Compliance &Ethics - Society of Corporate Compliance and Ethics

Compliance &Ethics - Society of Corporate Compliance and Ethics

Compliance &Ethics - Society of Corporate Compliance and Ethics

  • No tags were found...

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Letter from the CEOby Roy Snell, CHC, CCEP‐FWhat we have accomplishedSnellFour <strong>of</strong> us from SCCE/HCCA wererecently invited to meet with the head<strong>of</strong> the Department <strong>of</strong> Justice, the head<strong>of</strong> the Securities <strong>and</strong> Exchange Commission’sDivision <strong>of</strong> Enforcement, <strong>and</strong> the head <strong>of</strong>the Department <strong>of</strong> Justice’s FCPAdivision. They asked for a shortdescription <strong>of</strong> our organization. Ithought I would share with you whatI shared with them. Our growth hasbeen explosive. We have not spentmuch time looking back. It was interestingto reflect on what we haveaccomplished as a very young pr<strong>of</strong>ession.The <strong>Society</strong> <strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong><strong>and</strong> <strong>Ethics</strong> <strong>and</strong> the Health Care <strong>Compliance</strong>Association are part <strong>of</strong> a single 501(c)(6) organizationdedicated to helping educate, network,<strong>and</strong> certify compliance <strong>and</strong> ethics pr<strong>of</strong>essionals.Our mission is to help compliance <strong>and</strong> ethicspr<strong>of</strong>essionals become more effective in theirjobs <strong>and</strong> help them implement effective complianceprograms. We have 10,500 members whoare primarily in-house compliance <strong>and</strong> ethicspr<strong>of</strong>essionals managing their organizations’compliance <strong>and</strong> ethics programs. We have individualsfrom academia, government, outsidecounsel, <strong>and</strong> more involved in our organization.We also reach many individuals throughsocial media who are involved in other aspects<strong>of</strong> an effective compliance program, such asaudit, legal, risk, fraud, <strong>and</strong> more. We have over20,000 people following our Twitter feed, 9,500on our dedicated social media site, 15,600 onour LinkedIn compliance groups, <strong>and</strong> 8,000 onFacebook. Through social media we are able tocommunicate news <strong>and</strong> information, <strong>and</strong> sharedocuments that assist our members <strong>and</strong> othersin their efforts to improve their organizations’cultures <strong>and</strong> compliance with the law.We are involved in many aspects <strong>of</strong>compliance <strong>and</strong> ethics education. We havecredentialed <strong>and</strong> assisted in the programdevelopment <strong>of</strong> several colleges that havedeveloped degrees in the compliance <strong>and</strong>ethics field. We hold approximately 60 compliance<strong>and</strong> ethics conferences per year, thelargest <strong>of</strong> which has more than 2,000 attendees.We conduct approximately 35 web conferenceseach year. We publish two magazines with200 articles per year written by compliance<strong>and</strong> ethics pr<strong>of</strong>essionals. We have developedsix basic <strong>and</strong> advanced certification programsfor compliance <strong>and</strong> ethics pr<strong>of</strong>essionals. Over4,000 people hold one <strong>of</strong> the credentials.We have also branched out internationally.We have members from over 50 countries.We will be holding certification training inShanghai, São Paulo, <strong>and</strong> Brussels this year.We have developed numerous national <strong>and</strong>international partnerships with government,industry, <strong>and</strong> other pr<strong>of</strong>essional associations,<strong>and</strong> facilitated collaboration betweenthe compliance <strong>and</strong> ethics pr<strong>of</strong>ession <strong>and</strong> theenforcement community.We have come a long way. We have peoplewho can influence our pr<strong>of</strong>ession asking for ourinput now, when they wouldn’t give us the time<strong>of</strong> day in the past. We are having a few growingpains, but things are very good. We are hiringmore people with expertise that will help takeour pr<strong>of</strong>ession <strong>and</strong> our organization to thenext level. Most <strong>of</strong> all, we have surroundedourselves with lead volunteers that have theright stuff. They are the right people to helpus achieve our mission <strong>of</strong> helping compliancepr<strong>of</strong>essionals be more effective in their jobs<strong>and</strong> implement effective compliance programs.We are looking forward to another great year. ✵Contact Roy Snell at roy.snell@corporatecompliance.org<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 3

ContentsMay/June 2012FeaturesColumns<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 201214 Two days with the FBIby Adam TurteltaubAbout 50 compliance pr<strong>of</strong>essionals got an inside look at the FBI’scompliance program <strong>and</strong> how agents are trained.24 Underst<strong>and</strong>ing the proposedEU data protection regulationby Robert BondBusinesses that process the personal data <strong>of</strong> Europeanswill incur significant compliance obligations when the newregulations take effect.30 Buyers on the takeby Peter J. CrosaAssuming that vendor pay<strong>of</strong>fs are a thing <strong>of</strong> the past may be abit naïve in these tougher economic times.34 It’s time to change the SEC’s cultureby Marlowe DomanThe new Office <strong>of</strong> the Whistleblower will have to overcome thepublic’s perception that the SEC protects, rather than prosecutes,high-level financiers.40 Ethical decision-making models:Decisions, decisionsby Roz BlissWhen faced with an ethical challenge, your employees need asimple tool to help them make the right decision.3 Letter from the CEORoy Snell21 Boehme <strong>of</strong> contentionDonna Boehme29 The art <strong>of</strong> complianceArt Weiss33 View from the front linesMeric Craig Bloch39 Kaplan’s courtJeff Kaplan78 The last wordJoseph Murphy6 NewsDepartments12 People on the move22 SCCE welcomes new members69 SCCE congratulatesnew CCEP ® designees79 Takeaways80 Events calendar4 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

“ ”<strong>Ethics</strong> <strong>and</strong> compliance operativesshould be aware that inappropriatevendor influence is not alwaysblatant <strong>and</strong> easy to spot.See story on page 30<strong>Compliance</strong> & <strong>Ethics</strong>Pr<strong>of</strong>essionalEditor-in-ChiefJoseph Murphy, Esq., CCEP, Of Counsel, CSLG, Haddonfield, NJ,jemurphy@cslg.comExecutive EditorRoy Snell, CHC, CCEP‐F, CEO, roy.snell@corporatecompliance.orgArticles44 Powerful witness preparation:The pure <strong>and</strong> simple truthby Dan Small <strong>and</strong> Robert F. RoachGetting to the truth <strong>and</strong> bringing it out effectively requires preparation.48 The economy, compliance, <strong>and</strong> ethicsby Adam TurteltaubResults <strong>of</strong> SCCE’s latest survey on <strong>Compliance</strong> budgets <strong>and</strong> staffing.50 Overzealous I-9 compliance can result ina discrimination lawsuit [CEU]by Justin EstepCompanies must follow a consistent policy for verifying the employmenteligibility <strong>of</strong> both U.S. citizens <strong>and</strong> non-citizens.52 Meet Frederico Melville Novella<strong>and</strong> Christie Ippischby Adam TurteltaubThe founding father <strong>of</strong> one <strong>of</strong> Guatemala’s leading companies instilled a legacy<strong>of</strong> ethics, values, <strong>and</strong> right conduct.54 <strong>Corporate</strong> codes <strong>of</strong> conduct in theUnited States [CEU]by Gilbert Geis, PhD <strong>and</strong> Henry N. Pontell, PhDA desire to protect the company from vicarious liability runs through thehistory <strong>of</strong> codes <strong>of</strong> conduct.66 Social media evidence: A new accountability [CEU]by Dawn LomerPotential legal issues can arise when discovering evidence on social mediasites <strong>and</strong> authenticating it for use in a courtroom.70 Building transparency, accountability, <strong>and</strong>ethics in government contractingby Eric R. FeldmanContractors who ignore increasingly complex federal regulations <strong>and</strong>self-disclosure requirements may find themselves suspended or debarred.Advisory BoardCharles Elson, JD, Edgar S. Woolard, Jr. Chair in <strong>Corporate</strong>Governance, Director <strong>of</strong> the John L. Weinberg Center for<strong>Corporate</strong> Governance at University <strong>of</strong> Delaware.Jay Cohen, <strong>Compliance</strong> Consultant, Assurant Inc.John Dienhart, PhD, The Frank Shrontz Chairfor Business <strong>Ethics</strong>, Seattle University; Director,Northwest <strong>Ethics</strong> Network; Director, Albers Business<strong>Ethics</strong> Initiative; Fellow, <strong>Ethics</strong> Resource CenterOdell Guyton, JD, CCEP, Senior <strong>Corporate</strong> Attorney,Director <strong>of</strong> <strong>Compliance</strong>, U.S. Legal–Finance & Operations,Micros<strong>of</strong>t CorporationRebecca Walker, JD, Partner, Kaplan & Walker LLPRick Kulevich, JD, Senior Director, <strong>Ethics</strong> <strong>and</strong> <strong>Compliance</strong>,CDW CorporationSteve LeFar, President, Sg2Stephen A. Morreale, DPA, CHC, CCEP, Principal,<strong>Compliance</strong> <strong>and</strong> Risk DynamicsMarcia Narine, JD, Vice President Global <strong>Compliance</strong><strong>and</strong> Business St<strong>and</strong>ards, Deputy General Counsel,Ryder System, Inc.Ann L. Straw, General Counsel US, Votorantim CimentosNorth America, Inc.Greg Triguba, JD, CCEP, Principal,<strong>Compliance</strong> Integrity Solutions, LLCStory Editor/AdvertisingLiz Hergert, +1 952 933 4977 or 888 277 4977liz.hergert@corporatecompliance.orgCopy EditorPatricia Mees, CCEP, CHC, +1 952 933 4977 or 888 277 4977patricia.mees@corporatecompliance.orgDesign & LayoutSarah Anondson, +1 952 933 4977 or 888 277 4977sarah.anondson@corporatecompliance.org<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional (CEP) (ISSN 1523-8466)is published by the <strong>Society</strong> <strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>(SCCE), 6500 Barrie Road, Suite 250, Minneapolis, MN 55435.Subscriptions are free to members. Periodicals postage‐paid atMinneapolis, MN 55435. Postmaster: Send address changes to<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional Magazine, 6500 Barrie Road,Suite 250, Minneapolis, MN 55435. Copyright © 2012 <strong>Society</strong><strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>. All rights reserved. Printedin the USA. Except where specifically encouraged, no part <strong>of</strong> thispublication may be reproduced, in any form or by any means,without prior written consent from SCCE. For subscriptioninformation <strong>and</strong> advertising rates, call +1 952 933 4977or 888 277 4977. Send press releases to SCCE CEP PressReleases, 6500 Barrie Road, Suite 250, Minneapolis, MN55435. Opinions expressed are those <strong>of</strong> the writers <strong>and</strong> not <strong>of</strong>this publication or SCCE. Mention <strong>of</strong> products <strong>and</strong> services doesnot constitute endorsement. Neither SCCE nor CEP is engaged inrendering legal or other pr<strong>of</strong>essional services. If such assistanceis needed, readers should consult pr<strong>of</strong>essional counsel or otherpr<strong>of</strong>essional advisors for specific legal or ethical questions.Volume 9, ISSUE 3+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 5<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012

News<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012<strong>Compliance</strong> <strong>of</strong>ficer ranks highin best business sector jobs listThe work <strong>of</strong> compliance <strong>of</strong>ficershas been spotlighted in aFebruary report in U.S. News<strong>and</strong> World Report. Its “BestJobs <strong>of</strong> 2012” is based on theLabor Department’s employmentprojections. In anoverview, the report detailsthat 50 jobs were selectedfrom five “quick-to-hire”industries: business, creativeservices, health care, science<strong>and</strong> technology, <strong>and</strong> socialservices. The job <strong>of</strong> compliance<strong>of</strong>ficer ranked 13thon the list <strong>of</strong> best businessjobs. The report states, “TheBureau <strong>of</strong> Labor Statisticsprojects compliance <strong>of</strong>ficeremployment growth <strong>of</strong> 15percent between 2010 <strong>and</strong>2020. That’s 32,400 new jobs<strong>and</strong> 26,200 replacement jobs.”To view the entire report:http://money.usnews.com/money/careers/articles/2012/02/27/the-best-jobs-<strong>of</strong>-2012Public rebuke <strong>of</strong> culture atGoldman Sachs opens debateWhen Greg Smith, a midlevel executive at Goldman Sachs,delivered his resignation in The New York Times on March 14,2012, he sparked a new round <strong>of</strong> debates about ethical failures<strong>and</strong> their impact on Wall Street. The 33-year-old confessed hisdisillusionment in the form <strong>of</strong> an Op-Ed article, “Why I AmLeaving Goldman Sachs.” Among the sentiments he revealed:“It makes me ill how callously people still talk about ripping <strong>of</strong>fclients.” Smith further states, “It astounds me how little seniormanagement gets a basic truth: If clients don’t trust you, theywill eventually stop doing business with you.”Worldwide media coverage <strong>of</strong> the resignation generallyfocused on the question <strong>of</strong> whether anything has changedon Wall Street in the three years since the financial crisistook down so many once pr<strong>of</strong>itable firms. Opinion pieces ranthe gamut, including “Why Greg Smith is Dead Right,” to“Goldman Rant a Case <strong>of</strong> Sour Grapes.”Read the latest news online · www.corporatecompliance.org/newsEU agenciessay Googlebreaking lawA European Union (EU)Justice Commissioner,Viviane Reding, assertedin March that Google’s newprivacy policy is in breach<strong>of</strong> European law. Google’snew policy, implemented onMarch 1, 2012, means privatedata collected by one<strong>of</strong> Google services can beshared with its other platforms,including YouTube,gmail <strong>and</strong> Blogger. Userscannot opt out <strong>of</strong> the newpolicy if they want tocontinue using Google’sservices.In a March 1 interviewwith BBC Radio Four, Redingstated “[The new policy] isnot in accordance with thelaw on transparency <strong>and</strong> itutilizes the data <strong>of</strong> privatepersons in order to h<strong>and</strong> itover to third parties, whichis not what the users haveagreed to.” In addition,France’s data regulationauthority (the CNIL) hasindicated that it plans tolead a European-wide investigationinto the policy.“It astounds me how little senior management gets a basictruth: If clients don’t trust you, they will eventually stopdoing business with you.” Greg Smith, former executive at Goldman Sachs6 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

NewsWebsites uncover petty briberyaround the worldA website started in August2010 (ipaidabribe.com) hasbeen so popular that similarsites have been launchedaround the world. The sitesall provide a similar service:a way for citizens to anonymouslyconfess bribes paid<strong>and</strong> bribes requested butnot paid. Ipaidabribe.com,sponsored by the nonpr<strong>of</strong>itJanaagraha in India, haslogged more than 400,000such confessions since itslaunch. The anonymousreports include everydayrequests for bribes that privatecitizens face in order tohave documentation or servicesdelivered. In a March 5article in The New York Times,Swati Ramanathan, one<strong>of</strong> the website’s founders,said that public <strong>and</strong> privateagencies from 17 countrieshave asked for assistance insetting up equivalent programs.In addition, she saidthat Janaagraha plans t<strong>of</strong>orm an international coalition<strong>of</strong> such groups so theycan share <strong>and</strong> assist eachother.2012 <strong>Compliance</strong> & ETHICS INSTITUTE PREVIEWsession 507: Automating <strong>Compliance</strong> in the iPhone AgeTuesday, October 16, 2012, 11:00 am – 12:00 pmAre you using the power <strong>of</strong> automation inyour compliance program? Are you keepingup with a younger workforce that wantsto communicate via social networking?Are your compliance materials painlesslyRead the latest news online · www.corporatecompliance.org/newsTheodore Banks,President,<strong>Compliance</strong> & CompetitionConsultants, LLCavailable on smartphones or pad computers? Are you harnessing the the latestin behavioral analytics to really underst<strong>and</strong> your corporate culture—<strong>and</strong> theweaknesses that your compliance program must address? Are there ways toleverage automation to make a shrinking budget do more? These <strong>and</strong> otherrelated subjects will be discussed in our session "Automating <strong>Compliance</strong> inthe iPhone Age.”Attend SCCE’s 11th Annual <strong>Compliance</strong> & <strong>Ethics</strong> Institute in Las Vegas, NV,to hear more! Visit www.complianceethicsinstitute.org for more information.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 7

www.corporatecompliance.orgCALL FOR AUTHORSShare your expertise in <strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional,published bimonthly by the <strong>Society</strong> <strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> (SCCE). For pr<strong>of</strong>essionals in thefield, SCCE is the ultimate source <strong>of</strong> compliance <strong>and</strong> ethics information, providing the most current viewson the corporate regulatory environment, internal controls, <strong>and</strong> overall conduct <strong>of</strong> business. National <strong>and</strong>global experts write informative articles, share their knowledge, <strong>and</strong> provide pr<strong>of</strong>essional support so thatreaders can make informed legal <strong>and</strong> cultural corporate decisions.To do this we need your help!We welcome all who wish to propose corporate compliance topics <strong>and</strong> write articles.CERTIFICATION is a great means for revealing anindividual’s story <strong>of</strong> pr<strong>of</strong>essional growth! <strong>Compliance</strong> &<strong>Ethics</strong> Pr<strong>of</strong>essional wants to hear from anyone with a CCEPor CCEP-Fellow certification who is willing to contributean article on the benefits <strong>and</strong> pr<strong>of</strong>essional growth he orshe has derived from certification. The articles submittedshould detail what certification has meant to the individual<strong>and</strong> his or her organization.<strong>Compliance</strong> & <strong>Ethics</strong>March/April2012 Pr<strong>of</strong>essionala publication <strong>of</strong> the society <strong>of</strong> corporate compliance <strong>and</strong> ethicscompliance insights fromTAMKO Building Products, Inc.Robert BradleyVice President <strong>and</strong>General Counsel22Recipe for a<strong>Compliance</strong> Dayin 2012Cynthia Scavelli28GRC focus: Keepyour employeesclose <strong>and</strong> yourauditors closerSteve McGrawArt WeissChief <strong>Compliance</strong><strong>and</strong> <strong>Ethics</strong> Officer32<strong>Compliance</strong> ina casino worldMichele AbelyDavid C. Humphreyspage 14President<strong>and</strong> CEO36DOJ review:FBI’s Integrity<strong>and</strong> <strong>Compliance</strong>ProgramEmil MoschellaPlease note the followingupcoming deadlines forarticle submissions:· May 15, 2012· July 15, 2012· September 15, 2012· November 15, 2012Earn CEUs!Please note that the CCB awards 2 CEUs to authors <strong>of</strong>articles published in <strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional.Topics to consider include· Anticipated enforcement trends· Developments in compliance <strong>and</strong> ethics<strong>and</strong> program-related suggestions for riskmitigation· Fraud, bribery, <strong>and</strong> corruption· Securities <strong>and</strong> corporate governance· Labor <strong>and</strong> employment law· Healthcare fraud <strong>and</strong> abuse· Anti-money laundering· Government contracting· Global competition· Intellectual property· Records management <strong>and</strong> business ethics· Best practices· Information on new laws, regulations, <strong>and</strong>rules affecting international compliance<strong>and</strong> ethics governanceIf you are interested in submitting an article for publication in <strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional,e-mail Liz Hergert at liz.hergert@corporatecompliance.org

SCCE NewsSCCE conference NewsNational conferences··<strong>Compliance</strong> & <strong>Ethics</strong> Institute,October 14–17, Las Vegas at Ariawww.complianceethicsinstitute.orgGeneral sessions will include:––Why Do We Root for the Good Guy Even IfHe’s Doing Bad? Jon Turteltaub, Director,National Treasure / Jay Kogen, Former Producer,The Simpsons / Chris Bohjalian, New York Timesbestselling author <strong>of</strong> Midwives––Strategies for Enhancing Your Effectiveness asa <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> Officer: Daniel Roach,Co-Chair, SCCE Advisory Board <strong>and</strong> VP <strong>Compliance</strong>& Audit, Dignity Health––<strong>Ethics</strong>, Leadership <strong>and</strong> Temptation in theWorkplace: James B. Stewart, Pulitzer Prize winner<strong>and</strong> columnist for The New York Times, author,Tangled Webs: How False Statements Are UnderminingAmerica: From Martha Stewart to Bernie Mad<strong>of</strong>f––Lessons We Don’t Learn: <strong>Corporate</strong> Sc<strong>and</strong>als,Why We Repeat Them, <strong>and</strong> How We CanLearn From Them: Donna C. Boehme, Principal,<strong>Compliance</strong> Strategists LLC / David J. Heller,Vice President <strong>and</strong> Chief <strong>Ethics</strong> <strong>and</strong> <strong>Compliance</strong>Officer, Edison International / Joseph E. Murphy,Of Counsel, <strong>Compliance</strong> Systems Legal Group··Higher Education <strong>Compliance</strong>Conference, June 3–6, Austin, Texaswww.highereducationcompliance.orgSessions will include:––Defining <strong>and</strong> Communicating the Role <strong>of</strong><strong>Compliance</strong> & <strong>Ethics</strong>: Adam Turteltaub, VicePresident <strong>of</strong> Membership Development, <strong>Society</strong><strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> & <strong>Ethics</strong> (moderator) /Donna McNeely, University <strong>Ethics</strong> Officer, University<strong>of</strong> Illinois / Grace Fisher Renbarger, Former VicePresident <strong>and</strong> Chief <strong>Ethics</strong> & <strong>Compliance</strong> Officer forDell Inc. / Kimberly F. Turner, Chief Audit Executive,Texas Tech University System––Behavioral <strong>Ethics</strong>: Why Good People Do BadThings: Robert Prentice, Pr<strong>of</strong>essor <strong>of</strong> Business Law<strong>and</strong> Business <strong>Ethics</strong> in the Business, Government &<strong>Society</strong> Department, McCombs School <strong>of</strong> Business,University <strong>of</strong> TexasAcademieswww.corporatecompliance.org/academiesAcademies address methods for implementing<strong>and</strong> managing compliance programs basedon the Seven Element Approach. Courseswill address subject matter in each <strong>of</strong> theseareas <strong>and</strong> better prepare interested parties forthe CCEP ® exam. The Academy is designedfor participants with a general knowledge <strong>of</strong>compliance concepts <strong>and</strong> anyone working in acompliance function.Regional conferenceswww.corporatecompliance.org/regionalSCCE’s regional conferences are one-dayprograms designed to provide the hot topics<strong>and</strong> practical information that compliancepr<strong>of</strong>essionals need to create <strong>and</strong> maintaincompliance programs in a variety <strong>of</strong> industries.Upcoming 2012 regionals include:··New York, May 18··Anchorage, June 15··San Francisco, June 22··Atlanta, October 12··Houston, November 2Web conferenceswww.corporatecompliance.org/webconferencesSCCE members save $850 by purchasinga web conference subscription. Select 10individual sessions for only $900 (versus $1,750if purchased separately).Find the latest conference information online · www.corporatecompliance.org/events<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 9

SCCE NewsSCCE website NewsContact Tracey Page at +1 952 405 7936 or email her at tracey.page@corporatecompliance.org with any questions about SCCE’s website.SCCE website redesignOn May 16, you will notice the SCCE website has been redesigned.We still have all the same information listed online as before, but weorganized it so it’s easier to locate <strong>and</strong> use.A few <strong>of</strong> the major updates included in SCCE’s redesign are:··Improved navigation··Easier registration for events··Simpler product ordering··More efficient processing for memberships <strong>and</strong> renewals··Better CEU tracking··And much more!If you are having trouble finding anything in the coming weeks,please do not hesitate to call our <strong>of</strong>fice or email us to ask for something:helpteam @ corporatecompliance.org or +1 952 988 0141<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Don’t forget to earn your CCB CEUs for this issueComplete the <strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional CEUquiz for the articles below from this issue:··Overzealous I-9 compliance can result ina discrimination lawsuit, by Justin Estep(page 50)··<strong>Corporate</strong> codes <strong>of</strong> conduct in theUnited States, by Gilbert Geis, PhD <strong>and</strong>Henry N. Pontell, PhD (page 54)··Social media evidence: A new accountability,by Dawn Lomer (page 66)To complete the quiz:Visit www.corporatecompliance.org/quiz, thenselect a quiz, fill in your contact information, <strong>and</strong>answer the questions. The online quiz is self-scoring<strong>and</strong> you will see your results immediately.You may also fax or mail the completed quiz to CCB:Fax: +1 952 988 0146mail:Find the latest SCCE website updates online · www.corporatecompliance.org<strong>Compliance</strong> Certification Board6500 Barrie Road, Suite 250Minneapolis, MN 55435, United StatesQuestions? Call CCB at +1 952 933 4977 or888 277 4977.To receive one (1) CEU for successfully completingthe quiz, you must answer at least three questionscorrectly. Quizzes received after the expiration dateindicated on the quiz will not be accepted. Eachquiz is valid for 12 months, starting with the month<strong>of</strong> issue. Only the first attempt at each quiz will beaccepted.10 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

SCCE NewsNewsContact Eric Newman at +1 952 405 7938 or email him at eric.newman@corporatecompliance.org with any questions about SCCEnet.SCCEnet (www.corporatecompliance.org/SCCEnet) is the mostcomprehensive social network for compliance pr<strong>of</strong>essionals.Subscribe to dozens <strong>of</strong> discussion groups <strong>and</strong> get yourcompliance questions answered. Stay informed on the latestcorporate compliance news <strong>and</strong> information. Network with yourcolleagues <strong>and</strong> stay connected with our mobile app.Subscribe to the following SCCEnet compliancediscussion groups:··Go to www.corporatecompliance.org/groups <strong>and</strong>click “My Subscriptions” to subscribe todiscussion groups <strong>and</strong> participate.––2012 SCCE <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> Institute––Multi-Industry Auditing <strong>and</strong> Monitoring<strong>Compliance</strong> Network––Multi-Industry Chief <strong>Compliance</strong><strong>Ethics</strong> Officer Network––Multi-Industry Global <strong>Compliance</strong> <strong>and</strong><strong>Ethics</strong> Community––Multi-Industry <strong>Ethics</strong> Forum––Communication Training <strong>and</strong> Curriculum Development––Competition Law <strong>and</strong> Antitrust Network––<strong>Compliance</strong> Risk Management––European <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>––FCPA: Foreign Corrupt Practices Act Forum––Financial Institutions Network––Higher Education Forum––Investment Management Forum––SCCE <strong>Compliance</strong> Academies––Social Media <strong>Compliance</strong>––Social Responsibility Forum––Utilities <strong>and</strong> Energy NetworkPopular SCCEnet discussions··Multi-Industry Chief <strong>Compliance</strong> <strong>Ethics</strong>Officer Network––What’s a CLO? Book review for “The Cost <strong>of</strong><strong>Compliance</strong>” shows unfamiliarity with “<strong>Compliance</strong>Officer” title: http://bit.ly/whatsaclo––In praise <strong>of</strong> <strong>of</strong>fice politics:http://bit.ly/praise<strong>of</strong>ficepolitics––New EU privacy rules: http://bit.ly/euprivacy––Lawyer who spotted broker fraud rewarded with5-year SEC ordeal: http://bit.ly/sec5year··Multi-Industry Auditing <strong>and</strong> Monitoring<strong>Compliance</strong> Network––Companies should use metrics to defend themselvesfrom Dodd-Frank whistleblower claims, report says:http://bit.ly/doddfrankmetrics··Multi-Industry <strong>Ethics</strong> Forum:Ideals <strong>and</strong> <strong>Ethics</strong>––The next business edge? http://bit.ly/idealsethics––Giving back: http://bit.ly/givingbackethics··FCPA: Foreign Corrupt Practices Act Forum––FCPA Fines/Penalties: http://bit.ly/fcpafinesUpdate your SCCEnet pr<strong>of</strong>ile using LinkedIn ®··You can update your SCCEnet pr<strong>of</strong>ile withinformation from your LinkedIn ® pr<strong>of</strong>ile.Instructions at www.corporatecompliance.org/updatepr<strong>of</strong>ileWatch compliance videos on YouTube··Subscribe to SCCE’s YouTube channel:www.youtube.com/compliancevideosSCCE is now on Google+··Add SCCE to your circles:www.corporatecompliance.org/googleFind the latest SCCEnet updates online · www.corporatecompliance.org/sccenet<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 11

People on the Move<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012· Cynthia Scavelli, Esq.,CCEP, FIS <strong>Corporate</strong><strong>Compliance</strong> & <strong>Ethics</strong> Counsel,has been selected as one<strong>of</strong> The Jacksonville BusinessJournal’s “40 Under 40” for2012. Scavelli has also beenappointed as the new leader<strong>of</strong> the Northeast Florida<strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> UserGroup for 2012 in Jacksonville,Florida. The group servesas a resource to companies,community organizations,<strong>and</strong> governmental agencies inNortheast Florida to promoteawareness <strong>and</strong> influence, educate,<strong>and</strong> support the value<strong>of</strong> compliance <strong>and</strong> ethicsprograms in business <strong>and</strong> ourcommunity.· On March 5, 2012, Lisa D.Pleasant was appointed the<strong>Compliance</strong> Manager for St.John’s Community Services <strong>of</strong>Washington DC, a nonpr<strong>of</strong>itorganization committed toadvancing community supportopportunities for peopleliving with disabilities. Shewas the Regulatory AffairsCoordinator for Aria Health,a hospital in Philadelphia,<strong>and</strong> she is the former <strong>Ethics</strong>Specialist <strong>and</strong> Alternate<strong>Ethics</strong> Liaison Officer for theUniversity <strong>of</strong> Medicine <strong>and</strong>Dentistry <strong>of</strong> New Jersey.Peopleon theMove· David Childers has beennamed Chief ExecutiveOfficer at Compli, a provider<strong>of</strong> on-dem<strong>and</strong>Human Resources, Safety,<strong>and</strong> <strong>Compliance</strong> managements<strong>of</strong>tware. Lon Leneve,President <strong>of</strong> Compli, says,“David is a pioneer in theGRC field <strong>and</strong> has a trackrecord for being one <strong>of</strong> themost dynamic <strong>and</strong> innovativeindividuals in the industry.”Prior to joining Compli,Childers was a founder <strong>and</strong>CEO <strong>of</strong> <strong>Ethics</strong>Point, one<strong>of</strong> the leading global riskawareness organizations.Childers sits on the Board <strong>of</strong>SCCE <strong>and</strong> is a member <strong>of</strong> the<strong>Ethics</strong> & <strong>Compliance</strong> OfficerAssociation (ECOA), theInternational Association <strong>of</strong>Privacy Pr<strong>of</strong>essionals (IAPP),<strong>and</strong> a charter member <strong>of</strong> theOpen <strong>Compliance</strong> <strong>Ethics</strong>Group, where he has been recognizedas an OCEG Fellow.· Newbridge SecuritiesCorporation (NSC) is excitedto announce the addition<strong>of</strong> Michael Bernadino toserve as Chief <strong>Compliance</strong>Officer, effective February13, 2012. Bernadino is athirty-five-year veteran <strong>of</strong> thesecurities industry <strong>and</strong> foundingpartner at IJL FinancialAdvisors, LLC in Charlotte,NC. Todd Newton, President<strong>and</strong> Co-CEO <strong>of</strong> Newbridge,says, “Mike brings a reputation<strong>of</strong> underst<strong>and</strong>ing thefinancial advisors needswhile maintaining soundrelationships with the variousregulatory agencies towhich we report.” NSC is aFINRA member broker-dealerthat engages in full servicesecurities brokerage, investmentbanking, <strong>and</strong> advisoryservices for individuals <strong>and</strong>institutional customers.Received a promotion? Have anew hire in your department? ·If you’ve received a promotion, award, or degree;accepted a new position; or added a new staffmember to your <strong>Compliance</strong> department, please letus know. It’s a great way to keep the compliancecommunity up-to-date. Send your updates toliz.hergert@corporatecompliance.org.12 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Help Keep Your<strong>Compliance</strong> ProgramFully StaffedList Your Job OpeningsOnline with SCCEIt’s hard to have an effective compliance <strong>and</strong> ethicsprogram when you have openings on your team.Help fill those openings quickly—list your compliancejob opportunities with the <strong>Society</strong> <strong>of</strong> <strong>Corporate</strong><strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>.Benefits include:• Listing is posted for 90 days to maximize exposure• Targeted audience• Your ad is also included in our monthly SCCE JobsNewsletter, which reaches more than 14,000 emailsDon’t leave your compliance positions open any longerthan necessary. Post your job listings with SCCE today.www.corporatecompliance.org/newjobsor call +1 952 933 4977 or 888 277 4977

