November 9, 2010

Dodd-Frank Section 922

The governance, risk and compliance (GRC) industry has worked hard over the past six years to help corporate America implement effective ethics and compliance programs. GRC procedures have become part of the viable business processes that drive decision making at the highest level of most public corporations.

In response to the most recent financial meltdown, the US Government introduced the Dodd-Frank Act. The critical task for the Dodd-Frank Act is to address the increasing propensity of the financial sector to put the entire system at risk to eventually be bailed out at taxpayer expense. In doing so, it attempts to: identify and regulate systemic risk, propose an end to too-big-to-fail, expand the responsibility and authority of the Federal Reserve, restrict discretionary regulatory interventions, reinstate a limited form of Glass-Steagall (the Volcker Rule) and regulate the transparency of derivatives. As part of the identification and regulation of systematic risk, the Act's Section 922 attempts to protect, encourage and incent whistleblowers to come forward, a tactic that could have decreased the risk of the impending meltdown had whistleblower claims been adequately explored in the years previous.

Dodd-Frank section 922 mandates the establishment of a government-sponsored program to pay awards of up to 30 percent to eligible whistleblowers who voluntarily provide original information about potential securities law violations that lead to sanctions of $1 million or more. While solidifying the value of corporate whistleblowers is certainly important, the requirement potentially undermines the value of internal ethics & compliance departments. This process will create profitable association with the voicing of ethical violations and therefore competition for this vital information. The question then becomes, “How is an internal department expected to keep pace with the promise of millions of dollars in reward money from the SEC?”

As a tax payer, investor, business leader and responsible corporate citizen, I fully appreciate the need for the regulatory environment to evolve in order to protect the stakeholders. Financial fraud has run amok and no one wants a continuation of the current economic turmoil due to deceit performed by the few, but impacting the many. Whistleblower provisions should help protect those bringing misconduct or neglect to light, but provisions under Section 922 tacitly bypass companies who are working diligently to preserve open channels to report wrongdoing internally and create competition to externally report without the careful exploration and care that would be provided by the company itself.

If this appears to be a plea to decrease the avenues open to whistleblowers, consider this: all public entities are under consent decree to report any allegations of wrongdoing, so the corporation is legally bound to be the first reporter of accusations of ethics & compliance violations to the Federal Government already. However, accusations made by whistleblowers under Section 922 are public record, meaning that every complaint lodged with the SEC is publicly available when it’s filed, whether valid or not.

Not only does Dodd-Frank create a competition between the internal compliance department and the whistleblowers to be the "original" reporter of the violation to the SEC (another existing regulatory requirement), but this information also allows Wall Street to react to reported violations without the benefit of due process. Historically the number of whistle blowing complaints that are maliciously filed have been very low. Internal ethics and compliance departments investigate all allegations, and report wrongdoing when they move beyond the allegation phase to a valid complaint. Hard working compliance and legal officers diligently protect their companies and officers from these reports from achieving their intentional harm.

Remember, under Dodd-Frank whistleblowers are under no obligation to report to the ethics and compliance departments before taking their complaints to the SEC. Wall Street has never reacted well to good governance. Good governance requires transparency and Wall Street tends to react to the false perception of risk created by allegations - regardless of proven conduct. It remains to be seen how the SEC will answer these questions and concerns; they are currently taking comment on the whistleblower provisions and a final decision is expected in April 2011. In the meantime, we continue advising clients on the most robust programs to increase trust and dialogues internally.

September 3, 2010

Vehicles and Venues

Today, we are beginning a newsletter at EthicsPoint – send us your email to be added here - where we hope to keep clients better informed of informational and educational opportunities along with company and industry news and this is meant to be a kind of introduction. Likely the best way to do so is outlining the elemental shift in EthicsPoint’s strategy that’s occurred over the past year. While we have historically offered a hotline and case management solution, fundamentally we’ve always felt we were an awareness company – helping customers gain insight into the risks facing their operations through the effective collection, management and analysis of reported issues. As customer needs from a GRC perspective have changed, we’re changing with them – by providing solutions to specific business problems, such as complying with anti-fraud legislation like the Foreign Corrupt Practices and UK Bribery Acts, mitigating the risk posed by third-parties within supply chains, gaining deeper insight into the actual vs. perceived risks throughout your operations, etc.

To that end, we successfully made two acquisitions earlier this year and are close to assimilating both software solutions into our core framework. These acquisitions mark the expansion of our services, providing customers with more robust analytical, tracking and reporting tools, the first of which will be showcased at SCCE’s 2010 Compliance & Ethics Institute in Chicago on Sept 12-15. We’ll be in booth #200, we’d enjoy seeing you stop by for a demonstration!

From the outside it may be hard to perceive the changes we’re continually making at EthicsPoint, but we aim to constantly improve for both our customers and the industry. As always, we welcome your feedback so please feel free to contact me with comments and/or suggestions.

May 28, 2010

Three Things I Know

There aren’t too many weeks in the year that I’m not out speaking somewhere on the importance of integrity in the workplace or sharing benchmark and other statistical data on the risks faced by organizations around the world. These past two weeks were no exception. On May 17th, I traveled to London to attend the Society of Corporate Compliance and Ethics’ (SCCE) conference on “Managing Third Party Anti-Corruption, Compliance and Ethics Risk.” And this past Monday, EthicsPoint hosted a breakfast on the recently passed UK Bribery Act in which we were extremely fortunate to have Vivian Robinson of England’s Serious Fraud Office and Neill Blundell a partner with Eversheds as additional speakers. The event had an incredible turnout of over 100 senior executives from the London area.

