The Impact of the UK Bribery Act on U.S. Companies

Securities Docket put on another fantastic webcast on topics relevant to compliance professionals. Today’s focused on the upcoming Bribery Act in the United Kingdom. If your company has operations in the United Kingdom, you need to pay attention to this law.

The upcoming law applies to individuals and companies and outlaws bribes to public officials and private individuals. That makes it broader than the US FCPA. There is also a new corporate offense for failure to prevent bribery. Conviction can have jail sentences up to 10 years and provides for unlimited fines.

Webcast Presenters:

  • Vivian Robinson QC, general counsel to the UK’s Serious Fraud Office
  • Barry Vitou, partner in Winston & Strawn’s London office
  • Richard Kovalevsky QC, 2 Bedford Row
  • David Childers, CEO of EthicsPoint

For compliance professionals, the key will be putting “adequate procedures” in place inside the business to prevent bribery. We are still waiting for the UK government to publish guidance on that standard.  One recommendation from the panel was to look at Transparency International’s Adequate Procedures – Guidance to the UK Bribery Act 2010.

It’s not an offense if you lack “adequate procedures.” It is merely a defense to the charge against the company for violation of the Bribery Act.

You can watch a rebroadcast of the webcast and download the materials

The Dark Side of Aggressive Goal Setting in the Workplace: A Shortcut to Unethical Behavior

ordonez

EthicsPoint sponsored a webinar by Dr. Lisa Ordóñez, University of Arizona, Professor of Management and Organizations in the Eller College of Management at The University of Arizona

“Applied managerial experience and hundreds of academic research studies have catalogued the positive impacts of goal setting on performance. Challenging, specific goals compared to instructions to “do your best” have been shown to increase effort, persistence, and performance. Goal setting theory has led to consultants training managers on how to use SMART (Specific, measurable, attainable, realistic, and timely) goals in their organizations. However, as Ordóñez, Schweitzer, Galinsky, & Bazerman (2009a, 2009b) point out, goals can have systematic, negative effects and can focus attention too narrowly, increase risk taking, and lead to unethical behavior.”ethicspoint-logo

These are my notes from the webinar.

Dr. Ordóñez discussed some of the findings from her research where she found that goal-setting can lead to bad results and bad outcomes.

She started with some examples of how goal-setting ended up with bad results.

Why is hard to find a cab on rainy days in New York? The cabdrivers go home early. Their goal each day is to reach 2X their cost. They reach the goal faster on rainy days, so they go home earlier. they could have made money if they worked a full day.

General Motors focused on reaching 29% of the US Market. Executives even wore lapel pins with “29” on them. They focused on hitting the number (for example offering short term incentives) and not the long term goals of the company.

Fannie Mae was looking to expand the home ownership by low-income people. That resulted in them underwriting riskier loans.

Billable hours and ethics. If management sets utilization goals, people are more likely to pad their hours.

They ran a lab experiment in 2004 that tested people on test-taking. participants checked their own work. When the goal was to “do their best” their was less cheating than when their was a specific goal for correct answers.

She raised some questions to ask before setting goals:

  • Are the goals too specific? Narrow goals can blind people to important aspects of a problem.
  • Are the goals too challenging?
  • Who sets the goal? People are more committed to goals they help to set.
  • Is the time horizon appropriate? Short term goals can hurt long term performance.
  • How might the goals influence risk taking? Unmet goals may induce risk taking.
  • How might goals motivate unethical behavior?
  • Can the goals be tailored for individual abilities while preserving fairness?
  • How will the goals influence organizational behavior?
  • Are individual intrinsically motivated? People may not like the activity anymore when their a goal tied to the activity.
  • What type of goal is most appropriate given the ultimate objective? By focusing on the goal, employees may fail to search for better strategies.

So how do you motivate employees without goals?

You don’t. You can only link to what the employee wants to the desired performance.

Goals can be effective for direct effort, they can communicate the values of the organization and are very useful for menial tasks that simply need to be completed.

She ends with a warning:

goals warning

Thanks to EthicsPoint (my company’s hotline provider) for putting on this great webinar.