FeatureFBI <strong>Corporate</strong> <strong>Compliance</strong> Officer Outreach EventOctober 25–26, 2011 • Washington, DC & Quantico, Virginiaby Adam TurteltaubTwo days with the FBI<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012When compliance <strong>and</strong> ethics pr<strong>of</strong>essionalshear “FBI,” the initialreaction is likely one <strong>of</strong> fear.There are few things that throw companiesinto more disarray than a dawn raid by theBureau.Yet, on October 25 <strong>and</strong> 26, 2011, the FBIturned expectations on their head <strong>and</strong> playedhost to the <strong>Ethics</strong> <strong>and</strong> <strong>Compliance</strong> pr<strong>of</strong>ession.In a fascinating two-day event, held atheadquarters in Washington DC <strong>and</strong> its trainingfacilities in Quantico, Virginia, the FBIhighlighted its internal compliance program<strong>and</strong> the effect it is having on both its agents<strong>and</strong> pr<strong>of</strong>essional staff. In cooperation with the<strong>Society</strong> <strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>,the FBI provided approximately 50 compliancepr<strong>of</strong>essionals with a rare look inside its program<strong>and</strong> the Bureau’s operations.The program was led by Patrick W.Kelley, an SCCE member <strong>and</strong> AssistantDirector <strong>of</strong> the FBI’s Office <strong>of</strong> Integrity <strong>and</strong><strong>Compliance</strong>, a position which reports toFBI Director Robert S. Mueller III throughDeputy Director Sean Joyce. The FBI is therare agency <strong>of</strong> the federal government thathas a compliance program.Like many private sector programs, theFBI’s was born out <strong>of</strong> actions that fell outside<strong>of</strong> the law. The misuse <strong>of</strong> National SecurityLetters (an investigative tool analogous to anadministrative subpoena) led to a comprehensiveexamination <strong>of</strong> how to prevent anyfuture abuses, including the development <strong>of</strong> acompliance program.As part <strong>of</strong> its research into how to build acompliance program, the FBI quickly realizedthat there was much that could be learnedfrom the private sector <strong>and</strong> began reaching outto the corporate compliance community. SCCEmet with the Bureau for a full day, as part <strong>of</strong>that process, <strong>and</strong> shared its expertise.The program on October 25 <strong>and</strong> 26 wasa “thank you” to the <strong>Compliance</strong> communityfor its support. It was also a reflection<strong>of</strong> the importance that FBI Director Robert14 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureMueller places on compliance programs. AsPatrick Kelley noted, “He recognizes you asthe first line <strong>of</strong> defense.” The program beganwith Kelley outlining the mission <strong>of</strong> the FBI,which places prevention <strong>of</strong> terrorism as itsfirst priority.He also shared the Bureau’s motto—Fidelity, Bravery, Integrity—noting thatintegrity is very much at the core <strong>of</strong> theBureau’s compliance program. It is even one<strong>of</strong> the organization’s core values, he explained.Director Mueller said, “In fact, integrity is thevalue that binds together the very fabric <strong>of</strong> ourinstitutional identity. It defines us <strong>and</strong> whatwe st<strong>and</strong> for; it is how we operate <strong>and</strong> how wemeasure our success. In short, integrity is thetouchstone for everything we do.”All new Special Agents <strong>of</strong> the FBI receiveeight hours <strong>of</strong> ethics training, versus thest<strong>and</strong>ard <strong>of</strong> just one hour for most federalemployees. In addition, immediately prior tobeing sworn in for their positions, every FBIemployee is shown a video that highlightsthe Bureau’s core values. The inspiring productionfeatures FBI employees who faceddifficult decisions in which they were guidedby the core values.“We thought that using real FBI personnelto tell real FBI stories to illustrate each <strong>of</strong>the core values would be the best way to reachboth experienced <strong>and</strong> new employees, <strong>and</strong> toshow that the values really are more than justwords,” said Kelley.The compliance <strong>and</strong> ethics programdoesn’t stop with the video, though. Thereis a permanent <strong>of</strong>fice with a total staff <strong>of</strong> 17people. In addition, compliance managementcommittees, organized along branch or functionallines, meet each quarter, <strong>and</strong> there is aformal meeting every four months with theFBI director <strong>and</strong> the top executives to reviewthe program <strong>and</strong> the risk areas.Attendees left favorably impressed by theFBI’s efforts. “I left with a deeper appreciation<strong>of</strong> the FBI organization. There were manyvaluable lessons to be taken from the program,but one that left a lasting impressionwas the FBI core values. The FBI valuesare ingrained throughout their businessorganization, <strong>and</strong> it is a message that is leveragedfrom the top down to all employees.Everyone is expected to be a leader!” saidTerri Lee, <strong>Corporate</strong> Responsibility Leader <strong>of</strong>the Electric Power Research Institute.The program for the meeting wasn’tsolely about the FBI’s compliance <strong>and</strong> ethicsprogram. It contained a number <strong>of</strong> sessionsdesigned to both enhance the <strong>Compliance</strong>community’s underst<strong>and</strong>ing <strong>of</strong> the FBI <strong>and</strong> <strong>of</strong>compliance risks that the private sector faces.Bryan Smith <strong>of</strong> the Economic Crimes Unitwarned the attendees <strong>of</strong> an uptick in securities<strong>and</strong> commodities fraud, particularly aroundinsider trading. He went on to explain thatthe FBI prioritizes these cases based on factorssuch as systemic risk to the US financialmarket <strong>and</strong> public confidence in the US financialsystem, as well as the number <strong>of</strong> victims.He also provided strong ammunition to thoseadvocating for self-reporting <strong>of</strong> incidents. Heassured the attendees that the companies thatself report <strong>and</strong> cooperate fare far better thanthose that do not.Madeline Payne, an Intelligence Analystwith the Economic Espionage Unit, followedBryan Smith’s presentation. Her focus, <strong>and</strong>that <strong>of</strong> her unit, is protecting trade secretsfrom misappropriation. It’s a significant problem,especially among engineers, because somany trade secrets reside in their heads.It’s also a problem with two fronts for companiesto consider. While most might focus onthe loss <strong>of</strong> a trade secret to a competitor, thereis another grave challenge: the transfer <strong>of</strong> proprietarydata to foreign governments. Thosecommitting this type <strong>of</strong> crime are also significantflight risks, because they are <strong>of</strong>ten nationals<strong>of</strong> the country that they are stealing data for.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 15

FeatureCompanies also need to be alert to therisks <strong>of</strong> money laundering through gift <strong>and</strong>stored-value cards. Increasingly, explainedDouglas Leff, Supervisory Special Agent inthe Asset Forfeiture & Money LaunderingUnit, criminals are taking advantage <strong>of</strong>this virtually untraceable means <strong>of</strong> movingmoney. Companies, particularly retailers,need to be wary <strong>of</strong> unusually high volumes<strong>of</strong> transactions using these instruments.Businesses may also want to consider monitoringemployee expenses which reflectgift card purchases. These purchases maybe innocent, but they may be an indicator<strong>of</strong> a Foreign Corrupt Practices Act(FCPA) violation.every three months, making it difficult toprove who the sender <strong>of</strong> an email was.He also warned companies to be aware <strong>of</strong>the risks <strong>of</strong> cloud computing. The distributedstorage model makes it much more difficultfor law enforcement to identify a criminalafter an intrusion.The day ended with a heated discussion<strong>of</strong> the FCPA. It featured a panel consisting <strong>of</strong>Paula Ebersole, Supervisory Special Agent<strong>of</strong> the FBI’s Washington Field Office; ChrisFavro, a retired FBI agent <strong>and</strong> now SeniorCounsel, <strong>Compliance</strong> <strong>and</strong> Business Conductfor 3M; <strong>and</strong> Charles Duross, Assistant Chief <strong>of</strong>the US Department <strong>of</strong> Justice’s Fraud Section.The conversation included a discussion <strong>of</strong> thedesire <strong>of</strong> the <strong>Compliance</strong> community for theDepartment <strong>of</strong> Justice to provide more informationabout how companies can earn creditfor their compliance programs.Roy Snell, CEO <strong>of</strong> SCCE <strong>and</strong> the HealthCare <strong>Compliance</strong> Association, pointed out,“This is exactly the kind <strong>of</strong> data we need todemonstrate to CEOs <strong>and</strong> boards the valuethat compliance programs can bring to theirorganizations.”<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Another emerging risk area is socialmedia. Michael Kolessar, Supervisory SpecialAgent in the Cyber Unit, reported an increasein incidents <strong>of</strong> extortion using social media.He recounted a case in which a disaffectedcustomer threatened to unleash a torrent <strong>of</strong>online complaints about a company unlessit agreed to his dem<strong>and</strong>s. Kolessar urgedcompanies to report these dem<strong>and</strong>s to lawenforcement promptly while the data is readilyaccessible. Contrary to the belief that digitalcommunications last forever, he explained thatmany Internet providers purge their recordsDay Two <strong>of</strong> the program took place at theFBI’s training facility in Quantico, Virginia.The tour included the Memorial Wall, whichhonors agents killed in the line <strong>of</strong> duty, <strong>and</strong>famed Hogan’s Alley, a few Hollywood-builtcity blocks designed to give agents the opportunityto train in “real life” settings.The training in enforcement for recruitsalso includes 40 hours <strong>of</strong> legal education,the group learned. Lisa Baker, Chief <strong>of</strong> theLegal Instruction Unit, shared a portion <strong>of</strong>the training on the protection <strong>of</strong> civil rights.This program helps recruits underst<strong>and</strong> thesource <strong>of</strong> their authority, as well as the limits<strong>of</strong> it, <strong>and</strong> the value <strong>of</strong> adhering to thoselimits. This portion <strong>of</strong> the training beginswith the U.S. Constitution <strong>and</strong> Bill <strong>of</strong> Rights,16 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featurea copy <strong>of</strong> which is provided to each recruit.To drive the lessons home, the trainingincludes examples <strong>of</strong> the risks that can occurwhen those Constitutional boundaries arebreached.COINTELPRO, a program from severaldecades ago that monitored people the FBIhad deemed a potential threat to the nation,is one <strong>of</strong> the incidents studies. This programonce included a list <strong>of</strong> more than 26,000Americans to be “rounded up” in case <strong>of</strong>a national emergency. The investigation <strong>of</strong>COINTELPRO led to significant changeswithin the FBI, including a set <strong>of</strong> guidelinesfor the FBI that would form the basis <strong>of</strong> itscompliance program.Baker explained that the policy environmentfor domestic operations is now basedon the Constitution, federal statutes, <strong>and</strong>Executive Orders, plus the Attorney GeneralGuidelines, the FBI Domestic Investigation<strong>and</strong> Operational Guide, as well as BureauProgram Policy Implementation Guides.Together these are used to direct the FBI’soperations <strong>and</strong> ensure they comply with thelaw <strong>and</strong> the Bureau’s own st<strong>and</strong>ards.In addition, the FBI operates under aset <strong>of</strong> core values, Patrick Kelley explained.These are:··Rigorous obedience to the Constitution <strong>of</strong>the United States··Respect for the dignity <strong>of</strong> all thosewe protect··Compassion··Fairness··Uncompromising personal <strong>and</strong>institutional integrity··Accountability by accepting responsibilityfor our actions <strong>and</strong> decisions <strong>and</strong> theirconsequences··Leadership, by example, both personal<strong>and</strong> pr<strong>of</strong>essionalThese values help define how the FBIviews itself. For example, according to theFBI’s internal ethics manual: “It is our policyto comply fully with all laws, regulations,<strong>and</strong> rules governing our operations, programs<strong>and</strong> activities…Public service is apublic trust. Those <strong>of</strong> us lucky enough toserve the public in <strong>and</strong> through this greatorganization must adhere to that principle ineverything we do.”The day concluded with a fascinating <strong>and</strong>fun peek into how agents are trained to takethose values <strong>and</strong> the law, <strong>and</strong> apply themwhen facing a scenario in which deadly forcemay be used.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 17

TMFeatureCarl Benoit, Supervisory Special Agent<strong>and</strong> instructor at Quantico, gave the attendeesa sample <strong>of</strong> a two-day training programin which scenes play out on a screen <strong>and</strong>participants (in the case <strong>of</strong> this program,three female <strong>and</strong> one male attendee) had todecide both whether to shoot <strong>and</strong> when. Theirresults were shown on the screen <strong>and</strong> dissectedby Benoit. This session illuminated theConstitutional requirements <strong>and</strong> SupremeCourt interpretations <strong>of</strong> when deadly forcemay be used, <strong>and</strong> how difficult it can be to dothe right thing in a fast-evolving situation inwhich the time between a simple confrontation<strong>and</strong> shots fired by a suspect could be lessthan two seconds.“The ‘Deadly Force’ exercise was particularlyamazing to me,” reported Jim Brigham,Vice President Internal Audit at Petco. “I didn’treally appreciate how quickly <strong>and</strong> decisivelyagents have to act until I went through thisexercise. Even though I knew the exercise washarmless, as the screen counted down to thescene I could feel my anticipation grow. Asthe suspect on the screen turned around, Icould see the gun at his waistline. He startedto run <strong>and</strong> pull his gun <strong>and</strong> I started to shoot.I was much too late <strong>and</strong>, in the excitement,far too inaccurate. This was an incredibleteaching tool which only reinforced my admiration<strong>of</strong> the men <strong>and</strong> women who serve us asFBI agents.”In sum, it was an insightful two days. Ithelped the compliance <strong>and</strong> ethics pr<strong>of</strong>essionalswho attended to better underst<strong>and</strong> the risksthat they face, the asset the FBI could be to theircompanies, as well as the particularly challengesfaced by FBI agents <strong>and</strong> staff as they liveup to their motto <strong>of</strong> Fidelity, Bravery, Integrity. ✵Adam Turteltaub is Vice President <strong>of</strong> Membership Developmentfor the SCCE in Minneapolis, MN. He may be reached atadam.turteltaub@corporatecompliance.org.the premier social networkfor compliance <strong>and</strong> ethics pr<strong>of</strong>essionals<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Why should you log on to SCCEnet ?••Get your questions answered in the community discussion groups••Download compliance documents from our community libraries, or share your own••Stay informed on the latest compliance <strong>and</strong> ethics news <strong>and</strong> guidanceLog on at corporatecompliance.org/sccenetAlso visit SCCE on these popular social media sitesJoin our groupfollow us oncorporatecompliance.org/linkedin twitter.com/scce facebook.com/sccecorporatecompliance.org/googleyoutube.com/compliancevideos18 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

10th AnnualHigher Education<strong>Compliance</strong> ConferenceJune 3–6, 2012 | Austin, TexasAT&T Executive Education Conference CenterCome to Austin, Texas, for the primary networking event for compliance<strong>and</strong> ethics pr<strong>of</strong>essionals within higher education. Don’t miss theoppportunity to gather with your peers <strong>and</strong> discuss emerging issues, sharebest practices, <strong>and</strong> build valuable relationships.Join us in June to hear the following hot topics!• Program Integrity: Juggling <strong>and</strong> Jeopardy• Maximum Efficiency on a Shoestring Budget: Making the Most <strong>of</strong> WhatYou Have• Engaging the University Community in ERM• How to H<strong>and</strong>le Whistleblower Complaints in Higher Education:What Happens after the Whistle Blows• <strong>Compliance</strong> & <strong>Ethics</strong> Programming for Small Campuses: LeveragingResources through Effective Communication across Risk DisciplinesRegister today <strong>and</strong> enjoy the flexibility<strong>of</strong> two conferences for the price <strong>of</strong> one!Complimentary access to HCCA’s Research<strong>Compliance</strong> Conference is included with yourHigher Education <strong>Compliance</strong> Conferenceregistration. The parallel schedule gives youthe freedom to attend sessions at eitherconference—two for the price <strong>of</strong> one.VIEW THE FULL AGENDA & REGISTER ATwww.highereducationcompliance.org

Learn the essentials <strong>of</strong> managing an effective compliance program…Attend SCCE’s 2012BASIC COMPLIANCE & ETHICSACADEMIESin the UNITED STATES, SOUTH AMERICA, EUROPE, <strong>and</strong> ASIAMay 7–10SÃO PAULO, BRAZILJune 11–14SCOTTSDALE, AZJuly 9–12SHANGHAI, CHINAMay 21–24BRUSSELS, BELGIUMJune 25–28SAN DIEGO, CAAugust 13–16BOSTON, MASCCE’s Basic <strong>Compliance</strong> & <strong>Ethics</strong> Academies are three-<strong>and</strong>-ahalf-dayintensive training programs designed to provide youwith the essentials <strong>of</strong> managing an effective compliance <strong>and</strong>ethics program. You’ll be taught by a faculty made up <strong>of</strong> expertswith deep experience in the topics they teach. Be a part <strong>of</strong> theAcademy <strong>and</strong> gain comprehensive knowledge <strong>of</strong>:• St<strong>and</strong>ards, Policies, <strong>and</strong> Procedures• <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> Program Administration• Communications, Education, <strong>and</strong> Training• Monitoring, Auditing, <strong>and</strong> Internal Reporting Systems• Response <strong>and</strong> Investigation, Discipline <strong>and</strong> Incentives• Risk AssessmentAt the end <strong>of</strong> the Academy you can sit for the optional Certified<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional (CCEP) ® exam. The CCEP ®program promotes a st<strong>and</strong>ard <strong>of</strong> requisite knowledge forcompliance <strong>and</strong> ethics, encourages continued personal <strong>and</strong>pr<strong>of</strong>essional growth, <strong>and</strong> enhances the credibility <strong>of</strong> bothcertified pr<strong>of</strong>essionals <strong>and</strong> the compliance programs they staff.SCCE credits earned at the Academy will count towards thecredits required to sit for the certification exam.November 12–15ORLANDO, FLDecember 10–13SAN DIEGO, CA(NOTE: Academy <strong>and</strong> CCEP ® exam are conducted in English at this time.)To learn more about the Academy<strong>and</strong> certification — <strong>and</strong> how theycan help your compliance <strong>and</strong>ethics program, visit us online…www.corporatecompliance.org

Boehme <strong>of</strong> Contentionby Donna BoehmeGoldman Sachs. Culture.Muppets. Talk amongstyourselves.BoehmeYou’ve got to feel pretty bad for theGoldman Sachs PR folks, who probablyspit out their sips <strong>of</strong> triple soyvanilla latte in unison as they turned ontheir iPads to former exec Greg Smith’sexplosive take-this-job-<strong>and</strong>-shove-it resignationin the form <strong>of</strong> a New York Timesop-ed. On the other h<strong>and</strong>, what aperfect made-for-TV movie for those<strong>of</strong> us in the compliance <strong>and</strong> ethicspeanut gallery. You really can’tmake this stuff up.If you haven’t read Smith’s scathingop-ed, “Why I Am LeavingGoldman Sachs,” publicly rebuking the firmfor its “toxic culture” <strong>and</strong> alleging that execsroutinely referred to their clients as “muppets”(British slang for “idiots”—where have youbeen?), here it is. Go ahead, we’ll wait: www.nytimes.com/2012/03/14/opinion/why-i-am-leaving-goldman-sachs.htmlAlthough Goldman, as expected, has vigorouslyrefuted the claims (again, PR peopleworking overtime), this comes at a time whenWall Street firms are under fire for theirgreedy, risk-taking culture that may or maynot have led to the financial meltdown, <strong>and</strong>plays right into the h<strong>and</strong>s <strong>of</strong> those who arguefor more—not less—regulation. For the purpose<strong>of</strong> our discussion here, I’m not votingeither way. For the moment, let’s just file theseobservations under the category <strong>of</strong> “TheThings We Think <strong>and</strong> Do Not Say.”Observation #1: Circle-the-wagons syndrome.Anyone following the speed <strong>of</strong> Wall Streetcircling the wagons could get a bad case <strong>of</strong>whiplash. Connect the dots to Bloomberg’sugly editorial excoriation <strong>of</strong> Smith himself thenext day. www.bloomberg.com/news/2012-03-14/yes-mr-smith-goldman-sachs-is-all-about-makingmoney-view.htmlObservation #2: <strong>Society</strong> still hates snitches.Forget firm culture; as a society, we stillrecoil when people get out <strong>of</strong> line <strong>and</strong> speakup. That’s why Satan created retaliation.Goldman’s counter-attack on Smith was swift<strong>and</strong> continues. In my networks, I’m watchingmany who are usually happy to talk about“tone at the top” <strong>and</strong> “transparency” backaway from this one.Observation #3: The CCO’s fairy tale rarelycomes true.The former CCO in me wants to believeGoldman will take Smith’s criticisms to heart<strong>and</strong> engage their employees in an open dialogueabout ethical culture. But I know thechances <strong>of</strong> that, to quote my all-time favoriteE*Trade talking-baby commercial, “are the sameas being mauled by a polar bear <strong>and</strong> a regularbear in the same day.” www.youtube.com/watch?v=HqVBKO_QM3oAnd that’s my two cents. Now, go <strong>and</strong> talkamongst yourselves! ✵Send comments to Donna Boehme at dboehme@compliancestrategists.com.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 21

SCCE welcomes New Members<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Arizona··Carmen J<strong>and</strong>acek, Arizona Public Service··Calvin Lickfelt, Strategy AssociatesInternational LLC··Sally Murphy, USAble Life··Stefani Rosenstein, Apollo Group, Inc··Jeremy Schudy, Saguaro SurgicalCalifornia··Michelle Alfi, CBRE··Anne Sullivan Daly, Sutter Health··Stefani Dawkins, Cisco Systems··Patrice Eitner, Corinthian Colleges··Samuel Florio, Santa Clara University··Pamela J. Garretson, The Boeing Company··Phil Grevin, Veterinary Pet InsuranceCompany··Temre L. Hanson, Johnson & Johnson··Kirsten Kempe, Johnson & Johnson··Ishrag Khababa, Satellite Healhcare··Sharon L. Masterson, The Boeing Company··Teresa Merry, Monterey Bay Aquarium··Michael A. Miller, Aerojet··John W. Prager, Jr. , Lusardi Construction Co··David Sterling, Adobe Systems Incorporated··Michael L. Whitcomb, UPRRColorado··Kathryn MarturanoConnecticut··Karen Allison··Ralph Archer, III, Goodrich Corp··Allison Ellis, Frontier Communications··Jonathan Ivec, Iona College··Ariel Zhang, Terex CorpFlorida··William H<strong>of</strong>fman, Satcom Direct, Inc··Pamela Kraska, Daytona College··Anita Mixon··Lisa Sullivan, NextEra Energy··Michael Yount, Wellcare Health PlansGeorgia··Amy K. Andrews-Bennett, UCB Inc··Charles Nugent, The Network··Kent Peters, R<strong>and</strong>stad··Robert R. Rentfrow, Georgia Syst OperationsCorp··Audrey Talley, Private Consultant··Suellyn Tornay, Global Payments IncIllinois··Courtney A. Bartlett, TreeHouse Foods, Inc··Thomas Caputo, Tribune Company··Susan Darow, LRN··Kimberly Dascoli, Walgreen Co··Mark Ewald, DeVry Inc··Bridget A. Glynn, GE··Anthony Jones, State Farm Insurance··Akbar Pasha, Baxter HeatlhcareIowa··Lisa A. Arechaveleta, EMC Insurance··Kayla Fl<strong>and</strong>ers, Pioneer Hi-Bred InternationalKansas··Lynne Valdivia, KFMC, IncKentucky··Michael ONeill, Southern Baptist TheologicalSeminary··Tracey Pender-Link, University <strong>of</strong> LouisvilleLouisiana··Kim Chatelain, Jefferson ParishMaine··Beth HansonMassachusetts··Nick Piccirillo, Abt Associates Inc··Lisa Shea, DePuy Co./Johnson & JohnsonMichigan··Barbara Arleth, Hagerty··Jonathan P. Bricker, SAI Global··Michael Womersley, WalgreensMinnesota··Michael Ayotte, ITC Holdings··Miggie E. Cramblit, Midwest ReliabilityOrganization··Brent Eilefson, Upsher-Smith Laboratories,Inc··Joel Green, Upsher-Smith Laboratories, Inc··Kristina Irvin··Saamahn Mahjouri··Robert Overman, Upsher-Smith Laboratories,Inc··Nancy Van Gieson, Upsher-SmithLaboratories, Inc··Robin Wolpert, 3MMissouri··Joy C. Arview, The Boeing Company··Anthony D. Cross, Technolas Perfect Vision··William F. Giese, III, The Boeing Company··Brett Holl<strong>and</strong>, KCP&L··Denise R. Jester, Molina Healthcare··Dean Larson, KCP&L··Chris Parr, KCP&L··Elizabeth A. Scott, Molina Health Care <strong>of</strong>MissouriNebraska··Melanie Scheaffer, Cabela’sNew Jersey··Edward L. Benson, Johnson & Johnson··Brett S. Bissey, UMDNJ··Tamara Brintzingh<strong>of</strong>fer, Johnson & Johnson··Michael R. Clarke, Actavis Inc··Maria Coppinger-Peters, Kearny FederalSavings Bank··Cynthia Coronel, Saint Clare’s Health System··S<strong>and</strong>hya Drinkwater, Johnson & Johnson··Michael Ferrone, Solix, Inc··Patrik Florencio, S<strong>and</strong>oz··Dina Given, Johnson & Johnson··Jane A. Kelly, ZT Systems··Alice A. Leg<strong>and</strong>er, Lockheed Martin··Louis Maus, Koch Modular Process Systems,LLC··Philip Munkacsy, Watson Pharmaceuticals··Elizabeth Rhoades, Novartis/S<strong>and</strong>oz Inc··Roberto Roche, Medco Health Solutions, Inc··Kevin Schatzle, Provide Security LLC··Lori Tasca, Solix Inc··Kathy Tench, Optimer Pharmaceuticals, Inc··Trenor TurnerNew York··Nancy Cohen, The Estee Lauder Companies··Laura Kalick, NYC District Council <strong>of</strong>Carpenters Benefit Funds··Jeffrey Kwastel, New York State Office <strong>of</strong> theAttorney General··Dyana Lee, Thacher Associates··Lynne Plavnick, Volunteers <strong>of</strong> America··Lauren Shy, PepsiCo, IncNorth Carolina··Genevieve M. Black, United Therapeutics··Kirk Crowder, ArchimicaNOrth Dakota··Duane A. Peterson, Green Iron Equipment22 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Ohio··Tim Butler, Teradata Corp··Todd B. Carver, Teradata Corp··Karl Dahlquist, Johnson & Johnson··Hal Greig, ATSG Inc··Adam S. Poe, Mettler-Toledo International Inc··Jeanette Ponds, Teradata Corp··Molly Treese, Teradata Corp··Gary D. Huneryager, OG&EPennsylvania··Deborah Cameron, Synthes Inc··Am<strong>and</strong>a C<strong>of</strong>fey, Messiah College··Noah Davis, Rite Aid Corp··Larry Gibson, De Lage L<strong>and</strong>en··Kim Gunter Upshaw, TridentUSA HealthServices··Jennifer Heller, Comcast Corp··M<strong>and</strong>y Morgan, Erie Insurance Group··Andrew Palmer, Rite Aid Corp··Monika G. Rector, Johnson & Johnson··Christina Serra, Harsco··Hector T. Torres, Carlow UniversitySouth Carolina··Perceffenessee Cantey, AllSouth FCU··Katie Walter, Michelin North America, IncTennessee··Leigh Cheek, University <strong>of</strong> Tennessee··Melissa F. Kell, Walden SecurityTexas··Shirley Allen, Hewlett Packard (HP)··Lincoln Arneal, The University <strong>of</strong> TexasIntercollegiate Athletics··Andrew Baird, GE Oil & Gas··Corey S. Bradford, Prairie View A&MUniversity··Jeff Brockmann, NRG Energy··John Bui, Green Mountain Energy Company··Michelle Renee Dunaway, Scientific DrillingInternational, Inc··Angie D. Gallardo, ConocoPhillips··Steven Gyeszly, Weatherford··Brenda E. Hart, Baylor College <strong>of</strong> Medicine··Stephanie G John, Newfield ExplorationCompany··Reba Leonard, Homel<strong>and</strong> HealthCare, Inc··Esteban Majlat, ConocoPhillips Company··Donna Reed, GE Oil & Gas··Graham Vanhegan, ConocoPhillips··Melissa Wilson, WillbrosVirginia··Donna Abernathy, W.F. Magann Corp··Bill Anderson, DuPont Sustainable Solutions··Joan Andrew, CGI Federal··Douglas A. Hardman, TerreStar Networks Inc··Brian Jenkins, ALON, Inc··Ellen Miles, Zeiders Enterprises, Inc··Melissa Novak, HP··Christopher Sp<strong>of</strong>ford, MicroAire SurgicalInstruments LLC··Katharine Warren, Northrop GrummanWashington··James L. Baggs, Seattle City Light··Lyn Cameron, Micros<strong>of</strong>t Corp··Marie M. Rice, Ambassadors Group, Inc··Charles Ruthford, Intensional Connection,LLC··Nancy Thomas-MooreWisconsin··Val Lehner, ATC (American TransmissionCompany)Washington, DC··Jackie Richardson, FTI ConsultingVirgin Isl<strong>and</strong>s··John F. Lewis, Lewis ConsultingAustralia··Lloyd Kinzett, Harsco CorpBelgium··Gunnar WieboldtBrazil··Renata Oliveira, Machado Meyer Sendacz EOpice Ltda··Rogeria Carla Pergia Assis, Prudential DoBrasil Seguros De Vida SA··Francisco Niclos Negrao, Maganery Nery EDias··Bruno Ferreira Ferraz Camargo, Philips DoBrasil Ltda··Rogeria P.B.R. Gieremek, Serasa Experian··Marcia Muniz, Hyundai Motor Brasil··Maria Claudia Murr, Hewlett Packard··Marcela Pascoareli, Machado MeyerSendacz E Opice Advogados··Mauro Theobald, Grupo MaristaCanada··Richard Khambatta, Integrated PharmaServices IncChina··Xiang Han, MercerEngl<strong>and</strong>··Dan Aharon, DSPS GlobalGermany··Jannica Houben, Tech Data Europe GmbHPakistan··Sultan Ali, RiskDiscovered(BackgroundCheck Private Limited)··Saima Qaiser, RiskDiscovered(BackgroundCheck Private Limited)··Danish Thanvi, RiskDiscovered(BackgroundCheck Private Limited)··Khurram Zahid, RiskDiscovered(BackgroundCheck Private Limited)Romania··Dumitru Uta, Eli Lilly <strong>and</strong> CompanySwitzerl<strong>and</strong>··David Huegin, Clariant International LTD··S<strong>of</strong>ie Melis, Eli Lilly Export S.AUAE··Hind Abdulla Al Shehi, MubadalaDevelopment Company··Kurt L Drake, Mubadala DevelopmentCompanyUK··Lin Forbes Brown, BP International··Tuula Nieminen<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 23

