Compliance &Ethics - Society of Corporate Compliance and Ethics

Letter from the CEOby Roy Snell, CHC, CCEP‐FWhat we have accomplishedSnellFour of us from SCCE/HCCA wererecently invited to meet with the headof the Department of Justice, the headof the Securities and Exchange Commission’sDivision of Enforcement, and the head ofthe Department of Justice’s FCPAdivision. They asked for a shortdescription of our organization. Ithought I would share with you whatI shared with them. Our growth hasbeen explosive. We have not spentmuch time looking back. It was interestingto reflect on what we haveaccomplished as a very young profession.The Society of Corporate Complianceand Ethics and the Health Care ComplianceAssociation are part of a single 501(c)(6) organizationdedicated to helping educate, network,and certify compliance and ethics professionals.Our mission is to help compliance and ethicsprofessionals become more effective in theirjobs and help them implement effective complianceprograms. We have 10,500 members whoare primarily in-house compliance and ethicsprofessionals managing their organizations’compliance and ethics programs. We have individualsfrom academia, government, outsidecounsel, and more involved in our organization.We also reach many individuals throughsocial media who are involved in other aspectsof an effective compliance program, such asaudit, legal, risk, fraud, and more. We have over20,000 people following our Twitter feed, 9,500on our dedicated social media site, 15,600 onour LinkedIn compliance groups, and 8,000 onFacebook. Through social media we are able tocommunicate news and information, and sharedocuments that assist our members and othersin their efforts to improve their organizations’cultures and compliance with the law.We are involved in many aspects ofcompliance and ethics education. We havecredentialed and assisted in the programdevelopment of several colleges that havedeveloped degrees in the compliance andethics field. We hold approximately 60 complianceand ethics conferences per year, thelargest of which has more than 2,000 attendees.We conduct approximately 35 web conferenceseach year. We publish two magazines with200 articles per year written by complianceand ethics professionals. We have developedsix basic and advanced certification programsfor compliance and ethics professionals. Over4,000 people hold one of the credentials.We have also branched out internationally.We have members from over 50 countries.We will be holding certification training inShanghai, São Paulo, and Brussels this year.We have developed numerous national andinternational partnerships with government,industry, and other professional associations,and facilitated collaboration betweenthe compliance and ethics profession and theenforcement community.We have come a long way. We have peoplewho can influence our profession asking for ourinput now, when they wouldn’t give us the timeof day in the past. We are having a few growingpains, but things are very good. We are hiringmore people with expertise that will help takeour profession and our organization to thenext level. Most of all, we have surroundedourselves with lead volunteers that have theright stuff. They are the right people to helpus achieve our mission of helping complianceprofessionals be more effective in their jobsand implement effective compliance programs.We are looking forward to another great year. ✵Contact Roy Snell at roy.snell@corporatecompliance.orgCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 3

ContentsMay/June 2012FeaturesColumnsCompliance & Ethics Professional May/June 201214 Two days with the FBIby Adam TurteltaubAbout 50 compliance professionals got an inside look at the FBI’scompliance program and how agents are trained.24 Understanding the proposedEU data protection regulationby Robert BondBusinesses that process the personal data of Europeanswill incur significant compliance obligations when the newregulations take effect.30 Buyers on the takeby Peter J. CrosaAssuming that vendor payoffs are a thing of the past may be abit naïve in these tougher economic times.34 It’s time to change the SEC’s cultureby Marlowe DomanThe new Office of the Whistleblower will have to overcome thepublic’s perception that the SEC protects, rather than prosecutes,high-level financiers.40 Ethical decision-making models:Decisions, decisionsby Roz BlissWhen faced with an ethical challenge, your employees need asimple tool to help them make the right decision.3 Letter from the CEORoy Snell21 Boehme of contentionDonna Boehme29 The art of complianceArt Weiss33 View from the front linesMeric Craig Bloch39 Kaplan’s courtJeff Kaplan78 The last wordJoseph Murphy6 NewsDepartments12 People on the move22 SCCE welcomes new members69 SCCE congratulatesnew CCEP ® designees79 Takeaways80 Events calendar4 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

“ ”Ethics and compliance operativesshould be aware that inappropriatevendor influence is not alwaysblatant and easy to spot.See story on page 30Compliance & EthicsProfessionalEditor-in-ChiefJoseph Murphy, Esq., CCEP, Of Counsel, CSLG, Haddonfield, NJ,jemurphy@cslg.comExecutive EditorRoy Snell, CHC, CCEP‐F, CEO, roy.snell@corporatecompliance.orgArticles44 Powerful witness preparation:The pure and simple truthby Dan Small and Robert F. RoachGetting to the truth and bringing it out effectively requires preparation.48 The economy, compliance, and ethicsby Adam TurteltaubResults of SCCE’s latest survey on Compliance budgets and staffing.50 Overzealous I-9 compliance can result ina discrimination lawsuit [CEU]by Justin EstepCompanies must follow a consistent policy for verifying the employmenteligibility of both U.S. citizens and non-citizens.52 Meet Frederico Melville Novellaand Christie Ippischby Adam TurteltaubThe founding father of one of Guatemala’s leading companies instilled a legacyof ethics, values, and right conduct.54 Corporate codes of conduct in theUnited States [CEU]by Gilbert Geis, PhD and Henry N. Pontell, PhDA desire to protect the company from vicarious liability runs through thehistory of codes of conduct.66 Social media evidence: A new accountability [CEU]by Dawn LomerPotential legal issues can arise when discovering evidence on social mediasites and authenticating it for use in a courtroom.70 Building transparency, accountability, andethics in government contractingby Eric R. FeldmanContractors who ignore increasingly complex federal regulations andself-disclosure requirements may find themselves suspended or debarred.Advisory BoardCharles Elson, JD, Edgar S. Woolard, Jr. Chair in CorporateGovernance, Director of the John L. Weinberg Center forCorporate Governance at University of Delaware.Jay Cohen, Compliance Consultant, Assurant Inc.John Dienhart, PhD, The Frank Shrontz Chairfor Business Ethics, Seattle University; Director,Northwest Ethics Network; Director, Albers BusinessEthics Initiative; Fellow, Ethics Resource CenterOdell Guyton, JD, CCEP, Senior Corporate Attorney,Director of Compliance, U.S. Legal–Finance & Operations,Microsoft CorporationRebecca Walker, JD, Partner, Kaplan & Walker LLPRick Kulevich, JD, Senior Director, Ethics and Compliance,CDW CorporationSteve LeFar, President, Sg2Stephen A. Morreale, DPA, CHC, CCEP, Principal,Compliance and Risk DynamicsMarcia Narine, JD, Vice President Global Complianceand Business Standards, Deputy General Counsel,Ryder System, Inc.Ann L. Straw, General Counsel US, Votorantim CimentosNorth America, Inc.Greg Triguba, JD, CCEP, Principal,Compliance Integrity Solutions, LLCStory Editor/AdvertisingLiz Hergert, +1 952 933 4977 or 888 277 4977liz.hergert@corporatecompliance.orgCopy EditorPatricia Mees, CCEP, CHC, +1 952 933 4977 or 888 277 4977patricia.mees@corporatecompliance.orgDesign & LayoutSarah Anondson, +1 952 933 4977 or 888 277 4977sarah.anondson@corporatecompliance.orgCompliance & Ethics Professional (CEP) (ISSN 1523-8466)is published by the Society of Corporate Compliance and Ethics(SCCE), 6500 Barrie Road, Suite 250, Minneapolis, MN 55435.Subscriptions are free to members. Periodicals postage‐paid atMinneapolis, MN 55435. Postmaster: Send address changes toCompliance & Ethics Professional Magazine, 6500 Barrie Road,Suite 250, Minneapolis, MN 55435. Copyright © 2012 Societyof Corporate Compliance and Ethics. All rights reserved. Printedin the USA. Except where specifically encouraged, no part of thispublication may be reproduced, in any form or by any means,without prior written consent from SCCE. For subscriptioninformation and advertising rates, call +1 952 933 4977or 888 277 4977. Send press releases to SCCE CEP PressReleases, 6500 Barrie Road, Suite 250, Minneapolis, MN55435. Opinions expressed are those of the writers and not ofthis publication or SCCE. Mention of products and services doesnot constitute endorsement. Neither SCCE nor CEP is engaged inrendering legal or other professional services. If such assistanceis needed, readers should consult professional counsel or otherprofessional advisors for specific legal or ethical questions.Volume 9, ISSUE 3+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 5Compliance & Ethics Professional May/June 2012

NewsCompliance & Ethics Professional May/June 2012Compliance officer ranks highin best business sector jobs listThe work of compliance officershas been spotlighted in aFebruary report in U.S. Newsand World Report. Its “BestJobs of 2012” is based on theLabor Department’s employmentprojections. In anoverview, the report detailsthat 50 jobs were selectedfrom five “quick-to-hire”industries: business, creativeservices, health care, scienceand technology, and socialservices. The job of complianceofficer ranked 13thon the list of best businessjobs. The report states, “TheBureau of Labor Statisticsprojects compliance officeremployment growth of 15percent between 2010 and2020. That’s 32,400 new jobsand 26,200 replacement jobs.”To view the entire report:http://money.usnews.com/money/careers/articles/2012/02/27/the-best-jobs-of-2012Public rebuke of culture atGoldman Sachs opens debateWhen Greg Smith, a midlevel executive at Goldman Sachs,delivered his resignation in The New York Times on March 14,2012, he sparked a new round of debates about ethical failuresand their impact on Wall Street. The 33-year-old confessed hisdisillusionment in the form of an Op-Ed article, “Why I AmLeaving Goldman Sachs.” Among the sentiments he revealed:“It makes me ill how callously people still talk about ripping offclients.” Smith further states, “It astounds me how little seniormanagement gets a basic truth: If clients don’t trust you, theywill eventually stop doing business with you.”Worldwide media coverage of the resignation generallyfocused on the question of whether anything has changedon Wall Street in the three years since the financial crisistook down so many once profitable firms. Opinion pieces ranthe gamut, including “Why Greg Smith is Dead Right,” to“Goldman Rant a Case of Sour Grapes.”Read the latest news online · www.corporatecompliance.org/newsEU agenciessay Googlebreaking lawA European Union (EU)Justice Commissioner,Viviane Reding, assertedin March that Google’s newprivacy policy is in breachof European law. Google’snew policy, implemented onMarch 1, 2012, means privatedata collected by oneof Google services can beshared with its other platforms,including YouTube,gmail and Blogger. Userscannot opt out of the newpolicy if they want tocontinue using Google’sservices.In a March 1 interviewwith BBC Radio Four, Redingstated “[The new policy] isnot in accordance with thelaw on transparency and itutilizes the data of privatepersons in order to hand itover to third parties, whichis not what the users haveagreed to.” In addition,France’s data regulationauthority (the CNIL) hasindicated that it plans tolead a European-wide investigationinto the policy.“It astounds me how little senior management gets a basictruth: If clients don’t trust you, they will eventually stopdoing business with you.” Greg Smith, former executive at Goldman Sachs6 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

