Legal compliance is an inescapable part of the corporate environment today. Unfortunately, we’ve had all too many examples recently of what happens when companies ignore this fundamental rule. No longer can one rely on receiving only a “slap on the wrist” or assume that misconduct will not be detected. Significant legal violations now may be a virtual “death sentence” for a business organization, by virtue of public prosecution, private litigation, and abandonment by business partners.
1.The Culture of Compliance Part One: Pride
- Employees want to be proud of their company.
- Trust going both ways makes for a more effective organization.
Ethics/compliance/ integrity programs (the name is not that important) can work, and motivate employees to do better job, if the company takes the program seriously
- Remember human nature: use self-interest as a motivator
- – A compliance message: To get ahead in this company, you need to master the compliance-related aspects of your job
– Beware of overly-generous rewards: the chance for wealth will corrupt most people
2.The Culture of Compliance Part Two: Creating It
- Support: Visible backing from top management is essential.
- – Key legal principles applicable to most employees
– How to get more information related to job
– How to report wrongdoing
- Consistency: Use frequent written communications and training programs to reinforce a consistent message of support.
- Reporting: Establish a system for anonymous reporting of violations.
- – Important to investigate all reports of wrongdoing promptly & honestly.
– Use internal auditors to test compliance and investigate complaints.
- Control: Establish systems that make it difficult to violate
- Lawyers: Establish constructive role for Law Department
- – Lawyers as trusted team members
– Easy to find counsel, ask questions, get quick answers
3.Where to Start? Risk Analysis
- Identify the compliance risks associated with activities of the company.
- – Prioritize according to consequences of violation
– Examine all legal areas and history of problems
- Make sure there is a training, information and control system for each risk.
4.Empower Every Employee: How to Know What You Need to Know
- Every employee is responsible for compliance related to his or her job.
- – Not just a “legal” task.
– Put yourself in the shoes of a new employee or employee recently promoted into a new position. How do they know what to do?
– Create a system that makes it easy to employees to get information related to job.
- Attach a compliance risk to every job or role.
- – Start with occupations more likely to trigger compliance issues
– Example: think about the responsibilities of a plant maintenance supervisor (GMPs, environmental compliance, spill control, OSHA).
– Think about issues (e.g., document creation/destruction) applicable to all.
- Take this data and create the compliance database
- – Taxonomy of job descriptions
– List of compliance risk issues
– Table of compliance classes, systems, information, etc.
- The Learning Management System
- – Knows the employee’s role, what they need to know, what they’ve mastered
– Ideally, will track employee even if moving to new position.
- The computer portal.
- – Segment of computer screen devoted to compliance obligations
– LDAP to automatically populate portal object (if data properly input)
– Or, use series of questions and cookie to create menu.
- Corporate handbook and intranet.
- – Clear policy to comply
– Clear methodology to resolve questions, forward complaints.
– Clear information on subject.
– Easy access to subject matter experts and lawyers.
- High level “compliance contact” in each business unit.
5.How does it look outside the family?
- How the actions of the company are perceived is extremely important.
- – Good intentions usually don’t help.
– Assume you will never get the benefit of the doubt.
– What we do for external audiences.
- Government Prosecutors: may take compliance into account when deciding whether to indict.
- Now a part of corporate governance as viewed by shareholders, stock exchanges, regulators.
- Public generally distrusts corporations
- – Will believe the worst as reported in the media.
– Even while they may continue to buy products (at least for a while).
– Used to great advantage by plaintiffs’ attorneys.
- Customers will be reluctant to do business with someone they cannot trust, and may insist on specific compliance activities.
6.Consider formal legal requirements
- Sentencing Guidelines Basics
- – Establish compliance standards and procedures
– Appoint responsible compliance officer with “substantial control over the organization” or “a substantial role in the making of policy within the organization.” U.S.S.G. §8A1.2, comment n(3)(b).
– Adopt policies that do not delegate substantial discretionary authority to anyone the company knows or should know is likely to break the law
– Effective communication of standards and procedures
– Implementation of compliance measures such as monitoring, auditing and reporting
– Consistent enforcement through discipline.