Featureby Robert BondUnderst<strong>and</strong>ing the proposedEU data protection regulation»»The EU is in the process <strong>of</strong> revising its data privacy regime to harmonise data protection across its member states.»»The propsed Data Protection Framework will implement greater enforcement powers that apply to both data controllers<strong>and</strong> data processors.»»The Framework will focus on consent, breaches, data transfers, accountability, <strong>and</strong> liability.»»Individuals will have greater control <strong>of</strong> their personal data, <strong>and</strong> special protections for the data <strong>of</strong> children are included.»»Foreign businesses that target EU citizens will incur significant compliance obligations.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012BondOver the past few years, the EuropeanUnion (EU) has been consultingwith key stakeholders on the need tooverhaul the EU data privacy regime <strong>and</strong> toproduce a harmonized general data protectionframework.On the November 29, 2011, theEuropean Commission “leaked”an updated version <strong>of</strong> its draftGeneral Data Protection Regulation(Regulation) intended to producea harmonized Data ProtectionFramework for the EU, which amongother things will repeal the DataProtection Directive (95/46/EC). The proposedRegulation was finally announced on January25, 2012.The intention <strong>of</strong> the Regulation is “tobuild a stronger <strong>and</strong> more coherent DataProtection Framework in the EU, backed bystrong enforcement that will allow the digitaleconomy to develop across the internal market,put individuals in control <strong>of</strong> their own data,<strong>and</strong> reinforce legal <strong>and</strong> practical certaintyfor economic operators <strong>and</strong> public authorities.”However, the Regulation in its currentform imposes significant changes to the wayin which businesses will have to comply withdata protection laws <strong>and</strong> regulations in the EU.The European Commission considers thata Regulationwill be the most appropriate legal instrumentto define the framework for theprotection <strong>of</strong> personal data in the EU, sincethe direct applicability <strong>of</strong> the Regulationwill reduce legal fragmentation <strong>and</strong> providegreater legal certainty by introducinga harmonized set <strong>of</strong> core rules, improvingthe protection <strong>of</strong> fundamental rights <strong>of</strong>individuals, <strong>and</strong> contributing to the functionality<strong>of</strong> the internal market.The key principles <strong>of</strong> the Data ProtectionDirective <strong>and</strong> the majority <strong>of</strong> the definitionstherein remain the same. However, thereare significant changes to some definitions,clarification over some <strong>of</strong> the principles (inparticular, consent), <strong>and</strong> reinforcement <strong>of</strong>current solutions for data transfers. Mostimportantly, there are new obligations for boththe data controller <strong>and</strong> the data processor withrespect to the role <strong>of</strong> the data protection <strong>of</strong>ficer,as well as obligations involving m<strong>and</strong>atoryreporting <strong>of</strong> data breaches, dramatic increasesto enforcement powers <strong>and</strong> fines, <strong>and</strong> specificresponsibilities with regard to the personaldata <strong>of</strong> children.24 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureBased on the wording <strong>of</strong> the proposedRegulation, businesses with entities in Europethat process personal data, use equipment inthe EU for processing personal data, or are notin the EU but process personal data <strong>of</strong> EU datasubjects or monitor their behavior, will incursignificant compliance obligations.As the Regulation applies to both data controllers<strong>and</strong> data processors, <strong>and</strong> dramaticallyextends the enforcement powers <strong>of</strong> the regulators<strong>and</strong> the fines for non-compliance (i.e., 2%<strong>of</strong> worldwide revenue for negligent or recklessbreach), businesses will need to prepare forinvestment in EU data protection compliance.The current Regulation runs to 116 pages,but our summary <strong>of</strong> the key provisions is asfollows:··The Regulation will be binding on all EUmember states from the date that it comesinto force. That date will be the 20 th dayfollowing the date <strong>of</strong> publication <strong>of</strong> theRegulation in the <strong>of</strong>ficial journal <strong>of</strong> theEuropean Union, <strong>and</strong> the application <strong>of</strong>the Regulation may be two years from theaforementioned date. Our underst<strong>and</strong>ingis that it will take at least a year to debatethe Regulation <strong>and</strong> for it to be approved bythe EU, which means that we can expectthe Regulation to be published in its finalform <strong>and</strong> enter into force in the secondhalf <strong>of</strong> 2013, giving a two-year period forbusinesses to come into compliance by2015, although it is possible that it may beexpedited so as to come in to force by 2014.··The Regulation applies both to data controllers<strong>and</strong> data processors that have eitherlegal entities in the EU, or process personaldata <strong>of</strong> EU data subjects, irrespective <strong>of</strong> thelocation <strong>of</strong> the controller or processor; butthe Regulation does not apply where theprocessing is by an individual purely forpersonal or household activities.··Most <strong>of</strong> the current definitions <strong>of</strong> datasubject, personal data, <strong>and</strong> the like, remainthe same, except that sensitive personaldata now includes genetic <strong>and</strong> biometricinformation, <strong>and</strong> consent is defined as“any freely given specific, informed <strong>and</strong>specific indication <strong>of</strong>” the data subject’ssignification for the purposes <strong>of</strong> processing.Also, “personal data breach” is nowdefined with respect to breach <strong>of</strong> securityfor which new obligations arise.··The data protection principles broadlyremain the same, although it should benoted that consent <strong>and</strong> the mechanismsfor gaining consent are provided in detailin the Regulation. Among other things,the Regulation states that consent cannotbe automatically implied with respect tothe processing <strong>of</strong> employee data, nor withrespect to the processing <strong>of</strong> the data <strong>of</strong> achild, where the child is under the age <strong>of</strong> 13<strong>and</strong> parental consent has not been given.··Fair processing statements or privacynotices will have to be in plain <strong>and</strong> intelligiblelanguage, <strong>and</strong> drafted with certaindata subjects in mind, “in particular forany information addressed specifically toa child” (where a child here is defined asunder the age <strong>of</strong> 18).··In a privacy statement or privacy notice,Article 12 indicates that there needs to bespecific information given to a data subjectwith respect to the nature <strong>and</strong> purposes<strong>of</strong> the processing <strong>of</strong> their data <strong>and</strong> <strong>of</strong> theirrights. There are also detailed requirementsin relation to pr<strong>of</strong>iling <strong>and</strong> the collection <strong>of</strong>data via social network services.· · Although subject access requests are stillpermitted, Article 17 additionally providesthe “right to be forgotten” <strong>and</strong> to have<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 25

Featurepersonal data erased. This new right, inconjunction with the right <strong>of</strong> data portabilityin Article 16, will require businesses toimplement stricter controls over the management<strong>of</strong> databases, particularly wherethey are outsourced.··Articles 16 <strong>and</strong> 17 now provide the rightto object to pr<strong>of</strong>iling, <strong>and</strong> detail the obligations<strong>of</strong> companies that use pr<strong>of</strong>ilingtechnologies.··For the first time, the role <strong>of</strong> the data protection<strong>of</strong>ficer is introduced for all but smallbusinesses. This will require businessesto put in place not only contracts for thisnew position, but also appropriate training<strong>and</strong> authority for purposes <strong>of</strong> compliance.We think it likely that the data protection<strong>of</strong>ficer will be the person responsible formaintaining internal compliance registers,<strong>and</strong> serving as the interface between thebusiness <strong>and</strong> the regulators.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012··The obligations for the data controller, jointdata controllers, <strong>and</strong> the data processor areredefined. In addition, the data processorwill have direct liability for compliance,which does not exist in the current regime.··While the concept <strong>of</strong> registration witha data protection authority is likely toremain in place, there is now under Article28 a new obligation for the controller <strong>and</strong>processor to maintain an internal register<strong>of</strong> compliance, <strong>and</strong> to make this registeravailable on request to the Data ProtectionAuthority by virtue <strong>of</strong> its new powers.··There are enhanced requirements for datasecurity, <strong>and</strong> specifically in Article 31,there is a m<strong>and</strong>atory breach notificationprocedure for all but small enterprises.··There are new details in relation to PrivacyImpact Assessments <strong>and</strong> specific priorauthorizations <strong>and</strong> prior consultationsbefore data processing or data transfersmay be permitted. In relation to data transfers,there is considerably more detail onbinding corporate rules as a solution totrans-border data flows or trans-borderdata transfers.··Although there are other specific issues,the last one that we wanted to mention is inrelation to the new powers <strong>of</strong> enforcementfor the Data Protection Authorities whowill monitor, audit, provide guidance, hearcomplaints, conduct investigations, opineon compliance issues, <strong>and</strong> issue licences forinternational data transfers. Furthermore,with respect to breaches <strong>of</strong> the Regulation,there is a whole new range <strong>of</strong> penalties <strong>and</strong>sanctions with fines for minor breaches<strong>of</strong> 0.5% <strong>of</strong> a business’s annual worldwideturnover, rising to 2% <strong>of</strong> annual worldwideturnover in the case <strong>of</strong> intentional or negligentbreach <strong>of</strong> the Regulations.Although there is no guarantee that theproposed Regulation will be the final publishedRegulation, we anticipate that at thisstage few significant changes or additions willbe made, <strong>and</strong> therefore, we are starting theprocess <strong>of</strong> considering the full range <strong>of</strong> compliance,policies, practices, <strong>and</strong> procedures thatwill be necessary for small, medium, <strong>and</strong> largeenterprises, whether operating in a single EUmember state or operating globally. ✵Robert Bond is Head <strong>of</strong> Data Protection & Information Law atSpeechly Bircham LLP in London, Engl<strong>and</strong>. He may be contacted atrobert.bond@speechlys.com.26 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Get expert guidance with:The Complete <strong>Compliance</strong> <strong>and</strong><strong>Ethics</strong> Manual, Second EditionWritten by experienced compliance <strong>and</strong> ethics pr<strong>of</strong>essionals, this continually updatedresource <strong>of</strong>fers assistance for every area <strong>of</strong> the compliance <strong>and</strong> ethics world, including:• <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>: What It Is, Why It’s Needed• Essential Elements <strong>of</strong> an Effective Program• Strategies for Implementation• Measuring Effectiveness• Recent Regulatory Developments• Guidance for Specific Risk Areas, including:– Anti-Corruption <strong>and</strong> Anti-Bribery– Anti-Money Laundering– Antitrust– Conflicts <strong>of</strong> Interest– False Claims Act– Fraud Prevention– Gifts <strong>and</strong> Entertainment– Government Contracting– Mergers <strong>and</strong> Acquisitions– Privacy Issues– Records Management– U.S. Export Controls– Voluntary Disclosure– Wage <strong>and</strong> Hour <strong>Compliance</strong>Book Price & Annual Subscription Rate:$359 for SCCE Members$399 for Non-MembersSubscription service allows continuous receipt<strong>of</strong> quarterly updates (the first four updates arefree with purchase <strong>of</strong> the manual)To order, visit SCCE’s websiteat www.corporatecompliance.org/booksor call +1 952 933 4977 or 888 277 4977

The Art <strong>of</strong> <strong>Compliance</strong>by Art Weiss, JD, CCEPExcuses, excusesWeiss“That’s a dumb rule!”“Everyone else does it.”“Nobody will care.”“They can afford it.”“Who is going to know?”“They owe me.”Shall I go on? The list <strong>of</strong> excuses forunethical or sometimes even illegalbehavior can become quite long. Theseexcuses are nothing more than rationalizations<strong>and</strong> justifications for engaging inconduct which we know is wrong, but (pickone from the list above). Admittedly,there may be a few dumb rules <strong>and</strong>even a few dumb laws out there.Some folks pick <strong>and</strong> choose whichrules can be ignored or broken.<strong>Society</strong> heads towards trouble whenthat happens.Have you ever heard <strong>of</strong> anemployee taking home <strong>of</strong>fice supplies—maybeduring August when it’s back-to-school time?Maybe some Post-it ® Notes, staples, paperclips,or paper? That’s theft, people! Big deal. “Theycan afford it.” “They owe me.” “Everyone elsedoes it.” Those kinds <strong>of</strong> rationalizations canspill over into accounting, safety, environmental,conflicts <strong>of</strong> interest, gifts, <strong>and</strong> many otherregulations <strong>and</strong> laws with which compliancepr<strong>of</strong>essionals deal.Be honest. Do you turn your cell phone <strong>of</strong>fwhen the flight attendant says? Or do you turn<strong>of</strong>f the screen, put it into airplane mode, or turnit face down? Is it a dumb rule? There has neverbeen an aviation accident caused by havingelectronic devices remain on during flight (thatwe know <strong>of</strong>). Recently, a Southwest Airlinespassenger was met by the police after refusingto turn <strong>of</strong>f his cell phone, <strong>and</strong> a well-knownAmerican Airlines passenger made big newswhen he was removed from a flight becausehe wouldn’t stop playing a game on his devicewhen asked—a violation <strong>of</strong> FAA regulations.Some folks pick <strong>and</strong> choose whichrules can be ignored or broken.<strong>Society</strong> heads towards troublewhen that happens.It was interesting to read the online debatethat ensued in some <strong>of</strong> the comments postedunder the story about the Southwest incident.One commenter blamed the airlines <strong>and</strong>justified the passenger’s conduct by sayingthat passengers need to be on their phones,because <strong>of</strong> all the flight delays. Another saidthe government <strong>and</strong> media are lying. Thatscares me, <strong>and</strong> it should scare you too.For those responsible for enforcing rules<strong>and</strong> laws, there is hope, however. They arecertain to agree with the commenter whosaid, “I think it’s nonsense, but just follow therules, people.” ✵Art Weiss is Chief <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> Officer at TAMKO Buildingproducts in Joplin, MO. He may be contacted at art_weiss@tamko.com.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 29

Featureby Peter J. CrosaBuyers on the take»»Embezzlement or misappropriation isn’t limited to line employees. The E&C purview net should be cast from the lowest levelemployee to the executive board, <strong>and</strong> from stockroom to boardroom.»»Staff is more likely to be influenced by unscrupulous vendors while away from the <strong>of</strong>fice.»»No vendor should be considered incapable <strong>of</strong> inappropriate influence, from janitors to lawyers.»»Investigators frequently uncover an employee perpetrator who has a tragic character flaw that is germane to misappropriation.»»Cash kickbacks, entertainment, <strong>and</strong> other untraceable gifts are <strong>of</strong>ten subject to misappropriation.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012CrosaI’ve met many a vendor who has a storyabout buyers on the take. It frequentlyinvolves hearsay or what someone toldsomeone else. The topic comes up in almostall <strong>of</strong> my workshops <strong>and</strong> no ethics <strong>and</strong> complianceprogram would be complete withoutaddressing the matter.To be sure, embezzlement in industrydoesn’t start with buyers. I once investigateda loss on behalf <strong>of</strong> a major corporation thatinsured the fidelity <strong>of</strong> the board <strong>of</strong>directors <strong>of</strong> a hybrid Miami healthinsurer. The hybrid group specializedin selling health insuranceplans to small businesses at incrediblylow rates. Unfortunately, one, orsome, or all <strong>of</strong> the board membersabsconded with the $75 million inpremiums they’d collected. One <strong>of</strong> the men, Ilater determined, was a Columbian logisticsentrepreneur (think about it) whose nephewdrove a Maserati to his exclusive CoconutGrove private prep school. When policyholderemployees started submitting medical claims,no funds were available for the payment <strong>of</strong>claims.I remember investigating a vendor wh<strong>of</strong>urnished a “VIP buyer lounge” in a specialroom above his warehouse. Desks were set upfor buyers to do their paperwork, <strong>and</strong> refrigeratorswere loaded with snacks <strong>and</strong> adultbeverages. Buyers were invited to come in anyday <strong>of</strong> the week <strong>and</strong> encouraged to bring theirfiles to work in privacy, away from the bustle <strong>of</strong>their <strong>of</strong>fice, ringing phones, <strong>and</strong> other distractions,in order to get some paperwork done. Ofcourse, this was the vendor’s attempt to get afoot in the door on the next major purchase.I remember listening to an interview <strong>of</strong> asenior buyer. He was recounting how someonehe knew (I’m sure he was describing himself)was at a law firm Christmas party <strong>and</strong>walked in to use the men’s room. One <strong>of</strong> theattorney hosts walked in <strong>and</strong> stood at the adjacenturinal, pulled an envelope from his coatpocket, <strong>and</strong> h<strong>and</strong>ed the buyer the envelopewith eleven $100 bills in it. Three thoughtsstruck me. First, why eleven $100 bills? Whynot ten or fifteen or twenty? Second, whyat the urinal? Don’t even speak to me if I’mst<strong>and</strong>ing at a urinal. Third, I thought, wowattorneys do this too? So much for my naïveperception <strong>of</strong> attorneys as the pillars <strong>of</strong> oursociety.Those events are generally a thing <strong>of</strong> thepast. Today, you’ll occasionally read headlinesin the trade papers about a bailee who tipped<strong>of</strong>f looters to a high-value shipment or buyerswho created phantom vendors, wrote checksin payment <strong>of</strong> merch<strong>and</strong>ise, <strong>and</strong> converted thechecks to cash for their own private use. But intoday’s environment <strong>of</strong> electronic paper trails,audits, <strong>and</strong> other covert detection methods,that method <strong>of</strong> embezzlement is insanity. But,30 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureadmittedly it happens. And, almost always,investigators will develop a perpetrator with atragic flaw, such as a cocaine habit gone awry,a mistress, or a g-string diva. No <strong>of</strong>fense tostrippers, but I’ve investigated dozens <strong>of</strong> cases<strong>of</strong> embezzlement, <strong>and</strong> there’s almost always astripper driving the crime.One more story involving a fairly big-ticketitem. A vendor financed a $40,000 additionto a buyer’s home—free <strong>of</strong> charge. This cameout in one <strong>of</strong> my workshops, <strong>and</strong> again, it was“hearsay” but totally believable. The justification,according to the vendor, was “that buyergave us over a million dollars in businesslast year.” Of course, upon further inquiry, Ilearned that after the addition was built, thebuyer was so nervous about continuing workwith that vendor that the flow <strong>of</strong> businessceased. The moral <strong>of</strong> the story is: If you wantto kill the goose that lays golden eggs, build anaddition onto his house.Now, fast–forward to 2011. Earlier thatyear, I was speaking with a jewelry vendorabout his efforts to increase his market share<strong>of</strong> business to retail buyers. At some point, hetossed into the conversation a comment thatstopped me in my tracks. The dialogue wassomething like this:Vendor: Of course, I know you’ve got to beready to pay <strong>of</strong>f the buyer.PJC: Well, that was a thing <strong>of</strong> the past <strong>and</strong>doesn’t really happen anymore. It’s unlikely abuyer is going to hit you up for cash.Before I could finish the “sh” in cash, hesaid “Oh no, it does happen. We just lost anaccount because the buyers were pressuringus for cash kickbacks.”I told him that it was dangerous to evendo business with buyers who were so blatantabout dem<strong>and</strong>ing cash for business <strong>and</strong>that there are other ways to influence buyers,while helping them stay on the high ground.Incidentally, I’m not outraged by a vendorthinking he has to pay <strong>of</strong>f a buyer. After all, wedo engage in promotional <strong>and</strong> entertainmentexpense <strong>and</strong>, to an enterprising vendor, theremay be little difference in taking a client todinner or giving him the equivalent cash or agift certificate. But to the corporate entity, <strong>and</strong>generally speaking, society, there is a difference.The money used to influence buyers canbe directly linked to increased costs to theiremployer <strong>and</strong>, ultimately, to the end consumer.A few months later, another vendor ina completely different specialty mentionedthat he had been told that a vendor he knowsis having to pay kickbacks to a buyer. Whatwas particularly unusual was that the situationhe described involved a preferred vendorprogram in which the vendor had alreadycompleted the qualifying process to participatein the program. Not only that, but theseprograms usually involve a contract thatincludes audit permission language designedto prevent kickbacks to buyers. That alonemade me wonder about the veracity <strong>of</strong> theinformation, or at least maybe the whole storywasn’t being conveyed.The bottom line here is that, whereas Ihadn’t personally heard <strong>of</strong> any such activityfor several years (unless I read it in the tradepapers), I’m hearing it again <strong>and</strong> more <strong>of</strong>ten.Is it possible the economic crisis <strong>of</strong> recenttimes is having an effect on the supply chainthroughout industries—industries that normallysafeguard their integrity <strong>and</strong> reputationwith the utmost care? This could mean we’rein a treacherous environment.So, here’s some advice. <strong>Ethics</strong> <strong>and</strong> complianceoperatives must insist on frequentreview <strong>and</strong> adherence to established policieson vendor/buyer relationships. Frankly, itwould not break my heart to see very rigid“zero tolerance” rules on vendor promo <strong>and</strong>entertainment. The following admonitionis applicable to both buyer <strong>and</strong> vendor. If avendor or buyer pressures you or tries inappropriateinfluence, that person is a loose<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 31

Featurecannon <strong>and</strong> will eventually slip up <strong>and</strong> sabotagethemselves, just before throwing youunder the bus.Second, vendors may think that influencingbuyers is a necessary reality in order to becompetitive. <strong>Ethics</strong> <strong>and</strong> compliance operativesshould be aware that inappropriate vendorinfluence is not always blatant <strong>and</strong> easy to spot.Here are some examples <strong>of</strong> promo <strong>and</strong> entertainmentexpenses that may be overlooked bycorporate ethics <strong>and</strong> compliance folks:··Sponsoring a Little League or s<strong>of</strong>tballsports team or other charitable cause··Lunch or dinner··Drinks—a vendor may rationalize,“How many times have I bought strangersa drink (<strong>and</strong> who cares)”··A birthday or holiday card <strong>and</strong> gift sent tothe buyer’s home··Sports or concert tickets left at the will-callwindow··A complimentary visit to the vendor’svacation home at the beach or in themountainsCorporations that staff a “buyer/acquisitions”department need to be cautious abouttheir rules <strong>and</strong> how compliance is verified <strong>and</strong>enforced. <strong>Compliance</strong> alone is not the end all.<strong>Ethics</strong> <strong>and</strong> compliance must be promoted on apersonal level. All ethics is personal. It st<strong>and</strong>swith one person <strong>and</strong> can fall with one person. ✵Peter Crosa is a philosophizing private detective out <strong>of</strong> Tampa Bay, Florida.His keynote speeches bring humor <strong>and</strong> motivation to E & C divisions <strong>and</strong>associations. He can be reached at peter@ethics-speaker.com.2012 <strong>Compliance</strong> & ETHICS INSTITUTE PREVIEW<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012session 303: A Case Study <strong>of</strong> the Ethical (<strong>and</strong> Not-So-Ethical) DecisionsLeading to the 1986 Challenger TragedyMonday, October 15, 2012, 3:00 Pm – 4:00 pmKendra Cook, IntegrityApplications IncorporatedIn the competitive environment in which weoperate, engineers <strong>and</strong> their managers are put ina position to make critical ethical decisions withserious consequences. Trade-<strong>of</strong>fs must be made in order to meet design <strong>and</strong> performancerequirements while completing the project within a given budget <strong>and</strong> time frame, allwithout jeopardizing the safety <strong>of</strong> the users. This session illustrates the complexities <strong>of</strong>making ethical decisions using the 1986 space shuttle Challenger tragedy as a case study.Attend SCCE’s 11th Annual <strong>Compliance</strong> & <strong>Ethics</strong> Institute in Las Vegas, NV,to hear more! Visit www.complianceethicsinstitute.org for more information.32 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

View from the Front Linesby Meric Craig Bloch, CCEP, CFE, PCI, LPIAre you in control <strong>of</strong> yourinvestigation?BlochWhen a serious allegation <strong>of</strong> misconductarises, the business peopleinvolved simultaneously react toa number <strong>of</strong> concerns. There is the implicatedemployee who was previously in a position<strong>of</strong> trust. There may be an unhappy customerwho now has a “crisis <strong>of</strong> confidence”in your company’s ability to perform.There may be executives whom thebusiness people fear will blame themfor allowing the problem to happen.The implicated employee may be asales superstar whom the departmentmanagers fear losing to the competition.These factors usually lead to businesspeople trying to steer the investigationtowards their particular goals <strong>and</strong> away fromtheir pr<strong>of</strong>essional fears.Ownership <strong>of</strong> an investigation comesfrom the pride that is taken in conductingthe most complete <strong>and</strong> objective review thatis pr<strong>of</strong>essionally possible. Ownership comesfrom adhering to a set <strong>of</strong> guidelines <strong>and</strong> principles,rather than politics <strong>and</strong> situations. Theultimate objective <strong>of</strong> an investigation is a fullinquiry that is not motivated by politics, personality,or expediency.These principles can be tested when theurgencies <strong>of</strong> a critical situation arise, butadhering to them becomes more importantthan ever. Establish your role at the outset asthe “quarterback” <strong>of</strong> the investigation. Leaveno doubt with your colleagues that the companyplaces the investigative responsibility onyou. Whatever their motives are for wantingto take such an active role, it is you, not they,who remain accountable to the company for asuccessful, pr<strong>of</strong>essional, <strong>and</strong> pr<strong>of</strong>icient investigation.Investigation-by-committee simplydoes not work.When people seem to be interfering withyour investigation, ask yourself why thesepeople seek an active role. You’ll quicklyfind that their motives are underst<strong>and</strong>able<strong>and</strong> usually practical. They are likely motivatedby a fear <strong>of</strong> what the investigation willshow <strong>and</strong> how they may be blamed by theirsuperiors. If this happens, don’t get into awrestling match with them about the investigation.Instead, explore why they feel theyneed such an assertive role instead <strong>of</strong> justbeing the customer <strong>of</strong> your efforts. You mayfind you can accommodate their needs fairlyeasily, <strong>and</strong> they will step aside <strong>and</strong> let you doyour job.There is room in the investigative processfor others to participate. Indeed, this is the bestway to keep it business-focused—but it is you,not they, who have the training <strong>and</strong> responsibilityfor completing a pr<strong>of</strong>icient investigation.Solicit their needs <strong>and</strong> concerns, <strong>and</strong> then doyour best to respond to their priorities. Helpwhere you can. Make sure you underst<strong>and</strong>their post-investigation needs. But you haveto set the strategy <strong>and</strong> decide what has to bedone to complete the investigation. You ownthe process <strong>and</strong> its outcome. ✵Meric Craig Bloch is the <strong>Compliance</strong> Officer for the North Americ<strong>and</strong>ivisions <strong>of</strong> Adecco SA, a Fortune Global 500 company with over 8,000employees <strong>and</strong> $6 billion in annual revenue in North America. He hasconducted more than 300 workplace investigations <strong>of</strong> fraud <strong>and</strong> seriousworkplace misconduct. He is an author <strong>and</strong> a frequent public speaker on theworkplace investigations process. Follow Meric on Twitter @fraudinvestig8r.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 33

Featureby Marlowe DomanIt’s time to changethe SEC’s culture»»Individuals may get financial rewards if they provide the SEC with information that leads to successful enforcement actions againstWall Street wrongdoers.»»If the action is successful, whistleblowers can be granted between 10% <strong>and</strong> 30% <strong>of</strong> any fine over $1 million collected by the SEC.»»For the laws to achieve their goals <strong>of</strong> exposing <strong>and</strong> halting Wall Street corruption, the SEC must confront its own culture <strong>and</strong> darkpast toward whistleblowers.»»Over the past decade, the SEC allegedly mistreated its employees who attempted to correct wrongdoing within the Commission,as well as outsiders who reported securities violations.»»The Dodd-Frank whistleblower provisions provide the SEC with an opportunity for a fresh start in its treatment <strong>of</strong> whistleblowers.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012DomanUnder the Dodd-Frank Wall StreetReform <strong>and</strong> Consumer ProtectionAct, Congress passed promisinglegislation that rewards <strong>and</strong> protectswhistleblowers who report violations<strong>of</strong> federal securities laws to theSecurities <strong>and</strong> Exchange Commission(SEC). However, for the laws toachieve their goals <strong>of</strong> exposing <strong>and</strong>halting Wall Street corruption, theagency must confront its own culture<strong>and</strong> dark past toward whistleblowers. The SEChas discouraged <strong>and</strong> even retaliated againstwhistleblowers who have attempted to correctwrongdoing in the financial sector.The SEC whistleblower laws allow financialrewards to individuals who provide theagency with information that leads to successfulenforcement actions against WallStreet wrongdoers.The provisions provide for financialrewards similar to the False Claims Act, whichrewards whistleblowers with a share <strong>of</strong> damagesrecovered from people or organizationsthat defraud the federal government. AfterCongress passed Dodd-Frank, the SEC createdthe new Office <strong>of</strong> the Whistleblowerwhich, according to its website, was formed toh<strong>and</strong>le whistleblower tips, assist SEC enforcementpersonnel, <strong>and</strong> assist in determining theappropriate size <strong>of</strong> a whistleblower’s reward.The final rules for the implementation<strong>of</strong> the Dodd-Frank whistleblower provisionswere released by the SEC in 2011, after outsidecommentary was submitted to the agency.There are limits to the scope <strong>of</strong> the financialrewards <strong>and</strong> anti-retaliation protectionsaccorded to SEC whistleblowers. For a whistleblowerto receive a reward, the SEC must beable to recover at least $1 million in financialpenalties from the <strong>of</strong>fending party. A whistleblowermust also provide original informationto qualify for the reward, meaning that theSEC was not previously aware <strong>of</strong> the information.If the action is successful, whistleblowerscan be granted between 10% <strong>and</strong> 30% <strong>of</strong> anyfine over $1 million collected by the SEC. Thepercentage size <strong>of</strong> the reward is based on severalfactors, including the amount <strong>of</strong> assistance<strong>and</strong> the significance <strong>of</strong> the information givenby the whistleblower.Certain individuals are excluded fromrecovering under the law. For example, awhistleblower cannot receive a reward if he34 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureprovides information to the SEC <strong>and</strong> is thenconvicted in a criminal case related to thesame violation. In other words, if a company’semployee reports a financial fraud to the SEC,<strong>and</strong> the same employee is later convicted ina criminal prosecution for taking part in thesame fraud he reported, then he could notrecover a reward.Notwithst<strong>and</strong>ing these major developments,it is essential that the SEC changes itsbehavior towards whistleblowers for the newprovisions to be successful. Over the pastdecade, there has been mistreatment towardSEC employees who were attempting to correctwrongdoing within the Commission, aswell as toward outsiders reporting securitiesviolations to the SEC. The most high-pr<strong>of</strong>ileexample was the treatment <strong>of</strong> HarryMarkopolos, who reported Bernie Mad<strong>of</strong>f’sPonzi scheme to the SEC, prior to passage<strong>of</strong> the Dodd-Frank Act. Markopolos wrotein his book, No One Would Listen, 1 that whenhe attempted to bring Mad<strong>of</strong>f’s crimes to theattention <strong>of</strong> Meaghan Cheung, the SEC’s NewYork branch Chief <strong>of</strong> Enforcement, she treatedhim with disdain <strong>and</strong> eventually ignored him.Furthermore, there have been severalinstances in which the Commission retaliatedagainst mid-level or junior SEC employeeswho spoke up when higher-ups mish<strong>and</strong>ledagency investigations.Perhaps the most outrageous case involvedGary Aguirre, a first-year SEC attorney whowas fired in 2005, after he attempted to investigateformer Morgan Stanley CEO John Mack(also known as “Mack the Knife”) for hisrole in an insider trading sc<strong>and</strong>al, accordingto Rolling Stone’s Matt Taibbi. 2 Aguirre dugup evidence that showed Mack may havetipped <strong>of</strong>f Pequot Capital hedge fund managerArt Samberg that a company namedHeller Financial was about to be bought outby General Electric. Samberg bought stockin Heller before the GE buyout <strong>and</strong> made $18million dollars. As an apparent quid pro qu<strong>of</strong>or Mack’s insider tip, Samberg included Mackin another financial deal which netted millions<strong>of</strong> dollars for Mack.Aguirre, doing exactly what his jobdescription entailed, wanted to interviewMack. Instead, Aguirre’s superiors instructedhim not to investigate Mack, because <strong>of</strong> Mack’spowerful political connections. After Aguirrecomplained about being prevented fromdoing his job, he was fired. The story endedwhen Aguirre sued the SEC <strong>and</strong> received a$755,000 wrongful termination settlement.Furthermore, a U.S. Senate report vindicatedAguirre. Samberg later was forced to shutdown Pequot <strong>and</strong> pay a $28 million fine forhis role in a separate insider trading sc<strong>and</strong>alinvolving Micros<strong>of</strong>t, according to BloombergNews. 3 John Mack was never punished for hisrole in the Heller sc<strong>and</strong>al.SEC employee Julie Preuitt also facedretaliation when she protested the SEC’s failureto investigate fraudster Robert Stanford’sbillion dollar Ponzi scheme, according to theWashington Post. 4 Starting in the late 1990s,Preuitt repeatedly attempted to investigateStanford, <strong>and</strong> was blocked by higher-ups tothe point that she felt “absolutely heartsick,”according to her Senate testimony. In 2007,when Preuitt complained after she was againprevented from conducting a detailed investigation<strong>of</strong> Stanford, she was reprim<strong>and</strong>ed.Also, the agency reprim<strong>and</strong>ed anotheremployee who defended Preuitt.SEC Inspector General David Kotz laterreported that senior <strong>of</strong>ficials at Preuitt’s FortWorth <strong>of</strong>fice had a practice <strong>of</strong> shutting downcases that they deemed too complicated.Instead, the <strong>of</strong>fice wanted quick resolutions toboost its number <strong>of</strong> successful cases.Preuitt was vindicated in March <strong>of</strong> 2012when Stanford was convicted by a jury on 13<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 35