Lately, I have been beginning my speaking engagements with the “three things I know.” The first thing I know is that the level of regulations and regulatory pressure on organizations around the world is constantly increasing. The second is that this constant influx of new rules, laws and guidelines makes it very difficult for a multi-national firm because many of these requirements are in conflict. For example, Sarbanes Oxley requires any company listed on a US stock exchange to have an anonymous whistleblowing mechanism for reporting misconduct. However, these types of systems are illegal in Spain and Portugal - this is just one example and unfortunately there are many, many more. The third thing I know is that every regulatory agency has shifted their focus from writing these guidelines to enforcing them with a vengeance - the monetary fines associated with regulatory non-compliance are often upwards of hundreds of millions and can even include jail time for culpable individuals.

This April, the United Kingdom passed the Bribery Act. While similar to the Foreign Corrupt Practices Act (FCPA) in the United States, the jurisdictional reach and view of facilitation payments (legal under the FCPA) is considered bribery under the Bribery Act. This presents a significant conflict between these two Acts.

While addressing the audience in London, I couldn’t help but think it was 2002 all over again, when we were just learning about the potential impact of SOX and the mountain of undefined work ahead of us. Based on the very broad jurisdictional reach of the Bribery Act, a UK company, as well as any non-UK company that conducts business in the country will fall under the scrutiny of the Serious Fraud Office – this provision certainly provides for a great deal of anxiety for obvious reasons.

I had the opportunity to have lunch with Neill following the session and he told me that his multinational clients, especially those from the US, had no real fear of the Bribery Act. This lack of alarm may stem from the fact that companies have become desensitized by the onslaught of regulatory pressures and view the Bribery Act as just one more requirement. On the other hand, the Brits, who have never seen such enforcement, do indeed harbor serious fear, uncertainty and doubt (FUD). The FUD surrounding Sarbanes generated three years of “full employment and empowerment for all US legal and accounting firms” - no doubt it will have a similar affect in the UK.

In 2004, I had the privilege to work with some very bright and dedicated people while helping to craft the original Open Compliance and Ethics Group (OCEG) Red Book guidelines for Sarbanes compliance, I therefore feel I have a solid understanding of what needs to occur in the UK. I have tried to boil it down and I am in the process of completing a white paper on the “Ten Simple Steps to UK Bribery Act Compliance.”

These 10 simplified steps are as follows:

1. Assign an individual the authority and responsibility to understand and address the requirements of the Bribery Act and if/how they apply to your organization

2. Assess and prioritize your risks

a. Look for potential impact areas and stakeholders
b. Devise your organization’s “risk profile” and understand how to apply your organizations unique sensitivities to risk

3. Create, gain approval and communicate your strategy for reacting to these risks

4. Review, revise or create a Code of Conduct that includes all salient requirements of the risk and regulatory requirements your organization faces

a. Build a separate code specifically for vendors, suppliers and agents
b. Don’t overlook the impact of reputational risk when crafting a Code of Conduct

5. Review, revise and train to the policies, procedures and guidelines that support the principles contained in your Code of Conduct

6. Ensure you have a proven and effective means for gaining stakeholder feedback

a. Track “open door policy” communication
b. Create an “alert criteria” for exit interviews
c. Have a publicized and visible “whistleblowing” system

7. Workflow Consistency is the key to the Serious Fraud Office’s satisfaction with your solution

a. Triage all reports according to the same check list
b. Investigate reports of misconduct following a standard workflow
c. Ensure resolution and adjudication is consistent across your geographies
d. Have a system to audit and monitor all the above

8. Create or extend your internal controls to ensure compliance with policies, procedures and guidelines that support the Act

9. Report regularly on the status and impact of your compliance solution

a. Develop incident and trending reports
b. Foster Board of Director access and awareness
c. Publish sanitized reports of misconduct as training aids to your stakeholders

10. Review all of these processes at least once a year and refine any and all that can be improved or enhanced

These steps are merely the product of my experience and are an extrapolation of the Seven Essential Elements found in Chapter 8 of the US Federal Sentencing Guidelines and the OECD Guidelines for Multinational Enterprises. Since 1991, the US Sentencing Commission has worked to revise these guidelines and provide organizations an instruction manual to help mitigate the risk of prosecution. These guidelines have been revised in 2003, 2007 and are currently under review for revision once again in 2010. Our friends across the pond will do well to study these “essential elements” and learn from the mistakes we made formulating a strategy of compliance.

May 17, 2010

27625 The UK Bribery Act

I’ve been on an airplane quite a bit these past few weeks and this last week was no exception. The Conference Board of Canada was kind enough to invite me to address their Corporate Ethics Membership Council in Vancouver and on my return flight I was able to catch up on some reading. We have a few analysts on our EthicsPoint team and one supports me by looking at hundreds of websites and blogs that address trends in our industry and passing on the most important or informative of these for my review.