NewsWebsites uncover petty briberyaround the worldA website started in August2010 (ipaidabribe.com) hasbeen so popular that similarsites have been launchedaround the world. The sitesall provide a similar service:a way for citizens to anonymouslyconfess bribes paidand bribes requested butnot paid. Ipaidabribe.com,sponsored by the nonprofitJanaagraha in India, haslogged more than 400,000such confessions since itslaunch. The anonymousreports include everydayrequests for bribes that privatecitizens face in order tohave documentation or servicesdelivered. In a March 5article in The New York Times,Swati Ramanathan, oneof the website’s founders,said that public and privateagencies from 17 countrieshave asked for assistance insetting up equivalent programs.In addition, she saidthat Janaagraha plans toform an international coalitionof such groups so theycan share and assist eachother.2012 Compliance & ETHICS INSTITUTE PREVIEWsession 507: Automating Compliance in the iPhone AgeTuesday, October 16, 2012, 11:00 am – 12:00 pmAre you using the power of automation inyour compliance program? Are you keepingup with a younger workforce that wantsto communicate via social networking?Are your compliance materials painlesslyRead the latest news online · www.corporatecompliance.org/newsTheodore Banks,President,Compliance & CompetitionConsultants, LLCavailable on smartphones or pad computers? Are you harnessing the the latestin behavioral analytics to really understand your corporate culture—and theweaknesses that your compliance program must address? Are there ways toleverage automation to make a shrinking budget do more? These and otherrelated subjects will be discussed in our session "Automating Compliance inthe iPhone Age.”Attend SCCE’s 11th Annual Compliance & Ethics Institute in Las Vegas, NV,to hear more! Visit www.complianceethicsinstitute.org for more information.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 7

www.corporatecompliance.orgCALL FOR AUTHORSShare your expertise in Compliance & Ethics Professional,published bimonthly by the Society of Corporate Compliance and Ethics (SCCE). For professionals in thefield, SCCE is the ultimate source of compliance and ethics information, providing the most current viewson the corporate regulatory environment, internal controls, and overall conduct of business. National andglobal experts write informative articles, share their knowledge, and provide professional support so thatreaders can make informed legal and cultural corporate decisions.To do this we need your help!We welcome all who wish to propose corporate compliance topics and write articles.CERTIFICATION is a great means for revealing anindividual’s story of professional growth! Compliance &Ethics Professional wants to hear from anyone with a CCEPor CCEP-Fellow certification who is willing to contributean article on the benefits and professional growth he orshe has derived from certification. The articles submittedshould detail what certification has meant to the individualand his or her organization.Compliance & EthicsMarch/April2012 Professionala publication of the society of corporate compliance and ethicscompliance insights fromTAMKO Building Products, Inc.Robert BradleyVice President andGeneral Counsel22Recipe for aCompliance Dayin 2012Cynthia Scavelli28GRC focus: Keepyour employeesclose and yourauditors closerSteve McGrawArt WeissChief Complianceand Ethics Officer32Compliance ina casino worldMichele AbelyDavid C. Humphreyspage 14Presidentand CEO36DOJ review:FBI’s Integrityand ComplianceProgramEmil MoschellaPlease note the followingupcoming deadlines forarticle submissions:· May 15, 2012· July 15, 2012· September 15, 2012· November 15, 2012Earn CEUs!Please note that the CCB awards 2 CEUs to authors ofarticles published in Compliance & Ethics Professional.Topics to consider include· Anticipated enforcement trends· Developments in compliance and ethicsand program-related suggestions for riskmitigation· Fraud, bribery, and corruption· Securities and corporate governance· Labor and employment law· Healthcare fraud and abuse· Anti-money laundering· Government contracting· Global competition· Intellectual property· Records management and business ethics· Best practices· Information on new laws, regulations, andrules affecting international complianceand ethics governanceIf you are interested in submitting an article for publication in Compliance & Ethics Professional,e-mail Liz Hergert at liz.hergert@corporatecompliance.org

SCCE NewsSCCE conference NewsNational conferences··Compliance & Ethics Institute,October 14–17, Las Vegas at Ariawww.complianceethicsinstitute.orgGeneral sessions will include:––Why Do We Root for the Good Guy Even IfHe’s Doing Bad? Jon Turteltaub, Director,National Treasure / Jay Kogen, Former Producer,The Simpsons / Chris Bohjalian, New York Timesbestselling author of Midwives––Strategies for Enhancing Your Effectiveness asa Compliance and Ethics Officer: Daniel Roach,Co-Chair, SCCE Advisory Board and VP Compliance& Audit, Dignity Health––Ethics, Leadership and Temptation in theWorkplace: James B. Stewart, Pulitzer Prize winnerand columnist for The New York Times, author,Tangled Webs: How False Statements Are UnderminingAmerica: From Martha Stewart to Bernie Madoff––Lessons We Don’t Learn: Corporate Scandals,Why We Repeat Them, and How We CanLearn From Them: Donna C. Boehme, Principal,Compliance Strategists LLC / David J. Heller,Vice President and Chief Ethics and ComplianceOfficer, Edison International / Joseph E. Murphy,Of Counsel, Compliance Systems Legal Group··Higher Education ComplianceConference, June 3–6, Austin, Texaswww.highereducationcompliance.orgSessions will include:––Defining and Communicating the Role ofCompliance & Ethics: Adam Turteltaub, VicePresident of Membership Development, Societyof Corporate Compliance & Ethics (moderator) /Donna McNeely, University Ethics Officer, Universityof Illinois / Grace Fisher Renbarger, Former VicePresident and Chief Ethics & Compliance Officer forDell Inc. / Kimberly F. Turner, Chief Audit Executive,Texas Tech University System––Behavioral Ethics: Why Good People Do BadThings: Robert Prentice, Professor of Business Lawand Business Ethics in the Business, Government &Society Department, McCombs School of Business,University of TexasAcademieswww.corporatecompliance.org/academiesAcademies address methods for implementingand managing compliance programs basedon the Seven Element Approach. Courseswill address subject matter in each of theseareas and better prepare interested parties forthe CCEP ® exam. The Academy is designedfor participants with a general knowledge ofcompliance concepts and anyone working in acompliance function.Regional conferenceswww.corporatecompliance.org/regionalSCCE’s regional conferences are one-dayprograms designed to provide the hot topicsand practical information that complianceprofessionals need to create and maintaincompliance programs in a variety of industries.Upcoming 2012 regionals include:··New York, May 18··Anchorage, June 15··San Francisco, June 22··Atlanta, October 12··Houston, November 2Web conferenceswww.corporatecompliance.org/webconferencesSCCE members save $850 by purchasinga web conference subscription. Select 10individual sessions for only $900 (versus $1,750if purchased separately).Find the latest conference information online · www.corporatecompliance.org/eventsCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 9

SCCE NewsSCCE website NewsContact Tracey Page at +1 952 405 7936 or email her at tracey.page@corporatecompliance.org with any questions about SCCE’s website.SCCE website redesignOn May 16, you will notice the SCCE website has been redesigned.We still have all the same information listed online as before, but weorganized it so it’s easier to locate and use.A few of the major updates included in SCCE’s redesign are:··Improved navigation··Easier registration for events··Simpler product ordering··More efficient processing for memberships and renewals··Better CEU tracking··And much more!If you are having trouble finding anything in the coming weeks,please do not hesitate to call our office or email us to ask for something:helpteam @ corporatecompliance.org or +1 952 988 0141Compliance & Ethics Professional May/June 2012Don’t forget to earn your CCB CEUs for this issueComplete the Compliance & Ethics Professional CEUquiz for the articles below from this issue:··Overzealous I-9 compliance can result ina discrimination lawsuit, by Justin Estep(page 50)··Corporate codes of conduct in theUnited States, by Gilbert Geis, PhD andHenry N. Pontell, PhD (page 54)··Social media evidence: A new accountability,by Dawn Lomer (page 66)To complete the quiz:Visit www.corporatecompliance.org/quiz, thenselect a quiz, fill in your contact information, andanswer the questions. The online quiz is self-scoringand you will see your results immediately.You may also fax or mail the completed quiz to CCB:Fax: +1 952 988 0146mail:Find the latest SCCE website updates online · www.corporatecompliance.orgCompliance Certification Board6500 Barrie Road, Suite 250Minneapolis, MN 55435, United StatesQuestions? Call CCB at +1 952 933 4977 or888 277 4977.To receive one (1) CEU for successfully completingthe quiz, you must answer at least three questionscorrectly. Quizzes received after the expiration dateindicated on the quiz will not be accepted. Eachquiz is valid for 12 months, starting with the monthof issue. Only the first attempt at each quiz will beaccepted.10 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

SCCE NewsNewsContact Eric Newman at +1 952 405 7938 or email him at eric.newman@corporatecompliance.org with any questions about SCCEnet.SCCEnet (www.corporatecompliance.org/SCCEnet) is the mostcomprehensive social network for compliance professionals.Subscribe to dozens of discussion groups and get yourcompliance questions answered. Stay informed on the latestcorporate compliance news and information. Network with yourcolleagues and stay connected with our mobile app.Subscribe to the following SCCEnet compliancediscussion groups:··Go to www.corporatecompliance.org/groups andclick “My Subscriptions” to subscribe todiscussion groups and participate.––2012 SCCE Compliance and Ethics Institute––Multi-Industry Auditing and MonitoringCompliance Network––Multi-Industry Chief ComplianceEthics Officer Network––Multi-Industry Global Compliance andEthics Community––Multi-Industry Ethics Forum––Communication Training and Curriculum Development––Competition Law and Antitrust Network––Compliance Risk Management––European Compliance and Ethics––FCPA: Foreign Corrupt Practices Act Forum––Financial Institutions Network––Higher Education Forum––Investment Management Forum––SCCE Compliance Academies––Social Media Compliance––Social Responsibility Forum––Utilities and Energy NetworkPopular SCCEnet discussions··Multi-Industry Chief Compliance EthicsOfficer Network––What’s a CLO? Book review for “The Cost ofCompliance” shows unfamiliarity with “ComplianceOfficer” title: http://bit.ly/whatsaclo––In praise of office politics:http://bit.ly/praiseofficepolitics––New EU privacy rules: http://bit.ly/euprivacy––Lawyer who spotted broker fraud rewarded with5-year SEC ordeal: http://bit.ly/sec5year··Multi-Industry Auditing and MonitoringCompliance Network––Companies should use metrics to defend themselvesfrom Dodd-Frank whistleblower claims, report says:http://bit.ly/doddfrankmetrics··Multi-Industry Ethics Forum:Ideals and Ethics––The next business edge? http://bit.ly/idealsethics––Giving back: http://bit.ly/givingbackethics··FCPA: Foreign Corrupt Practices Act Forum––FCPA Fines/Penalties: http://bit.ly/fcpafinesUpdate your SCCEnet profile using LinkedIn ®··You can update your SCCEnet profile withinformation from your LinkedIn ® profile.Instructions at www.corporatecompliance.org/updateprofileWatch compliance videos on YouTube··Subscribe to SCCE’s YouTube channel:www.youtube.com/compliancevideosSCCE is now on Google+··Add SCCE to your circles:www.corporatecompliance.org/googleFind the latest SCCEnet updates online · www.corporatecompliance.org/sccenetCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 11

