Seven Deadly Sins for a Compliance Program

Friday, November 11, 2011

Thomas Fox

59d9b46aa00c70238bb89056cfeb96c0

In an article in the October/November issue of Society of Corporate and Compliance Ethics Magazine (SCCE), entitled “The seven biggest mistakes companies make that erode ethical culture and destroy reputation”, author Eric Feldman reviews his version of the Seven Deadly Sins for a company’s compliance and ethics program.

While noting that the “most severe consequences of corporate ethical lapses can be mitigated, even avoided, by proactive care and feeding of a corporate culture” when a compliance crisis arises it may well be “too late to put the genie back in the bottle.”

However, by following his seven prescriptions, it may well be the difference between a “bump in the road or falling into quicksand” when the government comes knocking.

1.      Putting the Code of Conduct on your Shelf

A Code of Conduct is not solely a reference tool, like a dictionary. An effective Code of Conduct is a “manifestation of a company’s core values.” In the words of Lanny Breuer, it is a living document and should be regularly updated, not sitting on the shelf for many years, without any updates. Recommendation- Demonstrate leadership and tone at the top.

2.      Ignoring your Company’s Culture

Feldman defines compliance as adherence to “laws, rules and regulations” and ethics as a guiding set of “core principles that “guide a company’s behavior”.” Put another way, does your company only “talk the talk” of ethics or more importantly does it “walk the walk” as well? Recommendation – Corporate focus on regular assessment and improvement of ethical culture.

3.      Worshiping at the Altar of Highest Grade Point Average

Interestingly, Feldman believes that companies which proudly proclaim that they hire only the “best and the brightest” may be setting themselves up for a big compliance problem. His root cause analysis, Gen X’ers and Gen Y’ers have more problems with “résumé credibility” than older workers. He notes that integrity needs to be a high basis in employee recruitment. Recommendation – Incorporate an ethics component into your hiring and interview process.

4.      Letting the Money Talk

There needs to be a clear compensation system based on reference to how an employee conducts business. This is true both for monetary compensation and promotion in the organization. Recommendation – System of sanctions for ethical violations and rewarding those who do business in an ethical manner.

5.      The Parent Trap – Do as I say, not as I do

This relates to Point 2. Your company needs to have in place a compensation and promotion system which rewards good ethics and compliance. I often use the example of the following: some Regional VP (outside the US – you pick the foreign region) is alleged to have said the following, “If I violate the Code of Conduct, I may or may not get caught; If I violate the Code of Conduct and get caught, I may or may not be disciplined; If I miss my numbers for two months, I will be fired.” If that is the reality, guess what, the Regional Vice President (VP) will make his or her numbers. Recommendation – Values based ethics training.

6.      Ethics in the Corner

Feldman writes that nothing speaks volumes louder than creating a company Chief Compliance Officer (CCO) and not giving sufficient clout within an organization to get the job done. This will certainly be true if the government comes knocking. If the CCO is not high enough up in the organization or does not have the budget to accomplish the compliance mission, employees will clearly see this and react accordingly. Recommendation – A CCO who has both the authority and the budget to get the job done.

7.      Shooting or Ignoring the Messenger

Here Feldman is referring to the employee who reports ethical misconduct and suffers retaliation. Although every company says they never retaliate, the sad truth is very different in corporate America. This leads to too many employees staying silent about “fraud and misconduct striving in their organizations.” Worse yet is when the government comes knocking and they tell the investigator, that they were afraid to report the misconduct. Recommendation – An anonymous hotline that earns employee credibility.

Feldman’s seven deadly mistakes provide an excellent framework for any company to assess  their overall compliance program from a high level. While perhaps not rising to the level of “sins”, the answers will allow the compliance practitioner to be ready to respond if the Department of Justice comes a calling.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

Cross-posted from Tom Fox Law

Possibly Related Articles:
13904
General
General Legal
Legal Policy Compliance Enterprise Security Ethics Code of Conduct
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.