In all honesty, it is a necessity. I couldn’t possibly do what I do without Bryan keeping me “in the know” with information from a variety of sources. I read hundreds of pages a week on new developments which means that he must read thousands. (Note to self: remember to say thank you more often.)

Looking through this week’s folder, I found a tremendous amount of detail surrounding the new UK Bribery Act. The Bribery Act is the companion regulation, if you will, to the United States’ 33 year-old Foreign Corrupt Practices Act (FCPA). The Bribery Act has not yet been fully promulgated by England’s Secretary of State, but the hand-writing is clearly on the wall.

The Bribery Act extends its reach far beyond the FCPA and as it is currently written should send shivers down the spine of every multinational company with operations or sales in the United Kingdom. It does not just deal with corporations, it also empowers the Serious Fraud Office to set fines and demand jail time for individuals associated with answerable organizations, corporate managers & officers and even board directors. Like the FCPA, the Bribery Act also makes organizations responsible for the actions of their vendors, suppliers and agents.

However, the Bribery Act goes further than the FCPA in other areas as well, such as rejecting facilitation payments as acceptable behavior- this will be important to watch how this conflict of opinion plays out. Facilitation payments are payments for services or positioning to which you are entitled. For example, suppose your passport has expired and you need to travel immediately. You can fly to a passport office and stand in line to get an expedited passport, or you can overnight your information and pay $300 to a “facilitator” who will immediately furnish the passport you were entitled to receive. Under the FCPA, this type of payment is fine but the Bribery Act deems it as bribery.

The territorial reach of the Bribery Act is also broader than that of the FCPA. The US Department of Justice’s (DOJ) involvement is somewhat restricted and requires local cooperation. However, under the Bribery Act, even if a company “conducts business” in the UK, the Serious Fraud Office (SFO) has the jurisdiction to take a primary position in punishing organizations for misconduct.

As concerning as this jurisdictional reach may be, I began to realize that the typical fines imposed as a result of a bribery violation are ‘chump change’ when compared to the other related costs. For example, Daimler paid a combined $185 million dollar fine for bribery and improper influence. A tidy sum, but they reportedly paid over $400 million in additional legal and accounting support. This realization was an inflection point for me. It isn’t just the fines but also the related costs and business distractions associated with these types of violations that organizations should be concerned about.

To make matters worse, just as we saw with Sections 404 and 302 within the Sarbanes-Oxley Act, the oppressive fines, fees and reprioritization of management time do not discriminate between small to mid-sized businesses and larger corporations. Therefore, the 3 to 4 times expense ratio for legal and accounting fees to support the actual fine amount are the norm. This total magnitude is far more impactful and injurious to a small organization when you consider it as a percentage of EBIT.

There is hope, however. The Bribery Act and FCPA are mandates that can be mitigated, but it takes an acute understanding of the risks associated to the individual organization, a demonstrated plan of action to minimize these risks and an audit trail that the organization is walking the talk. The Federal Sentencing Guidelines established a direct link between the ‘Seven Essential Elements’ contained within Chapter Eight of the Guidelines and mitigation. I have long been both a student and believer of these seven elements and the mitigation value they hold for organizations.

This is a big proactive bill to fill (pun intended), but when you consider the financial and reputational consequences and damages, it is the most cost effective and prudent position for an organization to take.

What do you think?

April 30, 2010

Another Sh*tty Deal

For the past few days I’ve been following the news surrounding the testimony of Goldman Sachs executives before a Senate panel investigating the investment bank’s role in the financial crisis. Wow! If you haven’t followed this crazy ride, the transcripts from the hearings can be found all over the web and while there are still more questions than answers, it points to a major disconnect in our capital system.

The dialog is almost comical. Certain lawmakers compared the bank’s mortgage bankers to bookies – with the senator from Nevada further expressing his displeasure by saying, “Bookies have more ethics than Goldman.” Senator Carl Levin asked repeatedly why Goldman Sachs sold securities that their internal emails called “really sh*tty deals.” If the frauds perpetrated here weren’t so frustrating and disheartening, the dialog would make Lenny Bruce laugh out loud. Levin used the term “sh*tty” 11 times in one set of questions and began to ask the Goldman executives if they could define degrees of “sh*tty” in the deals they promoted.

Levin also asked Daniel Sparks, who ran the bank’s mortgage unit at the time, “How about the fact that you sold hundreds of millions of that deal after your people knew it was a sh*tty deal. Does that bother you at all?” While there was a great deal of polite posturing by Mr. Sparks, the apparent unspoken answer was not only “No”, but “Hell No!” Other questions related to Goldman’s “moral obligation” or “duty of care toward the best interest of the client” also received a “yeah, not so much…” response - really scary and sickening.

This past Monday I had the pleasure to be in New York for McGraw Hill’s publication premier of Buffett's Bites: The Essential Investor's Guide to Warren Buffett's Shareholder Letters. Buffett’s Bites is a stellar book written by a good friend of mine, LJ Rittenhouse. Rittenhouse has been fighting for transparency and improved corporate communication for years. She helps CEO’s formulate their shareholder letters and has created a very interesting ranking based on the candor, or lack thereof, found in many CEO letters. Rittenhouse recognized that Buffett’s letters are his legacy. As you read these letters, you realize his demand for an appropriate use of capital and you begin to understand the core of his investment philosophy.