People on the MoveCompliance & Ethics Professional May/June 2012· Cynthia Scavelli, Esq.,CCEP, FIS CorporateCompliance & Ethics Counsel,has been selected as oneof The Jacksonville BusinessJournal’s “40 Under 40” for2012. Scavelli has also beenappointed as the new leaderof the Northeast FloridaCompliance and Ethics UserGroup for 2012 in Jacksonville,Florida. The group servesas a resource to companies,community organizations,and governmental agencies inNortheast Florida to promoteawareness and influence, educate,and support the valueof compliance and ethicsprograms in business and ourcommunity.· On March 5, 2012, Lisa D.Pleasant was appointed theCompliance Manager for St.John’s Community Services ofWashington DC, a nonprofitorganization committed toadvancing community supportopportunities for peopleliving with disabilities. Shewas the Regulatory AffairsCoordinator for Aria Health,a hospital in Philadelphia,and she is the former EthicsSpecialist and AlternateEthics Liaison Officer for theUniversity of Medicine andDentistry of New Jersey.Peopleon theMove· David Childers has beennamed Chief ExecutiveOfficer at Compli, a providerof on-demandHuman Resources, Safety,and Compliance managementsoftware. Lon Leneve,President of Compli, says,“David is a pioneer in theGRC field and has a trackrecord for being one of themost dynamic and innovativeindividuals in the industry.”Prior to joining Compli,Childers was a founder andCEO of EthicsPoint, oneof the leading global riskawareness organizations.Childers sits on the Board ofSCCE and is a member of theEthics & Compliance OfficerAssociation (ECOA), theInternational Association ofPrivacy Professionals (IAPP),and a charter member of theOpen Compliance EthicsGroup, where he has been recognizedas an OCEG Fellow.· Newbridge SecuritiesCorporation (NSC) is excitedto announce the additionof Michael Bernadino toserve as Chief ComplianceOfficer, effective February13, 2012. Bernadino is athirty-five-year veteran of thesecurities industry and foundingpartner at IJL FinancialAdvisors, LLC in Charlotte,NC. Todd Newton, Presidentand Co-CEO of Newbridge,says, “Mike brings a reputationof understanding thefinancial advisors needswhile maintaining soundrelationships with the variousregulatory agencies towhich we report.” NSC is aFINRA member broker-dealerthat engages in full servicesecurities brokerage, investmentbanking, and advisoryservices for individuals andinstitutional customers.Received a promotion? Have anew hire in your department? ·If you’ve received a promotion, award, or degree;accepted a new position; or added a new staffmember to your Compliance department, please letus know. It’s a great way to keep the compliancecommunity up-to-date. Send your updates toliz.hergert@corporatecompliance.org.12 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Help Keep YourCompliance ProgramFully StaffedList Your Job OpeningsOnline with SCCEIt’s hard to have an effective compliance and ethicsprogram when you have openings on your team.Help fill those openings quickly—list your compliancejob opportunities with the Society of CorporateCompliance and Ethics.Benefits include:• Listing is posted for 90 days to maximize exposure• Targeted audience• Your ad is also included in our monthly SCCE JobsNewsletter, which reaches more than 14,000 emailsDon’t leave your compliance positions open any longerthan necessary. Post your job listings with SCCE today.www.corporatecompliance.org/newjobsor call +1 952 933 4977 or 888 277 4977

FeatureFBI Corporate Compliance Officer Outreach EventOctober 25–26, 2011 • Washington, DC & Quantico, Virginiaby Adam TurteltaubTwo days with the FBICompliance & Ethics Professional May/June 2012When compliance and ethics professionalshear “FBI,” the initialreaction is likely one of fear.There are few things that throw companiesinto more disarray than a dawn raid by theBureau.Yet, on October 25 and 26, 2011, the FBIturned expectations on their head and playedhost to the Ethics and Compliance profession.In a fascinating two-day event, held atheadquarters in Washington DC and its trainingfacilities in Quantico, Virginia, the FBIhighlighted its internal compliance programand the effect it is having on both its agentsand professional staff. In cooperation with theSociety of Corporate Compliance and Ethics,the FBI provided approximately 50 complianceprofessionals with a rare look inside its programand the Bureau’s operations.The program was led by Patrick W.Kelley, an SCCE member and AssistantDirector of the FBI’s Office of Integrity andCompliance, a position which reports toFBI Director Robert S. Mueller III throughDeputy Director Sean Joyce. The FBI is therare agency of the federal government thathas a compliance program.Like many private sector programs, theFBI’s was born out of actions that fell outsideof the law. The misuse of National SecurityLetters (an investigative tool analogous to anadministrative subpoena) led to a comprehensiveexamination of how to prevent anyfuture abuses, including the development of acompliance program.As part of its research into how to build acompliance program, the FBI quickly realizedthat there was much that could be learnedfrom the private sector and began reaching outto the corporate compliance community. SCCEmet with the Bureau for a full day, as part ofthat process, and shared its expertise.The program on October 25 and 26 wasa “thank you” to the Compliance communityfor its support. It was also a reflectionof the importance that FBI Director Robert14 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureMueller places on compliance programs. AsPatrick Kelley noted, “He recognizes you asthe first line of defense.” The program beganwith Kelley outlining the mission of the FBI,which places prevention of terrorism as itsfirst priority.He also shared the Bureau’s motto—Fidelity, Bravery, Integrity—noting thatintegrity is very much at the core of theBureau’s compliance program. It is even oneof the organization’s core values, he explained.Director Mueller said, “In fact, integrity is thevalue that binds together the very fabric of ourinstitutional identity. It defines us and whatwe stand for; it is how we operate and how wemeasure our success. In short, integrity is thetouchstone for everything we do.”All new Special Agents of the FBI receiveeight hours of ethics training, versus thestandard of just one hour for most federalemployees. In addition, immediately prior tobeing sworn in for their positions, every FBIemployee is shown a video that highlightsthe Bureau’s core values. The inspiring productionfeatures FBI employees who faceddifficult decisions in which they were guidedby the core values.“We thought that using real FBI personnelto tell real FBI stories to illustrate each ofthe core values would be the best way to reachboth experienced and new employees, and toshow that the values really are more than justwords,” said Kelley.The compliance and ethics programdoesn’t stop with the video, though. Thereis a permanent office with a total staff of 17people. In addition, compliance managementcommittees, organized along branch or functionallines, meet each quarter, and there is aformal meeting every four months with theFBI director and the top executives to reviewthe program and the risk areas.Attendees left favorably impressed by theFBI’s efforts. “I left with a deeper appreciationof the FBI organization. There were manyvaluable lessons to be taken from the program,but one that left a lasting impressionwas the FBI core values. The FBI valuesare ingrained throughout their businessorganization, and it is a message that is leveragedfrom the top down to all employees.Everyone is expected to be a leader!” saidTerri Lee, Corporate Responsibility Leader ofthe Electric Power Research Institute.The program for the meeting wasn’tsolely about the FBI’s compliance and ethicsprogram. It contained a number of sessionsdesigned to both enhance the Compliancecommunity’s understanding of the FBI and ofcompliance risks that the private sector faces.Bryan Smith of the Economic Crimes Unitwarned the attendees of an uptick in securitiesand commodities fraud, particularly aroundinsider trading. He went on to explain thatthe FBI prioritizes these cases based on factorssuch as systemic risk to the US financialmarket and public confidence in the US financialsystem, as well as the number of victims.He also provided strong ammunition to thoseadvocating for self-reporting of incidents. Heassured the attendees that the companies thatself report and cooperate fare far better thanthose that do not.Madeline Payne, an Intelligence Analystwith the Economic Espionage Unit, followedBryan Smith’s presentation. Her focus, andthat of her unit, is protecting trade secretsfrom misappropriation. It’s a significant problem,especially among engineers, because somany trade secrets reside in their heads.It’s also a problem with two fronts for companiesto consider. While most might focus onthe loss of a trade secret to a competitor, thereis another grave challenge: the transfer of proprietarydata to foreign governments. Thosecommitting this type of crime are also significantflight risks, because they are often nationalsof the country that they are stealing data for.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 15

FeatureCompanies also need to be alert to therisks of money laundering through gift andstored-value cards. Increasingly, explainedDouglas Leff, Supervisory Special Agent inthe Asset Forfeiture & Money LaunderingUnit, criminals are taking advantage ofthis virtually untraceable means of movingmoney. Companies, particularly retailers,need to be wary of unusually high volumesof transactions using these instruments.Businesses may also want to consider monitoringemployee expenses which reflectgift card purchases. These purchases maybe innocent, but they may be an indicatorof a Foreign Corrupt Practices Act(FCPA) violation.every three months, making it difficult toprove who the sender of an email was.He also warned companies to be aware ofthe risks of cloud computing. The distributedstorage model makes it much more difficultfor law enforcement to identify a criminalafter an intrusion.The day ended with a heated discussionof the FCPA. It featured a panel consisting ofPaula Ebersole, Supervisory Special Agentof the FBI’s Washington Field Office; ChrisFavro, a retired FBI agent and now SeniorCounsel, Compliance and Business Conductfor 3M; and Charles Duross, Assistant Chief ofthe US Department of Justice’s Fraud Section.The conversation included a discussion of thedesire of the Compliance community for theDepartment of Justice to provide more informationabout how companies can earn creditfor their compliance programs.Roy Snell, CEO of SCCE and the HealthCare Compliance Association, pointed out,“This is exactly the kind of data we need todemonstrate to CEOs and boards the valuethat compliance programs can bring to theirorganizations.”Compliance & Ethics Professional May/June 2012Another emerging risk area is socialmedia. Michael Kolessar, Supervisory SpecialAgent in the Cyber Unit, reported an increasein incidents of extortion using social media.He recounted a case in which a disaffectedcustomer threatened to unleash a torrent ofonline complaints about a company unlessit agreed to his demands. Kolessar urgedcompanies to report these demands to lawenforcement promptly while the data is readilyaccessible. Contrary to the belief that digitalcommunications last forever, he explained thatmany Internet providers purge their recordsDay Two of the program took place at theFBI’s training facility in Quantico, Virginia.The tour included the Memorial Wall, whichhonors agents killed in the line of duty, andfamed Hogan’s Alley, a few Hollywood-builtcity blocks designed to give agents the opportunityto train in “real life” settings.The training in enforcement for recruitsalso includes 40 hours of legal education,the group learned. Lisa Baker, Chief of theLegal Instruction Unit, shared a portion ofthe training on the protection of civil rights.This program helps recruits understand thesource of their authority, as well as the limitsof it, and the value of adhering to thoselimits. This portion of the training beginswith the U.S. Constitution and Bill of Rights,16 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featurea copy of which is provided to each recruit.To drive the lessons home, the trainingincludes examples of the risks that can occurwhen those Constitutional boundaries arebreached.COINTELPRO, a program from severaldecades ago that monitored people the FBIhad deemed a potential threat to the nation,is one of the incidents studies. This programonce included a list of more than 26,000Americans to be “rounded up” in case ofa national emergency. The investigation ofCOINTELPRO led to significant changeswithin the FBI, including a set of guidelinesfor the FBI that would form the basis of itscompliance program.Baker explained that the policy environmentfor domestic operations is now basedon the Constitution, federal statutes, andExecutive Orders, plus the Attorney GeneralGuidelines, the FBI Domestic Investigationand Operational Guide, as well as BureauProgram Policy Implementation Guides.Together these are used to direct the FBI’soperations and ensure they comply with thelaw and the Bureau’s own standards.In addition, the FBI operates under aset of core values, Patrick Kelley explained.These are:··Rigorous obedience to the Constitution ofthe United States··Respect for the dignity of all thosewe protect··Compassion··Fairness··Uncompromising personal andinstitutional integrity··Accountability by accepting responsibilityfor our actions and decisions and theirconsequences··Leadership, by example, both personaland professionalThese values help define how the FBIviews itself. For example, according to theFBI’s internal ethics manual: “It is our policyto comply fully with all laws, regulations,and rules governing our operations, programsand activities…Public service is apublic trust. Those of us lucky enough toserve the public in and through this greatorganization must adhere to that principle ineverything we do.”The day concluded with a fascinating andfun peek into how agents are trained to takethose values and the law, and apply themwhen facing a scenario in which deadly forcemay be used.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 17