Feature<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012criminal counts <strong>of</strong> fraud for stealing billions <strong>of</strong>dollars from investors. 5 If the SEC would haveheeded Preuitt’s calls for action in the late1990s, it could have prevented Stanford fromstealing as much money as he did.The recent whistleblower case <strong>of</strong> SECattorney Darcy Flynn shows improvementin agency treatment toward whistleblowers,yet some troubling signs remain. In 2010,Flynn was given an assignment to destroydocuments related to past investigations <strong>of</strong>financial firms, which he later realized wasillegal, according to the Washington Post. 6 Ifthe SEC later received more information thatcould show a pattern <strong>of</strong> fraud when tied to theprior investigation, getting rid <strong>of</strong> the past evidencecould prevent the SEC from connectingthe dots. Flynn’s concerns were brought to theattention <strong>of</strong> SEC senior management, yet SECstaff continued to discard documents. Flynnalso made requests to Chairman Schapiro’s<strong>of</strong>fice for certain protections for himself, whichwere not granted.Flynn then alerted Senator CharlesGrassley, as well as other members <strong>of</strong> government,<strong>and</strong> invoked federal whistleblowerprotections. Of even greater concern, Flynnallegedly witnessed his seniors at the SECtrying to concoct an evasive response to theallegations, according to the report <strong>of</strong> SECInspector General Koch. 7According to Taibbi, Flynn also broughtanother troubling allegation to the government’sattention that he witnessed back in2001. 8 At that time, Flynn <strong>and</strong> other agentswere investigating Deutsche Bank for fraud,when the investigation was mysteriously shutdown by the agency’s enforcement division.A few months later, the director <strong>of</strong> the SEC’sEnforcement Division, Dick Walker, was hiredas Deutsche Bank’s general counsel.While there have been no reports <strong>of</strong> directretaliation against Flynn, it is noteworthy thatFlynn has retained the former SEC lawyerAguirre as private counsel. ConsideringAguirre’s prior victory over the SEC, theagency may be loathe to attempt anotherpublic battle with him.The SEC’s troublesome past with internal<strong>and</strong> external whistleblowers leaves an impressionthat the agency does not value them. Afailure to treat internal whistleblowers appropriatelywill only further reduce the agency’scredibility with the general public, <strong>and</strong> callinto question its dedication to fair <strong>and</strong> ethicallaw enforcement.However, recent developments at theOffice <strong>of</strong> the Whistleblower show improvement.Former SEC attorney Jordan Thomas,who was instrumental in developing the<strong>of</strong>fice, stated that it received hundreds <strong>of</strong> tipswithin weeks <strong>of</strong> its opening, according to theWall Street Journal. 9 Thomas, who now practicesin the private sector, said that the agencyis doing its best to encourage whistleblowersto report wrongdoing.The Dodd-Frank whistleblower provisionsprovide the SEC with an opportunity for afresh start in its treatment <strong>of</strong> whistleblowers.The SEC must do more to change its negativereputation for protecting the high-levelfinanciers that the agency is supposed to bepolicing, as well as preventing any retaliationagainst internal <strong>and</strong> external whistleblowerswho wish to bring such fraudsters to justice.Otherwise, the Office <strong>of</strong> the Whistleblowerwill likely fail in its mission <strong>and</strong> scare awaypeople who wish to expose Wall Streetwrongdoing.It is clear that there are well-meaning <strong>and</strong>tenacious investigators who work for the SEC.This fact cuts against its negative public image,which has suffered terribly since the 2008meltdown. Regardless, the agency has a poortrack record in terms <strong>of</strong> dealing with whistleblowers.Thus, it is time for the agency’s36 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureleaders to change its culture by promotingpositive attitudes towards internal whistleblowers,<strong>and</strong> encouraging outsiders to reportindustry wrongdoing. ✵Marlowe Doman is an attorney practicing in general litigation in New YorkCity. He may be reached at marloweusa@yahoo.com.1. Harry Markopolos: No One Would Listen: A true financial thriller.Wiley, 2011.2. Matt Taibbi: “Why isn’t Wall Street in jail? Financial crooks broughtdown the world’s economy—but the feds are doing more to protectthem than prosecute them.” Rolling Stone Magazine, February 16, 2011.www.rollingstone.com/politics/news/why-isnt-wall-street-in-jail-201102163. David Scheer <strong>and</strong> Jesse Westbrook: “Pequot, Samberg Pay $28Million to End Insider-Trading Probe.” Bloomberg News, May 27, 2010.www.bloomberg.com/news/2010-05-27/pequot-chief-samberg-to-pay-28-million-to-settle-sec-insider-trade-probe.html4. David Hilzenrath: “Preuitt says she paid ‘ heavy price’ for protestingSEC h<strong>and</strong>ling <strong>of</strong> Stanford probe.” Washington Post, May 13, 2011.www.washingtonpost.com/business/economy/preuitt-says-she-paid-heavyprice-for-pushing-sec-to-probe-stanford/2011/05/13/AFqRqo2G_story.html5. Clifford Krauss: “Stanford Convicted by Jury in $7 BillionPonzi Scheme.” New York Times, March 6, 2012. www.nytimes.com/2012/03/07/business/jury-convicts-stanford-in-7-billion-ponzi-fraud.html6. David Hilzenrath: “SEC still destroying records illegally,whistleblower says.” Washington Post, September 6, 2011.www.washingtonpost.com/business/economy/sec-still-destroying-recordsillegally-whistleblowers-lawyer-says/2011/09/06/gIQAAD7E7J_story.html7. H. David Koch, SEC Inspector General: “Report <strong>of</strong> Investigation:Destruction <strong>of</strong> Records Related to Matters Under Inquiry <strong>and</strong>Incomplete Statements to the National Archives <strong>and</strong> RecordsAdministration Regarding that Destruction by the Division <strong>of</strong>Enforcement.” October 5, 2011. www.sec.gov/foia/docs/oig-567.pdf8. Matt Taibbi: “Is the SEC Covering Up Wall Street Crimes?” RollingStone Magazine, August 17, 2011. www.rollingstone.com/politics/news/is-the-sec-covering-up-wall-street-crimes-201108179. Jean Eaglesham: “After Tip, the Claim for Reward.”Wall Street Journal, November 16, 2011. http://online.wsj.com/article/SB10001424052970203503204577040443550817570.htmlSCCE Web Conferenceswww.corporatecompliance.org/webconferencesGet the latest on breaking issues <strong>and</strong>best practices. Hear directly fromregulators <strong>and</strong> practitioners fromthe convenience <strong>of</strong> your own <strong>of</strong>fice.• Timely, quality trainingwith no travel required• With one registration, yourwhole <strong>of</strong>fice can participate• A convenient way to earncontinuing education unitsReceive CEUs for each90-minute conferenceAll conferences are at12:00 pm central time<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 37

<strong>Compliance</strong> & <strong>Ethics</strong>Regional Conferences2012Upper NortheastMay 18 • New York, NYAlaskaJune 15 • Anchorage, AKWest CoastJune 22 • San Francisco, CASoutheastOctober 12 • Atlanta, GASouthwestNovember 2 • Houston, TXSCCE Regional Conferencesprovide a forum to interact withlocal compliance pr<strong>of</strong>essionals, shareinformation about our compliancesuccesses <strong>and</strong> challenges, <strong>and</strong>create educational opportunitiesfor compliance pr<strong>of</strong>essionals tostrengthen the industry.Attendees learn about currentregulatory requirements, governmentenforcement initiatives, <strong>and</strong> themanagement <strong>of</strong> effective complianceprograms, <strong>and</strong> meet <strong>and</strong> network withother compliance pr<strong>of</strong>essionals locally.Who should attend? <strong>Compliance</strong><strong>of</strong>fi cers, in-house <strong>and</strong> outside generalcounsels, privacy <strong>and</strong> security <strong>of</strong>fi cers,regulatory affairs, VPs <strong>and</strong> directors,billing <strong>and</strong> coding pr<strong>of</strong>essionals,government agency staff.Learn more at www.corporatecompliance.org/regional

Kaplan’s Courtby Jeffrey M. KaplanAttorney-client privilegeKaplanWhether or not they happen to beattorneys, compliance <strong>and</strong> ethics(C&E) pr<strong>of</strong>essionals are <strong>of</strong>tenfaced with issues concerning the attorneyclientprivilege, so I thought a brief overview<strong>of</strong> that topic—as it applies to C&E programs—would make sense for this column.As a general matter, a communication issubject to the privilege where (1) an actual orprospective attorney-client relationshipexists, <strong>and</strong> (2) the communicationtook place (a) for the purpose <strong>of</strong>obtaining or providing legal assistance<strong>and</strong> (b) in confidence. Since aSupreme Court decision in 1981, 1 theright <strong>of</strong> a corporation to claim theprivilege has been generally accepted.But far less clear is the application <strong>of</strong>the privilege to many C&E-related communications,because only legal—notbusiness—advice can be protected by it. Yetsome organizations try to apply the privilegetoo broadly, such as to C&E training-typecommunications <strong>and</strong> general administrativework <strong>of</strong> the program. In a related vein,some seek to apply the privilege to audits,investigations, risk assessments, <strong>and</strong> programassessments where legal advice could be—butis not actually—involved, or without sufficientdocumentation <strong>of</strong> such involvement.These practices are potentially dangerous.Not only could they lead to disclosure<strong>of</strong> sensitive C&E information but, in somecircumstances, they could carry a risk <strong>of</strong>personal exposure to the lawyers involved.That is, in the 1990s, various tobacco industrylawyers were investigated by the JusticeDepartment under a fraud/obstruction <strong>of</strong> justicetheory for what was seen as a bad-faithuse <strong>of</strong> the privilege to hide sensitive information,although no such charges were brought.To help reduce these risks, I <strong>of</strong>ten recommendthat companies formally assign the roleI <strong>of</strong>ten recommend thatcompanies formally assignthe role <strong>of</strong> program counselto an in-house attorney.<strong>of</strong> program counsel to an in-house attorney.This can be documented in the C&E programcharter <strong>and</strong>/or the attorney’s job description.Counsel’s advice-giving role shouldalso be chronicled on an ongoing basis (e.g.,in C&E committee minutes <strong>and</strong> agenda, selfassessments,risk assessments, <strong>and</strong> relatedcommunications).Needless to say, program counsel must, infact, give legal advice for the communicationsin question to be privileged. But given theimportance <strong>of</strong> law to C&E programs, doingso should not be much <strong>of</strong> a challenge. Mostimportantly, focusing on ensuring that theprivilege is maintained should itself encouragea company to pay sufficient attention to C&Elaw, which, in turn, can be useful from theperspective <strong>of</strong> ensuring program efficacy. ✵1. Upjohn v. United States, 449 U.S. 383.Jeffrey Kaplan is a Partner with Kaplan <strong>and</strong> Walker, LLP in Princeton, NJ.He can be contacted at jkaplan@kaplanwalker.com.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 39

Featureby Roz BlissEthical decision-makingmodels: Decisions, decisions»»Ethical decision‐making models help employees make the good choices.»»Employees know when something just doesn’t seem right.»»Encourage employees to examine <strong>and</strong> identify possible alternatives.»»What would a reasonable person think about this decision?»»It takes courage to do the right thing.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012BlissEmployees everywhere are doingmore with less. Increased pressuresto achieve goals, budget cuts, fear <strong>of</strong>lay<strong>of</strong>fs, coupled with external pressures <strong>of</strong> economicuncertainty <strong>and</strong> high unemployment,create an environment <strong>of</strong> increased risk taking<strong>and</strong> opportunities for unethical behaviors.<strong>Compliance</strong> <strong>and</strong> ethics pr<strong>of</strong>essionalswork hard to communicate <strong>and</strong> trainon “hot topics” but as we all know, wecan’t be all places at all times.An ethical decision-makingmodel is a tool designed to helpemployees make the proper decisionwhen the right choice is not obvious.An initial Internet search on this topicreveals hundreds <strong>of</strong> options, both academic<strong>and</strong> industry-specific. From a business perspective,how do you identify, customize, <strong>and</strong>socialize a model that is easily identifiable<strong>and</strong> effective?Brevity is an important aspect in choosinga model. While pages <strong>of</strong> explanation<strong>and</strong> insights can be useful, employees facedwith an ethical dilemma, where the answeris not obvious, <strong>of</strong>ten need prompt <strong>and</strong>efficient solutions to resolve challenges. Acompany model needs to be accessible, easyto follow, <strong>and</strong> provide consistent <strong>and</strong> reliableresults.The decision-making processFrameworks for ethical decision-makingmodels generally contain a three step process:clarification, analysis, <strong>and</strong> implementation.Each phase needs to be methodically completedto reach a final decision.ClarificationEmployees know when something just doesn’tseem right. It may be an initial gut feeling orjust a general feeling <strong>of</strong> unease or distress.Perhaps they remember something from pasttraining or company orientation that triggersthis sense <strong>of</strong> discomfort. In most cases, thereis an obvious answer. The ethical decisionmakingmodel is designed to assist when thesolution is not readily apparent.The first phase assists the employee withunderst<strong>and</strong>ing <strong>and</strong> defining the nature <strong>of</strong> thedilemma they are faced with. Think <strong>of</strong> this asthe start <strong>of</strong> a decision tree. What is the root <strong>of</strong>this challenge? Employees need to gather thepertinent information <strong>and</strong> ask themselves basicquestions: Is there a legal or regulatory concern?Does the dilemma conflict with companypolicies, st<strong>and</strong>ards, or values? An affirmativeanswer to either <strong>of</strong> these questions allows theemployee to bypass the analysis phase <strong>and</strong> godirectly to implementing a solution.40 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureAnalysisIn this second phase, analysis, the goal is toencourage employees to examine <strong>and</strong> identifypossible alternatives. This action is a selfexamination <strong>and</strong> is introspective by nature.The considerations include stakeholders whomay be affected or impacted by the decision.Perhaps the most poignant concern is the classic“headline test.” How would this employeefeel if their decision was made public, perhapsin the front page <strong>of</strong> their local newspaper?What would a reasonable person think aboutthis decision? How would they explain it totheir manager or family?In most cases, there are viable alternativesbased on stakeholder priorities. There may bemultiple considerations with varied outcomes.Employees need to examine each scenario <strong>and</strong>determine which option they believe wouldcause the least harm or greatest good.ImplementationArriving at a correct conclusion is futile withoutimplementation. It takes courage to takethe next step to do the right thing. Employeesneed to feel safe from retribution <strong>and</strong> retaliation.Written codes, policies, <strong>and</strong> proceduresare required <strong>and</strong> continued communications<strong>and</strong> training need to be in place to reinforcethese messages. Company messages shouldfoster an open door policy <strong>and</strong> encourageemployees to bring issues forward to theirmanagers, higher-level managers, <strong>Ethics</strong>Office, Human Resources, Law department<strong>and</strong>/or company hotline.Developing the right modelIdentifying the appropriate questions <strong>and</strong>guide for your company’s model dependson the ethical culture <strong>and</strong> requirements <strong>of</strong>your organization. Northrop GrummanCorporation, a US-based global defenseBudget cuts—employees doingmore with lessPersonalconcerns overpay <strong>and</strong> bonusIncentive-basedcompensationFear <strong>of</strong> lay<strong>of</strong>f orterminationIncreased pressureto achieve goalsInternalPressuresUnethicalBehaviorsIncreasedRisk-TakingExternalPressuresEconomicuncertaintyFigure 1: Northrop grumman’s Ethical Decision-Making Modelcontractor, uses a Just In Case (JIC) model forits 75,000 employees. This model was designedusing the JIC acronym for the Judgment,Introspection, <strong>and</strong> Courage phases <strong>of</strong> thedecision-making process. It is helpful to br<strong>and</strong>your model with an easy to remember logoor visual depiction. In the case <strong>of</strong> NorthropGrumman Corporation, the ethical decisionmakingmodel surrounds the ethics valueslogo for the company.Customizing the model to your companyCompany cultures are varied <strong>and</strong> unique.Creating a successful ethical decision-makingmodel requires viable input from employees<strong>and</strong> other stakeholders. In the case <strong>of</strong> theNorthrop Grumman model, focus groupswere conducted at various levels <strong>of</strong> theorganization to solicit feedback <strong>and</strong> determinelevels <strong>of</strong> commitment to using thistool. Originally, the JIC model’s phases wereJudgment, Intention, <strong>and</strong> Courage. Feedbackfrom employee focus groups suggested thateven the best <strong>of</strong> intentions may lead down thewrong path. Hence, the model was changedfrom Intention to Introspection.Rigid deadlines<strong>and</strong> fasterturnaroundHigh nationalunemploymentBudget deficitsCost <strong>of</strong> livingindex<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 41

FeatureHowever, it takes more than simple awarenessto integrate this methodology into your ethicalculture. Manager training <strong>and</strong> interactivegroup meetings help bring this model to life. Itis helpful to introduce this model using real lifeexamples from the workforce. Allow employeesto role play using these scenarios to workthrough the various stages <strong>of</strong> the model. Theever-changing nature <strong>of</strong> ethical dilemmas providescontinual fodder for ongoing discussions.Figure 2: Northrop grumman’s <strong>Ethics</strong> logoSocializing the modelAnnual <strong>and</strong> refresher training provides opportunitiesto socialize your company’s ethicaldecision-making model. Brochures, walletcards, calendars, <strong>and</strong> give-ways are additionalmethods to raise awareness <strong>of</strong> this tool.SummaryRemember, an ethical decision-making modelis just a tool to help employees make the rightdecision. It does not replace frequent <strong>and</strong>robust ethics <strong>and</strong> compliance programs, training,<strong>and</strong> communications. It’s just another toolin the belt to help build a strong <strong>and</strong> successfulprogram! ✵Roz Bliss is the <strong>Corporate</strong> Manager for <strong>Ethics</strong> <strong>and</strong> Business Conductat Northrop Grumman Corporation in Falls Church, Virginia. She may becontacted at roz.bliss@ngc.com.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Advertise in<strong>Compliance</strong> & <strong>Ethics</strong>Pr<strong>of</strong>essional magazineSCCE’s magazine is a trusted resource for compliance<strong>and</strong> ethics pr<strong>of</strong>essionals. Advertise with us <strong>and</strong> reachdecision makers!For subscription information <strong>and</strong> advertising rates, contactLiz Hergert at +1 952 933 4977 or 888 277 4977 orliz.hergert@corporatecompliance.org.<strong>Compliance</strong> & <strong>Ethics</strong>January/February201220Why risk it?The motivations <strong>of</strong>the whistleblowerMarlowe DomanPr<strong>of</strong>essionalA PUBLICATION OF THE SOCIETY OF CORPORATE COMPLIANCE AND ETHICSMeetVernitaHaynesSCCE <strong>and</strong> HCCAinterview their 10,000thmember: Vernita Haynes,<strong>Compliance</strong> & PrivacyAnalyst for the University<strong>of</strong> Virginia Health System26Rock in the pondethicsFrank C. Bucaro28The simplestpossible code<strong>of</strong> conduct foremployeesAlex<strong>and</strong>re da Cunha Serpawww.corporatecompliance.orgSCCE & HCCA reach 10,000th member35An ethicalcorporate culturegoes beyondthe codeDawn LomerSCCE’s magazine is published bimonthly <strong>and</strong> has a current distribution <strong>of</strong> over 2,700 readers. Subscribersinclude executives <strong>and</strong> others responsible for compliance: chief compliance <strong>of</strong>ficers, risk/ethics <strong>of</strong>ficers,corporate CEOs <strong>and</strong> board members, chief financial <strong>of</strong>ficers, auditors, controllers, legal executives,general counsel, corporate secretaries, government agencies, <strong>and</strong> entrepreneurs in various industries.See page 1442 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

COMPLIANCE PROGRAM ADVISOR Last Year’s Best Practices Are This Year’s St<strong>and</strong>ards“Think about how you might tailor the Guidance to your organization. And know that, as you do, the Criminal Divisioncares about all the things you might be considering – “tone from the top” support, encouragement <strong>of</strong> a culture <strong>of</strong>compliance that rewards ethical behavior <strong>and</strong> establishes whistle-blowing mechanisms, senior-level oversight <strong>and</strong>direct reporting lines, [<strong>and</strong>] periodic reviews <strong>and</strong> re-evaluations to test <strong>and</strong> ensure program effectiveness …— Assistant U.S. Attorney General Lanny Breuer,Prepared Remarks to <strong>Compliance</strong> Week 2010: 5th Annual Conference“Contact Ethisphere today to obtain additional information regarding <strong>Compliance</strong> Program Advisor subscription package optionsat info@ethisphere.com, 1.877.629.8724 <strong>and</strong>/or www.ethisphere.com/compliance-program-advisor/

y Dan Small <strong>and</strong> Robert F. RoachPowerful witness preparation:The pure <strong>and</strong> simple truth»»The need to tell the truth does not lessen the need to prepare the witness to testify.»»If you make a mistake, stop <strong>and</strong> fix it. The jury will underst<strong>and</strong>.»»Deal with the bad stuff up front. Being defensive or trying to cover it up will only make things worse.»»Witnesses should include positive aspects about themselves as part <strong>of</strong> telling the truth.»»Witnesses should concentrate on what they saw, heard, or did <strong>and</strong> avoid speculation.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012In this series <strong>of</strong> articles, lead author <strong>and</strong> seasoned trial attorneyDan Small sets forth ten, time-tested rules to assist you in thecritical task <strong>of</strong> preparing witnesses. Robert F. Roach assistedDan in this series by providing additional “in-house” perspective<strong>and</strong> commentary. The first installment <strong>of</strong> this series was publishedin our January/February issue.There is great wisdom in the quote,adopted from Mark Twain, “Always tellthe truth. It makes it easier to rememberwhat you said the first time.” Real witnesspreparation is an intensive <strong>and</strong> challengingprocess. However, it must begin <strong>and</strong> end withone fundamental principle: Always tell thetruth. The witness must be clear <strong>and</strong> comfortablethat at no time is the lawyer telling him/her what to say, other than to say the truth.The need to tell the truth, though, does notlessen the need to prepare. On the contrary,it only heightens it. To quote a very differentauthor, Oscar Wilde, “The pure <strong>and</strong> simpletruth is rarely pure <strong>and</strong> never simple.” Thegoal <strong>of</strong> good witness preparation is to get tothe truth <strong>and</strong> bring it out effectively in thisdifficult environment. Truth is <strong>of</strong>ten the firstcasualty <strong>of</strong> poor preparation.Rule 3: Tell the TruthNo witness takes an oath to “tell the truth.”That is a myth. The oath at the beginning<strong>of</strong> testimony is to “tell the Truth, the wholeTruth, <strong>and</strong> nothing but the Truth.” Like manythings in our normal lives, we tend to blurit all together into one image. Like manythings in the precise <strong>and</strong> artificial world <strong>of</strong>being a witness, we need to examinethe entire statement <strong>and</strong> make surethat we underst<strong>and</strong> <strong>and</strong> consider allthree parts.1. “The Truth”Witnesses should underst<strong>and</strong> thatthis is not only a rule <strong>of</strong> law; it is a Smallrule <strong>of</strong> self-preservation. Lying, orstretching the truth, as a witness maynot only be a crime. It’s foolish.Witnesses should underst<strong>and</strong>, tobe blunt about it, that they are not asgood at lying as they think they are.That’s because they are used to gettingaway with it relatively easily. Innormal conversations, certain kinds Roach<strong>of</strong> social “white lies” are generally acceptedor ignored. Even more serious lying is rarelydirectly challenged, <strong>and</strong> never with the kind<strong>of</strong> intensity <strong>and</strong> expertise you will experienceif you try it as a witness.The consequences <strong>of</strong> telling a lie are <strong>of</strong>tenworse than whatever it was the questionerwas asking about in the first place. It is what44 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

we used to call the “Watergate Syndrome,”perhaps now the “Martha StewartSyndrome”: people getting caught <strong>and</strong> prosecutedfor covering up, not for the initialsubject matter being investigated. Don’t do it.Tell the truth.There are no shortcuts here. The truth <strong>of</strong>what you saw, heard, or did, <strong>and</strong> remember, isa narrow, precise line. No matter how <strong>of</strong>ten orhard someone tries to get you to veer <strong>of</strong>f thatline, resist the “oh, what the heck” tendency.Once you’re <strong>of</strong>f track, it becomes harder <strong>and</strong>harder to get back on. No matter how manytimes a question is asked, <strong>and</strong> in howevermany different ways, the truth—<strong>and</strong> yourtruthful answer—must remain the same.As prosecutors, we used theacronym BOBS: Bring Out theBad Stuff. Whatever the issuesare, you <strong>and</strong> your lawyer c<strong>and</strong>eal with them. It will be muchharder if they only come outafter you’ve tried to cover up orgloss over the problems.“The Truth” also includes honest mistakesIn a witness environment, the setting, theoath, <strong>and</strong> the court reporter all combine tomake people feel that they cannot make a mistake.So, when they inevitably do, they panic<strong>and</strong> either ignore it or try to mold <strong>and</strong> shapeit into something else. Don’t do it! When youmake a mistake, which every witness does atsome point, keep two things in mind.First, remember the Law <strong>of</strong> Holes: “Whenyou’re in a hole, stop digging!” Trying to workaround a mistake will ultimately only make itworse. As soon as you realize you made a mistake—howeverthat happens—stop <strong>and</strong> fix it.The goal is a clear <strong>and</strong> accurate record, so stop<strong>and</strong> clarify any mistakes.Second, don’t worry about it. You shouldnot expect to be perfect. Juror #6 doesn’t expectit either. He’s nervous, too. He knows hewould make mistakes, <strong>and</strong> he does not wantrobots talking to him. Your mistake draws youcloser to him, not further away.2. “The whole Truth”The “whole truth” means both the good stuff<strong>and</strong> the bad stuff. Both need to come out, <strong>and</strong>in many situations, the witness must take thelead in bringing them forward.The bad stuffNone <strong>of</strong> us is perfect, <strong>and</strong> most <strong>of</strong> us havethings in our past that are embarrassing ordifficult. The Internet, <strong>and</strong> its search engines,can make those things live forever. As awitness, some <strong>of</strong> those things may become relevant,or the questioner will try to make themrelevant. The key is to avoid making the situationworse by trying to hide or be defensiveabout these things. As prosecutors, we usedthe acronym BOBS: Bring Out the Bad Stuff.Whatever the issues are, you <strong>and</strong> your lawyercan deal with them. It will be much harder ifthey only come out after you’ve tried to coverup or gloss over the problems.The good stuffJust as a witness must take responsibility forbringing out the bad stuff, they must alsobring out the good stuff about themselves,their work, those involved in the litigation,or other matters. The questioner will not ask.It must come from the witness. For example,a wide range <strong>of</strong> healthcare pr<strong>of</strong>essionals getup in the morning, get dressed, have somebreakfast, go to work—<strong>and</strong> then spend the daysaving lives or helping those in need. After awhile, to them, it’s just what they do every day,nothing special to talk about. But to Juror #6,<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 45

it is amazing, wonderful work, if it’s truthfullydescribed.That can only come from the witness.Every witness, in every pr<strong>of</strong>ession <strong>and</strong> allwalks <strong>of</strong> life, has good stuff to talk about. Animportant goal <strong>of</strong> preparation is to find it <strong>and</strong>convince the witness that, for this one day, it isnot “vanity” to talk about it. It is an essentialpart <strong>of</strong> telling the whole truth.3. “Nothing but the Truth”In this environment, truth has a different<strong>and</strong> more precise meaning than it does in anormal conversation. Truth in a conversationis what you believe. But “belief” includesguesses, inferences, <strong>and</strong> all kinds <strong>of</strong> otherthings that stretch a precise definition <strong>of</strong>the truth. Truth in the witness environmentis strictly limited to what the witnesssaw, heard, or did. Anything beyond that isspeculation. Thus, a witness can testify tosomething if they:··saw it—witnessed it, read it, etc.;··heard it—heard someone say it, whether tothem or others; or··did it—wrote it, said it, took some action.Everything else is a guess. So much <strong>of</strong>what makes us intelligent, interesting, intuitivepeople, <strong>and</strong> so much <strong>of</strong> what makes usgood conversationalists, is based on our view<strong>of</strong> what’s in someone else’s head. Why didsomeone do something? What did they meanwhen they said something? How did theyreact to something/someone? It’s all guessing.We do it every day in normal conversation,<strong>and</strong> take pride in it. Don’t do it as a witness.“The Truth, the whole Truth, <strong>and</strong> nothingbut the Truth” is hard work, but essential. ✵Dan Small (dan.small@hklaw.com) is Partner with Holl<strong>and</strong> & Knightin Boston <strong>and</strong> Miami. His practice focuses on complex civil litigation,government investigations, <strong>and</strong> witness preparation. He is the author<strong>of</strong> the ABA’s manual, Preparing Witnesses (Third Edition, 2009).Robert F. Roach (robert.roach@nyu.edu) is Chief <strong>Compliance</strong> Officer<strong>of</strong> New York University in New York City <strong>and</strong> Chair <strong>of</strong> the ACC <strong>Corporate</strong><strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> Committee.<strong>Compliance</strong> & ETHICS INSTITUTE PREVIEWsession 204: Complying with Global Anticorruption Laws: A Case StudyMonday, October 15, 2012, 1:30 Pm – 2:30 pm<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Government enforcement <strong>of</strong> anti corruption laws isincreasing around the world. Although companiesare aware <strong>of</strong> the risks presented in this area, theyaren’t always able to effectively mitigate the risks.This case study will explore how a global companyin the medical device <strong>and</strong> pharmaceutical industry evaluated its risks <strong>and</strong> worked withits managers to develop a set <strong>of</strong> tools for managers to use to comply with local laws <strong>and</strong>significantly mitigate the corruption risks in their areas.Attend SCCE’s 11th Annual <strong>Compliance</strong> & <strong>Ethics</strong> Institute in Las Vegas, NV,to hear more! Visit www.complianceethicsinstitute.org for more information.Susan Roberts, ExecutiveVP <strong>and</strong> Chief <strong>Compliance</strong>Officer, Bausch & Lomb Inc.46 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Become a Certified<strong>Compliance</strong> & <strong>Ethics</strong>Pr<strong>of</strong>essional (CCEP) ®Broaden your pr<strong>of</strong>essional qualificationsIncrease your value to your employerGain expertise in the fast-evolvingcompliance fieldThere’s never been a tougher or better time to bea part <strong>of</strong> the compliance <strong>and</strong> ethics pr<strong>of</strong>ession.Budgets are tight, governments around the worldare looking to add new regulations, public trust inbusiness is low, <strong>and</strong> employees are tempted to cutcorners.As a Certified <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong> Pr<strong>of</strong>essional(CCEP) ® you’ll be able to demonstrate your abilityto meet the challenges <strong>of</strong> these times <strong>and</strong> have theknowledge you need to help move your program<strong>and</strong> your career forward.Learn more about what it takes to earn the CCEP ®at www.corporatecompliance.org/ccepHear fromyour peersRob Clark, Jr, CIA, CISA, CCEP, CBM,Chief <strong>Compliance</strong> Officer,Clark Atlanta University, Atlanta, GA1) Why did you decide to get certified?I chose to pursue this because it was apparentthat in the field <strong>of</strong> <strong>Compliance</strong>, this is THEdesignation to hold. I have spent over 20 yearsin auditing <strong>and</strong> compliance <strong>and</strong> have earnedthe certifications <strong>of</strong> Certified Internal Auditor(CIA) <strong>and</strong> Certified Information Systems Auditor(CISA), but when I was hired in March 2010 byClark Atlanta University to be the Chief <strong>Compliance</strong>Officer, as well as the Chief Audit Executive,I wanted to demonstrate competency in the<strong>Compliance</strong> arena with this designation.2) Has obtaining the CCEP certificationhelped you? If so, in what ways?Since I just achieved the designation, it is stillfairly new. I have received positive support <strong>and</strong>recognition from the President, the Provost,Executive Cabinet, <strong>and</strong> the Audit Committee <strong>of</strong>the Board <strong>of</strong> Trustees.It has also helped to earn that much morecredibility as I was just featured in an article in<strong>Compliance</strong> Week about the robust complianceprogram employed here at CAU.3) Would you recommend that yourpeers get certified?Absolutely. I believe that, as pr<strong>of</strong>essionals, weshould be in a constant state <strong>of</strong> improvement<strong>and</strong> exp<strong>and</strong>ing our skill sets <strong>and</strong> competencies.I believe it will give holders <strong>of</strong> the designationthat much more credibility with our organizations<strong>and</strong> stakeholders.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 47

