Compliance and Ethics Training – How Much is Enough

In this podcast panel discussion, OCEG’s Carole Switzer moderates a discussion with ELT’s Shanti Atkins and SAI Global’s Mark Rowe to answer the question of how much is enough when it comes to compliance and ethics training. You can listen to a webcast and read a transcript (.pdf).

Ms. Atkins talks about a three layers of training. The first layer is training that is legally mandatory. One example is sexual harrassment training in some states. The second layer is training related to mandatory guidelines. You are not in violation of law for failing to do the training, but in the event of a problem the failure to have training results in elevated fines, penalties or damages. One example is the federal sentencing guidelines. The third layer is training as a best practice for the organization giving its risk profile.

Ms. Atkins sees extremes between lengthy training sessions that happens at regular intervals, but is not reactive to the company’s needs and is repetitive.  At the other extreme is companies doing the bare minimum.

Ms. Switzer tries to draw a line between generational differences in the workplace at training. Ms. Atkins de-bunks this approach. (In my prior career in Knowledge Management I also did not see generational differences in training. There is just good training and bad training. I see some generational differences in tolerance for bad training.) Mr. Rowe has found story-based training to be more effective. You need to engage them in the training and not just talk at them.

Ms. Atkins sees some problems with scoring learners and keeping track of a database of scores as employees go through the training. One is how you go about following-up and addressing sub-par performers. The second is the potential for that information to be used against the company in a lawsuit.

Handing out a code of conduct and get a signed acknowledgment that an employee read it, is not training. Mr. Rowe emphasized the need to put the information into context, into a real-life situation. He also likes the idea of setting a bar that learners need to prove they understand one topic before they move onto another topic.

Ms. Atkins emphasized the need to keep the training modular so that scenarios can be added and removed and the training can be updated.

Mr. Rowe points out that “ethics training isn’t just a list of rules; it’s guidance that should help people perform their jobs in a better way and reduce risk to the organization.”

International Standards for the Bribery of Public Officials

The Foreign Corrupt Practices Act is the U.S. standard for bribery of public officials by U.S. concerns or international concerns with a presence in the U.S. The international standard is the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions promulgated by the Organization for Economic Co-Operation and Development.

The convention sets a criminal offense for:

any person intentionally to offer, promise or give any undue pecuniary or other advantage, whether directly or through intermediaries, to a foreign public official, for that official or for a third party, in order that the official act or refrain from acting in relation to the performance of official duties, in order to obtain or retain business or other improper advantage in the conduct of international business.

A foreign public official means:

any person holding a legislative, administrative or judicial
office of a foreign country, whether appointed or elected; any person exercising a public
function for a foreign country, including for a public agency or public enterprise; and any
official or agent of a public international organisation.

A public enterprise means:

any enterprise, regardless of its legal form, over which a government, or governments, may, directly or indirectly, exercise a dominant influence. This is deemed to be the case, inter alia, when the government or governments hold the majority of the enterprise’s subscribed capital, control the majority of votes attaching to shares issued by the enterprise or can appoint a majority of the members of the enterprise’s administrative or managerial body or supervisory board.

Evaluation of the Chief Compliance Officer

thompson hine logoThompson Hine put together a paper: Evaluation of the Chief Compliance Officer:

While Rule 38a-1 under the Investment Company Act requires a Board of Directors to approve the appointment, removal and compensation of a fund’s Chief Compliance Officer (“CCO”), the rule is silent as to any requirement to annually review the performance of the CCO. However, Rule 38a-1 does require that a fund annually review the adequacy and effectiveness of its written compliance policies and procedures (“Compliance Program”), as well as the Compliance Program of each investment adviser, principal underwriter, administrator and transfer agent of the fund (“Fund Service Providers”). Because the CCO is an integral part of any Compliance Program, it is reasonable to expect a board to evaluate the effectiveness of a CCO as part of, or in connection with, the annual review of the Compliance Programs.

The following statement by the Securities and Exchange Commission (“SEC”) serves as a useful starting point for evaluating the effectiveness of a CCO:

“A fund’s chief compliance officer should be competent and knowledgeable regarding the federal securities laws and empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the fund.”

Although this is a relatively vague standard, the SEC staff has informally articulated a number of specific qualities and capabilities that it believes a CCO should possess. In addition to analyzing these qualities and capabilities, a CCO’s effectiveness can be evaluated by reviewing the duties and functions actually performed by the CCO. This review should take into consideration the size, resources and business activities of the fund complex.