TMFeatureCarl Benoit, Supervisory Special Agentand instructor at Quantico, gave the attendeesa sample of a two-day training programin which scenes play out on a screen andparticipants (in the case of this program,three female and one male attendee) had todecide both whether to shoot and when. Theirresults were shown on the screen and dissectedby Benoit. This session illuminated theConstitutional requirements and SupremeCourt interpretations of when deadly forcemay be used, and how difficult it can be to dothe right thing in a fast-evolving situation inwhich the time between a simple confrontationand shots fired by a suspect could be lessthan two seconds.“The ‘Deadly Force’ exercise was particularlyamazing to me,” reported Jim Brigham,Vice President Internal Audit at Petco. “I didn’treally appreciate how quickly and decisivelyagents have to act until I went through thisexercise. Even though I knew the exercise washarmless, as the screen counted down to thescene I could feel my anticipation grow. Asthe suspect on the screen turned around, Icould see the gun at his waistline. He startedto run and pull his gun and I started to shoot.I was much too late and, in the excitement,far too inaccurate. This was an incredibleteaching tool which only reinforced my admirationof the men and women who serve us asFBI agents.”In sum, it was an insightful two days. Ithelped the compliance and ethics professionalswho attended to better understand the risksthat they face, the asset the FBI could be to theircompanies, as well as the particularly challengesfaced by FBI agents and staff as they liveup to their motto of Fidelity, Bravery, Integrity. ✵Adam Turteltaub is Vice President of Membership Developmentfor the SCCE in Minneapolis, MN. He may be reached atadam.turteltaub@corporatecompliance.org.the premier social networkfor compliance and ethics professionalsCompliance & Ethics Professional May/June 2012Why should you log on to SCCEnet ?••Get your questions answered in the community discussion groups••Download compliance documents from our community libraries, or share your own••Stay informed on the latest compliance and ethics news and guidanceLog on at corporatecompliance.org/sccenetAlso visit SCCE on these popular social media sitesJoin our groupfollow us oncorporatecompliance.org/linkedin twitter.com/scce facebook.com/sccecorporatecompliance.org/googleyoutube.com/compliancevideos18 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

10th AnnualHigher EducationCompliance ConferenceJune 3–6, 2012 | Austin, TexasAT&T Executive Education Conference CenterCome to Austin, Texas, for the primary networking event for complianceand ethics professionals within higher education. Don’t miss theoppportunity to gather with your peers and discuss emerging issues, sharebest practices, and build valuable relationships.Join us in June to hear the following hot topics!• Program Integrity: Juggling and Jeopardy• Maximum Efficiency on a Shoestring Budget: Making the Most of WhatYou Have• Engaging the University Community in ERM• How to Handle Whistleblower Complaints in Higher Education:What Happens after the Whistle Blows• Compliance & Ethics Programming for Small Campuses: LeveragingResources through Effective Communication across Risk DisciplinesRegister today and enjoy the flexibilityof two conferences for the price of one!Complimentary access to HCCA’s ResearchCompliance Conference is included with yourHigher Education Compliance Conferenceregistration. The parallel schedule gives youthe freedom to attend sessions at eitherconference—two for the price of one.VIEW THE FULL AGENDA & REGISTER ATwww.highereducationcompliance.org

Learn the essentials of managing an effective compliance program…Attend SCCE’s 2012BASIC COMPLIANCE & ETHICSACADEMIESin the UNITED STATES, SOUTH AMERICA, EUROPE, and ASIAMay 7–10SÃO PAULO, BRAZILJune 11–14SCOTTSDALE, AZJuly 9–12SHANGHAI, CHINAMay 21–24BRUSSELS, BELGIUMJune 25–28SAN DIEGO, CAAugust 13–16BOSTON, MASCCE’s Basic Compliance & Ethics Academies are three-and-ahalf-dayintensive training programs designed to provide youwith the essentials of managing an effective compliance andethics program. You’ll be taught by a faculty made up of expertswith deep experience in the topics they teach. Be a part of theAcademy and gain comprehensive knowledge of:• Standards, Policies, and Procedures• Compliance and Ethics Program Administration• Communications, Education, and Training• Monitoring, Auditing, and Internal Reporting Systems• Response and Investigation, Discipline and Incentives• Risk AssessmentAt the end of the Academy you can sit for the optional CertifiedCompliance & Ethics Professional (CCEP) ® exam. The CCEP ®program promotes a standard of requisite knowledge forcompliance and ethics, encourages continued personal andprofessional growth, and enhances the credibility of bothcertified professionals and the compliance programs they staff.SCCE credits earned at the Academy will count towards thecredits required to sit for the certification exam.November 12–15ORLANDO, FLDecember 10–13SAN DIEGO, CA(NOTE: Academy and CCEP ® exam are conducted in English at this time.)To learn more about the Academyand certification — and how theycan help your compliance andethics program, visit us online…www.corporatecompliance.org

Boehme of Contentionby Donna BoehmeGoldman Sachs. Culture.Muppets. Talk amongstyourselves.BoehmeYou’ve got to feel pretty bad for theGoldman Sachs PR folks, who probablyspit out their sips of triple soyvanilla latte in unison as they turned ontheir iPads to former exec Greg Smith’sexplosive take-this-job-and-shove-it resignationin the form of a New York Timesop-ed. On the other hand, what aperfect made-for-TV movie for thoseof us in the compliance and ethicspeanut gallery. You really can’tmake this stuff up.If you haven’t read Smith’s scathingop-ed, “Why I Am LeavingGoldman Sachs,” publicly rebuking the firmfor its “toxic culture” and alleging that execsroutinely referred to their clients as “muppets”(British slang for “idiots”—where have youbeen?), here it is. Go ahead, we’ll wait: www.nytimes.com/2012/03/14/opinion/why-i-am-leaving-goldman-sachs.htmlAlthough Goldman, as expected, has vigorouslyrefuted the claims (again, PR peopleworking overtime), this comes at a time whenWall Street firms are under fire for theirgreedy, risk-taking culture that may or maynot have led to the financial meltdown, andplays right into the hands of those who arguefor more—not less—regulation. For the purposeof our discussion here, I’m not votingeither way. For the moment, let’s just file theseobservations under the category of “TheThings We Think and Do Not Say.”Observation #1: Circle-the-wagons syndrome.Anyone following the speed of Wall Streetcircling the wagons could get a bad case ofwhiplash. Connect the dots to Bloomberg’sugly editorial excoriation of Smith himself thenext day. www.bloomberg.com/news/2012-03-14/yes-mr-smith-goldman-sachs-is-all-about-makingmoney-view.htmlObservation #2: Society still hates snitches.Forget firm culture; as a society, we stillrecoil when people get out of line and speakup. That’s why Satan created retaliation.Goldman’s counter-attack on Smith was swiftand continues. In my networks, I’m watchingmany who are usually happy to talk about“tone at the top” and “transparency” backaway from this one.Observation #3: The CCO’s fairy tale rarelycomes true.The former CCO in me wants to believeGoldman will take Smith’s criticisms to heartand engage their employees in an open dialogueabout ethical culture. But I know thechances of that, to quote my all-time favoriteE*Trade talking-baby commercial, “are the sameas being mauled by a polar bear and a regularbear in the same day.” www.youtube.com/watch?v=HqVBKO_QM3oAnd that’s my two cents. Now, go and talkamongst yourselves! ✵Send comments to Donna Boehme at dboehme@compliancestrategists.com.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 21

