May 28, 2010

Three Things I Know

There aren’t too many weeks in the year that I’m not out speaking somewhere on the importance of integrity in the workplace or sharing benchmark and other statistical data on the risks faced by organizations around the world. These past two weeks were no exception. On May 17th, I traveled to London to attend the Society of Corporate Compliance and Ethics’ (SCCE) conference on “Managing Third Party Anti-Corruption, Compliance and Ethics Risk.” And this past Monday, EthicsPoint hosted a breakfast on the recently passed UK Bribery Act in which we were extremely fortunate to have Vivian Robinson of England’s Serious Fraud Office and Neill Blundell a partner with Eversheds as additional speakers. The event had an incredible turnout of over 100 senior executives from the London area.

Lately, I have been beginning my speaking engagements with the “three things I know.” The first thing I know is that the level of regulations and regulatory pressure on organizations around the world is constantly increasing. The second is that this constant influx of new rules, laws and guidelines makes it very difficult for a multi-national firm because many of these requirements are in conflict. For example, Sarbanes Oxley requires any company listed on a US stock exchange to have an anonymous whistleblowing mechanism for reporting misconduct. However, these types of systems are illegal in Spain and Portugal - this is just one example and unfortunately there are many, many more. The third thing I know is that every regulatory agency has shifted their focus from writing these guidelines to enforcing them with a vengeance - the monetary fines associated with regulatory non-compliance are often upwards of hundreds of millions and can even include jail time for culpable individuals.

This April, the United Kingdom passed the Bribery Act. While similar to the Foreign Corrupt Practices Act (FCPA) in the United States, the jurisdictional reach and view of facilitation payments (legal under the FCPA) is considered bribery under the Bribery Act. This presents a significant conflict between these two Acts.

While addressing the audience in London, I couldn’t help but think it was 2002 all over again, when we were just learning about the potential impact of SOX and the mountain of undefined work ahead of us. Based on the very broad jurisdictional reach of the Bribery Act, a UK company, as well as any non-UK company that conducts business in the country will fall under the scrutiny of the Serious Fraud Office – this provision certainly provides for a great deal of anxiety for obvious reasons.

I had the opportunity to have lunch with Neill following the session and he told me that his multinational clients, especially those from the US, had no real fear of the Bribery Act. This lack of alarm may stem from the fact that companies have become desensitized by the onslaught of regulatory pressures and view the Bribery Act as just one more requirement. On the other hand, the Brits, who have never seen such enforcement, do indeed harbor serious fear, uncertainty and doubt (FUD). The FUD surrounding Sarbanes generated three years of “full employment and empowerment for all US legal and accounting firms” - no doubt it will have a similar affect in the UK.

In 2004, I had the privilege to work with some very bright and dedicated people while helping to craft the original Open Compliance and Ethics Group (OCEG) Red Book guidelines for Sarbanes compliance, I therefore feel I have a solid understanding of what needs to occur in the UK. I have tried to boil it down and I am in the process of completing a white paper on the “Ten Simple Steps to UK Bribery Act Compliance.”

These 10 simplified steps are as follows:

1. Assign an individual the authority and responsibility to understand and address the requirements of the Bribery Act and if/how they apply to your organization


2. Assess and prioritize your risks

a. Look for potential impact areas and stakeholders
b. Devise your organization’s “risk profile” and understand how to apply your organizations unique sensitivities to risk


3. Create, gain approval and communicate your strategy for reacting to these risks


4. Review, revise or create a Code of Conduct that includes all salient requirements of the risk and regulatory requirements your organization faces

a. Build a separate code specifically for vendors, suppliers and agents
b. Don’t overlook the impact of reputational risk when crafting a Code of Conduct


5. Review, revise and train to the policies, procedures and guidelines that support the principles contained in your Code of Conduct


6. Ensure you have a proven and effective means for gaining stakeholder feedback

a. Track “open door policy” communication
b. Create an “alert criteria” for exit interviews
c. Have a publicized and visible “whistleblowing” system


7. Workflow Consistency is the key to the Serious Fraud Office’s satisfaction with your solution

a. Triage all reports according to the same check list
b. Investigate reports of misconduct following a standard workflow
c. Ensure resolution and adjudication is consistent across your geographies
d. Have a system to audit and monitor all the above


8. Create or extend your internal controls to ensure compliance with policies, procedures and guidelines that support the Act


9. Report regularly on the status and impact of your compliance solution

a. Develop incident and trending reports
b. Foster Board of Director access and awareness
c. Publish sanitized reports of misconduct as training aids to your stakeholders


10. Review all of these processes at least once a year and refine any and all that can be improved or enhanced

These steps are merely the product of my experience and are an extrapolation of the Seven Essential Elements found in Chapter 8 of the US Federal Sentencing Guidelines and the OECD Guidelines for Multinational Enterprises. Since 1991, the US Sentencing Commission has worked to revise these guidelines and provide organizations an instruction manual to help mitigate the risk of prosecution. These guidelines have been revised in 2003, 2007 and are currently under review for revision once again in 2010. Our friends across the pond will do well to study these “essential elements” and learn from the mistakes we made formulating a strategy of compliance.

Comments

About Me


David Childers
President
& CEO
of EthicsPoint


View David Childer's profile on LinkedIn contact david Email Me

ethicspointCEO@gmail.com

Favorite Quotes:

Ronald Reagan
There are no easy answers, but there are simple answers. We must have the courage to do what we know is morally right.

John Quincy Adams
If your actions inspire others to dream more, learn more, do more and become more, you are a leader.

Aristotle
We are what we repeatedly do. Excellence, therefore, is not an act but a habit.

Ray Kroc
The quality of a leader is reflected in the standards they set for themselves.

John Maxwell
The first step to leadership is servanthood.