References:

Social Media and Your Compliance Program

ethicspoint-logo

Bill Piwonka, Amanda Mayhew and Rodica Buzescu from EthicsPoint gave a webinar on social media and compliance. These are my notes:

The presentation started with a user poll on the approach to social media at the attendees’ organizations:

  • 27% block all social media sites
  • 42% block a few social media sites
  • only 29% allow all social media sites

In a second question, I was surprised to see that 37% of the attendees said they were using some form of Web 2.0 in their ethics program. That seemed like a big number to me.

Bill started off with a brief discussion of his view of web 2.0 and social media. He also highlighted some of the approaches and tools used by EthicsPoint. He moved on to the need of companies to monitor their brand. It easy for customers, employees and competitors to craft your brand for you (and not in the way you want). You need to know what is being said and be prepared to respond when necessary.

On the call, 11% of the attendees did not use any social media platform, 11% used one, and 40% used 2 or three. The rest (like me) used more.

Why should compliance care about Social Media? It is here to stay. Generation Y and the Millennials grew up an learned in the world of social media. They enter business organizations and are cut off from the tools they used to learn and communicate.

Rodica took over and shared her perspective. She is new to EthicsPoint. When she started, she was cut off from her networks since they blocked Facebook, instant messaging and many other social media tools.

Amanda took over and gave her perspective as the general counsel and privacy officer at EthicsPoint. She pointed out that younger workers may not have been in the business environment long enough to realize that there are limits on what you can say outside the organization and inside the organization. EthicsPoint focuses on privacy and protection of their clients information. They have a tight policy on social media to protect that information.

Bill stepped up and pointed out that you cannot ignore social media. Even if you block access, employees can easily access them from a mobile device or home. Blocking is not an effective policy. You need to let your employees know what they can and cannot do. You need a policy. Bill used Intel’s Social Media Guidelines as an example.

Bill also pointed out that even if the company does not want to engage in social media, they need to monitor what is being said about your company in social media. You also want to make sure that someone else does not use your brand on social media platforms.

Amanda came back to emphasize a few points. It is important to make it clear what is confidential and what is not public. Another point was to be respectful, realizing that your mother, friends and boss may ready what you say. Anonymity is also a hot button for her.

What can you do? How can compliance professionals use Social Media?

Create a Facebook group for your compliance team. Allow people to see who you are and develop a relationship and trust.

Use YouTube to host and distribute training videos. Why buy expensive video hosting servers and software when YouTube will do it for free.

Best Buy uses a blog to make ethics a completely transparent dialogue.  Best Buy’s Chief Ethics Officer blogs on actual ethics and incidents at Best Buy. Of course, she does not use real names and disguises identifying information.

Use web 2.0 for professional development by joining online communities focused on ethics and compliance issues. EthicsPoint has user forums focused on its product.

In the Q&A there was a lot of discussion about how much to monitor and how much to limit. “Ignorance is not bliss.”

Another issue that came up in Q&A is who to friend on Facebook and who to make connections with on LinkedIn. In particular in the educational environment it is very tricky to friend or not friend. There is a similar dynamic in the workplace.

What about productivity? Does Facebook turn you into a slacker? Does blogging make you less useful? Bill turned this around and gave example of how he uses these tools as part of his job. (It was an impressive list.)

How do you develop your own policy? EthicsPoint started with Intel’s Social Media Guidelines as their model.  (You can also take a look at one of my models: Blogging / Social Internet Policy.)

(In the interest of disclosure some of the material was borrowed from my presentation on Social Media at the Boston EthicsPoint Regional User Forum in Boston. Bill also noted this in the presentation)

Social Media and Compliance

Here are materials from my presentation on Social Media and Compliance at the EthicsPoint Regional User Forum.

SlideDeck with Notes: Social Media and Compliance – Hosted on JD supra

Sites Shown:

Doug’s Thoughts on Compliance Guidelines

Social Media Site Shown:

Doug on the Social Media Site Shown:

EthicsPoint Regional User Forum

ethicspoint-logo

Today I am attending the EthicsPoint Regional User Forum in Natick, Massachusetts. Here is the agenda:

  • EthicsPoint Executive Overview – Bill Piwonka, EthicsPoint Senior Director of Marketing will share insight on all things EthicsPoint – including product roadmap into 2010
  • Management, Oversight, and Analytics – A panel of experts will share best practices and ideas on using EthicsPoint’s reporting and analytics to drive transparency and insight into the risks facing your organization
  • Client & Industry Benchmarking Data –  See how your organization’s reporting statistics compare to others in your industry and the entire EthicsPoint customer base
  • Social Media in Compliance – Doug Cornelius (hey that’s me!) will lead a discussion on how you can incorporate tools such as LinkedIn, Twitter, Facebook, YouTube, Delicious and others to help foster a culture of integrity and compliance. Check out Doug’s website at https://www.compliancebuilding.com
  • Incident Awareness and Intake Roundtable – Roundtable opportunity to learn how other EthicsPoint customers have encountered and solved challenges around incident awareness and intake

I assume most of the sessions will be dark, but I may have some notes. I will be sharing my presentation and resources on Social Media in Compliance in a later post.