Rittenhouse blogged early on about the 2009 Goldman shareholder letter and sensed there was trouble in River City. She was right - but I have learned she generally is. By looking at the word choices and the vocabulary utilized in shareholder letters, Rittenhouse has proven a correlation between the amount of “fog” in a letter and downstream share value.

Later that night at dinner with friends and colleagues, Goldman was one of the topics of conversation - at the end of the night we all shared a collective sigh of disgust and cynicism. The problem is clear. The dollars associated with making the deal are worth more than the value of the deal. Therefore, there is no duty of care or moral responsibility to the investor – and, if it is a “sh*tty deal”, the deal maker just invests in derivatives that bet against the deal so they make money when the deal tanks.

Senator Levin summed it up when he said, “You shouldn't be selling junk. You shouldn't be selling crap. You shouldn't be betting against your own customer at the same time you're selling to them." While not as a direct response, Goldman Sachs CEO Lloyd Blankfein indignantly expressed that clients who bought subprime mortgage securities from Goldman in 2006 and 2007 came looking for risk "and that's what they got."

Although we were at dinner to celebrate Mr. Buffett’s letters, it was another Buffett, Jimmy, whose words we sought for solace. “We need more fruitcakes in this world and less bakers! We need people that care! I'm mad as hell! and I don't want to take it anymore!" ...

April 20, 2010

Self-Governance, An Abstract Concept.......

Satellite technology is a wonderful thing. While traveling to Dallas this past Sunday, I was able to watch the Verizon Heritage golf tournament live from my coach seat on Continental Airlines. It was a particularly tight match - by the 10th hole, three players were in close contention for the championship. In professional golf, there are significant spoils to the winner. In this particular event, the winner received $1.03 million and second place received a paltry $616 thousand - with the dollars falling off to where 60th place made just over $11 thousand. This doesn’t even take into consideration the value of the FedEx Cup points, but I digress.

Going into the 18th hole, tournament leader Jim Furyk held a one stroke advantage over his playing partner Brian Davis. On the 18th, Davis hit a combination of great shots and tied the tournament with a birdie - at the end of regulation both players were tied at 13 under par and a sudden death playoff ensued. The Verizon Heritage golf course is one of the most precise courses on the PGA tour. The fairways are narrow, the greens are small, the bunkers and trees are large and the wind is brutal. The course was actually carved from a swamp and the remnants of reeds and undergrowth still abound.

As the players engaged the first hole of the sudden death playoff, Furyk’s second shot landed safely on the green about 30-40 feet from the pin. I’ve learned to never underestimate the prowess of professional golfers, but this clearly set up Furyk for a “Hail Mary” birdie putt to win. Davis’ second shot approached the green but caught the greenside bunker. The commentators expected the playoff to continue to the next hole - anticipating Furyk to 2-putt for par and Davis to successfully get “up and down” from the bunker for a similar par. Then something totally unique to golf occurred.

Immediately after hitting his bunker shot, Davis called a penalty on himself. In real time, no one saw his miniscule mistake, but the world collectively groaned as the TV replay showed his sand wedge ever so slightly tap a reed twig laying in the bunker on his backswing. The rule is clear, moving a twig in a bunker is against the rules, and Davis knew he had broken it. After a very painful five or six minute interval of muffled dialog and continuous TV replay of the infraction, the PGA rules officials confirmed it was a two stroke penalty – Furyk wins. After this righteous display of “self-governance” by Davis, I looked up this term on Wikipedia which classified it as an “abstract concept.”

My golfing partners and I play reasonably well, but not anywhere close to the level of the pros. In my group of 14-16 handicappers we don’t hold ourselves to this level of rule scrutiny, in fact, a foot wedge is one of the most commonly used clubs in our bag. We generally consider being in the rough punishment enough, so if your ball lands in a divot you get to move it out. After all, we aren’t playing for a million dollars.

As I continued my airborne journey, it just so happened I was on a connecting flight with a PGA official so I asked his opinion on the matter. He said something that made me think – “This is what makes golf special.” I couldn’t agree more, so when I got to the hotel I looked up how often this situation has occurred. The most extraordinary example of self-governance in professional golf was the 2008 self-disqualification of golfer J.P. Hayes. Hayes played a non-conforming (illegal) golf ball by mistake for one hole of a PGA Tour qualifying event in Texas.

Hayes subsequently disqualified himself from the tournament which made him ineligible to play fulltime on the PGA Tour in 2009. What an incredible example this sets for those of us who honor the game and struggle to get better. I then began to think. Wouldn’t it be great if the top corporations, the ones that I aspire to model EthicsPoint after, held themselves to this level of scrutiny?

I then recalled the complaints from many of my peers that the Sarbanes-Oxley guidelines and regulations under Section 404 were too onerous for small corporations. The smaller, less established corporations didn’t have the revenue to support these requirements. It was estimated that 404 controls cost $3-8 million to manage regardless if your company generated $1 million or $100 billion. Thankfully this law has been changed.

Just like the rules of golf are more appropriate for the pros, the 404 SOX controls were more appropriate for very large corporations, but tedious and overly burdensome to smaller organizations.