y Adam TurteltaubThe economy, compliance,<strong>and</strong> ethics»»The percentage <strong>of</strong> compliance programs with increasing budgets is on the rise.»»Although budgets are on the rise, staffing levels for the <strong>Compliance</strong> department are not following suit.»»Stress levels among compliance pr<strong>of</strong>essionals are rising as they do more work with fewer staff.»»<strong>Compliance</strong> is more likely to be seen as a positive asset, rather than a hindrance to doing business.»»Many respondents thought that economic conditions may lead to more compliance failures.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Beginning in 2009, shortly after theMarket Meltdown, the Health Care<strong>Compliance</strong> Association <strong>and</strong> the<strong>Society</strong> <strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> <strong>and</strong> <strong>Ethics</strong>began annually surveying the <strong>Compliance</strong>community.The goal <strong>of</strong> this research was to determinewhat has happened to compliance programs<strong>and</strong> staffing, as well as where budgets <strong>and</strong>staffing are likely to go in the coming year.The survey has also examined the jobsecurity <strong>of</strong> compliance pr<strong>of</strong>essionals,as well as the related measure <strong>of</strong>management attitudes towards compliance<strong>and</strong> ethics programs.The survey was again fielded atthe end <strong>of</strong> 2011. At that time, tentativeTurteltaub signs <strong>of</strong> economic recovery appearedto be sprouting up. The unemployment ratehad declined to 8.5% <strong>and</strong> the economy hadadded jobs every month since September 2010.The question was whether the complianceeconomy was experiencing similar signs <strong>of</strong>recovery.The survey revealed a brighteningpicture. The percentage <strong>of</strong> compliance programswith increasing budgets is on therise (see figure 1). More than a third (38%)<strong>of</strong> respondents reported that their budgetshad increased in 2011. This is an increasefrom 32% in 2010 <strong>and</strong> just 26% the year prior,indications that the financial commitment tocompliance is on the rise. And it should benoted that an even higher percentage expect2012 spending to increase.Still, it should also be noted that the budgetsare not necessarily leapfrogging forward.Of the 38% reporting an increase, roughly twothirds saw budgets increase “somewhat” withjust one third seeing budgets increase greatly.Respondents from publicly-traded companieswere more likely than any other group toreport their budgets had increased greatly.Also seeing a gain, although a slight <strong>and</strong>directional one, was staffing (see figure 2). Theyear-to-year gain in respondents who reporteda rise in staffing was a small one, but it tooappears to reflect a trend. Here again, publiclytradedcompanies led the rest <strong>of</strong> industry with45% reporting an increase in staffing. Andlooking to 2012, respondents expected thattrend to continue.Although a recent survey <strong>of</strong> compliancepr<strong>of</strong>essionals revealed significant levels <strong>of</strong>on-the-job stress, fear <strong>of</strong> losing one’s job doesnot seem to be a driver <strong>of</strong> that stress. Overall,just 4% <strong>of</strong> respondents reported that theywere very concerned about losing their jobs,<strong>and</strong> 52% were not at all concerned, virtuallyunchanged from a year earlier. When measuringtheir risk versus others where they work,77% felt that their jobs were about the sameor less at risk than those <strong>of</strong> others withintheir organizations.48 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

One explanation for the job securitymay be that management perceptions <strong>of</strong>compliance are generally seen as positive(see figure 3). More than half (56%) <strong>of</strong>respondents reported that their managementsees compliance as a somewhat or verypositive asset in helping the organizationthrough the current economic conditions. Bycontrast, just 17% report that their managementsees compliance as somewhat <strong>of</strong> or agreat hindrance. Interestingly, these numbershave remained largely unchanged overthe past few years, despite the increasingnumbers <strong>of</strong> corporate sc<strong>and</strong>als.And fears <strong>of</strong> more sc<strong>and</strong>als remain highamong compliance pr<strong>of</strong>essionals. More thana third (36%) <strong>of</strong> respondents believe thatthe current economy “greatly” increases therisk <strong>of</strong> compliance failures, <strong>and</strong> another 52%believe that it “somewhat” increases the risk.These numbers are remarkably similar tothe previous year’s findings (37% <strong>and</strong> 53%respectively).In sum, the research suggests that theworst <strong>of</strong> the recession may be over, at least forcompliance budgets. More compliance pr<strong>of</strong>essionalsare seeing their budgets rise, <strong>and</strong> theyanticipate that this trend will likely continuenext year.It’s troubling, though, that the rise inspending is not being accompanied by anincrease in staffing. With growing dem<strong>and</strong>supon compliance programs, both fromincreased regulation <strong>and</strong> enforcement,the dem<strong>and</strong>s on existing staff are increasing.Recent research has indicated that thecompliance community is already feelinggreat stress. The data indicates that a brighteningeconomic picture is not translatinginto more people to do the work, <strong>and</strong> torelieve the stress <strong>of</strong> those already workingin <strong>Compliance</strong>. ✵Adam Turteltaub is Vice President <strong>of</strong> Membership for SCCE. He can becontacted at adam.turteltaub@corporatecompliance.org.Figure 150%45%40%35%30%25%20%15%10%5%0%Figure 240%35%30%25%20%15%10%5%0%IncreaseDecrease26%24%Figure 370%60%50%40%30%20%10%0%27%Change in Budget32%14%38%43%11% 11%2009 2010 2011 2012 ProjectedIncreaseDecrease51%18%Change in Staffing31%10%33%9%34%2009 2010 2011 2012 Projected58%Management Perception <strong>of</strong> <strong>Compliance</strong>56%32%29%Positive or Very Positive Neither Positive nor Hindrance Somewhat or Great Hindrance27%17%13%7%20092010201117%<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 49

y Justin EstepOverzealous I-9 compliancecan result in a discriminationlawsuit»»The United States government has drastically increased Form I-9 audits.»»Many Human Resources representatives are misinformed about Form I-9 specifics.»»The United States government is also investigating Form I-9 discrimination.»»Companies are forced to pay heavy Form I-9 discrimination fines.»»Consistent Form I-9 policy is the best deterrence to fines.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012EstepAs most <strong>of</strong> corporate America is alreadyaware, Form I-9 compliance enforcementhas increased at an exponentialrate during the Obama administration. SinceJanuary 2010, more than 5,000 companiesfrom many industries have been subject toForm I-9 audits by Immigration <strong>and</strong> CustomsEnforcement (ICE). 1 Many <strong>of</strong> theseinvestigations have resulted in finesissued by the U.S government, <strong>and</strong>some ICE raids have led to criminalcharges being brought against owners<strong>and</strong> managers. An unintended consequence<strong>of</strong> Form I-9 ICE raids has beenthe growing number <strong>of</strong> discriminationsuits brought as a result. These suits are rarelybrought against employers who are maliciouslypreventing people from working, but manytimes are levied against persons who weremisinformed about Form I-9 requirements <strong>and</strong>broke the law by being “over compliant.”In order to limit a company’s Form I-9liability, every Human Resources (HR) departmentrepresentative should be trained in therules <strong>and</strong> regulations governing the I-9 form. Athorough vetting <strong>of</strong> the M-274 (The H<strong>and</strong>bookfor Employers: Instructions for Completing aForm I-9) 2 by each HR representative is essentialto avoiding fines <strong>and</strong> sanctions related to theform. A Form I-9 policy, based on the guidancefound within the M-274, is vital because <strong>of</strong> theintricacies <strong>of</strong> the Immigration <strong>and</strong> NationalityAct (INA), which governs employment verificationlaws related to I-9 forms. The convoluted<strong>and</strong> detailed INA regulations for I-9 formsresult in investigations <strong>of</strong> employers who hadnothing but the best intentions. One <strong>of</strong> themost commonly overlooked regulations inthe INA is the anti-discrimination provision,which prevents employers from asking potentialemployees for specific documents to verifyemployment eligibility. The INA anti-discriminationprovision also prohibits employers fromplacing additional document burdens on workauthorizedemployees.Unfortunately, many HR representativesstill “over document” employees’ workauthorization, exposing their company to discriminationlawsuits brought by the UnitedStates Department <strong>of</strong> Justice (DOJ) as well asother government entities, or even the wrongedindividuals themselves. In order to complywith employment eligibility verification regulations,an employer must examine either anoriginal document from List A (U.S. passport,Employment Authorization document,50 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

In the current enforcementenvironment, many employershave become concerned that theirI-9 forms may contain errors<strong>and</strong> have overcompensated bydeveloping unnecessary (<strong>and</strong>sometimes illegal) practices toimprove their I-9 compliance.Permanent Resident card, etc.) or a combination<strong>of</strong> a List B (driver’s license, voter registrationcard, etc.) <strong>and</strong> a List C document governmentissuedbirth certificate, Social Security card,etc.). The potential employee must be allowed toprovide any combination <strong>of</strong> valid documents inorder to satisfy Form I-9 requirements.In the current enforcement environment,many employers have become concerned thattheir I-9 forms may contain errors <strong>and</strong> have overcompensatedby developing unnecessary (<strong>and</strong>sometimes illegal) practices to improve their I-9compliance. As a result, some companies haveasked individuals to provide specific documentsfor employment eligibility verification, or if ac<strong>and</strong>idate is not a citizen <strong>of</strong> the United States,they have asked for more documents than arenecessary to complete a Form I-9.Generations Healthcare, a healthcareprovider based in California, was recentlyinvestigated <strong>and</strong> is now being prosecutedby the DOJ for m<strong>and</strong>ating that all non-UScitizens, who apply for employment withGenerations’ St. Francis Pavilion facility inDaly City, present extra work authorizationdocumentation, a burden that was not placedon native-born US citizens. 3Other employers, such as Garl<strong>and</strong> SalesInc., a Georgia rug manufacturer, refusedto accept sufficient employment verificationdocuments from persons <strong>of</strong> foreignorigin, <strong>and</strong> would request that naturalizedUS citizens provide their permanent residentcard, or “green card.” 4 If the employee refusedGarl<strong>and</strong>’s request, their employment <strong>of</strong>fer wasrescinded. As a result, the Office <strong>of</strong> SpecialCounsel (OSC) for Immigration Related UnfairEmployment Practices prosecuted the company<strong>and</strong> required them to pay $10,000 in backpay <strong>and</strong> civil penalties.To protect a company from an OSCemployment discrimination investigation, <strong>and</strong>to also remain vigilant in employment verificationpractices, we recommend that a company’sHR department has a detailed Form I-9 compliancepolicy with a corresponding checklist.Specifically, the policy should instruct yourHR department to provide each potentialemployee with the government approved list <strong>of</strong>acceptable Form I-9 documents. This ensuresthat no miscommunication can occur <strong>and</strong> preventsyour HR department from accidentallyrequesting specific documentation, whichcould be construed as discriminatory.Above all, a company’s Form I-9 policyshould stress consistency. Most OSC investigationstarget companies that treat foreignnationals <strong>and</strong> naturalized U.S. citizens differentlythan native born U.S. citizens. Bykeeping employment eligibility verificationprocesses consistent for each potentialemployee <strong>and</strong> keeping a well-trained HR staff,any company should be able to navigate theever choppier enforcement waters surroundingthe Form I-9. ✵1. Jordan, Miriam: “Crackdown Resumes on Firms’ Illegal Hires.” WallStreet Journal, November 15, 20112. U.S. Citizen <strong>and</strong> Immigration Services: H<strong>and</strong>book for Employers:Instructions for Completing Form I-9 Employment EligibilityVerification Form. M-274 (Rev. 06/01/11) N. Available at http://www.uscis.gov/files/form/m-274.pdf3. United States Department <strong>of</strong> Justice: “Justice DepartmentFiles Lawsuit Against California Healthcare Provider AllegingDiscrimination.” News release, September 30, 2011. Available at http://www.justice.gov/opa/pr/2011/September/11-crt-1301.html4. -United States Department <strong>of</strong> Justice. “Justice Department SettlesAllegations <strong>of</strong> Citizenship Status Discrimination <strong>and</strong> RetaliationAgainst Georgia Rug Manufacturer.” News release, December30, 2011. Available at http://www.justice.gov/opa/pr/2011/December/11-crt-1718.htmlJustin Estep is an Attorney with FosterQuan, LLP in Austin, Texas. He maybe reached at jestep@fosterquan.com.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 51

Frederico Melville NovellaChairman <strong>of</strong> the Risk <strong>and</strong><strong>Compliance</strong> CommitteeChristie Ippisch<strong>Corporate</strong> <strong>Compliance</strong> OfficerGrupo ProgresoGuatemala CityGuatemalaan interview by Adam TurteltaubMeet Frederico MelvilleNovella <strong>and</strong> Christie Ippisch<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012AT: Tell us a bit about Grupo Progreso’sbusiness.FMN: Grupo Progreso started operationsin Guatemala in 1899 with a cement companycalled Cementos Novella. In 2007, it exp<strong>and</strong>edits operations to have a new division <strong>of</strong> distribution<strong>and</strong> sale <strong>of</strong> construction materials <strong>and</strong>aggregates, white line (home appliances <strong>and</strong>fixtures), tools, etc.With 112 years in business, its core businessis the production <strong>of</strong> cement, <strong>and</strong> it hasapproximately 7,000 employees overall. It operatesfrom Guatemala to Panama; <strong>and</strong> we are inall the Central American countries with differentproducts.AT: For how many years has the companyhad a compliance function?FMN: Since the company started operations,it has been managed with a strict code <strong>of</strong> ethics,with the example set by the founder Carlos F.Novella <strong>and</strong> his <strong>of</strong>fspring. Then, six years ago,in March 2006, a formal code <strong>of</strong> ethics was written<strong>and</strong> made public to all <strong>of</strong> the employees.Also, the role <strong>of</strong> a <strong>Compliance</strong> department witha compliance <strong>of</strong>ficer started that year.AT: What led the company to create a<strong>Compliance</strong> function?FMN: Grupo Progreso is a family-ownedcompany. They were focused on maintainingthe legacy <strong>of</strong> the family founder by incorporatingthis family’s legacy in the corporation.The founder’s principles were instilled in his<strong>of</strong>fspring <strong>and</strong> following generations, <strong>and</strong> thenwere written down as a code <strong>of</strong> values, ethics,<strong>and</strong> conduct (COVEC).As the Chairman <strong>of</strong> the Board <strong>and</strong>Lead Director <strong>of</strong> the <strong>Corporate</strong> Risk <strong>and</strong><strong>Compliance</strong> Committee, I was aware <strong>of</strong> thenecessities <strong>of</strong> a <strong>Compliance</strong> department. I wasthe main promoter <strong>of</strong> the compliance program,52 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

with the support <strong>of</strong> the board members, whohave also always believed in the necessity <strong>of</strong>this department.AT: How st<strong>and</strong>ard is it for companiesin Guatemala to establish a <strong>Compliance</strong>department?CI: We are one <strong>of</strong> the leading Guatemalancorporations. This is a new trend, seen todayas an actual necessity. Cementos Progresohas been recognized <strong>and</strong> given awards byCentrarse, which is a local entity that promotesthe social responsibility <strong>of</strong> companies.AT: How is the compliance team structured?CI: The compliance <strong>of</strong>ficer reports to theAudit Committee. Here we call it the Risk<strong>and</strong> <strong>Compliance</strong> Committee. There is a vicepresident who is responsible for <strong>Compliance</strong>,Legal <strong>and</strong> Risk (audit). The compliance <strong>of</strong>ficerreports organizationally to him.AT: What’s your background, <strong>and</strong> how didyou become a member <strong>of</strong> the compliance team?CI: I have twenty-three years <strong>of</strong> experience,mainly in banking. I was treasurer <strong>of</strong> the secondlargest bank in Guatemala during early 1990s,then I worked almost nine years for Citibank asCountry Treasurer, <strong>and</strong> then I was the FinancialInstitutions <strong>and</strong> Public Sector Head.While I worked for Citibank, we focusedon training banks, financial companies, <strong>and</strong>the government with topics like anti-moneylaundering, know-your-customer policies,managing regulatory issues, etc. Due to mybackground, I started as an advisor to the Risk<strong>and</strong> <strong>Compliance</strong> Committee, becoming the<strong>Corporate</strong> <strong>Compliance</strong> Officer.AT: What is the outline <strong>of</strong> your program?In the U.S., companies tend to follow theFederal Sentencing Guidelines, <strong>of</strong> course.What did you use?CI: Basically, my role as a <strong>Corporate</strong><strong>Compliance</strong> Officer is to establish the mechanisms<strong>of</strong> control <strong>and</strong> application <strong>of</strong> the code <strong>of</strong>ethics <strong>and</strong> conduct. And I effectively managethe mechanisms to notify us <strong>of</strong> good or badconduct. The hotline, emails, suggestion boxes,<strong>and</strong> notifications are presented directly to me.I also work to create a culture <strong>of</strong> integrity<strong>and</strong> doing the right thing. This includes establishingprocedures <strong>and</strong> controls to identify<strong>and</strong> manage conflicts <strong>of</strong> interests. I also monitorthat the company complies with the laws<strong>and</strong> regulations, supported by areas such asInternal Audit <strong>and</strong> Legal.AT: What are some <strong>of</strong> the key compliancechallenges that Grupo Progreso faces?CI: Trying our best, through our people,to help change a negative view <strong>of</strong> complianceinto a winning culture <strong>and</strong> a winningorganizational compliance culture! It is achallenging subject, since locally you need toconvince the board members that implementinga code <strong>of</strong> ethics <strong>and</strong> all <strong>of</strong> the compliancestructure will benefit the company, <strong>and</strong> it’snot only an extra bureaucratic process withinthe company.AT: Are these challenges typical for yourindustry, or are they common for other businessesin Guatemala?CI: They are common for all businesses inGuatemala.AT: What role does the Guatemalan governmentplay in encouraging compliance programs?CI: They have been proactive by starting toimplement the role <strong>of</strong> the compliance <strong>of</strong>ficerin the financial system with strict anti-moneylaundering controls, <strong>and</strong> all internationalrequirements, such as the antiterrorist laws.The government—the Superintendent <strong>of</strong> TaxAdministration, for example—has enforced<strong>and</strong> strengthened regulatory issues <strong>and</strong> controlssignificantly. ✵Adam Turteltaub is Vice President <strong>of</strong> Membership for SCCE. Hecan be contacted at adam.turteltaub@corporatecompliance.org.Christie Ippisch can be contacted at cippisch@hotmail.com.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 53

y Gilbert Geis, PhD <strong>and</strong> Henry N. Pontell, PhD<strong>Corporate</strong> codes <strong>of</strong> conductin the United States»»A code <strong>of</strong> conduct informs employees about acceptable behaviors the company expects <strong>and</strong> the conduct that will not be tolerated.»»Codes have proliferated as courts have held employers responsible for monitoring the actions <strong>of</strong> their employees.»»If codes are not enforced, employees will see them as window dressing, <strong>and</strong> ignoring the rules will become part <strong>of</strong> the corporate culture.»»The content <strong>of</strong> codes has changes as price fixing, foreign bribes, sexual harassment, <strong>and</strong> insider trading sc<strong>and</strong>als have come to light.»»The effectiveness <strong>of</strong> a code <strong>of</strong> conduct is not a mitigating factor in the Dodd-Frank legislation.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012The <strong>Corporate</strong> <strong>Compliance</strong> Committee <strong>of</strong>the American Bar Association’s Section<strong>of</strong> Business Law defines business codes<strong>of</strong> conduct in the following terms:A corporate compliance <strong>and</strong> ethics programconsists <strong>of</strong> an organization’s code(s)<strong>of</strong> conduct, policies, <strong>and</strong> proceduresdesigned to achieve compliance with applicablelegal regulations <strong>and</strong> internal ethicalst<strong>and</strong>ards. To do so, the organization must:first, create an ethical corporate culturethat educates <strong>and</strong> motivates the organization’semployees to act consistent withlegal rules <strong>and</strong> cultural norms <strong>and</strong> second,deter <strong>and</strong> detect violations through riskassessment, monitoring, auditing, <strong>and</strong>appropriate discipline. 1In a shorth<strong>and</strong> definition, two law writersnote that, for them, a corporate code <strong>of</strong> conductis “any written statement <strong>of</strong> ethics, law,or policy (or some combination there<strong>of</strong>) indicatingthe obligation <strong>of</strong> one or more classes <strong>of</strong>corporate employees.” 2The striking surge in recent decades inthe number <strong>of</strong> corporate codes <strong>of</strong> conduct inthe United States has been motivated primarilyby the prospect <strong>of</strong> more lenient treatmentif a company employee is discovered violatinga law related to his/her job. Sophisticatedcompany codes <strong>and</strong> devoted dedication toindoctrination <strong>of</strong> employees regarding theimportance <strong>of</strong> the codes may result in amnestyfrom prosecution, less severe penal sanctions,or reduced civil fines. The codes alsohold the prospect <strong>of</strong> deterring undesirablepractices more efficiently than regulatoryoversight, because <strong>of</strong> the formalforewarning to possible miscreantsthat certain behaviors are forbiddenby company policy. 3 The development<strong>of</strong> corporate codes <strong>of</strong> conductalso requires corporate executives todetermine what forms <strong>of</strong> behavior Geis(beyond those that are illegal) violatethe moral <strong>and</strong> ethical st<strong>and</strong>ards thatthe company desires to uphold. Thecodes further can serve as discussiontopics for internal seminars that seekto translate their words into attitudes<strong>and</strong> actions on the part <strong>of</strong> all <strong>of</strong> acompany’s workers.The codes thus represent an Pontellattempt by the business world to de-fang thevicarious liability doctrine enunciated byAmerican courts that decrees that a companycan be found guilty <strong>of</strong> criminal conduct if anemployee does business in a manner that violatesthe law, even though the employee hadreceived explicit orders that he/she was notto engage in that conduct. The doctrine has54 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

een called “the blackest hole in the theory <strong>of</strong>corporate criminal law.” 4 In the leading case,United States v. Hilton Hotels Corp., a purchasingagent had twice been told not to boycottsuppliers who refused to contribute to a fundto promote tourism. The employee grantedthat he defied orders <strong>and</strong> said he did so out <strong>of</strong>anger <strong>and</strong> pique at the suppliers. The court, infinding the company guilty, justified its rulingwith the following reasoning:With such important interests at stake,it is reasonable to assume that Congressintended to impose liability upon businessentities for the acts <strong>of</strong> those to whomthey chose to delegate their affairs, thusstimulating a maximum effort by others<strong>and</strong> managers to assure adherence by suchagents to the requirements <strong>of</strong> the [law]. 5The Supreme Court’s decision turned itsback on an earlier federal appellate court rulingthat had held in 1946 that the Holl<strong>and</strong> FurnaceCompany was not liable for the wartime act <strong>of</strong>a salesperson who, contrary to the rules <strong>of</strong> theWar Production Board, had sold a new furnaceto a customer whose own furnace was not wornout, damaged beyond repair, or destroyed. 6Arguments against vicarious liability reston the assumption that a company with a strongcompliance program has already maximizedwhatever detection <strong>and</strong> deterrence force itsprosecution for the wrongdoing <strong>of</strong> its employeemight carry. 7 This viewpoint, however, is at bestarguable. It could be that charging the corporationwill intensify <strong>and</strong> improve its efforts tokeep employees honest <strong>and</strong> may cause otherentities to re-evaluate their compliance codesso as not to have an <strong>of</strong>fense, such as the one inquestion, occur in their ranks.Antitrust activityThe Sherman Antitrust law <strong>of</strong> 1890 representedan attempt by the United States to combat theincreasing monopolistic trend in the businessworld. The eminent economist Adam Smith, asfar back as 1776, wrote about the desire <strong>of</strong> businessesto eliminate competition by conspiringto fix prices. “People <strong>of</strong> the same trade seldommeet together, even for merriment <strong>and</strong> diversion,”Smith wrote, “but the conversation endsin a conspiracy against the public, or in somecontrivance to raise prices.” 8One General Electric conspiratorsaid: “Every direct supervisorI had directed me to meet withcompetition. It had become socommon <strong>and</strong> gone on for somany years, I think we lost sight<strong>of</strong> the fact that it was illegal.”The 1961 heavy electrical antitrust conspiracyled to the production <strong>of</strong> the firstwave <strong>of</strong> corporate codes <strong>of</strong> conduct in theUnited States. These codes largely dealtwith price-fixing, the subject that in theearly days was the major focus <strong>of</strong> corporatecodes <strong>of</strong> conduct. 9 The case involved29 corporations <strong>and</strong> 45 individuals, includingvice presidents <strong>of</strong> the industry giantsWestinghouse <strong>and</strong> General Electric (GE).Seven <strong>of</strong> the defendants received 30-day jailsentences, an outcome that, at the time, wasconsidered draconian.One General Electric conspirator said:“Every direct supervisor I had directed meto meet with competition. It had become socommon <strong>and</strong> gone on for so many years, Ithink we lost sight <strong>of</strong> the fact that it was illegal.”10 Yet, General Electric in 1946 had issueda directive, number 20.5, that spelled out thecompany’s policy against price-fixing in termsstronger than those found in the federal law.It read:<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 55

It is the policy <strong>of</strong> the company to complystrictly in all respects with the antitrustlaws. There shall be no exception to thispolicy, nor shall it be compromised orqualified by an employee acting for oron behalf <strong>of</strong> the company. No employeeshall enter into any underst<strong>and</strong>ing, agreement,plan or scheme, express or implied,formal or informal, with any competitor,in regard to prices, terms or conditions <strong>of</strong>sale, production, distribution, territories, orcustomers; nor exchange or discuss with acompetitor prices, terms, or conditions <strong>of</strong>sale, or any other competitive information;nor engage in any other conduct that in theopinion <strong>of</strong> the company’s counsel violatesany <strong>of</strong> the antitrust laws. 11charged companies, without internal directives,retained the malefactors.Bribery to secure foreign contractsTwo developments prompted further activityin the development <strong>of</strong> internal codes <strong>of</strong> conductin American companies. The first was theWatergate break-in by thugs working on behalf<strong>of</strong> the re-election <strong>of</strong> President Richard M.Nixon. The investigation <strong>of</strong> the botched burglaryuncovered numerous illegal donations<strong>of</strong> corporate moneys to the president’s electioncampaigns. These contributions tended to bedisguised by accounting tactics that brokethem into small amounts unlikely to be discoveredby external auditors who rarely did morethan a cursory sampling <strong>of</strong> such transactions.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Each manager periodically was asked toindicate in writing that he/she was adheringto this policy, specifying that: “I am observingit <strong>and</strong> will observe it in the future.” But,most employees presumed that the directivewas window-dressing, meant to lull thepublic <strong>and</strong> the regulatory authorities. OneGE employee, however, refused to engage inprice-fixing after he initialed the document.A witness before a U.S. Senate committeeinvestigating the price-fixing crimesexplained what happened:[My superior] told me, “This fellow is afine fellow, he is capable in every respectexcept he was not broad enough for his job,that he was so religious that he thought, inspite <strong>of</strong> what his superiors said, he thoughtthat having signed that, that he shouldnot do any <strong>of</strong> this <strong>and</strong> he is getting us introuble with competition. 10The consequences for the convicted violators,in part, reflected the existence <strong>of</strong> the codeat General Electric. The company fired allthose implicated in the conspiracy. The otherIt is telling that, despite theseguidelines, prosecutions forinsider trading <strong>of</strong>ten rely noton the core law but on auxiliaryviolations such as perjury.The second situation was the discoverythat American companies were paying hugebribes to overseas corporations, politicians,<strong>and</strong> political parties to obtain contracts. Anamnesty approach saw more than 400 companies,including 117 <strong>of</strong> those on the Fortune 500List, admit to having paid out more than $300million to foreign sources. In 1977, Congressenacted the Foreign Corrupt Practices Actthat criminalized such actions. Corporationsresponded to both <strong>of</strong> these sc<strong>and</strong>als by creatinginternal governance rules that prohibitedoverseas bribery. 12 Specifically, <strong>of</strong>fendingcompanies had to assure the Securities <strong>and</strong>Exchange Commission that they had takensteps to see that such activities did not recur.In addition, in 1988, the Insider Trading<strong>and</strong> Securities Fraud Enforcement Act56 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

m<strong>and</strong>ated that broker-dealers <strong>and</strong> investmentadvisers had to establish, maintain, <strong>and</strong>enforce reasonably designed written policies<strong>and</strong> procedures, taking into considerationdetails <strong>of</strong> their operations in order to preventthe misuse <strong>of</strong> material, nonpublic information.It is telling that, despite these guidelines,prosecutions for insider trading <strong>of</strong>ten relynot on the core law but on auxiliary violationssuch as perjury. The reason is that mensrea, or criminal intent, is <strong>of</strong>ten particularlydifficult to establish, because the accusedcan <strong>of</strong>ten claim that he/she always intendedto engage in the transaction <strong>and</strong> that it wascoincidental that the move was made prior tointernal awareness <strong>of</strong>, as yet, nonpublic informationabout an anticipated large gain or lossin the stock.What do the codes say?<strong>Corporate</strong> codes <strong>of</strong> conduct have became morewidespread <strong>and</strong> somewhat more complexwith the passage <strong>of</strong> time <strong>and</strong> with the federalm<strong>and</strong>ates discussed below, but their essentialnature does not differ much today from thecodes put in place during the half century thatfollowed the end <strong>of</strong> the second World War.The pioneer survey <strong>of</strong> corporate codes <strong>of</strong> conductwas undertaken in 1984 by Fried Frank,an international corporate law firm headquarteredin New York <strong>and</strong> with <strong>of</strong>fices in,among other places, London, Hong Kong, <strong>and</strong>Shanghai. The survey was updated three yearslater with about one-third <strong>of</strong> the companiesresponding. Subjects were companies listed byFortune magazine as the largest five hundredin the United States. Presumably, those whoresponded were the most likely to have codesin place (90% <strong>of</strong> them did), although organizationalprivacy <strong>and</strong> secrecy concerns may havelimited the response somewhat.A common thread in the codes was thedesire to protect the company from liability.Table 1, from the second Fried Frank survey,indicates the categories reported by thecompanies.TABLE 1: Issues addressed in corporate codes <strong>of</strong> conduct 13ISSUEPERCENTConflict <strong>of</strong> interest.......................................97%Gifts..............................................................87%Misuse <strong>of</strong> confidential information............. 83%Foreign corrupt practices .......................... 83%Political contributions ................................ 79%Insider trading .............................................73%Antitrust.......................................................64%Labor relations............................................ 27%Other........................................................... 29%Source: Siegel (2006:1603)Cressey <strong>and</strong> Moore also found what theycalled “a disproportionate degree <strong>of</strong> attention”accorded to conflicts <strong>of</strong> interest in the corporatecodes. They note that this discrepancy isparticularly pronounced in regard to nonindustrialfirms. They believe that a traditionalemphasis had been placed on preventing actsdirectly harming the company <strong>and</strong> that onlyrecently had concerns about public interestscome to the fore. 14The Federal Sentencing GuidelinesThe compliance code movement picked upconsiderable speed in 1991 with the introduction<strong>of</strong> the United States SentencingCommission’s Guidelines for the Sentencing<strong>of</strong> Organizations (FSGO), 15 a document thatset out criteria for aggravating or mitigatingstipulated penalties. The FSGO established“the most significant impetus toward internalcorporate policing.” 16 The most important mitigatingfactor was the presence <strong>of</strong> a program“to prevent <strong>and</strong> detect violations <strong>of</strong> law.” TheCommission issued what came to be calledthe “seven steps” for constructing a satisfactorycompliance effort. These steps call for aprogram that is “reasonably designed, implemented,<strong>and</strong> enforced so that it generally will<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 57