SCCE welcomes New MembersCompliance & Ethics Professional May/June 2012Arizona··Carmen Jandacek, Arizona Public Service··Calvin Lickfelt, Strategy AssociatesInternational LLC··Sally Murphy, USAble Life··Stefani Rosenstein, Apollo Group, Inc··Jeremy Schudy, Saguaro SurgicalCalifornia··Michelle Alfi, CBRE··Anne Sullivan Daly, Sutter Health··Stefani Dawkins, Cisco Systems··Patrice Eitner, Corinthian Colleges··Samuel Florio, Santa Clara University··Pamela J. Garretson, The Boeing Company··Phil Grevin, Veterinary Pet InsuranceCompany··Temre L. Hanson, Johnson & Johnson··Kirsten Kempe, Johnson & Johnson··Ishrag Khababa, Satellite Healhcare··Sharon L. Masterson, The Boeing Company··Teresa Merry, Monterey Bay Aquarium··Michael A. Miller, Aerojet··John W. Prager, Jr. , Lusardi Construction Co··David Sterling, Adobe Systems Incorporated··Michael L. Whitcomb, UPRRColorado··Kathryn MarturanoConnecticut··Karen Allison··Ralph Archer, III, Goodrich Corp··Allison Ellis, Frontier Communications··Jonathan Ivec, Iona College··Ariel Zhang, Terex CorpFlorida··William Hoffman, Satcom Direct, Inc··Pamela Kraska, Daytona College··Anita Mixon··Lisa Sullivan, NextEra Energy··Michael Yount, Wellcare Health PlansGeorgia··Amy K. Andrews-Bennett, UCB Inc··Charles Nugent, The Network··Kent Peters, Randstad··Robert R. Rentfrow, Georgia Syst OperationsCorp··Audrey Talley, Private Consultant··Suellyn Tornay, Global Payments IncIllinois··Courtney A. Bartlett, TreeHouse Foods, Inc··Thomas Caputo, Tribune Company··Susan Darow, LRN··Kimberly Dascoli, Walgreen Co··Mark Ewald, DeVry Inc··Bridget A. Glynn, GE··Anthony Jones, State Farm Insurance··Akbar Pasha, Baxter HeatlhcareIowa··Lisa A. Arechaveleta, EMC Insurance··Kayla Flanders, Pioneer Hi-Bred InternationalKansas··Lynne Valdivia, KFMC, IncKentucky··Michael ONeill, Southern Baptist TheologicalSeminary··Tracey Pender-Link, University of LouisvilleLouisiana··Kim Chatelain, Jefferson ParishMaine··Beth HansonMassachusetts··Nick Piccirillo, Abt Associates Inc··Lisa Shea, DePuy Co./Johnson & JohnsonMichigan··Barbara Arleth, Hagerty··Jonathan P. Bricker, SAI Global··Michael Womersley, WalgreensMinnesota··Michael Ayotte, ITC Holdings··Miggie E. Cramblit, Midwest ReliabilityOrganization··Brent Eilefson, Upsher-Smith Laboratories,Inc··Joel Green, Upsher-Smith Laboratories, Inc··Kristina Irvin··Saamahn Mahjouri··Robert Overman, Upsher-Smith Laboratories,Inc··Nancy Van Gieson, Upsher-SmithLaboratories, Inc··Robin Wolpert, 3MMissouri··Joy C. Arview, The Boeing Company··Anthony D. Cross, Technolas Perfect Vision··William F. Giese, III, The Boeing Company··Brett Holland, KCP&L··Denise R. Jester, Molina Healthcare··Dean Larson, KCP&L··Chris Parr, KCP&L··Elizabeth A. Scott, Molina Health Care ofMissouriNebraska··Melanie Scheaffer, Cabela’sNew Jersey··Edward L. Benson, Johnson & Johnson··Brett S. Bissey, UMDNJ··Tamara Brintzinghoffer, Johnson & Johnson··Michael R. Clarke, Actavis Inc··Maria Coppinger-Peters, Kearny FederalSavings Bank··Cynthia Coronel, Saint Clare’s Health System··Sandhya Drinkwater, Johnson & Johnson··Michael Ferrone, Solix, Inc··Patrik Florencio, Sandoz··Dina Given, Johnson & Johnson··Jane A. Kelly, ZT Systems··Alice A. Legander, Lockheed Martin··Louis Maus, Koch Modular Process Systems,LLC··Philip Munkacsy, Watson Pharmaceuticals··Elizabeth Rhoades, Novartis/Sandoz Inc··Roberto Roche, Medco Health Solutions, Inc··Kevin Schatzle, Provide Security LLC··Lori Tasca, Solix Inc··Kathy Tench, Optimer Pharmaceuticals, Inc··Trenor TurnerNew York··Nancy Cohen, The Estee Lauder Companies··Laura Kalick, NYC District Council ofCarpenters Benefit Funds··Jeffrey Kwastel, New York State Office of theAttorney General··Dyana Lee, Thacher Associates··Lynne Plavnick, Volunteers of America··Lauren Shy, PepsiCo, IncNorth Carolina··Genevieve M. Black, United Therapeutics··Kirk Crowder, ArchimicaNOrth Dakota··Duane A. Peterson, Green Iron Equipment22 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Ohio··Tim Butler, Teradata Corp··Todd B. Carver, Teradata Corp··Karl Dahlquist, Johnson & Johnson··Hal Greig, ATSG Inc··Adam S. Poe, Mettler-Toledo International Inc··Jeanette Ponds, Teradata Corp··Molly Treese, Teradata Corp··Gary D. Huneryager, OG&EPennsylvania··Deborah Cameron, Synthes Inc··Amanda Coffey, Messiah College··Noah Davis, Rite Aid Corp··Larry Gibson, De Lage Landen··Kim Gunter Upshaw, TridentUSA HealthServices··Jennifer Heller, Comcast Corp··Mandy Morgan, Erie Insurance Group··Andrew Palmer, Rite Aid Corp··Monika G. Rector, Johnson & Johnson··Christina Serra, Harsco··Hector T. Torres, Carlow UniversitySouth Carolina··Perceffenessee Cantey, AllSouth FCU··Katie Walter, Michelin North America, IncTennessee··Leigh Cheek, University of Tennessee··Melissa F. Kell, Walden SecurityTexas··Shirley Allen, Hewlett Packard (HP)··Lincoln Arneal, The University of TexasIntercollegiate Athletics··Andrew Baird, GE Oil & Gas··Corey S. Bradford, Prairie View A&MUniversity··Jeff Brockmann, NRG Energy··John Bui, Green Mountain Energy Company··Michelle Renee Dunaway, Scientific DrillingInternational, Inc··Angie D. Gallardo, ConocoPhillips··Steven Gyeszly, Weatherford··Brenda E. Hart, Baylor College of Medicine··Stephanie G John, Newfield ExplorationCompany··Reba Leonard, Homeland HealthCare, Inc··Esteban Majlat, ConocoPhillips Company··Donna Reed, GE Oil & Gas··Graham Vanhegan, ConocoPhillips··Melissa Wilson, WillbrosVirginia··Donna Abernathy, W.F. Magann Corp··Bill Anderson, DuPont Sustainable Solutions··Joan Andrew, CGI Federal··Douglas A. Hardman, TerreStar Networks Inc··Brian Jenkins, ALON, Inc··Ellen Miles, Zeiders Enterprises, Inc··Melissa Novak, HP··Christopher Spofford, MicroAire SurgicalInstruments LLC··Katharine Warren, Northrop GrummanWashington··James L. Baggs, Seattle City Light··Lyn Cameron, Microsoft Corp··Marie M. Rice, Ambassadors Group, Inc··Charles Ruthford, Intensional Connection,LLC··Nancy Thomas-MooreWisconsin··Val Lehner, ATC (American TransmissionCompany)Washington, DC··Jackie Richardson, FTI ConsultingVirgin Islands··John F. Lewis, Lewis ConsultingAustralia··Lloyd Kinzett, Harsco CorpBelgium··Gunnar WieboldtBrazil··Renata Oliveira, Machado Meyer Sendacz EOpice Ltda··Rogeria Carla Pergia Assis, Prudential DoBrasil Seguros De Vida SA··Francisco Niclos Negrao, Maganery Nery EDias··Bruno Ferreira Ferraz Camargo, Philips DoBrasil Ltda··Rogeria P.B.R. Gieremek, Serasa Experian··Marcia Muniz, Hyundai Motor Brasil··Maria Claudia Murr, Hewlett Packard··Marcela Pascoareli, Machado MeyerSendacz E Opice Advogados··Mauro Theobald, Grupo MaristaCanada··Richard Khambatta, Integrated PharmaServices IncChina··Xiang Han, MercerEngland··Dan Aharon, DSPS GlobalGermany··Jannica Houben, Tech Data Europe GmbHPakistan··Sultan Ali, RiskDiscovered(BackgroundCheck Private Limited)··Saima Qaiser, RiskDiscovered(BackgroundCheck Private Limited)··Danish Thanvi, RiskDiscovered(BackgroundCheck Private Limited)··Khurram Zahid, RiskDiscovered(BackgroundCheck Private Limited)Romania··Dumitru Uta, Eli Lilly and CompanySwitzerland··David Huegin, Clariant International LTD··Sofie Melis, Eli Lilly Export S.AUAE··Hind Abdulla Al Shehi, MubadalaDevelopment Company··Kurt L Drake, Mubadala DevelopmentCompanyUK··Lin Forbes Brown, BP International··Tuula NieminenCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 23

Featureby Robert BondUnderstanding the proposedEU data protection regulation»»The EU is in the process of revising its data privacy regime to harmonise data protection across its member states.»»The propsed Data Protection Framework will implement greater enforcement powers that apply to both data controllersand data processors.»»The Framework will focus on consent, breaches, data transfers, accountability, and liability.»»Individuals will have greater control of their personal data, and special protections for the data of children are included.»»Foreign businesses that target EU citizens will incur significant compliance obligations.Compliance & Ethics Professional May/June 2012BondOver the past few years, the EuropeanUnion (EU) has been consultingwith key stakeholders on the need tooverhaul the EU data privacy regime and toproduce a harmonized general data protectionframework.On the November 29, 2011, theEuropean Commission “leaked”an updated version of its draftGeneral Data Protection Regulation(Regulation) intended to producea harmonized Data ProtectionFramework for the EU, which amongother things will repeal the DataProtection Directive (95/46/EC). The proposedRegulation was finally announced on January25, 2012.The intention of the Regulation is “tobuild a stronger and more coherent DataProtection Framework in the EU, backed bystrong enforcement that will allow the digitaleconomy to develop across the internal market,put individuals in control of their own data,and reinforce legal and practical certaintyfor economic operators and public authorities.”However, the Regulation in its currentform imposes significant changes to the wayin which businesses will have to comply withdata protection laws and regulations in the EU.The European Commission considers thata Regulationwill be the most appropriate legal instrumentto define the framework for theprotection of personal data in the EU, sincethe direct applicability of the Regulationwill reduce legal fragmentation and providegreater legal certainty by introducinga harmonized set of core rules, improvingthe protection of fundamental rights ofindividuals, and contributing to the functionalityof the internal market.The key principles of the Data ProtectionDirective and the majority of the definitionstherein remain the same. However, thereare significant changes to some definitions,clarification over some of the principles (inparticular, consent), and reinforcement ofcurrent solutions for data transfers. Mostimportantly, there are new obligations for boththe data controller and the data processor withrespect to the role of the data protection officer,as well as obligations involving mandatoryreporting of data breaches, dramatic increasesto enforcement powers and fines, and specificresponsibilities with regard to the personaldata of children.24 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureBased on the wording of the proposedRegulation, businesses with entities in Europethat process personal data, use equipment inthe EU for processing personal data, or are notin the EU but process personal data of EU datasubjects or monitor their behavior, will incursignificant compliance obligations.As the Regulation applies to both data controllersand data processors, and dramaticallyextends the enforcement powers of the regulatorsand the fines for non-compliance (i.e., 2%of worldwide revenue for negligent or recklessbreach), businesses will need to prepare forinvestment in EU data protection compliance.The current Regulation runs to 116 pages,but our summary of the key provisions is asfollows:··The Regulation will be binding on all EUmember states from the date that it comesinto force. That date will be the 20 th dayfollowing the date of publication of theRegulation in the official journal of theEuropean Union, and the application ofthe Regulation may be two years from theaforementioned date. Our understandingis that it will take at least a year to debatethe Regulation and for it to be approved bythe EU, which means that we can expectthe Regulation to be published in its finalform and enter into force in the secondhalf of 2013, giving a two-year period forbusinesses to come into compliance by2015, although it is possible that it may beexpedited so as to come in to force by 2014.··The Regulation applies both to data controllersand data processors that have eitherlegal entities in the EU, or process personaldata of EU data subjects, irrespective of thelocation of the controller or processor; butthe Regulation does not apply where theprocessing is by an individual purely forpersonal or household activities.··Most of the current definitions of datasubject, personal data, and the like, remainthe same, except that sensitive personaldata now includes genetic and biometricinformation, and consent is defined as“any freely given specific, informed andspecific indication of” the data subject’ssignification for the purposes of processing.Also, “personal data breach” is nowdefined with respect to breach of securityfor which new obligations arise.··The data protection principles broadlyremain the same, although it should benoted that consent and the mechanismsfor gaining consent are provided in detailin the Regulation. Among other things,the Regulation states that consent cannotbe automatically implied with respect tothe processing of employee data, nor withrespect to the processing of the data of achild, where the child is under the age of 13and parental consent has not been given.··Fair processing statements or privacynotices will have to be in plain and intelligiblelanguage, and drafted with certaindata subjects in mind, “in particular forany information addressed specifically toa child” (where a child here is defined asunder the age of 18).··In a privacy statement or privacy notice,Article 12 indicates that there needs to bespecific information given to a data subjectwith respect to the nature and purposesof the processing of their data and of theirrights. There are also detailed requirementsin relation to profiling and the collection ofdata via social network services.· · Although subject access requests are stillpermitted, Article 17 additionally providesthe “right to be forgotten” and to haveCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 25

Featurepersonal data erased. This new right, inconjunction with the right of data portabilityin Article 16, will require businesses toimplement stricter controls over the managementof databases, particularly wherethey are outsourced.··Articles 16 and 17 now provide the rightto object to profiling, and detail the obligationsof companies that use profilingtechnologies.··For the first time, the role of the data protectionofficer is introduced for all but smallbusinesses. This will require businessesto put in place not only contracts for thisnew position, but also appropriate trainingand authority for purposes of compliance.We think it likely that the data protectionofficer will be the person responsible formaintaining internal compliance registers,and serving as the interface between thebusiness and the regulators.Compliance & Ethics Professional May/June 2012··The obligations for the data controller, jointdata controllers, and the data processor areredefined. In addition, the data processorwill have direct liability for compliance,which does not exist in the current regime.··While the concept of registration witha data protection authority is likely toremain in place, there is now under Article28 a new obligation for the controller andprocessor to maintain an internal registerof compliance, and to make this registeravailable on request to the Data ProtectionAuthority by virtue of its new powers.··There are enhanced requirements for datasecurity, and specifically in Article 31,there is a mandatory breach notificationprocedure for all but small enterprises.··There are new details in relation to PrivacyImpact Assessments and specific priorauthorizations and prior consultationsbefore data processing or data transfersmay be permitted. In relation to data transfers,there is considerably more detail onbinding corporate rules as a solution totrans-border data flows or trans-borderdata transfers.··Although there are other specific issues,the last one that we wanted to mention is inrelation to the new powers of enforcementfor the Data Protection Authorities whowill monitor, audit, provide guidance, hearcomplaints, conduct investigations, opineon compliance issues, and issue licences forinternational data transfers. Furthermore,with respect to breaches of the Regulation,there is a whole new range of penalties andsanctions with fines for minor breachesof 0.5% of a business’s annual worldwideturnover, rising to 2% of annual worldwideturnover in the case of intentional or negligentbreach of the Regulations.Although there is no guarantee that theproposed Regulation will be the final publishedRegulation, we anticipate that at thisstage few significant changes or additions willbe made, and therefore, we are starting theprocess of considering the full range of compliance,policies, practices, and procedures thatwill be necessary for small, medium, and largeenterprises, whether operating in a single EUmember state or operating globally. ✵Robert Bond is Head of Data Protection & Information Law atSpeechly Bircham LLP in London, England. He may be contacted atrobert.bond@speechlys.com.26 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Get expert guidance with:The Complete Compliance andEthics Manual, Second EditionWritten by experienced compliance and ethics professionals, this continually updatedresource offers assistance for every area of the compliance and ethics world, including:• Compliance and Ethics: What It Is, Why It’s Needed• Essential Elements of an Effective Program• Strategies for Implementation• Measuring Effectiveness• Recent Regulatory Developments• Guidance for Specific Risk Areas, including:– Anti-Corruption and Anti-Bribery– Anti-Money Laundering– Antitrust– Conflicts of Interest– False Claims Act– Fraud Prevention– Gifts and Entertainment– Government Contracting– Mergers and Acquisitions– Privacy Issues– Records Management– U.S. Export Controls– Voluntary Disclosure– Wage and Hour ComplianceBook Price & Annual Subscription Rate:$359 for SCCE Members$399 for Non-MembersSubscription service allows continuous receiptof quarterly updates (the first four updates arefree with purchase of the manual)To order, visit SCCE’s websiteat www.corporatecompliance.org/booksor call +1 952 933 4977 or 888 277 4977