But back to self-governance. Why is it that we see the Enron’s of the world as the poster children for greed and deceit when they should be the shining example for self-governance? I could pontificate for another 1000 words on the why and what I think they should do, but I am more interested in what you think?

April 13, 2010

A Life Well Lived

A couple of weeks ago I received a call in the wee hours of the morning that I had been dreading for months. My good friend and cousin called to tell me that his dad, my uncle, Howard Glenn “Jiggs” Childers had passed away at the age of 89. His health had been slowly deteriorating for several months and I knew it was just a matter of time before he succumbed. I share this story with you only because I think there is a message here we need to embrace.

During childhood and even into my 20’s and 30’s, my uncle’s children, grandchildren, siblings and other extended family complained about his controlling nature. They complained about his demanding personality and brutal honesty when you wandered outside his scope of approval. People would also comment that he never got his hands dirty – but as it turns out it wasn’t because he was lazy, it was because he insisted on orchestrating the tasks and organizing the projects.

He had an eye for detail, a sharp pencil when negotiating terms and a soft heart for any project that improved his community. He also loved the land. Many of you know that my parents were first generation ‘off the farm’ – both my dad and uncle were born in a 3-room house on the acreage their father farmed. I am proud to say, like my father, my uncle never forgot his roots. He was grounded by the land and the majesty of nature.

I flew to Oklahoma for the funeral and was immediately immersed with family, many of whom I had not seen since my dad’s funeral in 2007. I come from a big family and when you have a big family there tends to be a lot of bickering and strife. That wasn’t the case on this day. Everyone was there to honor my uncle who we recognized had touched each of our lives.

By the time I got to the service, it was apparent my uncle had touched the lives of many people. The 750+ people in attendance filled the neighborhood church, its gym and every other overflow area available - a truly amazing sight.

As the eulogies started I began to reflect on my uncle’s influence on my life. He was a man of integrity and insisted on honesty, fairness, love of God and family. He always put family first. As my peers began to express their sentiments I realized that what they were saying was true. During my 55 years on this Earth, I had never heard my uncle utter a harsh word – a stern word yes, but never in anger and always in love and directed at the best possible outcome for the situation. They spoke of his kindness and his compassion and how he made time for people and listened to their needs. The minster spoke of when he needed something done in the church – money, building, and supplies – he only needed to make one phone call. My uncle would tell him not to worry and the minister knew that someone would be calling soon to volunteer, provide the necessary items or discount their work to make it affordable for the church.

I also heard from every person I had grown up with who had so often criticized or bemoaned my uncle’s controlling nature and rigid expectations, acknowledge and appreciate his unwavering expectation of principled behavior. This day they spoke of how he had made them better and shaped them into who they were today. They also spoke as mature adults (most of us are 45+ today), of how his values and guidance had helped them formulate the way in which they shepherded their own families.

I began to reflect myself and I could only agree. I admired my uncle. His immediate family was just as idiosyncratic as mine, but they were tight and mutually supportive. They were all educated and had been provided the opportunity to excel. They each also carried a responsibility to serve their family, church of choice and community. I had a sobering moment because I realized these are character traits I demand from my six children and their spouses.

As the expressions of love and respect continued, I began to ponder and in fact question my own corporate leadership. I asked myself – am I demanding enough? Do I balk to be politically correct or “keep the peace”? Am I harsh with my tone or do I express my expectations with love and a calm firmness and set expectations that are both realistic and unwavering?

Then I began to reflect on what we do at EthicsPoint as compliance professionals. I realized we should set the same expectations for our organization – realistic and unwavering. I realized I worry too much about being loved in the moment and so I tread too softly when my management team fails to meet my expectations. Do you do the same in your company?

Have we become more concerned about turnover, morale, creating a “hip culture” or just avoiding the work it takes to stay the course instead of creating an unwavering expectation of principled based performance?

For me, I plan to dig deeper this year, work harder to inspire great leadership with my team and ensure that my values and expectations are visible and verbalized.

April 5, 2010

The Unintended Consequences of Sunshine Laws

Laws created to ensure the open review of government information on the local, state and federal level, such as the Freedom of Information Act, are a good thing. Typically referred to as sunshine laws, these requirements were designed to make previously inaccessible government information available to the public. These laws not only apply to government documentation, they also grant the public and media access to government meetings.

I’m a huge proponent of the public’s right to know and of transparency. However, some consideration must be given to what falls within the public’s right to know when it comes to an organization’s internal issues, especially when an issue is communicated to a supervisor, manager, HR professional or through an employee hotline or other method for anonymous reporting.

EthicsPoint operates reporting hotlines and delivers case management solutions to more than 2,300 clients around the world. Last year, we collected over 150,000 cases from both the hotline and our clients’ web-based report forms. An analysis of these cases shows that 15-18% were found to be frivolous or unfounded, e.g., a rant or a malicious attempt to cast doubt on a co-worker or manager, while 10-15% were immediately actionable and/or contained enough specifics to allow the case manager to quickly resolve the issue or concern. The remaining 70+%, however, required a certain degree of finesse, exploration and as much ‘art as science’ to reach a point of resolution.