<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012be effective.” Obviously, the hedge words“reasonably” <strong>and</strong> “generally” provide a gooddeal <strong>of</strong> leeway for prosecutorial <strong>and</strong> judicialjudgment <strong>and</strong> it is hardly surprising thatmitigations on the grounds <strong>of</strong> compliance programshave not been readily achieved.The greater importance <strong>of</strong>corporate codes <strong>of</strong> conduct wasillustrated in the Caremark casesin which the members <strong>of</strong> theboard <strong>of</strong> directors were suedfor what was alleged to be theirfailure to deal with, or even learnabout, illegal actions within thehealthcare company.This first set <strong>of</strong> guidelines specified thedesignation <strong>of</strong> specific high-level personnelto set the program into operation. In a burst<strong>of</strong> bureaucratic statement-<strong>of</strong>-the-obvious, theseven steps indicated that those running theprogram ought themselves not to possess whatwas labeled “a propensity to engage in illegalactivities.” Finally, the guidelines noted thatcompanies should take into account their particularcharacteristics in formulating rules, suchas their size, the likelihood <strong>of</strong> certain forms <strong>of</strong>wrongdoing given their kind <strong>of</strong> business, <strong>and</strong>their prior history <strong>of</strong> corporate misconduct.After several years <strong>of</strong> study <strong>and</strong> debate, in2004 the USSC, responding to a report <strong>of</strong> an adhoc committee, revised the FSGO, exp<strong>and</strong>ingtheir reach <strong>and</strong> renaming them the “ethics <strong>and</strong>compliance program.” The new guidelinesurged the diligent promotion <strong>of</strong> compliance<strong>and</strong> the provision <strong>of</strong> incentives to see thatthey are obeyed. They also called for ongoingevaluation <strong>of</strong> the effectiveness <strong>of</strong> the complianceprogram to exp<strong>and</strong> the earlier focuson post-violation inquiries about what hadgone wrong. The training <strong>of</strong> new employees<strong>and</strong> refresher courses for existing personnelwas also made more stringent. Particularlyimportant were stricter st<strong>and</strong>ards for members<strong>of</strong> the board <strong>of</strong> directors who were nowrequired to “be knowledgeable about thecontent <strong>and</strong> operation <strong>of</strong> the compliance <strong>and</strong>ethics program <strong>and</strong> [to] exercise reasonableoversight with respect to [its] implementation<strong>and</strong> effectiveness.” Finally, the new guidelinesm<strong>and</strong>ated risk assessment proceduresto determine those matters that had to bestressed in the guidelines. 17The FSGO had been authorized because <strong>of</strong>disconcerting evidence that different judgeswere imposing very different penalties for<strong>of</strong>fenders who seemingly had committed muchthe same kind <strong>of</strong> crime. But the rather rigidguidelines had irritated many judges, becausethey saw them as undermining their judgmentabout proper punishment, reducing them to nomore than robots consulting preexisting tables.This view prevailed with the Supreme Court in2004 when, in United States v. Booker, the FSGOwere decreed to be advisory, not m<strong>and</strong>atory.Later research found that about 70% <strong>of</strong> thesentences levied following the Booker decisionadhered to the FSGO. 18 The greater judicialflexibility nonetheless did permit businesses totry to benefit from the development <strong>and</strong> installation<strong>of</strong> comprehensive codes <strong>of</strong> conduct.The greater importance <strong>of</strong> corporate codes<strong>of</strong> conduct was illustrated in the Caremarkcases 19 in which the members <strong>of</strong> the board <strong>of</strong>directors were sued for what was alleged to betheir failure to deal with, or even learn about,illegal actions within the healthcare company.A Delaware chancery court thought thatthis was asking too much <strong>of</strong> the board, but itendorsed a settlement stipulation that explicitlyimposed a somewhat precise fiduciaryduty on the directors to attend to internal violations,although the judge suspected that the58 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

ule would not notably alter significantly whathad always been part <strong>of</strong> the directors’ obligations.The stipulation decreed:The Board will establish a <strong>Compliance</strong> <strong>and</strong><strong>Ethics</strong> Committee <strong>of</strong> four Directors, two <strong>of</strong>which will be non-management directors,to meet at least four times a year to effectuatethese [compliance] policies <strong>and</strong> monitorbusiness segment compliance with theARPL [the Anti-Referrals Payment Lawwhich prohibits kickbacks], <strong>and</strong> report tothe Board semi-annually concerning complianceby each business segment. 19The most prominent attention in theUnited States to corporate guidelines has beenin regard to workplace sexual harassment. TheU.S. Supreme Court <strong>of</strong>fered a st<strong>and</strong>ard for consideration<strong>of</strong> such guidelines by the judiciary:While pro<strong>of</strong> that an employee has promulgatedan anti-harassment policy withcompliant procedure is not necessary inevery instance as a matter <strong>of</strong> law, the needfor stated policy suitable to the employmentcircumstances may appropriately beaddressed in any case when litigating thefirst element <strong>of</strong> the defense.” 20Kimberly Ellerth, a salesperson in the company’sChicago <strong>of</strong>fice, had sued BurlingtonIndustries for alleged sexual overtures by hersupervisor <strong>and</strong> his implied threats <strong>of</strong> retaliationfor her failure to “loosen up.” She hadnot reported her concerns to <strong>of</strong>ficials <strong>of</strong> thecompany. The Supreme Court indicated thatthe core issue was vicarious liability <strong>and</strong> thatBurlington in its defense could claim thatit had made suitable efforts to inhibit suchkinds <strong>of</strong> behavior by its employees. The Courtindicted two possible elements <strong>of</strong> such adefense: (1) That it exercised reasonable careto prevent <strong>and</strong> correct promptly any sexuallyharassing behaviors; <strong>and</strong> (2) that the employeeunreasonably failed either to take advantage<strong>of</strong> any preventative or corrective opportunitiesprovided or otherwise avoided them. 21Tyson Corporation: A case studyIn December 1997, Tyson Foods, Inc. pledguilty to felony charges based on its illegallygiving the United States Secretary <strong>of</strong>Agriculture approximately $12,000 in gifts<strong>and</strong> favors, including football tickets, travelsubsidies, <strong>and</strong> food. As part <strong>of</strong> its settlementagreement the company, which at the timehad 66,000 employees in 27 American states<strong>and</strong> a number <strong>of</strong> foreign countries, agreed topay a multimillion dollar fine <strong>and</strong> be placedon a four-year term <strong>of</strong> probation. The settlementalso m<strong>and</strong>ated the creation <strong>of</strong> an <strong>Ethics</strong>Code Office <strong>and</strong> the creation <strong>of</strong> a corporatecode <strong>of</strong> conduct. In addition, two personswere prosecuted by the Independent Counselappointed to h<strong>and</strong>le the case. A Tyson lobbyistwas acquitted <strong>of</strong> the bribery charge,but convicted for making false statements t<strong>of</strong>ederal agents <strong>and</strong> received a small fine. Thecompany’s media director was found guilty <strong>of</strong>bribery <strong>and</strong> sentenced to the minimum termallowable under the FSGO, a year <strong>and</strong> a day<strong>of</strong> prison time. The agricultural secretary wasnever tried. The Tyson story provides insightsinto how governance codes can be m<strong>and</strong>ated<strong>and</strong> their operation can be closely monitored.And it also tells a tale <strong>of</strong> the kinds <strong>of</strong> indulgencespersons performing in the politicalarena can achieve.The settlement arrangement requiredthat Tyson report quarterly on its ethics programto a federal judge, a probation <strong>of</strong>ficer,the United States Department <strong>of</strong> Agriculture(USDA), <strong>and</strong> the Office <strong>of</strong> the IndependentCounsel (OIC, which was abolished in 1999<strong>and</strong> reformed as a branch <strong>of</strong> the federalDepartment <strong>of</strong> Justice). During the probationaryperiod, there were more than 70 surprise<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 59

<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012visits to the company site by inspectors forthe USDA <strong>and</strong> OIC. They checked records <strong>of</strong>ethics training sessions, saw to it that postersproclaiming the existence <strong>of</strong> a help-linefor whistleblowers were displayed prominently,<strong>and</strong> r<strong>and</strong>omly questioned employeesabout the company’s code <strong>of</strong> conduct. Hadthe inspectors been dissatisfied with Tyson’sethics efforts, its probation could have beenrevoked <strong>and</strong> serious penalties inflicted on it.The man in charge <strong>of</strong> the reformativeprogram was an attorney, but he notes thatnationwide only 19% <strong>of</strong> persons in positionsequivalent to his are lawyers, <strong>and</strong> only 3% havebackgrounds in security work—most are fromthe management ranks <strong>of</strong> their company. Heemphasizes that the corporate code <strong>of</strong> conductmust be “much more than a statement <strong>of</strong> ideals”<strong>and</strong> notes that it should, when they are relevant,cover the following topics: advertising, antitrust<strong>and</strong> unfair competition, bribery <strong>and</strong> improperpayments, company books <strong>and</strong> records, conflicts<strong>of</strong> interest, environmental affairs, equalemployment opportunity, frauds <strong>and</strong> misrepresentation,government contracting, internationalbusiness, political contributions, proprietaryinformation, <strong>and</strong> securities transactions. 22The surprise ending to the case camewhile both men were in the process <strong>of</strong> appealingtheir convictions. In late 2000 <strong>and</strong> early2001, President Bill Clinton granted full pardonsto both malefactors. The lesson seems tobe that white-collar bribery is an insignificantwhite-collar crime; after all, lobbyists engagein it constantly, albeit typically staying justinside the laws which they themselves havehad a significant h<strong>and</strong> in formulating. That acode <strong>of</strong> conduct <strong>and</strong> strict supervision <strong>of</strong> thewrongdoing company can be a consequence<strong>of</strong> the bribery is perhaps the best that can beexpected, given the very tight link betweencorporate contributions <strong>and</strong> the survival <strong>of</strong>politicians in <strong>of</strong>fice.Sarbanes-OxleyThe Sarbanes-Oxley Act <strong>of</strong> 2002 (SOX), moreformally known as the Public CompanyAccounting Reform <strong>and</strong> Investor ProtectionAct, was passed as a result <strong>of</strong> a widelypublicizedseries <strong>of</strong> sc<strong>and</strong>als that involvedEnron <strong>and</strong> its auditor <strong>and</strong> collaborator incrime, the auditing <strong>and</strong> consulting firm <strong>of</strong>Arthur Andersen, as well as WorldCom, Tyco,HealthSouth, <strong>and</strong> several other prominentbusiness operations. SOX requires public companiesto report whether they have a code <strong>of</strong>ethics that applies to their principal financial<strong>of</strong>ficer, comptroller, or principal accounting<strong>of</strong>ficer. When the Securities <strong>and</strong> ExchangeCommission (SEC) promulgated regulationsto flesh out the statute, it added the principalexecutive <strong>of</strong>ficer to the roster <strong>of</strong> those obligatedto meet the terms <strong>of</strong> a corporate code <strong>of</strong>conduct. A satisfactory code must contain atleast five elements:1. Honest <strong>and</strong> ethical conduct, includingthe ethical h<strong>and</strong>ling <strong>of</strong> actual or apparentconflicts <strong>of</strong> interest between personal <strong>and</strong>pr<strong>of</strong>essional relationships;2. Full, fair, accurate, timely, <strong>and</strong> underst<strong>and</strong>abledisclosure in reports that a registrantfiles with, or submits to, the Commission<strong>and</strong> in other public communications madeby the registrant.3. <strong>Compliance</strong> with applicable governmentlaws, rules, <strong>and</strong> regulations;4. The prompt internal reporting <strong>of</strong> violations<strong>of</strong> the code to an appropriateperson or persons identified in the code;<strong>and</strong>5. Accountability for adherence to the code. 23If a company decides not to adopt such acode, it must indicate why it had failed to doso. If a code is adopted, it must be publiclyavailable <strong>and</strong> any changes in its content mustbe conveyed to the SEC.60 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

The prosecutors’ perspectiveThe Thompson Memor<strong>and</strong>umThe federal Department <strong>of</strong> Justice (DOJ) in2003 indicated how it intended to respond incases in which reliance on a corporate code<strong>of</strong> conduct was an intricate part <strong>of</strong> the culture<strong>of</strong> a company suspected <strong>of</strong> having violatedthe law. The DOJ statement—known as theThompson Memor<strong>and</strong>um, after the deputyattorney general over whose signature it wasreleased—lists nine considerations that federalprosecutors should take into account in decidingwhether to investigate, charge, or negotiatea plea with the organization. Three <strong>of</strong> the considerationsrelate to codes <strong>of</strong> conduct:1. The corporation’s timely <strong>and</strong> voluntarydisclosure <strong>of</strong> wrongdoing <strong>and</strong> its willingnessto cooperate in the investigation <strong>of</strong> itsagents, including, if necessary, the waiver<strong>of</strong> corporate attorney-client <strong>and</strong> workproduct protection;2. The existence <strong>and</strong> adequacy <strong>of</strong> the corporation’scompliance program; <strong>and</strong>3. The corporation’s remedial actions,including any effort to implement aneffective corporate compliance programor to improve an existing one, to replaceresponsible management, to discipline orterminate wrongdoers, to pay restitution,<strong>and</strong> to cooperate with the relevant governmentagencies. 24The Thompson Memor<strong>and</strong>um spelledout in some detail the ingredients <strong>of</strong> a corporatecode <strong>of</strong> conduct that should be takeninto account when determining the disposition<strong>of</strong> a case. The critical factors, it declared,are “whether the program is adequatelydesigned for maximum effectiveness inpreventing <strong>and</strong> detecting wrongdoing byemployees <strong>and</strong> whether corporate managementis enforcing the program or is tacitlyencouraging or pressuring employees toengage in conduct to achieve business objectives.”The Memor<strong>and</strong>um repeated that pointin other words as well: the aim would be todetermine whether compliance rules weremerely a “paper program” or whether they“were designed in <strong>and</strong> implemented in aneffective manner.”The fact that an infraction had presumablyoccurred which brought the companyto the attention <strong>of</strong> the authorities could, <strong>of</strong>course, challenge any claim <strong>of</strong> effective design<strong>and</strong> implementation. Besides, the words“adequately” <strong>and</strong> “maximum effectiveness”leave a good deal to be desired in regard topreciseness.The McNulty Memor<strong>and</strong>umThe emphasis on waiving attorney-clientprivilege <strong>and</strong> work project privilege aroused astorm <strong>of</strong> protest from business organizations<strong>and</strong> the defense bar. In late 2006, in an update<strong>of</strong> the Thompson Memor<strong>and</strong>um, assistantattorney general Paul McNulty added threeelements to the clause in response to criticisms<strong>of</strong> the guideline undercutting the traditionalattorney privileges. These were:1. A corporation can cooperate withoutwaiving its privilege if it can provide thenecessary information through other means.2. Waiver requests should be made only ifthere is a “legitimate need,” defined as “acareful balancing <strong>of</strong> important policy considerationsunderlying the attorney-clientprivilege <strong>and</strong> the work project doctrine<strong>and</strong> the law enforcements needs <strong>of</strong> thegovernment’s ‘s investigation.”3. Waiver requests require high-level supervisoryapproval, which varies dependingon the sensitivity <strong>of</strong> the information beingsought. 25It is, at best, arguable whether theMcNulty Memor<strong>and</strong>um will do much to keep<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 61

prosecutors from dem<strong>and</strong>ing waivers. As onewriter expressed it, McNulty compared toThompson can be regarded as “a distinctionwithout a difference,” when a prosecutor isseeking a conviction <strong>and</strong> may well use everyweapon available in his or her arsenal toachieve that end. 26heed to corporate compliance with codes <strong>of</strong>conduct. Perhaps the bill’s sponsors believedthat codes <strong>of</strong> conduct had failed, or perhapsthey believed that they were as satisfactory<strong>and</strong> useful as they possibly could be. In anycase, it was neither the regulatory stick nor theself-regulatory carrot that carried the day.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012The Dodd-Frank Regulatory Reform ActThe severe global economic depression thatbegan to unfold in 2008 involved very dubiousactions by some <strong>of</strong> the largest <strong>and</strong> mostpowerful investment firms <strong>and</strong> banks in theUnited States, including Bear Stearns, LehmanBrothers, Merrill Lynch, Countrywide, AIG,<strong>and</strong> Bank <strong>of</strong> America. The meltdown inevitablybrought to the forefront the question:Why had not the earlier reforms, particularlythe emphasis on corporate codes <strong>of</strong> acceptableconduct, been unable to prevent the disaster?William Laufer addressed this disturbing considerationin the following terms:We must consider how firms that are heldin the highest regard, which have cuttingedgecompliance policies, <strong>and</strong> records <strong>of</strong>good corporate citizenship, are allegedto condone tacitly, tolerate, or participateactively in elaborate frauds. 27Laufer notes in particular the case <strong>of</strong>Goldman Sachs (the most successful WallStreet firm) which allowed one <strong>of</strong> its clients,a wealthy investor, to designate which toxicsubprime derivatives were to be peddled toGoldman customers while he himself wasshorting these same derivatives. GoldmanSachs settled with the SEC for $500 million forits sins, less than the amount that it annuallycontributes to charity.But what is particularly notable aboutthe Dodd-Frank Wall Street Reform <strong>and</strong>Consumer Protection Act (a measure that ranto more than 2,000 pages) was that it paid noAuditing codes <strong>of</strong> conductTwo fundamental questions lie at the heart <strong>of</strong>an audit <strong>of</strong> corporate codes <strong>of</strong> conduct. First,do such codes deter the conduct that they, atleast on their face, intend to inhibit? Second,even if unlawful conduct occurs, does a decentcorporate effort to prevent such behavior provebeneficial to the corporation in the ensuingdetermination <strong>of</strong> how the case is to be dealtwith? Or, on the other h<strong>and</strong>, as Gary Spence, aprominent defense lawyer has claimed, are thecodes “being adopted more for public relationsthan for the good <strong>of</strong> the public?” 28 This issueis beyond empirical determination, becausethere is not <strong>and</strong> likely never will be an accurateroster <strong>of</strong> corporate wrongdoing, so thatchanges in illegal corporate behavior can becorrelated with the appearance <strong>of</strong> interveningvariables, such as codes <strong>of</strong> conduct.At the same time, as one writer hasobserved: “For all that is known about thehistory <strong>and</strong> content <strong>of</strong> corporate ethics codesit is striking how little is known about theireffect in regulating conduct.” The writerpoints out that even the little that is known is“inconclusive” <strong>and</strong> notes that the knowledgebase largely is made up <strong>of</strong> studies <strong>of</strong> collegeundergraduates or business school majors whorespond to questionnaires, a situation very differentfrom the everyday world <strong>of</strong> corporatedecision-making. 29This opinion echoes an earlier observationmaking the same point: “Unfortunately,very little research has been devoted towardsdiscovering whether they [that is, corporatecodes <strong>of</strong> conduct] are effective in promoting62 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

ethical decision-making behavior.” 30 Thispair <strong>of</strong> researchers sought to gain someinsight into the question by testing 150 businessstudents regarding ethical choices <strong>and</strong>found that corporate codes <strong>of</strong> ethics arenot influential in determining a person’sdecision-making in situations involving ethicalconsiderations. This conclusion, at best asuggestive hint at the possible inadequacy <strong>of</strong>codes <strong>of</strong> conduct alone, reinforces the earlierrecommendation <strong>of</strong> two managerial scholarsthat codes <strong>of</strong> conduct should be accompaniedby five other elements:··Offer training programs which independently<strong>and</strong> explicitly address specifictreatment <strong>of</strong> ethical issues;··Limit the opportunity to engage inunethical behavior by providing a welldevelopedstructure <strong>and</strong> a system <strong>of</strong>checks <strong>and</strong> balances, including explicitpenalties for unethical behavior;··Let the employees know what penaltiesthe company imposes on those whoengage in unethical behavior;··Recognize how the behavior <strong>of</strong> coworkers<strong>and</strong> superiors can influence thebehavior <strong>of</strong> other employees in the organization;<strong>and</strong>··Develop an ethics committee to addressnew issues <strong>and</strong> help establish <strong>and</strong> evaluateexisting codes <strong>and</strong> policies. 31In regard to the question concerning prosecutorialleniency because <strong>of</strong> corporate duediligence in seeking to create a law-abidingworkforce, a 1989 plaint by attorneys for theRockwell Corporation during the sentencingphase <strong>of</strong> a case involving wrongful doublebillingsets forth the company’s chagrin thatits best compliance efforts had been ignored:The case…raises an issue that cuts to theheart <strong>of</strong> self-governance. If a defense contractorspends as much time, effort, <strong>and</strong>money on self-governance as Rockwellhas, deals with an incidence <strong>of</strong> employeewrongdoing in full accordance with theGovernment’s expectations as Rockwellhas, <strong>and</strong> it is then rewarded with the wraththe Government normally reserves for therecalcitrant, is such effort warranted? 32This is <strong>of</strong> course but one anecdotal item<strong>and</strong> it occurred before greater emphasis wasplaced on corporate conduct codes. Do companiescontinue to believe that their formalefforts to coerce, cajole, <strong>and</strong> otherwise createconformity are not adequately recognized<strong>and</strong> rewarded? Or has the great surge in theappearance <strong>of</strong> corporate codes <strong>of</strong> conduct providedbetter protection to corporate entitiesembroiled in instances <strong>of</strong> corporate violations<strong>of</strong> laws <strong>and</strong> regulations?Liability based on codes <strong>of</strong> conductThere exists in regard to corporate codes <strong>of</strong>conduct what Goldsmith <strong>and</strong> King 16 call the“unintended dilemma” that arises when acompany responds to regulatory incentivesby inaugurating a compliance program thatgenerates incriminating information that mayproduce civil <strong>and</strong> criminal liability. Earlier, <strong>and</strong><strong>of</strong>ten, companies learning <strong>of</strong> such waywardnessmay have informed the authorities <strong>of</strong> theirproblem, negotiated a correction, <strong>and</strong> clearedthe matter up. Today, in the United States theyseem more likely to calculate the chances thatthey will be caught <strong>and</strong> assume that risk, ifthey believe that the odds are in their favor.One <strong>of</strong> the reasons for this shift is that thesituation has changed <strong>and</strong> companies mayfind themselves in a court facing civil lawsuitsthat arise from self-incrimination. As a lawpr<strong>of</strong>essor has noted: “Corporations will sometimesbe held liable for violating the voluntaryst<strong>and</strong>ards that they adopt in codes <strong>of</strong> conduct,even if these st<strong>and</strong>ards are higher thanthe obligations imposed on the corporations<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 63

<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012by the law. 33 These lawsuits typically rest onallegations <strong>of</strong> false <strong>and</strong> misleading advertising<strong>and</strong> breach <strong>of</strong> contract, with the codes<strong>of</strong> conduct being characterized as a bindingagreement to do what it says.Illustrative is the story <strong>of</strong> the NikeCorporation which closed its domestic factoriesin 1980 <strong>and</strong> outsourced production <strong>of</strong> itsshoes to sites such as Indonesia, Pakistan, <strong>and</strong>Vietnam. A decade later, Nike found itselfbeing harshly criticized by the American mediafor the working conditions in the factories <strong>of</strong> itsoverseas suppliers. It was reported, for instance,to pay Vietnamese workers $.60 a day, thecountry’s minimum wage, when it cost an estimated$2.10 a day to have decent meals. 34 Nikeresponded at first by maintaining that it wasToday, in the United States[companies] seem more likely tocalculate the chances that theywill be caught <strong>and</strong> assume thatrisk, if they believe that the oddsare in their favor.responsible only to meet the legal requirements<strong>of</strong> the foreign countries, but this position didnot avert a domestic boycott <strong>of</strong> its products. In1992, Nike adopted a corporate code <strong>of</strong> conductfor its suppliers <strong>and</strong> specified its responsibilityfor their adoption <strong>of</strong> measures regardingmatters such as minimum wages, overtime,occupational health <strong>and</strong> safety, <strong>and</strong> environmentalprotection. The conduct m<strong>and</strong>ated inthe codes <strong>of</strong>ten was far more dem<strong>and</strong>ing thanlocal requirements: for instance, footwear workerswere required to be 18 years <strong>of</strong> age.Nonetheless, critics complained thatthe codes were nothing more than publicrelations gestures. In 1998, the company wassued in a California court on an allegationthat its reports violated the state law againstfalse advertising. The suit was backed upby a report indicating the use <strong>of</strong> dangerouschemicals in a South Korean factoryproducing Nike products <strong>and</strong> the claimthat working conditions <strong>of</strong>ten violated thespecifications in the code <strong>of</strong> conduct. Nikeunsuccessfully argued that what was beingcalled false advertising was permissibleunder the freedom <strong>of</strong> speech provisions <strong>of</strong>the First Amendment in the Constitution.Nike finally settled the case by agreeingto a $1.5 million donation to the Fair LaborAssociation. 35The Nike case was said to create fear thatit would deter businesses from incorporatingadequate corporate social responsibility principles(CSR) in their codes <strong>of</strong> conduct. This wouldtake place in the face <strong>of</strong> what are said to be:reports <strong>and</strong> literature [that] these codesdo appear to be helping reshape culturalattitudes within at least some MNCs [multinationalcorporations] by raising corporateawareness <strong>of</strong> potentially adverse MSN activityin the developing world <strong>and</strong> by creatingbenchmarks through which an externalgroup may measure their business. 35Considering these issues one writerhas observed: “Unfortunately, no empiricalevidence exists that measures how manycorporations reconsidered adopting CSR principlesin their codes <strong>of</strong> conduct in the wake<strong>of</strong> the Nike case.” The same writer notes thatin regard to such codes, companies currentlyface the problem <strong>of</strong> “creating additional legalobligations <strong>and</strong> providing opponents with therope to hang them with.” 3364 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Suggestive experimental dataThere is some intriguing but hardly quiteon-targetexperimental data regarding theuse <strong>of</strong> honesty prompts on subsequentbehavior. One such study found thatpersons who were asked to list the TenComm<strong>and</strong>ments (even if they could recallonly a few or none <strong>of</strong> them) did not cheaton an honesty test to the extent that otherswithout such an instruction did. The sameresult was obtained when the experimenterindicated that the test was being conductedunder the terms <strong>of</strong> the (non-existent) universityhonor code. 36 But, these were short-termresults with relatively inconsequential pay<strong>of</strong>fsinvolved. As the American muckrakerUpton Sinclair declared: “It is difficult to geta man to underst<strong>and</strong> something when hissalary depends upon not underst<strong>and</strong>ing.” 37And it is difficult to remain honest when acompetitor is outpacing you by playing fast<strong>and</strong> loose with the law. ✵1. FitzSimon, Jean K. <strong>and</strong> Paul E. McGreal: <strong>Corporate</strong> <strong>Compliance</strong>Survey. The Business Lawyer, 2005;60:17592. Pitt, Harvey L. <strong>and</strong> Karl A. Groskaufmanis: Minimizing<strong>Corporate</strong> Civil <strong>and</strong> Criminal Liability: A Second Lookat <strong>Corporate</strong> Codes <strong>of</strong> Conduct. Georgetown Law Journal,1990;78:1559-16123. Sigler, Jay <strong>and</strong> Joseph E. Murphy: <strong>Corporate</strong> Lawbreaking <strong>and</strong>Interactive <strong>Compliance</strong>: Resolving the Regulation-DeregulationDichotomy. New York: Quorum Books, 19914. Fisse, Brent: “Reconstructing <strong>Corporate</strong> Criminal Law:Deterrence, Retribution, Fault, <strong>and</strong> Sanctions.” Southern CaliforniaLaw Review, 1983;56:1141-12465. United States v. Hilton Hotels Corp., 467 F. 2d 1000 (9th Cir. 1972),cert. denied 409 U.S. 1125 (1973)6. Holl<strong>and</strong> Furnace Co. v. United States. 158 F.2d 2 (6th Cir. 1946)7. Weissmann, Andrew <strong>and</strong> Newman, David: “Rethinking<strong>Corporate</strong> Criminal Liability.” Indiana Law Journal, 2007;82:411-451. See also Walsh, Charles J. <strong>and</strong> Pyrich, Alissa: “<strong>Corporate</strong><strong>Compliance</strong> Programs as a Defense to Criminal Liability: Can aCorporation Save Its Soul?” Rutgers Law Review, 2005;47:605-6928. Smith, Adam: An Inquiry into the Wealth <strong>of</strong> Nations. London: W.Strahan <strong>and</strong> T. Cadell, 1776; bk. 1, ch. 10, 829. Gabel, Joan TA; Mansfield, Nancy P; <strong>and</strong> Houhgton, Susan M:“Letter vs. Spirit: The Evolution <strong>of</strong> <strong>Compliance</strong> into <strong>Ethics</strong>.”American Business Law Journal, 2009;46:453-48610. Geis, Gilbert: “The Heavy Electric Antitrust Cases <strong>of</strong> 1961,” inMarshall B. Clinard <strong>and</strong> Richard Quinney, eds., Criminal BehaviorSystems. New York: Holt, Rinehart <strong>and</strong> Winston, 1967; pp. 139-15011. United States Senate, Subcommittee on Antitrust <strong>and</strong> Monopoly<strong>of</strong> the Committee on the Judiciary, Administered Prices. 87thCongress, 1st Session. 1961; Washington DC, GovernmentPrinting Office, 1712012. Biegelman, Martin T. <strong>and</strong> Daniel R. Biegelman: FederalCorrupt Practices Act Guidebook: Protecting Your Organizationfrom Corruption <strong>and</strong> Bribery. Hoboken, NJ: John Wiley, 2010.See also Goelzer, Daniel L: “Designing an FCPA <strong>Compliance</strong>Program: Minimizing the Risks <strong>of</strong> Improper ForeignPayments.” Northwestern Journal <strong>of</strong> International Law & Business,1998;18:535-54713. Siegel, Michael L. (2006). <strong>Corporate</strong> America Fights Back: TheBattle Over the Waiver <strong>of</strong> the Attorney-Client Privilege. BostonCollege Law Review, 49:1-5414. Cressey, Donald R. <strong>and</strong> Moore, Charles A: Corporation Codes<strong>of</strong> Ethical Conduct. New York: Peak, Marewick, <strong>and</strong> MitchellFoundation, 1980:1615. 56 Federal Register 22,76216. Goldsmith, Michael <strong>and</strong> King, Chad W: “Policing <strong>Corporate</strong>Crime: The Dilemma <strong>of</strong> International <strong>Compliance</strong>.” V<strong>and</strong>erbiltLaw Review, 1997;50:1-48. See also Kaplan, Jeffrey M. <strong>and</strong> Murphy,Joseph R: <strong>Compliance</strong> Programs <strong>and</strong> <strong>Corporate</strong> Sentencing Guidelines(rev. ed.). 1993; St. Paul, MN: Thomson/West17. Hess, David; McWhorter, Robert S; <strong>and</strong> Fort, Timothy L: “The2004 Amendments to the Federal Sentencing Guidelines <strong>and</strong>their Implicit Call for a Symbiotic Integration <strong>of</strong> Business <strong>Ethics</strong>.”Fordham Journal <strong>of</strong> <strong>Corporate</strong> <strong>and</strong> Financial Law, 2006;11:725-76418. Berman, Douglas A. Assessing Federal Sentencing After Booker,”Federal Sentencing Reporter, 2005; 11:291-29419. In re Caremark International Inc., Derivative Litigation. 698 A.2d 959.Delaware Chancery, 199620. Burlington Industries v. Ellerth, 524 U.S. 742 (1998)21. Fair, Cynthia: “ Burlington Industries, Inc. v. Ellerth <strong>and</strong>Faragher v. City <strong>of</strong> Boca Raton: A Step in the Wrong Direction?”Boston University Public Law Journal, 2000;9:4409-431. For a critique<strong>of</strong> the decision focused on the court’s failure to appreciatethe empirical evidence regarding workplace sexual harassment,see Lawton, Anne: “Operating in an Empirical Vacuum: TheElleerth <strong>and</strong> Faragher Affirmative Defense.” Columbia Journal <strong>of</strong>Gender <strong>and</strong> Law, 2006;13:197-27322. Copel<strong>and</strong>, John D: “The Tyson Story: Building an Effective<strong>Ethics</strong> <strong>and</strong> <strong>Compliance</strong> Program.” Drake Journal <strong>of</strong> AgriculturalLaw, 2000;5:305-353 <strong>and</strong> Copel<strong>and</strong>, John D: “The Tyson Story: AnUpdate. Drake Journal <strong>of</strong> Agricultural Law, 2001;6:257-25923. 17 CFR §229.406a24. Available at www.usdoj.gov/dag/cft/business_organizations.pdf25. Available at www.usdoj/gove/dag/speeches/mcnulty_memo.pdf26. Weigard, Stephen A: “Waiver <strong>of</strong> the Attorney-Client Privilege<strong>and</strong> Work Product Production from Thompson to McNulty.”University <strong>of</strong> Cincinnati Law Review, 2008;76:1098-1118. See alsoMarks, Colin P: “<strong>Corporate</strong> Investigations, Attorney-ClientPrivilege <strong>and</strong> Selective Waiver: Is a Half Privilege Worth HavingAt All?” Seattle University Law Review, 2006;30:155-19427. Laufer, William S: “ Secrecy, Silence, <strong>and</strong> <strong>Corporate</strong> CrimeReforms.” Criminology & Public Policy, 2010;9:455-465 <strong>and</strong> Laufer,William S: “<strong>Corporate</strong> Bodies <strong>and</strong> Guilty Minds: The Failure <strong>of</strong><strong>Corporate</strong> Criminal Liability.” Chicago: University <strong>of</strong> ChicagoPress, 200628. Spence, Gary: With Justice for None: Destroying an American Myth.New York: Times Books, 1989, 27729. Newberg, Joshua A: “<strong>Corporate</strong> Codes <strong>of</strong> <strong>Ethics</strong>, M<strong>and</strong>atoryDisclosures, <strong>and</strong> the Market for Ethical Conduct.” Vermont LawReview,2005:29:253-29530. Clark, Margaret Anne <strong>and</strong> Leonard, Sherry Lynn: “Can<strong>Corporate</strong> <strong>Ethics</strong> Influence Behavior?”Journal <strong>of</strong> Business<strong>Ethics</strong>,1998;17:619-63031. Ferrell, OC <strong>and</strong> Gardiner, Garth: In Pursuit <strong>of</strong> <strong>Ethics</strong>: Tough Choicesin the World <strong>of</strong> Work. Springfield, IL: Smith Collins, Ferrell, 199132. United States v. Rockwelll Int’l Corp. (1989). Defendant’s SentencingMemor<strong>and</strong>um. No. 88-48-CBM (C.D. California)33. Brown, Elizabeth F: “No Good Deed Goes Unpunished: Is Therea Need for a Safe Harbor for Aspirational <strong>Corporate</strong> Codes <strong>of</strong>Conduct?” Yale Law <strong>and</strong> Policy Review, 2002;26:367-42134. Murphy, Sean D. (2005). Taking Multinational <strong>Corporate</strong> Codes <strong>of</strong>Conduct to the Next Level. Columbia Journal <strong>of</strong> Transnational Law,43:389-433.35. Kasky v. Nike, Inc. 45 P.3d 243 (California 2002)36. Ariely, Dan: Predictably Irrational: The Hidden Forces that Shape OurDecisions. New York: HarperCollins, 200837. Sinclair, Upton: I, C<strong>and</strong>idate for Governor: And How I Got Licked.Berkeley: University <strong>of</strong> California Press, 1935Gilbert Geis is a Pr<strong>of</strong>essor Emeritus in the Department <strong>of</strong> Criminology,Law <strong>and</strong> <strong>Society</strong> at the University <strong>of</strong> California, Irvine. He may be reachedat ggeis@uci.edu. Henry N. Pontell is a Pr<strong>of</strong>essor in the Department <strong>of</strong>Criminology, Law <strong>and</strong> <strong>Society</strong> at the University <strong>of</strong> California, Irvine. He maybe reached at pontell@uci.edu.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 65