EthicsPoint provides an anonymous complaint and tip hotline for my company.

Developing a Culture of Honesty and Integrity…its Not Easy!

RW Associates

EthicsPoint sponsored and presented a webinar from Bob Phillips of RW & Associates, Inc. on Developing a Culture of Honesty and Integrity…its Not Easy! These are my notes.

Bob started with a quote from Stephen Covey: “The leader of the future, of the next millennium, will be one who creates a culture or value system centered upon principles.”

Bob moved on to “organizational culture” and focused first on culture. “Culture is the social and political environment in which people get their work done.”  He considers the elements of the culture as

  • Common behavior patters, consistency in behavior that builds trust
  • Understood and practices consistent behaviors that supports organizational goals and objectives
  • Integrated personal and organizational beliefs and behaviors

A starting point is whether you and your leaders openly model and support honest and open interpersonal interactions that is designed to build trust. He finds the receptionist is a great barometer of an organization. Can they pass the test of what the organization is like? Another barometer is to build trust by giving employees the information they need to do their jobs.

  • Can employees be honest and direct with their opinions and ideas?
  • Can they speak up and disagree without fear of retributions?
  • Are organizational messages that may be critical to employee’s jobs communicated quickly and directly to all employees?

Inconsistent leadership creates an environment of fear and the “foxhole” mentality.

On the other side, open cultures have a direct connection between organizational vision, values, and behavior. The leader should be able to translate the values hanging on the wall or the code of conduct on their bookshelf into action. Show your employees that you are committed to them and they will be committed to you.

He attached monetary gain to have a great place to work.  If you invested in the Fortune’s Best 100 Places to Work, you would have a better return than the broader stock market. From 1998 to 2006, the average annual return achieved by the S & P 500 was 5.97%, while the Russell 3000 achieved an average of 6.34% per year. By comparison, if you had bought shares in the 1998 ‘100 Best’ and simply held on to them until end 2006, you would have achieved average annual growth of 10.65%. If you had reset your portfolio each year on publication of that year’s ‘100 Best’ list, you would have achieved 14.16% annual growth. There is a dollar value to building a great place to work.

Leaders need to show consistent behavior to build trust, show a passion for the values, demonstrate ethics, and model the honest and open behavior. That also means accountability and consequences for meeting or failing to meet the values.

The keys to success start with an open and listening leadership. The culture needs to accept multiple points of view, but be committed to one course of action. You need to engage your workforce to let them know that they are being heard.

There is also a need to reconcile personal beliefs with your organization’s belief structure. You may get an employee who works in less ethical culture. There are multiple elements to a platform of integrity. Employees need to understand how they are expected to perform their work. They need to know that the organization’s principles are in place to ensure the organization meets their business and financial goals.

Honesty starts with individuals, but it is leadership and the organization that provide the environment to make it work. But in the end, it is the individuals within the organization that must be accountable. An organization cannot have a culture of honesty and integrity if leadership does not create an environment that accepts and models open and honest communication.

See also:

FCPA Compliance & Investigative Due Diligence

ethicspoint-logo

EthicsPoint sponsored a webinar with Ellen Zimiles of Daylight Forensic and Advisory LLC, talking about FCPA Compliance & Investigative Due Diligence. This presentation is supposed to provide an overview of current FCPA trends and highlight elements to implement an effective FCPA compliance policy. These are my notes.

Ellen started off with a summary of current FCPA activity showing a surge in the number of enforcement actions underway by the DOJ and SEC on global corruption and bribery. There is also increased global coordination on corruption investigations and prosecutions. She also noted that there is a focus on individuals. In 2008, 60% of the FCPA defendants were individuals.