Recently, a high school principal in Texas abruptly retired after learning he was under investigation for allegedly sexually harassing one of his staff. His actions are not the subject of my concern, by all appearances the school district was doing a great job of seeking information and investigating the validity of the allegations. However, what does concern me is the media’s open records request for any documents pertaining to the investigation under the auspices of open records laws.

The school district’s counsel has wisely requested an opinion from Texas’ Attorney General seeking exemption from producing the documents. In her request, the counsel stated the document(s) “contains highly intimate or embarrassing facts, which if publicized would be highly objectionable to a reasonable person, and the information contained in the report is not of legitimate concern to the public.”

In 2007, another Texas school district took an entirely different path. They suspended the use of their hotline and case management system to avoid the unnecessary scrutiny the state’s sunshine law had created. In this instance, the sunshine law created the opposite effect for which it was designed. The school district retreated and many of the proven tools used to mitigate fraud and abuse were abandoned. As a result, the school district’s interests weren’t served and the people charged with protecting the school district’s interests were technologically handicapped in their ongoing efforts.

This isn’t just a Texas phenomenon. In 2009, an Arizona reporter acknowledged – “Official action by government should be public and transparent. But I think the body politic suffers – in terms of competence, efficiency and effectiveness – by making our government employees work in a fish bowl. But these broad, sweeping public-records requests are clearly fishing expeditions, intended to harass and intimidate. And as such, they constitute a threat to the rule of law.”

So while I passionately believe in bringing visibility and transparency to the issues and events that pose risk to any organization, I also feel the unintended consequences of sunshine laws have the potential to dramatically limit accountability unless they are limited in scope. How do you feel about this and do you think that open information laws should have some governing guidelines in protecting privacy, relevance and appropriateness?

March 3, 2010

Play by the Rules?

For the past few years I’ve used every forum at my disposal to discuss the inequity of a rule-based environment. You can never have all the rules, and even if you try to have all the rules you ultimately end up with an exhaustive list of requirements that no one can understand or hope to follow.

Instead, I’m a huge believer in principle-based performance: Educate to values and integrity, establish clear guardrails and the “rules” for the most part will take care of themselves. The reality, however, is there are people who will choose to break a rule, push a line or tread on thin ice regardless of how much you instruct them otherwise.

One example of an organization that maintains too many rules is the NCAA. For the record, to the disdain of most of my children (Go Ducks!), I bleed crimson and gold. My youngest daughter graduated from the University of Spoiled Children (or USC) and during her four years in Los Angeles I found myself completely rooted within the Trojan family. So, like every other loyal Trojan, I’ve been avidly following the NCAA’s attempt to discredit the University of Southern California.

Bear in mind there is no allegation whatsoever that USC did not play by the NCAA’s rules. However, the NCAA claims that the family of former USC running back Reggie Bush sought and obtained virtually free housing in the Los Angeles area from an individual that had no direct affiliation with the university. In fact, there isn't even an allegation that any university officials or boosters were involved or even aware of the Bush family arrangement.

Just like many other universities, USC took all the necessary steps to educate players and their families on NCAA rules regarding improper behavior. This is essentially what is referred to as compliance training in the corporate world. The issue is that a player and his family, along with an agent, chose to break the rules – not the university. However, the university is somehow held accountable.

For those who’ve been reading my blog, you know I have been focused on the extension of compliance concepts to vendors, suppliers and agents because when they screw up it is the corporation who is found guilty – either in the courts or in the court of public opinion.

USC has been serving time in both of these “courts” lately. USC will likely be found guilty of a violation of something – because the NCAA unfortunately has enough major and minor rules to make this happen.

However, USC didn’t help its cause when it hired Lane Kiffin from the University of Tennessee as its new coach following the departure of Pete Carroll to the Seattle Sea-Chickens. Kiffin is no stranger to questionable behavior and he would not have been among my candidates for the job. According to the New York Times, in less than 14 months at Tennessee, Lane Kiffin committed six secondary violations and is under investigation for the use of student “hostesses” in recruiting. Three of Kiffin’s recruits were also dismissed from the team after they were arrested for armed robbery.

Despite promising that his number one priority at USC was to run a clean program, Kiffin has already committed a minor violation by picking up a USC recruit at the airport in a limo. I fly into LAX quite often and while limos may be an odd sight in Ann Arbor, they are pretty common in Los Angeles. I’m not saying what he did was right, I’m just trying to focus on the situational norms – not a bunch of rules. If Kiffin was trying to impress some kid by showing him the ‘So-Cal’ lifestyle, then Kiffin was in the wrong. If he just didn’t want to fight the traffic on I405 and wanted to talk to the kid along the route, what was the harm? Plenty. Kiffin knew what he was doing was wrong. The principle is “inappropriate influence” and he chose to ignore it.

I am not suggesting that if the NCAA gets rid of all of its rules that universities will automatically clean up their athletic programs. I am simply suggesting that all the silly little rules get in the way. Minor rules must be made for breaking otherwise they wouldn’t be classified as minor?! If the NCAA created and verbalized a clear set of guidelines to every stakeholder (coaches, players, athletic directors, boosters, agents and family members) and enforced them swiftly and fairly, then I think everyone would get the message.