y Dawn LomerSocial media evidence:A new accountability»»Courts are seeing an explosion <strong>of</strong> evidence from social media sites.»»Case law regarding social media evidence is still developing.»»Attorneys <strong>and</strong> investigators should stay abreast <strong>of</strong> new rulings as they happen.»»<strong>Ethics</strong> <strong>and</strong> common sense rule when it comes to gaining access to personal social media information.»»Rules <strong>of</strong> preservation apply to social media, just as they do elsewhere.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012LomerWhen 19-year-old Rodney Bradfordupdated his status on Facebookon October 18, 2009, he had noidea that his message about craving pancakeswould become the crucial piece <strong>of</strong> evidencethat would clear him <strong>of</strong> first-degree robberycharges. The Harlem teenager spenttwo weeks in jail before his father noticedthe status update, which had beenposted one minute before the robberyoccurred, from a location 12 milesaway from the crime. The districtattorney subpoenaed Facebook fordocumentation to prove Bradford hadupdated his status from his father’shome in Harlem, providing Bradfordwith a rock-solid alibi <strong>and</strong> a ticket to freedom.With more than 800 million users onFacebook, 200 million registered Twitter users,about 135 million on LinkedIn, <strong>and</strong> more than60 million already on Google+, it’s clear thatsocial media has become part <strong>of</strong> everyday lifefor a huge percentage <strong>of</strong> the world’s populationwith access to the Internet. It makespeople’s activities, even thoughts <strong>and</strong> feelings,trackable <strong>and</strong> discoverable.And while Bradford’s Facebook evidenceworked in his favor, that’s <strong>of</strong>ten not the case forthose whose social media activity is broughtunder scrutiny in the courts, which are seeingan explosion <strong>of</strong> this type <strong>of</strong> evidence. Theimplications are huge for companies whoseemployees use social media both at work <strong>and</strong>at home. In fact, half <strong>of</strong> all companies will needto produce material from social media sitesfor e-discovery by the end <strong>of</strong> 2013, accordingto a 2011 Gartner report, 1 entitled Social MediaGovernance: An Ounce <strong>of</strong> Prevention.A world <strong>of</strong> evidence“We are entering an entirely new world <strong>of</strong>communication, unprecedented in humanhistory,” says attorney Benjamin Wright, anauthor, e-discovery expert, <strong>and</strong> instructor atSANS Institute. “Social media makes e-maillook like stone tablets, in terms <strong>of</strong> the flexibility<strong>of</strong> communication, the volume <strong>of</strong> communication<strong>and</strong> the multiplication <strong>of</strong> copies <strong>of</strong>communication. I believe that our legal systemis only beginning to scratch the surface <strong>of</strong> thequestions related to how we gather evidence,how we respect privacy <strong>and</strong> how we authenticatethe evidence in the courtroom,” he says.Because it’s a relatively new field, newchallenges are coming to light each monthas more <strong>and</strong> more social media evidence isbeing used. It can be a valuable source <strong>of</strong>information for both sides in any case, sounderst<strong>and</strong>ing how to collect it ethically <strong>and</strong>leverage it legally will ensure it’s admissible.66 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

“In e-discovery, there is no differencebetween social media <strong>and</strong> electronic or evenpaper artifacts. The phrase to remember is ‘ifit exists, it is discoverable’,” said Debra Logan,Vice President <strong>and</strong> distinguished analyst atGartner, in a company press release. 2 “Uniqueaspects <strong>of</strong> social media present additionalchallenges, but as with an overall informationgovernance strategy, the key to avoiding ormitigating potential legal issues in the use <strong>of</strong>social media for business purposes is to have agovernance framework, policy, <strong>and</strong> user education,”she said.Ethical evidence-gatheringSocial media can certainly be a useful toolfor e-discovery when used responsibly, <strong>and</strong>it can sometimes be incredibly easy to accessevidence on these sites. If parties in a disputeleave their personal sites open for publicscrutiny, the evidence is generally accessibleto anyone, although there can be limitationson copyright <strong>and</strong> use <strong>of</strong> pictures. But, whena party in an investigation has a social mediapr<strong>of</strong>ile with tight privacy settings, gettingaccess to the information can be more difficult.A court may order that passwords bedisclosed or might request a user to providethe evidence from his/her own social mediapages to lawyers for the other side. But,without a formal request for disclosure, investigators<strong>and</strong> attorneys may be left with somedifficult dilemmas.To make matters even more complicated,how you can access information <strong>and</strong> whatinformation you can use as evidence—each hasits own set <strong>of</strong> developing rules. So far there arerelatively few st<strong>and</strong>ardized, widely acceptedmethods for gathering evidence from socialmedia sites. One approach is for the lawyer orinvestigator to print the social media page <strong>and</strong>show it to the judge or administrator. Capturingimages using a screen grab, time-stamping, <strong>and</strong>using a web cam to record yourself recordingthe evidence can be helpful to establish time<strong>and</strong> place. But this assumes that the materialyou need to access is readily available.Do not deceiveAttorneys <strong>and</strong> investigators have to be carefulabout how they access information posted on asocial media pr<strong>of</strong>ile. They cannot misrepresentwho they are in order to join their opposition’sprivate social media network. For example,you cannot create an account under an alias,“friend” the person under investigation, <strong>and</strong>then expect to use that information to supportyour case. The evidence won’t be admissible.It also violates the terms <strong>of</strong> service on somesocial media sites.“Lawyers <strong>and</strong> private investigatorshave ethical requirements,” says Wright.“Interpretation <strong>of</strong> those ethical requirementsis that these pr<strong>of</strong>essionals will not engage indeceit. Pr<strong>of</strong>essionals need to think very carefullybefore they use some kind <strong>of</strong> deceit inorder to be ‘friended’ by someone else,” he says,adding that in the right circumstances, police<strong>of</strong>ficers working undercover may be justified inassuming an identity to gather evidence, basedon the acceptable rules <strong>and</strong> procedures <strong>of</strong> alegitimate undercover investigation.Duty to preserveAnother ethical issue surrounds evidencepreservation. If social media pr<strong>of</strong>iles belong tothe people who create them, creators shouldhave the right to delete whatever they want,right? Not necessarily. “Lawyers are startingto realize that information contained on socialmedia sites may be related to litigation <strong>and</strong> arehaving to navigate the intersection <strong>of</strong> technology<strong>and</strong> the law,” says Rebecca Shwayri, anattorney <strong>and</strong> e-discovery expert at CarltonFields. “Because many social networking sitesare owned <strong>and</strong> controlled by third parties, thepreservation issues can be more difficult tomanage,” she says.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 67

<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012However, “There can be very serious penaltiesfor the destruction <strong>of</strong> evidence at a timethat you know that the social media evidencewill be relevant for some kind <strong>of</strong> a lawsuit orinvestigation,” says Wright. A Virginia lawyer<strong>and</strong> his client found this out the hard way.Isaiah Lester was suing Allied Concretefor the alleged wrongful death <strong>of</strong> his wife,Jessica, who died when an Allied Concretetruck rolled onto her car. His lawyer, MatthewMurray, instructed Lester to “clean up” hissocial media pr<strong>of</strong>iles, which contained materialthat cast doubt on Lester’s level <strong>of</strong> grief.Lester deleted 16 photos from his Facebookpr<strong>of</strong>ile, including images <strong>of</strong> him partying,holding a beer, <strong>and</strong> wearing a t-shirtthat read “I [heart] hot moms.” The deletioncame to light in the course <strong>of</strong> the trial, <strong>and</strong><strong>of</strong> the 16 photos deleted, 15 were retrieved<strong>and</strong> presented in court. There were seriousconsequences. The court found that the deletion<strong>of</strong> the photos constituted misconduct byLester <strong>and</strong> Murray, <strong>and</strong> awarded a total <strong>of</strong>$722,000 to Allied Concrete for attorney fees—$180,000 to be paid by Lester <strong>and</strong> $542,000from Murray, who has since resigned.Company social media sites are morestraightforward. “If a company is maintainingits own social media page related to its products<strong>and</strong> resources, information on the socialmedia page should be preserved when thereis a reasonable threat <strong>of</strong> litigation, assumingsuch information is related to the litigation,”says Shwayri. When it comes to personal socialmedia pages, however, evidence preservationcan be more complicated. “Given the millions<strong>of</strong> users <strong>of</strong> social media, it is not reasonable toexpect social media sites to archive all informationrelated to users just in case <strong>of</strong> a lawsuit,”says Shwayri. “Most users probably don’tarchive their own material because the materialis held by third-party sites.”While the case law is still developingsurrounding social media evidence, its potentialeffect on an investigation, <strong>and</strong> even ourbehavior, is becoming clear. “At a very philosophicallevel… [social media] creates a greateraccountability to one another <strong>and</strong> to society,”says Wright, “because, in fact, we’re all ableto watch one another <strong>and</strong> we all know thatanything I say or do tonight can come back tohaunt me tomorrow.” ✵1. Gartner: Social Media Governance: An Ounce <strong>of</strong> Prevention.December 17, 2010. The report can be ordered at www.gartner.com/DisplayDocument?ref=clientFriendlyUrl&id=14989162. Gartner press release: “Gartner says by year-end 2013, half <strong>of</strong> allcompanies will have been asked to produce material from socialmedia websites for E-discovery.” February 17, 2011. Available atwww.gartner.com/it/page.jsp?id=1550715Dawn Lomer is a <strong>Corporate</strong> Journalist with i-Sight S<strong>of</strong>tware in Ottawa,Canada. She may be reached at dlomer@i-sight.com.68 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

CongratulationsNew CCEP © designeesAchieving certification required a diligent effort by these individuals.CCEP © certification denotes a pr<strong>of</strong>essional with sufficient knowledge<strong>of</strong> relevant regulations <strong>and</strong> expertise in compliance processes to assistcorporate industries in underst<strong>and</strong>ing <strong>and</strong> addressing legal obligations.Certified individuals promote organizational integrity through thedevelopment <strong>and</strong> operation <strong>of</strong> effective compliance programs.··Kenneth Amos··David M. Anderson··Jennifer J. Badgley··Juanita Banks··Amii L. Barnard-Bahn··William E. Barthell··Maram I. Batarseh··Kristina M. Bell··Edward Benson··Christina V. Bigelow··Karyn Boston··Lisa A. Bragg··S<strong>and</strong>ra L. Brennan··Janelle M. Brookman··Linda Gayle Buffett··Viann M. Cabezal··Nancy J. Capell··Neftali Carrasquillo··Debora H. Carroll··Jose P. Casasola··Jeff Cherry··Lori L. Cochrane··Marla B. Colling··Kendra L. Cook··Bethany Cowles··Siobhan Curre··Karl Dahlquist··Sherry Denise Davis··Meghan M. Davis··Stefani B. Dawkins··Christopher P. Denten··Steven M. Desmarais··Thomas P. Donovan··S<strong>and</strong>hya V. Drinkwater··Steven P. Dunn··Don A. Ellis··Andrew Finkelstein··Darrin W. Fletcher··Dean Forbes··Ann-Marie Friedman··Charles P. Gallagher··Ruth Giansante··Sara K. Gibson··Scott M. Giordano··Dina M. Given··Joseph M. Gruttadauro··James L. Guhl··Patrick J. Hamblin··Temre L. Hanson··Sharon Harned··Elizabeth A. Harrigan··Paula R. Harris··Susan B. Hauswirth··Cheryl A. Hayne··Frederick E. H<strong>of</strong>fman··Anthony ChukwumaIfechikwu··Jonathan C. Ivec··Beth A. Johnson··Glenn P. Kaleta··Christy Kaufman··Deborah S. Key··Ishrag Khababa··Kenneth W. Lehman··Sherry R. Malusa··Jane P. Maring··Ellen M. Martin··Linda P. Martinello··Christopher C. Matteson··Lisa Mau··Jeffery T. Maxwell··Kely L. McKeown··Janet D. McKinney··Laura K. McLaughlin··Frances M. McManus··Kristina Meagher··Marta M. Mercado···Shelley L. Miller···John L. Miller···Rol<strong>and</strong> Mitchell···Linda Morales···Chris D. Morris···Jennifer S. Mudd···Timothy G. Mulshine···Tiffany K. Ngo···Francisco Niclos Negrao ···Gail Naomi Nishida···Julia F. Pallozzi-Ruhm···Shannon S. Pannell···Laura M. Paredes···William A. Patrick···Christi N. Perri···Ravi Nathan Perumal···Christine Petersen···Rugina D. Poellnitz···Evelyn J. Pulliam···Monika G. Rector···Perry Robinson···James J. Rough··Corey R. Sanchez··Rebecca L. Schumann··Amy J. Scully··Michelle M. Shwery··Annette C. Silva··Shari D. Silva··Barbara J. Simmons· Domenico Sneider· Carmelo Stanco· Jody A. St<strong>and</strong>al· Nancy E. Stephenson· David M. Sterling· Michael S. Stinson· Mary Stutzman· Doris Suh· Juan F. Torres· Jeffrey C. Torres· Jessica L. Truelove· Brian G. Van Hoy· Verena M. Von Dehn· Marcia Wada· Courtney L. Wallize· Brian M. Warshawsky· Jennifer C. White· Ben C. Winegarner· Stefan Wochinz· David A. Wortsman· Marlene Yamashita· Kristin A. ZompaThe <strong>Compliance</strong> Certification Board <strong>of</strong>fers you theopportunity to take the Certified <strong>Compliance</strong> <strong>and</strong><strong>Ethics</strong> Pr<strong>of</strong>essional (CCEP) © certification exam.Please contact us at ccb@corporatecompliance.org,call +1 952 933 4977 or 888 277 4977, or visitwww.corporatecompliance.org/ccep<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 69

y Eric R. FeldmanBuilding transparency,accountability, <strong>and</strong> ethicsin government contracting»»The Federal Acquisition Regulations (FAR) require contractors to self-report credible evidence <strong>of</strong> violations <strong>of</strong> federalcriminal law <strong>and</strong> significant overpayments.»»The federal government now requires more robust corporate ethics <strong>and</strong> business conduct programs as a component <strong>of</strong>“present responsibility” determinations when considering suspension <strong>and</strong> debarment actions.»»A record number <strong>of</strong> suspensions <strong>and</strong> debarments <strong>of</strong> unethical contractors were made in 2011.»»Agency suspension <strong>and</strong> debarment <strong>of</strong>ficials have placed greater emphasis on deficiencies in corporate ethical culture thanon specific FAR violations during recent suspension <strong>and</strong> debarment actions.»»Contractors can decrease their risk by taking proactive steps designed to improve both the corporate ethical culture <strong>and</strong>the effectiveness <strong>of</strong> the business ethics <strong>and</strong> compliance program.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012FeldmanMuch has been written about the2008 amendments to the FederalAcquisition Regulations (FAR),which require federal contractors to report“credible evidence <strong>of</strong> a violation <strong>of</strong>federal criminal law or the FalseClaims Act” to the respective federalagency Inspector General <strong>and</strong> theagency contracting <strong>of</strong>ficer. Beforethe FAR M<strong>and</strong>atory Disclosure Rulewas approved, industry commentspredicted that the proposed changewould result in mass SWAT teams <strong>of</strong> federalagents descending on government contractors,<strong>and</strong> that agency suspension <strong>and</strong> debarment<strong>of</strong>ficials would routinely disqualify contractorsfor “failure to timely disclose” even thesmallest <strong>of</strong> infractions. Fortunately, neither <strong>of</strong>these things has happened.What also hasn’t happened, however, is thekind <strong>of</strong> increased transparency <strong>and</strong> collaborativeworking relationships between contractors<strong>and</strong> federal agencies envisioned by the authors<strong>of</strong> the rule (including myself) who were servingon the National Procurement Fraud Task Forceat the Department <strong>of</strong> Justice (DOJ). To date, thevast majority <strong>of</strong> disclosures have been limitedto the Department <strong>of</strong> Defense (rather than thecivilian agencies), <strong>and</strong> those disclosures havebeen focused on smaller cost mischarging<strong>and</strong> false claims cases, rather than the largekickbacks, gratuities, product substitution,<strong>and</strong> Procurement Integrity Act violations thatfederal law enforcement believes are runningrampant in federal contracting.When any type <strong>of</strong> disclosure is made, acontractor runs the risk that contracting <strong>of</strong>ficers,Defense Contract Audit Agency staff,or suspension <strong>and</strong> debarment <strong>of</strong>ficials willimmediately ask some very fundamentalquestions about the ethical environment <strong>of</strong>the company that may have allowed the violationto occur. A company’s compliance withFAR 52.203-13 requirements for a contractorCode <strong>of</strong> Business <strong>Ethics</strong> <strong>and</strong> Conduct <strong>and</strong> arelated ethics program might be called intoquestion, leading suspension <strong>and</strong> debarment<strong>of</strong>ficials to question the company’s “present70 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

esponsibility” <strong>and</strong> possibly to suspend ordebar them or their <strong>of</strong>ficers from future federalcontracts, even before an investigation <strong>of</strong>the facts is completed.Further, FAR 9.104-1 requirements (i.e., thatprospective contractors be “responsible” parties)can also be invoked if it is determined that acontractor does not have “a satisfactory record<strong>of</strong> integrity <strong>and</strong> business ethics” —potentiallydisqualifying the contractor from futurework. All <strong>of</strong> these risks are greater when aprime contractor or a whistleblower makes thedisclosure regarding the subcontractor, thuscalling into question the subcontractor’s transparency,ethics, <strong>and</strong> integrity.Transparency is the goalThe M<strong>and</strong>atory Disclosure Rule was originallymodeled after a National ReconnaissanceOffice (NRO) contract provision developedby that agency’s Office <strong>of</strong> Inspector General(OIG) in mid-2004. The NRO is an agency <strong>of</strong>the Intelligence Community that conducts theresearch <strong>and</strong> development, acquisition, launch,<strong>and</strong> operations <strong>of</strong> the nation’s spy satellitenetwork. The NRO provision was intended toaddress the growing number <strong>of</strong> procurementfraud cases coming to the Inspector General’s(IG’s) attention from sources other than the contractor’sown systems <strong>of</strong> control <strong>and</strong> disclosure.I was the IG during this time <strong>and</strong> the presumptionwas, if contractors were required toreport credible evidence <strong>of</strong> fraud to the OIG,with serious penalties for failing to report in atimely manner, the IG <strong>and</strong> the contractor wouldwork more collaboratively in both conductingthe investigation <strong>and</strong> in preventing futureincidents from occurring. NRO managementbecame convinced <strong>of</strong> the value <strong>of</strong> this approach,<strong>and</strong> the m<strong>and</strong>atory reporting provision wasinserted into all NRO contracts in August, 2004.The NRO OIG’s experience with thecontract provision from 2004 through 2007demonstrated the effectiveness <strong>of</strong> this approachin creating a more transparent, collaborativeenvironment between a government agency<strong>and</strong> its substantial—<strong>and</strong> mission critical—contractor base. As the number <strong>of</strong> disclosuresincreased, the NRO OIG created additionalopportunities for sharing the best practices inprocurement fraud prevention <strong>and</strong> detectionbetween the government <strong>and</strong> contractors, <strong>and</strong>among contractors themselves. For example,the annual Business <strong>Ethics</strong> Conference hostedby the OIG was attended by a large portion <strong>of</strong>the contractor base. The conference providedan opportunity to share data <strong>and</strong> fraud trends,reporting issues, as well as fraud prevention<strong>and</strong> investigative techniques. Conference participationincreased steadily, with up to 90% <strong>of</strong>invited contractors sending staff.The NRO documented its experiences inthe Journal <strong>of</strong> Public Inquiry, a publication forfederal Inspectors General. 1 When the NationalProcurement Fraud Task Force was establishedcirca 2006, several <strong>of</strong> the agency IG’s, who hadbecome familiar with the NRO’s m<strong>and</strong>atorydisclosure experience, raised this idea for possiblegovernment-wide application. Department<strong>of</strong> Defense representatives acknowledged thatthe voluntary disclosure program, which initiallyproduced dozens <strong>of</strong> significant disclosuresafter its implementation in 1986, had waxed <strong>and</strong>waned, with few disclosures coming in duringthe 2006/2007 timeframe. With substantialincreases in procurement fraud (particularly inthe war zones) <strong>and</strong> increasing public outrage, itappeared the time for a m<strong>and</strong>atory disclosurerequirement had come.Federal agencies seek a corporate ethicalcultureThe proposed FAR rule on m<strong>and</strong>atory disclosurewas initially drafted based on theNRO experience, but requirements for morerobust corporate business ethics <strong>and</strong> conductprograms, <strong>and</strong> specifications regarding bothsource selection <strong>and</strong> present responsibility<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 71

<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012st<strong>and</strong>ards, were wisely added by a variety<strong>of</strong> experienced IG’s, agency suspension <strong>and</strong>debarment <strong>of</strong>ficials, <strong>and</strong> DOJ representatives.The final FAR package was forwardedin the form <strong>of</strong> a memor<strong>and</strong>um from AliceFisher, then Assistant Inspector General forthe Criminal Division at DOJ, to the Office<strong>of</strong> Federal Procurement Policy (OFPP) at theOffice <strong>of</strong> Management <strong>and</strong> Budget. Afterseveral modifications (including an initialexclusion for overseas contracts insertedat the White House level but subsequentlyeliminated by the 2008 Defense SupplementalAppropriations Bill), the rule was sent out forindustry comment <strong>and</strong> ultimately adopted.The government seeksethical behavior that flowsfrom a corporate culture <strong>of</strong>providing employees withappropriate tools (e.g., training,reporting mechanisms, <strong>and</strong>corporate communications)<strong>and</strong> encouraging staff to dothe right thing in dealing withgovernment customers.Although some confusion <strong>and</strong> disagreementstill exist over terms like “credibleevidence,” “timely disclosure,” subcontractor“flow down,” <strong>and</strong> “full cooperation” withgovernment <strong>of</strong>ficials, one thing has becomeabundantly clear: Through disclosure <strong>and</strong>improved contractor self-governance, thegovernment is looking for more than just compliance.The government seeks ethical behaviorthat flows from a corporate culture <strong>of</strong> providingemployees with appropriate tools (e.g.,training, reporting mechanisms, <strong>and</strong> corporatecommunications) <strong>and</strong> encouraging staff to dothe right thing in dealing with governmentcustomers.Since the creation <strong>of</strong> the Defense IndustryInitiative in 1986, the nation’s largest federalcontractors have invested considerableresources in developing comprehensive businessethics <strong>and</strong> compliance programs. Notableprograms include strong leadership commitment<strong>and</strong> “tone at the top,” anonymousreporting hotlines, comprehensive codes <strong>of</strong>conduct, <strong>and</strong> tailored ethics training.Many <strong>of</strong> these programs started strictlyas compliance activities under the company’sLegal department, aimed at ensuring adherenceto the increasingly complex federalregulations that govern the contracting process.Over time, however, most evolved intocomprehensive, values-based programs thatrecognize legal st<strong>and</strong>ards, but aim for evenhigher ethical st<strong>and</strong>ards <strong>of</strong> business conduct.Increased attention to values-based ethicsis due, in part, to statements contained inthe Organizational Sentencing Guidelines,particularly the November 2010 amendmentsthat give credit to companies whichdevelop <strong>and</strong> maintain an “ethical culture.”As a result, agency contracting <strong>of</strong>ficials,Inspectors General, <strong>and</strong> agency suspension<strong>and</strong> debarment <strong>of</strong>ficers are focusing greaterattention on m<strong>and</strong>atory disclosure as one element<strong>of</strong> transparency that can demonstratethe presence—or absence—<strong>of</strong> a corporateethical culture.Suspension <strong>and</strong> debarment actionsThe Obama Administration, under pressurefrom Congress to weed out governmentcontractors for ethics violations <strong>and</strong> poorperformance, proposed to suspend or debaralmost as many contractors in 2011 as theBush Administration did during its entiresecond term. 2 Federal agencies are underscrutiny after a series <strong>of</strong> Congressional72 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

hearings <strong>and</strong> reports from agency IGs <strong>and</strong> theGovernment Accountability Office accusedprocurement <strong>of</strong>ficials <strong>of</strong> failing to keepunethical contractors out <strong>of</strong> the $500 billion ayear federal market. According to the GeneralServices Administration, the proposed debarments(more than 1,000 during 2011) are themost since 1997, the earliest year comparabledata is available.As Kathleen Miller reported in BloombergNews, Moira Mack, a spokesperson for theOffice <strong>of</strong> Management <strong>and</strong> Budget, said, “Fortoo long, the government failed to use suspension<strong>and</strong> debarment, even in the face <strong>of</strong>egregious conduct by contractors. That’s whythis administration has been pushing fortougher oversight <strong>of</strong> contractors, <strong>and</strong> we’veseen results.” The Project on GovernmentOversight, a federal contracting watchdog,agreed stating, “We are starting to see thependulum swing to more contractor accountability,but government needs to do a lot moreto ensure it only works with responsible contractors<strong>and</strong> thereby protects the public.”Agencies can propose contractors fordebarment for poor performance, as well asa variety <strong>of</strong> ethical issues, including overbilling,falsely claiming entitlement to specialtreatment under minority or small businessprograms, or violating any <strong>of</strong> the manyFAR requirements that govern the bidding,negotiation, execution, <strong>and</strong> management <strong>of</strong>government contracts. Because <strong>of</strong> the FARM<strong>and</strong>atory Disclosure Rule, an increasingnumber <strong>of</strong> such ethical issues are beingreported by the contractors themselves, theirprime contractors, or subcontractors. From thecontractors’ vantage point, the political pushfor greater accountability through the use <strong>of</strong>suspensions <strong>and</strong> debarments, combined withthe M<strong>and</strong>atory Disclosure Rule, make themvulnerable both for reporting <strong>and</strong> failing toreport. They view themselves to be “betweena rock <strong>and</strong> a hard place.”An interesting phenomenon is emerging:It is not uncommon for a prime contractor (inorder to proactively protect itself) to “drop adime” on a subcontractor or supplier for evena minor FAR violation by disclosing it to theagency IG <strong>and</strong> contracting <strong>of</strong>ficer. The IG orcontracting <strong>of</strong>ficer sends the disclosure to theagency’s suspension <strong>and</strong> debarment <strong>of</strong>ficial(SDO). This is st<strong>and</strong>ard procedure within theDepartment <strong>of</strong> Defense. The SDO asks thesubcontractor what it knew, when, <strong>and</strong> whyit did not disclose the infraction. If a determinationis made that there is a deficiency inthe subcontractor’s ethical culture, the SDOissues a debarment notice, based on a lack <strong>of</strong>“present responsibility” as defined in the FARethics <strong>and</strong> integrity provisions. This is not acontrived scenario; it has happened multipletimes in the past year.How should a contractor respond?The scenario described above puts the federalcontractor or subcontractor in the awkwardposition <strong>of</strong> either indicating that its controls<strong>and</strong> compliance mechanisms were so weakthat its corporate leadership did not knowabout the alleged violation, or that it knew butfailed to disclose. Either explanation can bedevastating for the contractor <strong>and</strong> its futurebusiness with the government, because eachindicates the contractor has a weak ethical culture<strong>and</strong> needs to significantly strengthen itscorporate ethics <strong>and</strong> compliance programs inorder to demonstrate “present responsibility.”What is a contractor to do? If the companyhas followed the practices neatly described inthe 2010 amendments to the OrganizationalSentencing Guidelines, it has likely chartered“periodic independent assessments <strong>of</strong> theeffectiveness <strong>of</strong> its ethics <strong>and</strong> complianceactivities” already. These assessments can beused to demonstrate that the company hasindeed established a credible, effective ethicsprogram that promotes an ethical culture.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 73

