending machines), there is going to be a period where things are out of whack. People may not understand what is expected of them, or may be unclear as to how their roles are changing. This is the time when everyone is breaking old habits, and learning new ones. Things may get a little messy during this transition.
Stage 5 is the turning point for those affected by the change. This stage is searching. At this point, everyone is starting to become more comfortable with the new way of doing things. Now is when individuals will begin to search internally as to how they fit into that change.
Stage 6 is the lightbulb moment. At Stage 6, a new understanding has been gained. Everyone has accepted that the change has occurred, and realizes the role they play within it.
Stage 7 is internalizing. Here, everyone has—whether consciously or not—made the “new” way of doing things simply the way of doing things. New habits have been formed, and a greater understanding of why the change was implemented has been reached.
Stage 8 is the final stage. At this point, the change has been accepted and become engrained at an organizational level. It’s where you can see the lasting effects of the change, and the sustainable results.
Examining ethics and compliance issues in business since 1987
|Integrity is free
Elizabeth Doty, writing for Strategy + Business:
From Dianna Booher of Fast Company:
But your communication can stall your progress as a leader. Read more
Elad Gil of Elad Blog:
From Lisa Holton of Inc.:
From Deloitte Insights in The Wall Street Journal Risk & Compliance Journal:
Managing risk within a global organization includes identifying new and emerging threats and expanding the reach of its ethics and compliance programs despite still challenging economic conditions. Read more
The most interesting business ethics, culture and leadership articles delivered right to your email every week! Browse selected articles for inspiration, tips and great ideas on how to implement and maintain a healthy business culture. Stay on top of new insights, how-tos, and interviews from around the world—all from the comfort of your desk. Subscribe now.
Ethikos is a publication of the Society of Corporate Compliance and Ethics
by Donna Boehme
Years ago when I was still in-house, I was having a drink with The Oracle (who’s 99.99% right about everything) and I told him I was thinking of lobbying for a “compliance committee” in my company. Instead of his usual encouragement, to my surprise, he responded with a scowl and a bark: “I hate compliance committees.” Oh.
I know now what he meant. To paraphrase a comment from a recent RAND symposium[i] on hot compliance issues of the day: “There are good [compliance] committees and there are bad [compliance] committees, and there are a lot more of the latter than the former.”
In a perfect world, a compliance committee (at the peer level of the CCO, not to be confused with the Board Compliance Committee, which has an important function of its own), can run like a well-oiled machine, a source of real-world grounding, peer input, access to resources, information-sharing, and critical support to the compliance program and the chief compliance officer (CCO) who leads it. But how many of us live in perfect worlds?
More often than not, a committee that is conceived with all best intention evolves into something much less than ideal: (a) a team of micromanagers that routinely substitutes its judgment for that of the CCO; (b) a source of unnecessary red tape and “make-work” for the compliance function; or even worse, (c) a filter between the CCO and the governing body.
In a recent interview, a CEO of a large consumer products company boasted of “compliance by committee” and that he, the CEO, was the chief compliance officer. Sorry, but in my book any CEO who believes himself the chief compliance officer of his company doesn’t really understand the job. A dedicated, experienced, empowered CCO is every bit as critical to the success of a large multinational as a general counsel or internal auditor, neither of which I have ever heard a CEO claim to be. But I digress.
Three rules for building an effective compliance committee:
1. The compliance committee should have a clear, written charter that sets out the functionality, goals, and parameters of the group, along the lines discussed above.
2. The CCO should chair a committee of her peers—senior level officers in a position to make decisions and marshal resources.
3. The compliance committee should be periodically reviewed for effectiveness and adjusted as necessary to meet the stated goals of the charter.
Yes, every compliance committee structure should be fit-for-purpose. But the guiding principles of a committee that helps and doesn’t hurt the overall compliance program are universal. And if you are fighting this battle, remind your stakeholders of that old maxim: “A camel is a horse designed by committee.” Because in the race of compliance champions, you want your program to be a winning racehorse, and not a camel.
[i] 2013 RAND Corporation Symposium: Culture, Compliance and the C-Suite. May 2, 2013 Washington DC
Donna Boehme (dboehme @ compliancestrategists.com) is Principal of Compliance Strategists LLC and former Chief Compliance and Ethics Officer for two leading multinationals. Follow Donna on Twitter @ DonnaCBoehme.