The first element of an effective FCPA compliance program is a risk assessment. You need to look at whether a foreign government is your customer or whether you need government intervention as part of your business operations. Obviously, there are some countries that are more prone to fraud. You also need to revisit this assessment periodically.

Next you want to establish and document your FCPA compliance policy. It needs to be clearly documented and understood at all levels in the company. The policies can vary from business unit to business unit and region to region.

You need a designated FCPA compliance officer. The person needs enough authority to make the sales and marketing people listen.

You need internal accounting controls. It is not just anti-bribery. There are also penalties for failure to properly maintain books and records, thereby disguising potential bribery. Your FCPA policy needs to reference the controls over accounting maintenance.

You need enterprise-wide training. Ellen thinks that your overseas employees are the ones more likely to get you in trouble. In part, some countries have a culture of corruption and your employees may have grown up in that culture.

Ellen recommends having a periodic independent audit. Large multi-nationals are increasingly having specialized FCPA compliance personnel.

Your FCPA compliance program should have a plan for dealing with investigations. Obviously, prevention is better than the cure. Make sure you have a good case management system, with document translations.

Ellen moved on to Investigative Due Diligence which is the proactive identification of risks not ordinarily apparent from financial or legal reviews.

a. Application of exploratory techniques developed by law enforcement agencies
b. Analyze large volumes of publiclly available information
c. Identification of red flags

See also:

Ethical Integrity Leadership – Setting the Tone From The Top

ethicspoint-logo

EthicsPoint sponsored this webinar and these are my notes. Howard Sklar, Vice President & Global Anti-Corruption Leader, American Express Company was the presenter. Howard was quick to point out that it is not just the “tone” but having the right “tone.” Also, it not be just the tone “at” the top, but that it be the tone “from” the top.

Howard started off with trying to define “tone at the top.” Many people just default to the Justice Potter Stewart’s take on pornography: “We know it when we see it.” Howard likes the ACFE definition:

An organization’s leadership creates the tone at the top – an ethical (or unethical) atmosphere in the workplace. Management’s tone has a trickle-down effect on employees. If top managers uphold ethics and integrity so will employees. But if upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will be more prone to commit fraud and feel that ethical conduct isn’t a priority. In short, employees will follow the examples of their bosses.

Howard offered up his working definition for the presentation:

Tone at the top is a visible willingness by senior management to let values drive decisions to prioritize those values above other factors – including financial results and to expect all others in the organization to do the same.

Howard pointed out that the first recommendation of the Treadway Commission was the importance of setting the tone at the top.

But who is the top? The Audit Committee, CEO, Board of Directors, vice presidents, . . .? They are clearly at the top of the organization. But in this context you need to be thinking about all leaders throughout the organization. Front-line employees are most influenced by their immediate manager.

Repetition is important. Leaders and employees throughout the organization need to hear the message and hear it consistently. It is important for leaders to talk about the values of the company and to live up to those values. You can not have a message of “win at any cost” and you can no longer operate as a company with the value of  “win at any cost.”

Howard says there is no such thing as “compliance training.” It is all business training. You sell the product in the right way. You need one message. It is also important to integrate personal stories into explaining the values of the company.

Compensation is an incredibly important part of the message. If your salary or bonus is not affected by compliance. [For an example of misaligned pay structure look at Countrywide in originating sub-prime mortgage loans: Did Compliance Programs Fail During the Financial Industry Meltdown?]

The example of an opposite message is a company ingraining earnings targets in employee. Employees should not be told that earning targets are the most important part of the company. Short term thinking is short term thinking, and values are long term.

Compliance can set the goals, but they are part of the business goals not a separate set of compliance goals.

An important measurement for compliance is whether an employee feels comfortable reporting misconduct.

Howard recommends that a compliance officer become a stop in the exit interview process. Departing interviews can offer some insights and discuss problems that they may have been unwilling to report when they were an employee.

Howard says you should make sure that compliance and the compliance officers are on the company’s organization chart.

Some of Howard’s other best practices:

  • Make compliance part of hiring. Check references.
  • Make compliance part of the non-monetary reward and recognition process. Recognize employees who do the right thing.
  • Trumpet your failures as well as your successes.

See:

Is Your Organization Adequately Prepared to Fight Today’s Workplace Fraud?

EthicsPoint published this webinar focusing on proper and efficient investigations.