The Art of Complianceby Art Weiss, JD, CCEPExcuses, excusesWeiss“That’s a dumb rule!”“Everyone else does it.”“Nobody will care.”“They can afford it.”“Who is going to know?”“They owe me.”Shall I go on? The list of excuses forunethical or sometimes even illegalbehavior can become quite long. Theseexcuses are nothing more than rationalizationsand justifications for engaging inconduct which we know is wrong, but (pickone from the list above). Admittedly,there may be a few dumb rules andeven a few dumb laws out there.Some folks pick and choose whichrules can be ignored or broken.Society heads towards trouble whenthat happens.Have you ever heard of anemployee taking home office supplies—maybeduring August when it’s back-to-school time?Maybe some Post-it ® Notes, staples, paperclips,or paper? That’s theft, people! Big deal. “Theycan afford it.” “They owe me.” “Everyone elsedoes it.” Those kinds of rationalizations canspill over into accounting, safety, environmental,conflicts of interest, gifts, and many otherregulations and laws with which complianceprofessionals deal.Be honest. Do you turn your cell phone offwhen the flight attendant says? Or do you turnoff the screen, put it into airplane mode, or turnit face down? Is it a dumb rule? There has neverbeen an aviation accident caused by havingelectronic devices remain on during flight (thatwe know of). Recently, a Southwest Airlinespassenger was met by the police after refusingto turn off his cell phone, and a well-knownAmerican Airlines passenger made big newswhen he was removed from a flight becausehe wouldn’t stop playing a game on his devicewhen asked—a violation of FAA regulations.Some folks pick and choose whichrules can be ignored or broken.Society heads towards troublewhen that happens.It was interesting to read the online debatethat ensued in some of the comments postedunder the story about the Southwest incident.One commenter blamed the airlines andjustified the passenger’s conduct by sayingthat passengers need to be on their phones,because of all the flight delays. Another saidthe government and media are lying. Thatscares me, and it should scare you too.For those responsible for enforcing rulesand laws, there is hope, however. They arecertain to agree with the commenter whosaid, “I think it’s nonsense, but just follow therules, people.” ✵Art Weiss is Chief Compliance and Ethics Officer at TAMKO Buildingproducts in Joplin, MO. He may be contacted at art_weiss@tamko.com.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 29

Featureby Peter J. CrosaBuyers on the take»»Embezzlement or misappropriation isn’t limited to line employees. The E&C purview net should be cast from the lowest levelemployee to the executive board, and from stockroom to boardroom.»»Staff is more likely to be influenced by unscrupulous vendors while away from the office.»»No vendor should be considered incapable of inappropriate influence, from janitors to lawyers.»»Investigators frequently uncover an employee perpetrator who has a tragic character flaw that is germane to misappropriation.»»Cash kickbacks, entertainment, and other untraceable gifts are often subject to misappropriation.Compliance & Ethics Professional May/June 2012CrosaI’ve met many a vendor who has a storyabout buyers on the take. It frequentlyinvolves hearsay or what someone toldsomeone else. The topic comes up in almostall of my workshops and no ethics and complianceprogram would be complete withoutaddressing the matter.To be sure, embezzlement in industrydoesn’t start with buyers. I once investigateda loss on behalf of a major corporation thatinsured the fidelity of the board ofdirectors of a hybrid Miami healthinsurer. The hybrid group specializedin selling health insuranceplans to small businesses at incrediblylow rates. Unfortunately, one, orsome, or all of the board membersabsconded with the $75 million inpremiums they’d collected. One of the men, Ilater determined, was a Columbian logisticsentrepreneur (think about it) whose nephewdrove a Maserati to his exclusive CoconutGrove private prep school. When policyholderemployees started submitting medical claims,no funds were available for the payment ofclaims.I remember investigating a vendor whofurnished a “VIP buyer lounge” in a specialroom above his warehouse. Desks were set upfor buyers to do their paperwork, and refrigeratorswere loaded with snacks and adultbeverages. Buyers were invited to come in anyday of the week and encouraged to bring theirfiles to work in privacy, away from the bustle oftheir office, ringing phones, and other distractions,in order to get some paperwork done. Ofcourse, this was the vendor’s attempt to get afoot in the door on the next major purchase.I remember listening to an interview of asenior buyer. He was recounting how someonehe knew (I’m sure he was describing himself)was at a law firm Christmas party andwalked in to use the men’s room. One of theattorney hosts walked in and stood at the adjacenturinal, pulled an envelope from his coatpocket, and handed the buyer the envelopewith eleven $100 bills in it. Three thoughtsstruck me. First, why eleven $100 bills? Whynot ten or fifteen or twenty? Second, whyat the urinal? Don’t even speak to me if I’mstanding at a urinal. Third, I thought, wowattorneys do this too? So much for my naïveperception of attorneys as the pillars of oursociety.Those events are generally a thing of thepast. Today, you’ll occasionally read headlinesin the trade papers about a bailee who tippedoff looters to a high-value shipment or buyerswho created phantom vendors, wrote checksin payment of merchandise, and converted thechecks to cash for their own private use. But intoday’s environment of electronic paper trails,audits, and other covert detection methods,that method of embezzlement is insanity. But,30 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureadmittedly it happens. And, almost always,investigators will develop a perpetrator with atragic flaw, such as a cocaine habit gone awry,a mistress, or a g-string diva. No offense tostrippers, but I’ve investigated dozens of casesof embezzlement, and there’s almost always astripper driving the crime.One more story involving a fairly big-ticketitem. A vendor financed a $40,000 additionto a buyer’s home—free of charge. This cameout in one of my workshops, and again, it was“hearsay” but totally believable. The justification,according to the vendor, was “that buyergave us over a million dollars in businesslast year.” Of course, upon further inquiry, Ilearned that after the addition was built, thebuyer was so nervous about continuing workwith that vendor that the flow of businessceased. The moral of the story is: If you wantto kill the goose that lays golden eggs, build anaddition onto his house.Now, fast–forward to 2011. Earlier thatyear, I was speaking with a jewelry vendorabout his efforts to increase his market shareof business to retail buyers. At some point, hetossed into the conversation a comment thatstopped me in my tracks. The dialogue wassomething like this:Vendor: Of course, I know you’ve got to beready to pay off the buyer.PJC: Well, that was a thing of the past anddoesn’t really happen anymore. It’s unlikely abuyer is going to hit you up for cash.Before I could finish the “sh” in cash, hesaid “Oh no, it does happen. We just lost anaccount because the buyers were pressuringus for cash kickbacks.”I told him that it was dangerous to evendo business with buyers who were so blatantabout demanding cash for business andthat there are other ways to influence buyers,while helping them stay on the high ground.Incidentally, I’m not outraged by a vendorthinking he has to pay off a buyer. After all, wedo engage in promotional and entertainmentexpense and, to an enterprising vendor, theremay be little difference in taking a client todinner or giving him the equivalent cash or agift certificate. But to the corporate entity, andgenerally speaking, society, there is a difference.The money used to influence buyers canbe directly linked to increased costs to theiremployer and, ultimately, to the end consumer.A few months later, another vendor ina completely different specialty mentionedthat he had been told that a vendor he knowsis having to pay kickbacks to a buyer. Whatwas particularly unusual was that the situationhe described involved a preferred vendorprogram in which the vendor had alreadycompleted the qualifying process to participatein the program. Not only that, but theseprograms usually involve a contract thatincludes audit permission language designedto prevent kickbacks to buyers. That alonemade me wonder about the veracity of theinformation, or at least maybe the whole storywasn’t being conveyed.The bottom line here is that, whereas Ihadn’t personally heard of any such activityfor several years (unless I read it in the tradepapers), I’m hearing it again and more often.Is it possible the economic crisis of recenttimes is having an effect on the supply chainthroughout industries—industries that normallysafeguard their integrity and reputationwith the utmost care? This could mean we’rein a treacherous environment.So, here’s some advice. Ethics and complianceoperatives must insist on frequentreview and adherence to established policieson vendor/buyer relationships. Frankly, itwould not break my heart to see very rigid“zero tolerance” rules on vendor promo andentertainment. The following admonitionis applicable to both buyer and vendor. If avendor or buyer pressures you or tries inappropriateinfluence, that person is a looseCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 31

Featurecannon and will eventually slip up and sabotagethemselves, just before throwing youunder the bus.Second, vendors may think that influencingbuyers is a necessary reality in order to becompetitive. Ethics and compliance operativesshould be aware that inappropriate vendorinfluence is not always blatant and easy to spot.Here are some examples of promo and entertainmentexpenses that may be overlooked bycorporate ethics and compliance folks:··Sponsoring a Little League or softballsports team or other charitable cause··Lunch or dinner··Drinks—a vendor may rationalize,“How many times have I bought strangersa drink (and who cares)”··A birthday or holiday card and gift sent tothe buyer’s home··Sports or concert tickets left at the will-callwindow··A complimentary visit to the vendor’svacation home at the beach or in themountainsCorporations that staff a “buyer/acquisitions”department need to be cautious abouttheir rules and how compliance is verified andenforced. Compliance alone is not the end all.Ethics and compliance must be promoted on apersonal level. All ethics is personal. It standswith one person and can fall with one person. ✵Peter Crosa is a philosophizing private detective out of Tampa Bay, Florida.His keynote speeches bring humor and motivation to E & C divisions andassociations. He can be reached at peter@ethics-speaker.com.2012 Compliance & ETHICS INSTITUTE PREVIEWCompliance & Ethics Professional May/June 2012session 303: A Case Study of the Ethical (and Not-So-Ethical) DecisionsLeading to the 1986 Challenger TragedyMonday, October 15, 2012, 3:00 Pm – 4:00 pmKendra Cook, IntegrityApplications IncorporatedIn the competitive environment in which weoperate, engineers and their managers are put ina position to make critical ethical decisions withserious consequences. Trade-offs must be made in order to meet design and performancerequirements while completing the project within a given budget and time frame, allwithout jeopardizing the safety of the users. This session illustrates the complexities ofmaking ethical decisions using the 1986 space shuttle Challenger tragedy as a case study.Attend SCCE’s 11th Annual Compliance & Ethics Institute in Las Vegas, NV,to hear more! Visit www.complianceethicsinstitute.org for more information.32 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