I've been preparing this week for a talk I will give in a couple of months on gaming fraud – specifically focused on Native American casinos. What I have learned is that Native American gaming establishments are not unique and the fraud and abuses that are prevalent in Las Vegas are just as prevalent in Tulsa, Oklahoma. What I have also learned is that the sophistication and pride within Native American tribes makes a huge amount of difference in the volume of fraud-based activity. The tone from the Principal Chief and the value set by which the tribe members hold themselves accountable is the real measure by which you should begin to rank or rate the fraud potential.

It should be the same for college athletics. Coaches should set the tone and lead by example, and the alumni must remember that the true sense of winning in college athletics isn’t always measured by trophies or scoreboards.

College sports are dominated by the “what have you done for me lately" or "we need to win now" attitude. This can be likened to the sentiment in the corporate world which saw the downfall of Enron and the like, too much focus on short-term profits and not enough focus on long-term growth. Universities need to realize the eventual damage this attitude may inflict down the road if they don’t build a program based on integrity and principle-based performance.

February 22, 2010

Principle-Based Leadership: Setting the Tone

As a member of numerous web 2.0 forums, I oftentimes listen to esoteric rants and the splitting of hairs in the Governance, Risk and Compliance world. Every so often, however, I get the opportunity to read something that is refreshingly lucid.

All of us in the compliance world struggle with moving the needle and improving the “ethical quotient” of our organizations. For the last few years, I have come to believe it isn’t the “transformation” of people that is important, it is the tone from the top and the people you hire. Setting the tone and expectation of principled integrity for your organization and interjecting the right DNA into an organization can have a greater impact than any training program. When people are faced with an ethical dilemma they often turn to the example set by leadership or their co-workers. Having well-grounded individuals in your organization that embrace the organization’s goals and know the difference between right and wrong will prove invaluable.

Recent comments by Daniel Roberts of RAAS consulting made me take notice. Dan discussed the obituary of one of the translators at the Nuremberg War Crimes Tribunal and recounted this person's recollection of the interrogation of Rudolf Höss, the former head of Auschwitz. The translator asked Höss if he had ever sought to enrich himself off the Jews he was killing. Apparently Höss replied, "What kind of man do you think I am?"

This is the verbatim quote from Dan that sparked this post: “Ethics are defined by what we believe to be right and wrong. Höss was not living in an ethical vacuum, just in a place/time in which the ethics were so distorted from our understanding of the word as to earn him a place in history as one of the most loathsome humans ever. Yet he considered himself ethical.

Start by looking at the ethical norms or leadership and you will discover the ethical norms of the organization. An ethics program by itself is noise. It is the actual behaviors of leadership that matter. If they cover up inappropriate or even criminal behavior (seen it done), or simply refuse to truly investigate it (seen it done), punish those reporting the potential abuse (seen that done too), then all the ethics handbooks and programs are meaningless.”

Thanks Dan for reminding us that inspiring principled based performance and a sense of “presence,” not the issuance of rules and requirements, is how we will change our organizations.

February 16, 2010

Government Transparency: An Oxymoron

For almost a decade, EthicsPoint has provided software and services that help organizations gather, review and resolve issues and events that impact their operations. Most of these issues and events are risk factors that can dramatically affect confidence and share value or result in a serious monetary loss. At EthicsPoint, we provide services to a multitude of organizations from a variety of industries. But if you peel back the onion, you will notice that we service only a handful of municipalities and no government agencies, I’ve often wondered why that is.

I used to believe it was because EthicsPoint delivers its services in the “cloud” as a software-as-a-service provider and doesn’t provide a premise offering that can be put behind an organization’s firewall. But lately I have come to the conclusion that transparency and government -any government - simply doesn’t exist. For all practical intents, the US government became a venture capital company in 2009 and EthicsPoint does service several financial institutions. Therefore, I don’t believe it’s the function of the organization that dictates a lack of transparency, but rather something inherent in the way our government is run. As a tax payer this is frustrating to me.

I was a history major in college and looking back I don’t know if real transparency has ever existed in our government. The reasons for this lack of transparency may be varied, but the result has been the same. For instance, in the earliest days it was a literacy void and the general public’s inability to read helped support our representative form of government. Next, it was a genuine communication failure in reaching the populous due to distance and an unreliable “yellow” journalistic press. Then it was a protectionist view – because we couldn’t let the commies know what we were doing. Today it is just the “way things are done.”

It is somewhat akin to the situation of a plumber not showing up to your house and when you express your discontent to a co-worker she immediately understands and says, “Yeah, that’s just the way those guys are.” We’ve become so accustomed to bad government that we roll our eyes and say, “Yeah, that’s just the way those guys are.”

Several months ago I blogged about “hating the word Ethics” and repeatedly expressed that I personally had difficulty drawing a definitive ethical line when dealing with certain issues or events in the compliance world. Earlier this week, Mark Meaney, the number two man at the city of Chicago’s Office of Compliance, resigned amid allegations he mishandled an intern’s 2008 sexual harassment complaint against a top official at Chicago’s 911 emergency center. I had the opportunity to work with Mark and I personally find this hard to believe. He and his boss Tony Boswell had the very unenviable and daunting task of developing and running the compliance department for the city of Chicago.