The presenter was Meric Craig Bloch, VP Compliance and Corporate Investigations of Adecco Group North America.

Meric predicted more fraud coming into the workplace as part of this down economy. Managers are focused on making their numbers and it is harder to do.

Profile of a fraudster:

  • Likely acts alone
  • Likely a male over 40
  • Has worked at the company for a number of years
  • Some college (and probably more) education
  • no criminal record
  • no history of job discipline

It is obvious from this that fraud risk is less on the person and more on the internal situation and pressures. The fraud triangle is a combination of:

  • opportunity – compliance programs are in place to remove opportunities
  • rationalization – when dissonance happens and gets justified as not stealing (for instance –  entitlement, revenge, minimal damage, everyone else is doing it)
  • pressure – how and when fraud happens when the pressure to commit fraud is greater than the pressure to not

In this down economy the pressure is increased. So we need to remove the opportunities.

What is the ideal opportunity for a fraudster:

  • weak internal controls or ability to override
  • Pressure to be dishonest
  • perceived reward is relatively high
  • perception of detection is low
  • potential penalty is low

What is the best way to respond

  • good internal controls
  • raise the perception of detection
  • manage pressures and incentives (this includes treated employees during layoffs and not setting difficult targets)
  • focus on identified risks
  • zero tolerance for fraud

Meric calls for doing a fraud risk assessment. Learn about the potential fraud risks inside your company and the impact on the external view of your company. You need to determine your own tolerance for fraud risk. You need assess both the likelihood and impact of the fraud. Then you can evaluate your internal controls to see if they are designed effectively and are they operating effectively. Then you need to address the residual risks that are not mitigated by existing controls or anti-fraud programs.

Meric points out that you need to take steps to detect fraud. One tool is a whistleblower hotline. But hotlines are passive. You need someone sufficiently motivated to pickup the phone and make the call. You should make fraud reporting a mandatory requirement.

Fraud generally continues until detected. Half of fraud schemes are discovered by accident.

Fraud allegations can come from many sources, so you should have a consistent protocol for investigating fraud. Your organization should have a best practice for investigations. You need to make sure the investigations are run consistently and are well-documented.

The investigator is not the police. As the investigator you need to think about the business needs. Your investigation should lead to process improvements and better internal controls.

One of the questions was how to prove ROI. Of course, compliance is all about preventing fraud and loss. So it is hard to show savings for events that did not happen.

Best Practice Advice for Improving Employee Awareness of Your GRC Program

This post gathers my notes from a webinar entitled Best Practice Advice for Improving Employee Awareness of Your GRC Program which was presented by EthicsPoint.

Barbara Upton-Garvin from the Boys & Girls Club of Greater Kansas City started off with a discussion of their awareness programs. They highlighted their ethics policies and their whistleblower’s policy.

Francine Obregon of Eisai handed out schwag with the whistleblower hotline information. The awareness program was in part designed to advise the employees know that the hotline is part of a larger compliance program. They had recently changed the principles of corporate conduct. She thought it was important to let peopel know that the person answering the hotline would not be answering the questions. The hotline was merely an anonymous conduit.

Barry Elmore from the Majestic Star Casino wanted a program to educate their employees and marketing of the reporting process. They have a broad range of education and knowledge for their employees. They found that the education process was over the heads of many front line employees so they stuck to the basics. They also educated their vendors as part of the program. They conduct new hire training and annual training. They also advertise the hotline in employee break areas and employee newsletters. They sent a copy of the code of conduct to each vendor. Some of his challenges include the 24 hour operations of the business, lots of turnover and confusion between HR issues and code of conduct violations.

Francine pointed out that Eisai focused on branding issues so that all of the compliance materials and schwag all had a similar look and feel.

Barry emphasized that you cannot be boring in delivering the message and training. The examples need to be on the “lighter side.”

Julie Rivera of Red Robin put up posters and handed out wallet cards. “Honest ro Goodness. It’s not just about gourmet burgers. It’s about treating people respectfully.” Red Robin started out with a top-down approach of getting buy-in from corporate in its push out to the individual restaurants. There was some confusion between the open-door policy and hotline. They do get a fair number of low level HR issues on the hotline.

The panel had some trouble answering a question about the effectiveness of the awareness program. Barry and Barbara both see an increase in the number of reports shortly after a training session.