View from the Front Linesby Meric Craig Bloch, CCEP, CFE, PCI, LPIAre you in control of yourinvestigation?BlochWhen a serious allegation of misconductarises, the business peopleinvolved simultaneously react toa number of concerns. There is the implicatedemployee who was previously in a positionof trust. There may be an unhappy customerwho now has a “crisis of confidence”in your company’s ability to perform.There may be executives whom thebusiness people fear will blame themfor allowing the problem to happen.The implicated employee may be asales superstar whom the departmentmanagers fear losing to the competition.These factors usually lead to businesspeople trying to steer the investigationtowards their particular goals and away fromtheir professional fears.Ownership of an investigation comesfrom the pride that is taken in conductingthe most complete and objective review thatis professionally possible. Ownership comesfrom adhering to a set of guidelines and principles,rather than politics and situations. Theultimate objective of an investigation is a fullinquiry that is not motivated by politics, personality,or expediency.These principles can be tested when theurgencies of a critical situation arise, butadhering to them becomes more importantthan ever. Establish your role at the outset asthe “quarterback” of the investigation. Leaveno doubt with your colleagues that the companyplaces the investigative responsibility onyou. Whatever their motives are for wantingto take such an active role, it is you, not they,who remain accountable to the company for asuccessful, professional, and proficient investigation.Investigation-by-committee simplydoes not work.When people seem to be interfering withyour investigation, ask yourself why thesepeople seek an active role. You’ll quicklyfind that their motives are understandableand usually practical. They are likely motivatedby a fear of what the investigation willshow and how they may be blamed by theirsuperiors. If this happens, don’t get into awrestling match with them about the investigation.Instead, explore why they feel theyneed such an assertive role instead of justbeing the customer of your efforts. You mayfind you can accommodate their needs fairlyeasily, and they will step aside and let you doyour job.There is room in the investigative processfor others to participate. Indeed, this is the bestway to keep it business-focused—but it is you,not they, who have the training and responsibilityfor completing a proficient investigation.Solicit their needs and concerns, and then doyour best to respond to their priorities. Helpwhere you can. Make sure you understandtheir post-investigation needs. But you haveto set the strategy and decide what has to bedone to complete the investigation. You ownthe process and its outcome. ✵Meric Craig Bloch is the Compliance Officer for the North Americandivisions of Adecco SA, a Fortune Global 500 company with over 8,000employees and $6 billion in annual revenue in North America. He hasconducted more than 300 workplace investigations of fraud and seriousworkplace misconduct. He is an author and a frequent public speaker on theworkplace investigations process. Follow Meric on Twitter @fraudinvestig8r.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 33

Featureby Marlowe DomanIt’s time to changethe SEC’s culture»»Individuals may get financial rewards if they provide the SEC with information that leads to successful enforcement actions againstWall Street wrongdoers.»»If the action is successful, whistleblowers can be granted between 10% and 30% of any fine over $1 million collected by the SEC.»»For the laws to achieve their goals of exposing and halting Wall Street corruption, the SEC must confront its own culture and darkpast toward whistleblowers.»»Over the past decade, the SEC allegedly mistreated its employees who attempted to correct wrongdoing within the Commission,as well as outsiders who reported securities violations.»»The Dodd-Frank whistleblower provisions provide the SEC with an opportunity for a fresh start in its treatment of whistleblowers.Compliance & Ethics Professional May/June 2012DomanUnder the Dodd-Frank Wall StreetReform and Consumer ProtectionAct, Congress passed promisinglegislation that rewards and protectswhistleblowers who report violationsof federal securities laws to theSecurities and Exchange Commission(SEC). However, for the laws toachieve their goals of exposing andhalting Wall Street corruption, theagency must confront its own cultureand dark past toward whistleblowers. The SEChas discouraged and even retaliated againstwhistleblowers who have attempted to correctwrongdoing in the financial sector.The SEC whistleblower laws allow financialrewards to individuals who provide theagency with information that leads to successfulenforcement actions against WallStreet wrongdoers.The provisions provide for financialrewards similar to the False Claims Act, whichrewards whistleblowers with a share of damagesrecovered from people or organizationsthat defraud the federal government. AfterCongress passed Dodd-Frank, the SEC createdthe new Office of the Whistleblowerwhich, according to its website, was formed tohandle whistleblower tips, assist SEC enforcementpersonnel, and assist in determining theappropriate size of a whistleblower’s reward.The final rules for the implementationof the Dodd-Frank whistleblower provisionswere released by the SEC in 2011, after outsidecommentary was submitted to the agency.There are limits to the scope of the financialrewards and anti-retaliation protectionsaccorded to SEC whistleblowers. For a whistleblowerto receive a reward, the SEC must beable to recover at least $1 million in financialpenalties from the offending party. A whistleblowermust also provide original informationto qualify for the reward, meaning that theSEC was not previously aware of the information.If the action is successful, whistleblowerscan be granted between 10% and 30% of anyfine over $1 million collected by the SEC. Thepercentage size of the reward is based on severalfactors, including the amount of assistanceand the significance of the information givenby the whistleblower.Certain individuals are excluded fromrecovering under the law. For example, awhistleblower cannot receive a reward if he34 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureprovides information to the SEC and is thenconvicted in a criminal case related to thesame violation. In other words, if a company’semployee reports a financial fraud to the SEC,and the same employee is later convicted ina criminal prosecution for taking part in thesame fraud he reported, then he could notrecover a reward.Notwithstanding these major developments,it is essential that the SEC changes itsbehavior towards whistleblowers for the newprovisions to be successful. Over the pastdecade, there has been mistreatment towardSEC employees who were attempting to correctwrongdoing within the Commission, aswell as toward outsiders reporting securitiesviolations to the SEC. The most high-profileexample was the treatment of HarryMarkopolos, who reported Bernie Madoff’sPonzi scheme to the SEC, prior to passageof the Dodd-Frank Act. Markopolos wrotein his book, No One Would Listen, 1 that whenhe attempted to bring Madoff’s crimes to theattention of Meaghan Cheung, the SEC’s NewYork branch Chief of Enforcement, she treatedhim with disdain and eventually ignored him.Furthermore, there have been severalinstances in which the Commission retaliatedagainst mid-level or junior SEC employeeswho spoke up when higher-ups mishandledagency investigations.Perhaps the most outrageous case involvedGary Aguirre, a first-year SEC attorney whowas fired in 2005, after he attempted to investigateformer Morgan Stanley CEO John Mack(also known as “Mack the Knife”) for hisrole in an insider trading scandal, accordingto Rolling Stone’s Matt Taibbi. 2 Aguirre dugup evidence that showed Mack may havetipped off Pequot Capital hedge fund managerArt Samberg that a company namedHeller Financial was about to be bought outby General Electric. Samberg bought stockin Heller before the GE buyout and made $18million dollars. As an apparent quid pro quofor Mack’s insider tip, Samberg included Mackin another financial deal which netted millionsof dollars for Mack.Aguirre, doing exactly what his jobdescription entailed, wanted to interviewMack. Instead, Aguirre’s superiors instructedhim not to investigate Mack, because of Mack’spowerful political connections. After Aguirrecomplained about being prevented fromdoing his job, he was fired. The story endedwhen Aguirre sued the SEC and received a$755,000 wrongful termination settlement.Furthermore, a U.S. Senate report vindicatedAguirre. Samberg later was forced to shutdown Pequot and pay a $28 million fine forhis role in a separate insider trading scandalinvolving Microsoft, according to BloombergNews. 3 John Mack was never punished for hisrole in the Heller scandal.SEC employee Julie Preuitt also facedretaliation when she protested the SEC’s failureto investigate fraudster Robert Stanford’sbillion dollar Ponzi scheme, according to theWashington Post. 4 Starting in the late 1990s,Preuitt repeatedly attempted to investigateStanford, and was blocked by higher-ups tothe point that she felt “absolutely heartsick,”according to her Senate testimony. In 2007,when Preuitt complained after she was againprevented from conducting a detailed investigationof Stanford, she was reprimanded.Also, the agency reprimanded anotheremployee who defended Preuitt.SEC Inspector General David Kotz laterreported that senior officials at Preuitt’s FortWorth office had a practice of shutting downcases that they deemed too complicated.Instead, the office wanted quick resolutions toboost its number of successful cases.Preuitt was vindicated in March of 2012when Stanford was convicted by a jury on 13Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 35

FeatureCompliance & Ethics Professional May/June 2012criminal counts of fraud for stealing billions ofdollars from investors. 5 If the SEC would haveheeded Preuitt’s calls for action in the late1990s, it could have prevented Stanford fromstealing as much money as he did.The recent whistleblower case of SECattorney Darcy Flynn shows improvementin agency treatment toward whistleblowers,yet some troubling signs remain. In 2010,Flynn was given an assignment to destroydocuments related to past investigations offinancial firms, which he later realized wasillegal, according to the Washington Post. 6 Ifthe SEC later received more information thatcould show a pattern of fraud when tied to theprior investigation, getting rid of the past evidencecould prevent the SEC from connectingthe dots. Flynn’s concerns were brought to theattention of SEC senior management, yet SECstaff continued to discard documents. Flynnalso made requests to Chairman Schapiro’soffice for certain protections for himself, whichwere not granted.Flynn then alerted Senator CharlesGrassley, as well as other members of government,and invoked federal whistleblowerprotections. Of even greater concern, Flynnallegedly witnessed his seniors at the SECtrying to concoct an evasive response to theallegations, according to the report of SECInspector General Koch. 7According to Taibbi, Flynn also broughtanother troubling allegation to the government’sattention that he witnessed back in2001. 8 At that time, Flynn and other agentswere investigating Deutsche Bank for fraud,when the investigation was mysteriously shutdown by the agency’s enforcement division.A few months later, the director of the SEC’sEnforcement Division, Dick Walker, was hiredas Deutsche Bank’s general counsel.While there have been no reports of directretaliation against Flynn, it is noteworthy thatFlynn has retained the former SEC lawyerAguirre as private counsel. ConsideringAguirre’s prior victory over the SEC, theagency may be loathe to attempt anotherpublic battle with him.The SEC’s troublesome past with internaland external whistleblowers leaves an impressionthat the agency does not value them. Afailure to treat internal whistleblowers appropriatelywill only further reduce the agency’scredibility with the general public, and callinto question its dedication to fair and ethicallaw enforcement.However, recent developments at theOffice of the Whistleblower show improvement.Former SEC attorney Jordan Thomas,who was instrumental in developing theoffice, stated that it received hundreds of tipswithin weeks of its opening, according to theWall Street Journal. 9 Thomas, who now practicesin the private sector, said that the agencyis doing its best to encourage whistleblowersto report wrongdoing.The Dodd-Frank whistleblower provisionsprovide the SEC with an opportunity for afresh start in its treatment of whistleblowers.The SEC must do more to change its negativereputation for protecting the high-levelfinanciers that the agency is supposed to bepolicing, as well as preventing any retaliationagainst internal and external whistleblowerswho wish to bring such fraudsters to justice.Otherwise, the Office of the Whistleblowerwill likely fail in its mission and scare awaypeople who wish to expose Wall Streetwrongdoing.It is clear that there are well-meaning andtenacious investigators who work for the SEC.This fact cuts against its negative public image,which has suffered terribly since the 2008meltdown. Regardless, the agency has a poortrack record in terms of dealing with whistleblowers.Thus, it is time for the agency’s36 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureleaders to change its culture by promotingpositive attitudes towards internal whistleblowers,and encouraging outsiders to reportindustry wrongdoing. ✵Marlowe Doman is an attorney practicing in general litigation in New YorkCity. He may be reached at marloweusa@yahoo.com.1. Harry Markopolos: No One Would Listen: A true financial thriller.Wiley, 2011.2. Matt Taibbi: “Why isn’t Wall Street in jail? Financial crooks broughtdown the world’s economy—but the feds are doing more to protectthem than prosecute them.” Rolling Stone Magazine, February 16, 2011.www.rollingstone.com/politics/news/why-isnt-wall-street-in-jail-201102163. David Scheer and Jesse Westbrook: “Pequot, Samberg Pay $28Million to End Insider-Trading Probe.” Bloomberg News, May 27, 2010.www.bloomberg.com/news/2010-05-27/pequot-chief-samberg-to-pay-28-million-to-settle-sec-insider-trade-probe.html4. David Hilzenrath: “Preuitt says she paid ‘ heavy price’ for protestingSEC handling of Stanford probe.” Washington Post, May 13, 2011.www.washingtonpost.com/business/economy/preuitt-says-she-paid-heavyprice-for-pushing-sec-to-probe-stanford/2011/05/13/AFqRqo2G_story.html5. Clifford Krauss: “Stanford Convicted by Jury in $7 BillionPonzi Scheme.” New York Times, March 6, 2012. www.nytimes.com/2012/03/07/business/jury-convicts-stanford-in-7-billion-ponzi-fraud.html6. David Hilzenrath: “SEC still destroying records illegally,whistleblower says.” Washington Post, September 6, 2011.www.washingtonpost.com/business/economy/sec-still-destroying-recordsillegally-whistleblowers-lawyer-says/2011/09/06/gIQAAD7E7J_story.html7. H. David Koch, SEC Inspector General: “Report of Investigation:Destruction of Records Related to Matters Under Inquiry andIncomplete Statements to the National Archives and RecordsAdministration Regarding that Destruction by the Division ofEnforcement.” October 5, 2011. www.sec.gov/foia/docs/oig-567.pdf8. Matt Taibbi: “Is the SEC Covering Up Wall Street Crimes?” RollingStone Magazine, August 17, 2011. www.rollingstone.com/politics/news/is-the-sec-covering-up-wall-street-crimes-201108179. Jean Eaglesham: “After Tip, the Claim for Reward.”Wall Street Journal, November 16, 2011. http://online.wsj.com/article/SB10001424052970203503204577040443550817570.htmlSCCE Web Conferenceswww.corporatecompliance.org/webconferencesGet the latest on breaking issues andbest practices. Hear directly fromregulators and practitioners fromthe convenience of your own office.• Timely, quality trainingwith no travel required• With one registration, yourwhole office can participate• A convenient way to earncontinuing education unitsReceive CEUs for each90-minute conferenceAll conferences are at12:00 pm central timeCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 37