An Effective Compliance Program under the U.S. Sentencing Commission Guidelines

Section 8B2.1 of the 2007 version of the United States Sentencing Commission Guidelines define and “effective compliance and ethics program” for purposes of section (f) of § 8C2.5 for the Culpability Score and section (c)(1) of §8D1.4  for Recommended Conditions of Probation – Organizations:

(a) To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation – Organizations), an organization shall—

(1) exercise due diligence to prevent and detect criminal conduct; and

(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.

(b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:

(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.

(2)    (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.

(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.

(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.

(4)   (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

(5) The organization shall take reasonable steps—

(A) to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;

(B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and

(C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

(6) The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.

(c) In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.

Some Reasons Why Compliance Programs Still Matter

Sharie A. Brown of Foley & Lardner LLP, wrote U.S. Foreign Corrupt Practices Act for the August 2008 of Compliance Week and put forth five very good reasons why your anti-corruption compliance program still matters a lot.

  1. Effective programs mitigate fines and penalties
  2. Early detection allows early company solutions
  3. Trust is valuable
  4. Good controls help keep the playing field level
  5. Ethics is forever and possible universal

Trust is Valuable

Companies want to be trusted by their customers, partners, business community, regulatory authorities, and investors, among many others. Customers and investors regularly entrust companies with their financial future and their most private and valuable personal information, as well as their environmental health and safety. To the extent that companies fail to have adequate internal controls and anticorruption policies that prevent misconduct, companies are susceptible to serious violations that breach that trust. A more trustworthy competitor could very easily become the more profitable competitor.

FCPA Review Procedure Release 81-02

FCPA Review Procedure Release 81-02 came from the Iowa Beef Packers, Inc. who wanted to send promotional samples to the Soviet Ministry of Foreign Trade, the Soviet government agency responsible for procurement of such products.

The total amount of the samples which the company intends to furnish to these officials is approximately 700 pounds of beef, with an estimated total value of less than $2,000. Individual sample packages will not exceed $250 in value. IBP estimates that prospective sales of packaged beef products to the Soviet government will be in minimum amounts of 40,000 pounds each.

The company has represented that the sample products to be presented to MVT officials are intended as items for their inspection, testing and sampling, and to make these officials aware of the quality of the company’s products. IBP also represents that the sample products are not intended for the individual use of the MVT officials, but will be provided to them in their capacity as representatives of the government agency responsible for purchasing the company’s products. Finally, the Soviet government has been informed that the company intends to furnish sample products to the MVT officials.

FCPA Opinion Procedure Release 93-01

FCPA Opinion Procedure Release 93-01 came from a company planning to enter into a joint venture partnership agreement to supply management services to a business venture owned and operated by a quasi-commercial entity, which entity is wholly owned and supervised by the government of a former Eastern bloc country.

The requestor has represented that although the joint venture partnership or another entity owned by the United States partner in the first instance will pay the foreign directors’ fees, the fees ultimately will be reimbursed by the foreign partner either from the foreign partner’s share of the net profits from the partnership or from its other funds. Moreover, the United States partner will undertake to educate the foreign directors regarding the avoidance of possible FCPA violations in the conduct of the partnership’s business.

FCPA Opinion Procedure Release 93-02

FCPA Opinion Procedure Release 93-02 came from a company which seeks to enter into a sales agreement with an entity in a foreign country. The entity is a government-owned business which holds a licence giving it the exclusive right to manufacture, sell, purchase, import, and export all defense equipment for that country’s armed forces. The law of that country requires the military to deal only through the government-owned business.

FCPA Opinion Procedure Release 94-01

FCPA Opinion Procedure Release 94-01 came from a U.S. company and a foreign citizen. The American company seeks, through its subsidiary, to enter into a contract with a foreign national. The American company’s subsidiary is engaged in the manufacturing of products for use in clinical and hospital laboratories. Its manufacturing operations are located on real property which it acquired from a company that is a state-owned enterprise (the enterprise) now being transformed into a joint stock company.

The subsidiary wishes to enter into a contract with an individual who is the general director of the enterprise. The individual is a longtime resident of the area and has experience dealing with the local authorities and public utility service providers.

The American company’s foreign attorney has advised that under the nation’s law, the individual would not be regarded as either a government employee or a public official, the foreign attorney’s opinion is not dispositive, and we have considered the foreign individual to be a “foreign official’ under the statute.