The city of Chicago has been monitoring city hiring since the 2005 scandal that found a member of Mayor Daley’s staff guilty of rigging city hiring and promotions to benefit pro-Daley political workers. However, the city’s hiring monitor and other consultants have proven inefficient and, according to the Chicago Sun-Times, have cost Chicago taxpayers $6.2 million. It has also been reported the city’s hiring monitor has been accused of falsifying allegations of misconduct by Boswell and Meaney in order to discredit them and gain total control of the city’s hiring process. This is where that ethical line starts to blur.

The situation gets better or worse depending on your perspective. If you know anything about whistleblowing, it is the responsibility of the compliance officer to protect the organization from any “retribution” resulting from an individual coming forward. The ethical line blurs even further once you know the 911 center official in question is a high-ranking deputy who was stripped of his responsibilities in 2008 after blowing the whistle on alleged contract irregularities involving Motorola that cost taxpayers $2.25 million.

Mark’s quote in the Sun Times says it all. “It was a privilege to have been part of something that had never been tried before; corporate-style compliance in municipal government…Mayor Daley should be applauded in his efforts at true reform. Unfortunately, fear and blame seem to be winning over culture change. I return to the private sector with no regrets for having spent the last two years working with some of the best public servants anywhere.”

What a twisted web. You have heard me say many times the role of a compliance officer is not black and white. The role requires discernment and often a balancing act of issues that would make Solomon shudder. This is no different in government or the private sector. Let’s consider for a moment that the evidence in this case is inconclusive (let me be clear that I have no inside information on this matter). Yes, there is an accusation but it is difficult to fully substantiate. There are multiple variables in play and the subject of the investigation is a person who “blew the whistle.” Appropriately, you might have some trepidation that the accusations could be retaliatory. So I ask you – what would you do?

I like Mike and Tony, which makes this difficult for me. It upsets me that in the public sector what some members of government say in front of a microphone, even for their own benefit or gain, often shapes the court of public opinion, and good guys pay the price.

February 10, 2010

Global Sourcing: The Next Level of Risk

As I mentioned in my last posting, the Justice Department is becoming more serious about Foreign Corrupt Practices Act (FCPA) enforcement and the recent sting operation in Las Vegas certainly reflects the hard-line, somewhat insidious, strategy of their new playbook. While the indictments involved individuals in the defense/arms industry, I expect enforcement to increase across many industries.

Aside from the recent events foreboding stricter enforcement, some of my peers are also predicting a surge in activity. For example, a former US Attorney assured me this sting was only the beginning and that two more will emerge in the coming months. Dan Karson, an executive managing director for Kroll, said the recent sting operation has “sent chills” down the spine of small and mid-sized businesses who may have falsely hoped the Justice Department’s interest in FCPA was reserved for global Fortune 500 companies.

This increasing level of FCPA enforcement has major implications for companies and how they choose supply chain partners. In the past, a partner’s misconduct may have impacted the organization but didn’t necessarily come with the immediate publicity and massive fines experienced today. This is why companies who never considered making the investment are now starting to consider extending their internal compliance expectations and training throughout their supply chain. Cultural and language barriers aside, this remains a daunting task.

Global sourcing relationships have always been about trust and service – but this is new territory that stretches the boundaries of these relationships. The two most important factors in mitigating an FCPA violation in this instance are selecting the right vendor, supplier or agent from the start and developing a process that ensures transparency. I will be writing much more on this topic as the year moves forward. Let me know what you think – can you expect a vendor, supplier or agent to act in accordance with a company’s compliance policies, procedures and guidelines?

January 22, 2010

Back in the Saddle

This past year was a difficult one for most companies. I am happy to say that EthicsPoint not only survived but thrived during one of the worst economic periods in recent memory. But the work load to succeed took its toll and my conversation with you suffered.

To all of you who took the time to link into my blog last year, I want to reiterate how much I enjoy sharing my thoughts in a blog format and that I am dedicating the time and discipline this year to be attentive to this dialog.

My blog will soon take on some new dynamics. I also have one of our analysts working with me to ensure I remain current and vocal around the important topics in GRC. A new section of my blog site will be dedicated to monitoring important legislation or regulations. There are many new areas of fraud and risk evolving and the compliance emphasis on FCPA, supply chain management and green initiatives is growing exponentially. I hope to keep current on each of these and share my thinking both here and thru Twitter.

This past week the FBI showed that it was serious about FCPA enforcement. Their sting efforts were very effective. Dan Karson of our partner Kroll Worldwide said in a recent article,“This [sting] has sent a chill down the back of a lot of companies…Mainstream companies, not just from the defense industry, are now wondering, 'Am I at risk?'” I have been suggesting for months that small and midsized companies need to better understand their supply chain and extend their compliance programs to these stakeholders. With these new "rules of engagement" the risk level within supply chains just moved to a new DEFCON level.

More comments to follow and please comment and tell me what you think.

About Me

David Childers
of EthicsPoint

View David Childer's profile on LinkedIn contact david Email Me

Favorite Quotes:

Ronald Reagan
There are no easy answers, but there are simple answers. We must have the courage to do what we know is morally right.

John Quincy Adams
If your actions inspire others to dream more, learn more, do more and become more, you are a leader.

We are what we repeatedly do. Excellence, therefore, is not an act but a habit.

Ray Kroc
The quality of a leader is reflected in the standards they set for themselves.

John Maxwell
The first step to leadership is servanthood.