– Appropriate responses after detection of offense.
- Sarbanes-Oxley (highlights)
- – Document retention rules
– Obligations of attorneys to report
– Whistleblower protections
– Corporate governance changes (Board & Audit Committee)
– Senior management certification obligations
– Code of ethics for senior financial officers
– Enhanced penalties
- Rules specific to substantive areas
7.Leverage subject matter experts other than lawyers: create a team
- Compliance is not just a job for lawyers
- – Lots of subject matter expertise outside of the Law Department (e.g., environmental managers, safety engineers)
– Lots of delivery expertise elsewhere (training specialists, corporate communications, systems)
- Leverage existing training programs.
- – Review existing training programs for accuracy
– Insert compliance messages where possible
– Make compliance training part of overall proficiency training in all subjects
8.Develop training that works
- You don’t need to always go with state of the art
- – Different types of media for different types of people, subjects
– Technical limitations (bandwidth, hardware) constraints
– The media should not get in the way of the message: an older format may be a perfectly effective training medium
- How to get people to remember what you tell them?
- – Reinforcement
– Simulation of familiar reality
– Limited expectations
- Communications options
- – Live classroom/meeting presentation
– Printed materials
– Computer-based training (intranet or CD/DVD)
- Approach your subject from the client’s point of view – not the lawyer’s
- – Make life easy for the client, not for you.
– Tailor the presentation to the employee type or the business unit.
- 1)Areas needing attention.
2)Possible problems that can be used to create hypothetical examples.
3)Sources of prior litigation.
4)Experiences (good and bad) with prior compliance programs.
- Lawyers and presentations
- – Remember to use plain English, not legalese
– If a lawyer gives an ineffective presentation, may be counterproductive (failure to deliver information, damage to relationship with law staff)
– Training should focus on key points, set in practical context (use lots of examples), designed to stimulate sensitivity when legal issues exist, but not designed to train people on every issue.
– Cover key criminal risks, and key civil risks, since the goal is to facilitate avoidance of the problems that exist in reality, not just avoidance of indictment.
- Presentation reminders
- – Identify five key points (or less) for people to remember.
– Develop slides to reinforce main points that are effective.
- 1)Readable from back of room.
2)No more than 8 lines.
3)One main point per slide.
4)Use color, pictures, BIG print, but not all caps.
- – Video excerpts are great
- 1)Never talk over the TV
2)Use full length (30 min. +) movies sparingly
- – Printed materials with two roles
- 1)Can encourage active notetaking, but not to distract from presentation.
2)Can serve as a reference
- Refine your presentation technique.
- – Review basic public speaking skills or take a class.
– Rehearse before an audience or videotape: do you do things that distract the audience from your message?
– Practice with your visual aids so there will be no fumbling.
– Are you prepared to handle questions?
– Review presentation room set-up prior to delivery.
– Enable the audience to enjoy your presentation, not suffer through it.
- 1)Announce your schedule and stick to it.
2)Be alert to signs of confusion – watch the audience
3)Use opportunities for audience involvement.
4)Use humor, but don’t try to be a comic.
- – Improve your presentation: use evaluations
- What should the audience remember after the presentation?
- – The key points of your message
– Where to go if they have a question
– It is always OK to ask a question
- Don’t forget to cover agents: non-employees “authorized to act on behalf of the corporation.” FSG §8A1.2 , comment n(3)(d).
9.Evaluate carefully: test for effectiveness
- General rule: When you find a problem, find out why and fix it
- Remember, the goal in most cases is not substantive knowledge, but sensitivity to issues and knowing where to go for answers.
- Record attendance at compliance presentations in personnel records.
- Use auditing with care: very intrusive, may be counterproductive, but in some cases necessary.
- Look for evidence that compliance is occurring
- – Actual classes
– Actual control systems.
– Review and approval in place for certain activities.
10.Keep the message simple: when in doubt, do the right thing.
- Guide to all training: concentrate on key points
- – Intranet reading: headline, then details
– Key messages to remember: “fair and equitable”
- Never wrong to ask first
- Your instincts are usually right