<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012The problem violation can then be characterizedas an anomaly, a one-time failure by abad actor who circumvented company controls<strong>and</strong> was outside the norms <strong>of</strong> companyculture.But what if such an independent assessmenthad not been previously conducted, <strong>and</strong>the company’s ethics <strong>and</strong> compliance activitieshave not been values-based, comprehensive, oreffective? In recent cases, the government hasbeen willing to set aside debarment determinationsin favor <strong>of</strong> several company actions,including:··A complete internal investigation thatidentifies the facts surrounding the allegedviolation, the causal factors that led tothe problem, <strong>and</strong> recommendations forimprovements to processes <strong>and</strong> controls;··A comprehensive external, independentassessment <strong>of</strong> the company’s ethicalculture by a values-based ethics expert,including evaluation <strong>of</strong> the company’sethics <strong>and</strong> compliance program, <strong>and</strong> specificrecommendations for improvement;··A company action plan that outlines proposedsteps for implementing each <strong>of</strong> therecommendations contained in the independentassessment; <strong>and</strong>··A period <strong>of</strong> independent monitoring(typically 2-5 years) to evaluate companyprogress in implementing the actionspromised in its plan, <strong>and</strong> to report onimprovements to the corporate ethics <strong>and</strong>compliance posture.The independent monitor as corporate mentorAn independent monitor is <strong>of</strong>ten thought <strong>of</strong> asa corporate “cop” brought in as the result <strong>of</strong> aDeferred or Non-prosecution Agreement withthe DOJ. A monitor is tasked with reportingon whether the corporate behavior that gotthe company into trouble has either ceasedor is continuing to occur. In some cases, themonitor has been a retired senior militaryEstablishing st<strong>and</strong>ards forcorporate self-governance <strong>and</strong>creating an ethical culturethrough comprehensive ethics<strong>and</strong> compliance programs, <strong>and</strong>holding contractors accountablefor maintaining these st<strong>and</strong>ards,is a more logical way to reducerisk <strong>and</strong> improve accountabilityto the taxpayer.<strong>of</strong>ficer, political appointee, a law firm, or alarge accounting firm that includes monitoringamong several lines <strong>of</strong> business services it providesto its clients. The monitoring approachis <strong>of</strong>ten limited to looking over the shoulder<strong>of</strong> the subject company to report any obvious,continuing violations in the specific area thatgot the company in trouble in the first place.In the new paradigm <strong>of</strong> transparency <strong>and</strong>ethical culture as an essential element <strong>of</strong> governmentcontracting, this traditional, reactiveapproach to monitoring is outdated. SDOs,U.S. Attorney’s Offices, government regulators,<strong>and</strong> others who scrutinize the behavior <strong>of</strong>government contractors <strong>and</strong> regulated entitiesare focusing greater attention on less punitive,more effective ways <strong>of</strong> rehabilitating companiesso they can continue to be governmentcontractors, regulated pr<strong>of</strong>essionals, productiveemployers, <strong>and</strong> responsible missionpartners. It is not just that these governmententities face unmanageable caseloads (whichthey do), or that they are suffering from woefullyinadequate resources to accomplish theirmission (which they are). Many individualswho have worked in this area believe thatrepeated, multiple government investigations<strong>of</strong> contractor misconduct are simply notthe most effective way <strong>of</strong> making sure that74 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

contractors are ethical. Establishing st<strong>and</strong>ardsfor corporate self-governance <strong>and</strong> creating anethical culture through comprehensive ethics<strong>and</strong> compliance programs, <strong>and</strong> holding contractorsaccountable for maintaining thesest<strong>and</strong>ards, is a more logical way to reduce risk<strong>and</strong> improve accountability to the taxpayer.In 2008, Acting Deputy Attorney GeneralCraig S. Morford issued a memor<strong>and</strong>um toU.S. Attorneys outlining the best practiceprinciples for using <strong>and</strong> choosing independentmonitors. The memor<strong>and</strong>um waswritten in response to the frequent appointment<strong>of</strong> former senior government <strong>of</strong>ficials(including former Attorney General Ashcr<strong>of</strong>t)to serve as monitors, leaving in doubt theindependence <strong>and</strong> integrity <strong>of</strong> the monitoringprocess used in such agreements. TheMorford memo reiterated the inherent value<strong>of</strong> independent monitoring, stating that“the corporation benefits from expertise inthe area <strong>of</strong> corporate compliance from anindependent third party. The corporation,its shareholders, employees, <strong>and</strong> the publicat large benefit from reduced recidivism <strong>of</strong>corporate crime <strong>and</strong> the protection <strong>of</strong> theintegrity <strong>of</strong> the marketplace.” 3Ideally, an independent corporate monitoris a person or entity who has in-depthknowledge <strong>and</strong> experience with regulatoryschemes <strong>and</strong> oversees businesses that havebeen sanctioned for the violation <strong>of</strong> one ormore regulations or laws. In some cases, theindependent monitor is engaged proactivelyin response to investigations <strong>and</strong> the threat orpotential for sanctions. The corporation paysfor the monitor, <strong>and</strong>, in exchange for agreeingto ongoing oversight, typically avoidsmore severe sanctions (such as suspension,debarment, or prosecution). Describing themonitor’s role, Morford said that, once anagreement is reached on how to preventfuture misconduct, “[a] monitor’s primaryresponsibility is to assess <strong>and</strong> monitor acorporation’s compliance with the terms <strong>of</strong> theagreement specifically designed to address<strong>and</strong> reduce the risk <strong>of</strong> recurrence <strong>of</strong> the corporation’smisconduct, <strong>and</strong> not to furtherpunitive goals.” More specifically, the memoindicates the monitor should “oversee a company’scommitment to overhaul deficientcontrols, procedures, <strong>and</strong> culture.”In practical terms, the most effective independentmonitor, consistent with the Morfordview described above, would take any number<strong>of</strong> the following steps to “mentor” the company,resulting in a strengthening <strong>of</strong> thecompany’s ability to function as a responsiblegovernment contractor:··Assess the company’s corporate ethicalculture;··Evaluate internal controls over corporatefinancial, purchasing, contracting, humanresources, property management, or otherkey business processes;··Assess key risks <strong>and</strong> vulnerabilities, particularlyin the areas <strong>of</strong> fraud <strong>and</strong> duediligence over subcontractors <strong>and</strong> suppliers;··Evaluate the adequacy <strong>of</strong> the company’sbusiness ethics <strong>and</strong> conduct programs; <strong>and</strong>··Make recommendations for improvement.Convergence <strong>of</strong> the FAR <strong>and</strong> independentmonitoringGovernment agencies, regulators, contracting<strong>of</strong>ficers, <strong>and</strong> SDOs are looking for animportant characteristic in governmentcontractors: transparency. In many ways, them<strong>and</strong>atory disclosure requirements <strong>and</strong> theethics <strong>and</strong> business conduct provisions <strong>of</strong>the FAR provide tacit recognition that mistakesin government contracting will occur;that some employees might make bad, evenunethical decisions; <strong>and</strong> that the differencebetween an ethical <strong>and</strong> an unethical companyis <strong>of</strong>ten the manner in which the companydeals with the problem after it occurs. In fact,SDOs are increasingly focusing on the state<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 75

<strong>of</strong> a company’s “ethical culture” in makingdecisions on “present responsibility” —themain factor that drives whether to suspendor debar a contractor from doing businesswith the government. This is recognized inthe FAR-m<strong>and</strong>ated penalties for a company’s“failure to timely disclose” credible evidence<strong>of</strong> violations or overpayments (i.e., suspensionor debarment).As <strong>of</strong> the writing <strong>of</strong> this piece, there hadnot yet been a case <strong>of</strong> the government suspendingor debarring a company solely forviolating the M<strong>and</strong>atory Disclosure Rule.However, there have been several cases inwhich the government determined that theunderlying violation, coupled with the failureto disclose in a transparent manner, signaledan unethical corporate culture that raisedenough questions about the company’s “presentresponsibility” that a proposed debarmentwas in order.In an increasing number <strong>of</strong> cases, welladvisedcompanies have avoided or reversedsuspension/debarment decisions by <strong>of</strong>feringto proactively hire an independent monitorto (1) conduct an independent assessment<strong>of</strong> the ethical culture <strong>of</strong> the company, (2)evaluate the strength <strong>of</strong> the corporate ethics<strong>and</strong> compliance activities, (3) make specificrecommendations to improve the ethicsprogram <strong>and</strong> internal controls <strong>of</strong> the company,<strong>and</strong> (4) independently monitor (withreports to the government) the company’sprogress in implementing the monitor’srecommendations.The steps described above have not onlybeen enough to avoid suspension, debarment,prosecution, <strong>and</strong> other punitive actions,but they have also created greater transparencyin the government contracting process.Strengthening their ethical culture, establishingor enhancing the FAR-m<strong>and</strong>ated businessethics <strong>and</strong> conduct programs, <strong>and</strong> educatingstaff about the broad applicability <strong>of</strong> m<strong>and</strong>atoryreporting requirements have, in fact, helpedcompanies become more responsible governmentcontractors. In the final analysis, isn’t thatthe end game we are all working toward? ✵1. Larsen, Alan S. <strong>and</strong> Feldman, Eric R.: “Convincing Contractors toReport Their Own Procurement Fraud.” Journal <strong>of</strong> Public Inquiry,Spring/Summer, 2006.2. Miller, Kathleen: “US Agencies Want 1,000-plus Contractors Barred.”Bloomberg News, December 28, 2011.3. Morford Craig S: “Selection <strong>and</strong> Use <strong>of</strong> Monitors n DeferredProsecution Agreements <strong>and</strong> Non-Prosecution Agreements withCorporations.” U.S. Department <strong>of</strong> Justice, Office <strong>of</strong> the DeputyAttorney General, March 7, 2008.Eric R. Feldman is President <strong>of</strong> Core Integrity Group LLC <strong>and</strong> Director <strong>of</strong><strong>Corporate</strong> <strong>Compliance</strong>, Affiliated Monitors in Redondo Beach, California. Hemay be contacted at eric@coreintegritygroup.com.Thank you!<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012Has someone done something great for you,for the <strong>Compliance</strong> pr<strong>of</strong>ession, or for SCCE?If you would like to give recognition bysubmitting a public “Thank You” to be printed in<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional magazine, pleasesend it to liz.hergert@corporatecompliance.org.Entries should be 50 words or fewer.76 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Your Guide to Becomingan Effective InvestigatorThe First Information Is Almost Always Wrong:150 Things to Know AboutWorkplace InvestigationsBy Meric Craig Bloch, Esq., CCEP, PCI, CFEEffective workplace investigations are equal partsart <strong>and</strong> science. Meric Bloch has mastered bothaspects through years <strong>of</strong> hard-earned experience.In this book, he details the strategies <strong>and</strong> tacticshe knows work best.His practical guidance will help readers learn toplan <strong>and</strong> conduct thorough investigations <strong>and</strong>turn the results into valuable knowledge for theirorganizations. His insightful approach is mappedout in three sections.• Protect Your Career—How to Think Likea Workplace Investigator• Protect Your Company—How to Integrate YourInvestigations into Your Company’s Operations• Protect Your Case—How to Conduct anEffective Workplace InvestigationWith this tutorial, readers will learn not only how touncover the truth about misconduct or fraud, butalso how to ensure that the results can help anorganization resolve issues <strong>and</strong> move forward.ORDER ONLINE ATwww.corporatecompliance.org/booksGet the executive training DVDs that workThe <strong>Ethics</strong> Series withDr. Marianne JenningsProduced by DuPont Sustainable Solutions• “<strong>Ethics</strong> Is a Competitive Advantage” lists five key reasonswhy ethics matter. This program explores why working in the grayareas is risky. (20 min.)• “Speaking Up Without Fear” discusses how organizations c<strong>and</strong>raw out wrongdoing <strong>and</strong> help create a culture where employees feelempowered. (15 min.)• “Ethical Leadership: Tone at All Levels” explores howemployees can h<strong>and</strong>le the tension between increasing anorganization’s bottom line <strong>and</strong> protecting its good reputation. (20 min.)SCCE members: $450 per segment, or $1,175 for the seriesNon-members: $495 per segment, or $1,295 for the seriesLearn more <strong>and</strong> purchase online atwww.corporatecompliance.orgEach segmentis availableindividually,or all togetheron one DVD.<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 77

Feature The last wordby Joe Murphy, CCEP“Papa don’t preach”: Advicefrom Madonna for your CEO<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012MurphyWe all know the CEO needs to setthe right tone at the top, but whatdoes that mean? Here is one areawhere maybe Madonna has the right idea:“Papa don’t preach.” Tone at the top is not“talk at the top;” it should mean action at thetop to support your program.What <strong>of</strong>ten passes for tone at the top issome policy statement, perhaps written infulminating style, swearing a mightyoath to support the law. From myexperience in antitrust compliance, Iwould say this is the rule rather thanthe exception. The general counsel orantitrust lawyer writes it <strong>and</strong> the CEOsigns it (with or without reading it).Of course, employees (who are fairlysmart on these types <strong>of</strong> things) know that thisis from the lawyers, not the CEO.Interestingly, guidance written by the UK’sOffice <strong>of</strong> Fair Trading (OFT) on how to do acompetition law compliance program seems tocatch this point. 1 For example, the OFT’s guidancestresses the need for commitment fromsenior management <strong>and</strong> the board. But unlikesome <strong>of</strong> the other st<strong>and</strong>ards around, the OFTindicates that this means action, not just talk.The guidance makes a very good point aboutsenior management showing what they havedone to help the company comply, such asattending the compliance training themselves.It tells management that “They need todemonstrate this commitment through theiractions clearly <strong>and</strong> unambiguously.”Another suggestion from the OFT is “theremainder <strong>of</strong> the board <strong>of</strong> directors (or seniormanagement team if the business is not acompany) challenge the effectiveness <strong>of</strong> compliancemeasures that have been undertaken,for example by asking questions about whatis being done to identify, assess, mitigate <strong>and</strong>review competition law risk.”Tone at the top is not“talk at the top;” it shouldmean action at the top tosupport your program.In an article I wrote for ethikos magazine 2 afew years ago, I <strong>of</strong>fered a list <strong>of</strong> 11 steps a CEOcould do to make a difference, without eversaying the words “ethics” or “compliance.”Something as simple as having an obviouslyused copy <strong>of</strong> the company code <strong>of</strong> conduct onhis or her desk could send a subtle but importantmessage. Going around the table at anexecutive staff meeting, asking each VP whathe or she had done to promote the programwould be another, more dramatic step. TheCEO could call the helpline with a question(I once heard a CEO say he had done this—tothe apparent surprise <strong>of</strong> his ethics <strong>of</strong>ficer), orpublicly turn down a business trip because <strong>of</strong>the appearance <strong>of</strong> a conflict <strong>of</strong> interest.The CEO <strong>and</strong> other executives can setthe tone at the top in many ways, but start bypromising not to preach. ✵1. UK Office <strong>of</strong> Fair Trading: Quick Guide to Competition Law<strong>Compliance</strong>. www.<strong>of</strong>t.gov.uk/shared_<strong>of</strong>t/ca-<strong>and</strong>-cartels/competitionawareness-compliance/quick-guide.pdf2. Joe Murphy: “How the CEO Can Make the Difference in <strong>Compliance</strong><strong>and</strong> <strong>Ethics</strong>,” ethikos , vol. 20, no. 6; (May/June 2007)Joe Murphy is Of Counsel to <strong>Compliance</strong> Systems Legal Group <strong>and</strong>Editor-in-Chief <strong>of</strong> <strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional Magazine. He may becontacted at jemurphy@voicenet.com.78 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

sTakeawaysMay/June 2012<strong>Compliance</strong> & <strong>Ethics</strong>Pr<strong>of</strong>essionalTear out this page <strong>and</strong> keep for reference, or share with a colleague. Visit www.corporatecompliance.org for more information.Underst<strong>and</strong>ing the proposed EUdata protection regulationby Robert Bond (page 24)»»The EU is in the process <strong>of</strong> revising its dataprivacy regime to harmonise data protectionacross its member states.»»The propsed Data Protection Frameworkwill implement greater enforcement powersthat apply to both data controllers <strong>and</strong> dataprocessors.»»The Framework will focus on consent,breaches, data transfers, accountability, <strong>and</strong>liability.»»Individuals will have greater control <strong>of</strong> theirpersonal data, <strong>and</strong> special protections for thedata <strong>of</strong> children are included.»»Foreign businesses that target EU citizens willincur significant compliance obligations.Buyers on the takeby Peter J. Crosa (page 30)»»Embezzlement or misappropriation isn’t limitedto line employees. The E&C purview netshould be cast from the lowest level employeeto the executive board, <strong>and</strong> from stockroom toboardroom.»»Staff is more likely to be influenced by unscrupulousvendors while away from the <strong>of</strong>fice.»»No vendor should be considered incapable<strong>of</strong> inappropriate influence, from janitors tolawyers.»»Investigators frequently uncover an employeeperpetrator who has a tragic character flawthat is germane to misappropriation.»»Cash kickbacks, entertainment, <strong>and</strong> otheruntraceable gifts are <strong>of</strong>ten subject tomisappropriation.It’s time to change theSEC’s cultureby Marlowe Doman (page 34)»»Individuals may get financial rewards if theyprovide the SEC with information that leads tosuccessful enforcement actions against WallStreet wrongdoers.»»If the action is successful, whistleblowers canbe granted between 10% <strong>and</strong> 30% <strong>of</strong> any fineover $1 million collected by the SEC.»»For the laws to achieve their goals <strong>of</strong> exposing<strong>and</strong> halting Wall Street corruption, the SECmust confront its own culture <strong>and</strong> dark pasttoward whistleblowers.»»Over the past decade, the SEC allegedlymistreated its employees who attempted tocorrect wrongdoing within the Commission,as well as outsiders who reported securitiesviolations.»»The Dodd-Frank whistleblower provisionsprovide the SEC with an opportunity for a freshstart in its treatment <strong>of</strong> whistleblowers.Ethical decision-makingmodels: Decisions, decisionsby Roz Bliss (page 40)»»Ethical decision-making models help employeesmake the good choices.»»Employees know when something just doesn’tseem right.»»Encourage employees to examine <strong>and</strong> identifypossible alternatives.»»What would a reasonable person think aboutthis decision?»»It takes courage to do the right thing.Powerful witness preparation:The pure <strong>and</strong> simple truthby Dan Small <strong>and</strong> Robert F. Roach(page 44)»»The need to tell the truth does not lessen theneed to prepare the witness to testify.»»If you make a mistake, stop <strong>and</strong> fix it. The jurywill underst<strong>and</strong>.»»Deal with the bad stuff up front. Being defensiveor trying to cover it up will only makethings worse.»»Witnesses should include positive aspectsabout themselves as part <strong>of</strong> telling the truth.»»Witnesses should concentrate on what theysaw, heard, or did <strong>and</strong> avoid speculation.The economy, compliance, <strong>and</strong>ethicsby Adam Turteltaub (page 48)»»The percentage <strong>of</strong> compliance programs withincreasing budgets is on the rise.»»Although budgets are on the rise, staffinglevels for the <strong>Compliance</strong> department are notfollowing suit.»»Stress levels among compliance pr<strong>of</strong>essionalsare rising as they do more work with fewerstaff.»»<strong>Compliance</strong> is more likely to be seen as apositive asset, rather than a hindrance todoing business.»»Many respondents thought that economic conditionsmay lead to more compliance failures.<strong>Corporate</strong> codes <strong>of</strong> conduct inthe United Statesby Gilbert Geis, PhD & Henry N. Pontell,PhD (page 54)»»A code <strong>of</strong> conduct informs employees aboutacceptable behaviors the company expects<strong>and</strong> the conduct that will not be tolerated.»»Codes have proliferated as courts have heldemployers responsible for monitoring theactions <strong>of</strong> their employees.»»If codes are not enforced, employees willsee them as window dressing, <strong>and</strong> ignoringthe rules will become part <strong>of</strong> the corporateculture.»»The content <strong>of</strong> codes has changes as pricefixing, foreign bribes, sexual harassment, <strong>and</strong>insider trading sc<strong>and</strong>als have come to light.»»The effectiveness <strong>of</strong> a code <strong>of</strong> conduct is not amitigating factor in the Dodd-Frank legislation.Social media evidence:A new accountabilityby Dawn Lomer (page 66)»»Courts are seeing an explosion <strong>of</strong> evidencefrom social media sites.»»Case law regarding social media evidence isstill developing.»»Attorneys <strong>and</strong> investigators should stayabreast <strong>of</strong> new rulings as they happen.»»<strong>Ethics</strong> <strong>and</strong> common sense rule when it comesto gaining access to personal social mediainformation.»»Rules <strong>of</strong> preservation apply to social media,just as they do elsewhere.Building transparency,accountability, <strong>and</strong> ethicsin government contractingby Eric R. Feldman (page 70)»»The Federal Acquisition Regulations (FAR)require contractors to self-report credibleevidence <strong>of</strong> violations <strong>of</strong> federal criminal law<strong>and</strong> significant overpayments.»»The federal government now requires morerobust corporate ethics <strong>and</strong> business conductprograms as a component <strong>of</strong> “present responsibility”determinations when consideringOverzealous I-9 compliancesuspension <strong>and</strong> debarment actions.can result in a discrimination »»A record number <strong>of</strong> suspensions <strong>and</strong> debarmentslawsuit<strong>of</strong> unethical contractors were made in 2011.by Justin Estep (page 50)»»Agency suspension <strong>and</strong> debarment <strong>of</strong>ficials»»The United States government has drastically have placed greater emphasis on deficienciesincreased Form I-9 audits.in corporate ethical culture than on specific»»FAR violations during recent suspension <strong>and</strong>Many Human Resources representatives aredebarment actions.misinformed about Form I-9 specifics.»»»»Contractors can decrease their risk by takingThe United States government is also investigatingForm I-9 discrimination.proactive steps designed to improve both thecorporate ethical culture <strong>and</strong> the effectiveness»»Companies are forced to pay heavy Form I-9 <strong>of</strong> the business ethics <strong>and</strong> compliance program.discrimination fines.»»Consistent Form I-9 policy is the bestdeterrence to fines.+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 79<strong>Compliance</strong> & <strong>Ethics</strong> Pr<strong>of</strong>essional May/June 2012

SCCE’s 2012 Upcoming EventsLearn more about SCCE’s educational opportunities at www.corporatecompliance.org/eventsMay 2012Sunday Monday Tuesday Wednesday Thursday Friday SaturdayMother’s Day1 2 3 4 56 7 8 9 10 11 12Basic <strong>Compliance</strong> &<strong>Ethics</strong> AcademySão Paulo, Brazil13 14 15 16 17 18 1920 21 22 23 24 25 26Basic <strong>Compliance</strong> & <strong>Ethics</strong> AcademyBrussels, BelgiumMay Day27 28 29 30 31SCCE OFFICE CLOSEDMemorial Day<strong>Corporate</strong> <strong>Compliance</strong> & <strong>Ethics</strong> WeekMay 6–12, 2012CCEP‐I ExamCCEP‐I ExamUpper Northeast RegionalConferenceNew York, NYShavuot beginsJune 2012Sunday Monday Tuesday Wednesday Thursday Friday SaturdayHigher Education<strong>Compliance</strong> ConferenceAustin, TXFather’s DayWEB CONFERENCE:Anti-Corruption: WhatEvery <strong>Ethics</strong> & <strong>Compliance</strong>Pr<strong>of</strong>essional Needs To Know1 23 4 5 6 7 8 910 11 12 13 14 15 16Basic <strong>Compliance</strong> & <strong>Ethics</strong> AcademyScottsdale, AZCCEP ® Exam17 18 19 20 21 22 23First Day <strong>of</strong> SummerCCEP ® ExamAlaska RegionalConferenceAnchorage, AKWest Coast RegionalConferenceSan Francisco, CA24 25 26 27 28 29 30All Upcoming EventsBasic <strong>Compliance</strong> & <strong>Ethics</strong>AcademiesMay 7–10 • São Paulo, BrazilMay 21–24 • Brussels, BelgiumJune 11–14 • Scottsdale, AZJune 25–28 • San Diego, CAJuly 9–12 • Shanghai, ChinaAugust 13–16 • Boston, MANovember 12–15 • Orl<strong>and</strong>o, FLDecember 10–13 • San Diego, CARegional ConferencesUpper Northeast • May 18 • New York, NYAlaska • June 15 • Anchorage, AKWest Coast • June 22 • San Francisco, CASoutheast • October 12 • Atlanta, GASouthwest • November 2 • Houston, TXHigher Education<strong>Compliance</strong> ConferenceJune 3–6 • Austin, Texas11th Annual<strong>Compliance</strong> & <strong>Ethics</strong> InstituteOctober 14–17 • Las Vegas, NevadaAria in Las VegasBasic <strong>Compliance</strong> & <strong>Ethics</strong> AcademySan Diego, CACCEP ® ExamJuly 2012Sunday Monday Tuesday Wednesday Thursday Friday Saturday1 2 3 4 5 6 7Canada DaySCCE OFFICE CLOSEDIndependence Day8 9 10 11 12 13 14Basic <strong>Compliance</strong> & <strong>Ethics</strong> AcademyShanghai, ChinaCCEP‐I Exam15 16 17 18 19 20 21Ramadan begins22 23 24 25 26 27 2829 30 31Dates <strong>and</strong> locations are subject to change.

11 th AnnualSAVE THENEW DATEAND $575 WHENYOU REGISTER EARLY*<strong>Compliance</strong> & <strong>Ethics</strong> InstituteOctober 14–17, 2012 | Las Vegas, Nevada USA | Aria in Las VegasMore tracks <strong>and</strong> sessions than everbefore to meet the need for educationon the issues you are facing• Risk Track• <strong>Ethics</strong> Track• Multinational/International Track• Case Study Track• Advanced Discussion Groups• Investigations Workshop• Speed Networking, <strong>and</strong> moreKeynote presentation byJAMES B. STEWARTColumnist, The New York TimesAuthor, Tangled Webs: How FalseStatements Are UnderminingAmerica: From Martha Stewart toBernie Mad<strong>of</strong>fOver 90 sessions <strong>and</strong> 130 speakersVisit www.complianceethicsinstitute.org to learn more, register,<strong>and</strong> find details on booking your hotel stay at Aria in Las Vegas.*Register on or before July 11, 2012, to save $575

Join us for SCCE’s 10th AnnualHigher Education<strong>Compliance</strong> ConferenceJune 3–6, 2012 | Austin, TexasAT&T Executive Education Conference CenterENJOY TIMELY & USEFUL SESSIONSRegister today <strong>and</strong>enjoy the flexibility<strong>of</strong> two conferencesfor the price <strong>of</strong> one!Complimentary access to HCCA’sResearch <strong>Compliance</strong> Conferenceis included with your HigherEducation <strong>Compliance</strong> Conferenceregistration. The parallel schedulegives you the freedomto attend sessions ateither conference:two for the price <strong>of</strong> one.HEAR FROM EXPERTSDefining <strong>and</strong> Communicatingthe Role <strong>of</strong> <strong>Compliance</strong> & <strong>Ethics</strong>Donna McNeely, University <strong>Ethics</strong> Officer,University <strong>of</strong> IllinoisGrace Fisher Renbarger, Former VicePresident <strong>and</strong> Chief <strong>Ethics</strong> & <strong>Compliance</strong>Officer, Dell Inc.Kimberly F. Turner, Chief Audit Executive,Texas Tech University SystemBehavioral <strong>Ethics</strong>: Why GoodPeople Do Bad ThingsRobert Prentice, Pr<strong>of</strong>essor <strong>of</strong> BusinessLaw <strong>and</strong> Business <strong>Ethics</strong> in the Business,Government & <strong>Society</strong> Department,McCombs School <strong>of</strong> Business,University <strong>of</strong> TexasBest Practices forHigher EducationAudit & <strong>Compliance</strong>Lisa Murtha, Partner,SNR Denton US LLPLarry Plutko, Systemwide<strong>Compliance</strong> Officer, TheUniversity <strong>of</strong> Texas SystemMichael L. Somich, ExecutiveDirector <strong>of</strong> Internal Audits,Duke UniversityMary Lee Brown, AssociateVice President Audit,<strong>Compliance</strong> & Privacy,University <strong>of</strong> Pennsylvania<strong>and</strong> Health SystemVIEW THE FULL AGENDA & REGISTER ATwww.highereducationcompliance.orgActiance, IncAdeccoBoulette & Golden, LLPDIGITS, LLCDow Lohnes, PLLCJohns Hopkins Health SystemNational Institute <strong>of</strong>Environmental Health SciencesNational Science FoundationNew York UniversityNJ Higher EducationStudent Assistance AuthorityTexas Tech University SystemThe University <strong>of</strong> Technology JamaicaThe University <strong>of</strong> TexasUCLA Health SystemUniversity <strong>of</strong> CaliforniaUniversity <strong>of</strong> California at Santa CruzUniversity <strong>of</strong> California, DavidUniversity <strong>of</strong> ConnecticutUniversity <strong>of</strong> IllinoisUniversity <strong>of</strong> LouisvilleUniversity <strong>of</strong> Pennsylvania<strong>and</strong> Health SystemUniversity <strong>of</strong> Southern CaliforniaUniversity <strong>of</strong> Vermont

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!