Compliance & EthicsRegional Conferences2012Upper NortheastMay 18 • New York, NYAlaskaJune 15 • Anchorage, AKWest CoastJune 22 • San Francisco, CASoutheastOctober 12 • Atlanta, GASouthwestNovember 2 • Houston, TXSCCE Regional Conferencesprovide a forum to interact withlocal compliance professionals, shareinformation about our compliancesuccesses and challenges, andcreate educational opportunitiesfor compliance professionals tostrengthen the industry.Attendees learn about currentregulatory requirements, governmentenforcement initiatives, and themanagement of effective complianceprograms, and meet and network withother compliance professionals locally.Who should attend? Complianceoffi cers, in-house and outside generalcounsels, privacy and security offi cers,regulatory affairs, VPs and directors,billing and coding professionals,government agency staff.Learn more at www.corporatecompliance.org/regional

Kaplan’s Courtby Jeffrey M. KaplanAttorney-client privilegeKaplanWhether or not they happen to beattorneys, compliance and ethics(C&E) professionals are oftenfaced with issues concerning the attorneyclientprivilege, so I thought a brief overviewof that topic—as it applies to C&E programs—would make sense for this column.As a general matter, a communication issubject to the privilege where (1) an actual orprospective attorney-client relationshipexists, and (2) the communicationtook place (a) for the purpose ofobtaining or providing legal assistanceand (b) in confidence. Since aSupreme Court decision in 1981, 1 theright of a corporation to claim theprivilege has been generally accepted.But far less clear is the application ofthe privilege to many C&E-related communications,because only legal—notbusiness—advice can be protected by it. Yetsome organizations try to apply the privilegetoo broadly, such as to C&E training-typecommunications and general administrativework of the program. In a related vein,some seek to apply the privilege to audits,investigations, risk assessments, and programassessments where legal advice could be—butis not actually—involved, or without sufficientdocumentation of such involvement.These practices are potentially dangerous.Not only could they lead to disclosureof sensitive C&E information but, in somecircumstances, they could carry a risk ofpersonal exposure to the lawyers involved.That is, in the 1990s, various tobacco industrylawyers were investigated by the JusticeDepartment under a fraud/obstruction of justicetheory for what was seen as a bad-faithuse of the privilege to hide sensitive information,although no such charges were brought.To help reduce these risks, I often recommendthat companies formally assign the roleI often recommend thatcompanies formally assignthe role of program counselto an in-house attorney.of program counsel to an in-house attorney.This can be documented in the C&E programcharter and/or the attorney’s job description.Counsel’s advice-giving role shouldalso be chronicled on an ongoing basis (e.g.,in C&E committee minutes and agenda, selfassessments,risk assessments, and relatedcommunications).Needless to say, program counsel must, infact, give legal advice for the communicationsin question to be privileged. But given theimportance of law to C&E programs, doingso should not be much of a challenge. Mostimportantly, focusing on ensuring that theprivilege is maintained should itself encouragea company to pay sufficient attention to C&Elaw, which, in turn, can be useful from theperspective of ensuring program efficacy. ✵1. Upjohn v. United States, 449 U.S. 383.Jeffrey Kaplan is a Partner with Kaplan and Walker, LLP in Princeton, NJ.He can be contacted at jkaplan@kaplanwalker.com.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 39

Featureby Roz BlissEthical decision-makingmodels: Decisions, decisions»»Ethical decision‐making models help employees make the good choices.»»Employees know when something just doesn’t seem right.»»Encourage employees to examine and identify possible alternatives.»»What would a reasonable person think about this decision?»»It takes courage to do the right thing.Compliance & Ethics Professional May/June 2012BlissEmployees everywhere are doingmore with less. Increased pressuresto achieve goals, budget cuts, fear oflayoffs, coupled with external pressures of economicuncertainty and high unemployment,create an environment of increased risk takingand opportunities for unethical behaviors.Compliance and ethics professionalswork hard to communicate and trainon “hot topics” but as we all know, wecan’t be all places at all times.An ethical decision-makingmodel is a tool designed to helpemployees make the proper decisionwhen the right choice is not obvious.An initial Internet search on this topicreveals hundreds of options, both academicand industry-specific. From a business perspective,how do you identify, customize, andsocialize a model that is easily identifiableand effective?Brevity is an important aspect in choosinga model. While pages of explanationand insights can be useful, employees facedwith an ethical dilemma, where the answeris not obvious, often need prompt andefficient solutions to resolve challenges. Acompany model needs to be accessible, easyto follow, and provide consistent and reliableresults.The decision-making processFrameworks for ethical decision-makingmodels generally contain a three step process:clarification, analysis, and implementation.Each phase needs to be methodically completedto reach a final decision.ClarificationEmployees know when something just doesn’tseem right. It may be an initial gut feeling orjust a general feeling of unease or distress.Perhaps they remember something from pasttraining or company orientation that triggersthis sense of discomfort. In most cases, thereis an obvious answer. The ethical decisionmakingmodel is designed to assist when thesolution is not readily apparent.The first phase assists the employee withunderstanding and defining the nature of thedilemma they are faced with. Think of this asthe start of a decision tree. What is the root ofthis challenge? Employees need to gather thepertinent information and ask themselves basicquestions: Is there a legal or regulatory concern?Does the dilemma conflict with companypolicies, standards, or values? An affirmativeanswer to either of these questions allows theemployee to bypass the analysis phase and godirectly to implementing a solution.40 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureAnalysisIn this second phase, analysis, the goal is toencourage employees to examine and identifypossible alternatives. This action is a selfexamination and is introspective by nature.The considerations include stakeholders whomay be affected or impacted by the decision.Perhaps the most poignant concern is the classic“headline test.” How would this employeefeel if their decision was made public, perhapsin the front page of their local newspaper?What would a reasonable person think aboutthis decision? How would they explain it totheir manager or family?In most cases, there are viable alternativesbased on stakeholder priorities. There may bemultiple considerations with varied outcomes.Employees need to examine each scenario anddetermine which option they believe wouldcause the least harm or greatest good.ImplementationArriving at a correct conclusion is futile withoutimplementation. It takes courage to takethe next step to do the right thing. Employeesneed to feel safe from retribution and retaliation.Written codes, policies, and proceduresare required and continued communicationsand training need to be in place to reinforcethese messages. Company messages shouldfoster an open door policy and encourageemployees to bring issues forward to theirmanagers, higher-level managers, EthicsOffice, Human Resources, Law departmentand/or company hotline.Developing the right modelIdentifying the appropriate questions andguide for your company’s model dependson the ethical culture and requirements ofyour organization. Northrop GrummanCorporation, a US-based global defenseBudget cuts—employees doingmore with lessPersonalconcerns overpay and bonusIncentive-basedcompensationFear of layoff orterminationIncreased pressureto achieve goalsInternalPressuresUnethicalBehaviorsIncreasedRisk-TakingExternalPressuresEconomicuncertaintyFigure 1: Northrop grumman’s Ethical Decision-Making Modelcontractor, uses a Just In Case (JIC) model forits 75,000 employees. This model was designedusing the JIC acronym for the Judgment,Introspection, and Courage phases of thedecision-making process. It is helpful to brandyour model with an easy to remember logoor visual depiction. In the case of NorthropGrumman Corporation, the ethical decisionmakingmodel surrounds the ethics valueslogo for the company.Customizing the model to your companyCompany cultures are varied and unique.Creating a successful ethical decision-makingmodel requires viable input from employeesand other stakeholders. In the case of theNorthrop Grumman model, focus groupswere conducted at various levels of theorganization to solicit feedback and determinelevels of commitment to using thistool. Originally, the JIC model’s phases wereJudgment, Intention, and Courage. Feedbackfrom employee focus groups suggested thateven the best of intentions may lead down thewrong path. Hence, the model was changedfrom Intention to Introspection.Rigid deadlinesand fasterturnaroundHigh nationalunemploymentBudget deficitsCost of livingindexCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 41

FeatureHowever, it takes more than simple awarenessto integrate this methodology into your ethicalculture. Manager training and interactivegroup meetings help bring this model to life. Itis helpful to introduce this model using real lifeexamples from the workforce. Allow employeesto role play using these scenarios to workthrough the various stages of the model. Theever-changing nature of ethical dilemmas providescontinual fodder for ongoing discussions.Figure 2: Northrop grumman’s Ethics logoSocializing the modelAnnual and refresher training provides opportunitiesto socialize your company’s ethicaldecision-making model. Brochures, walletcards, calendars, and give-ways are additionalmethods to raise awareness of this tool.SummaryRemember, an ethical decision-making modelis just a tool to help employees make the rightdecision. It does not replace frequent androbust ethics and compliance programs, training,and communications. It’s just another toolin the belt to help build a strong and successfulprogram! ✵Roz Bliss is the Corporate Manager for Ethics and Business Conductat Northrop Grumman Corporation in Falls Church, Virginia. She may becontacted at roz.bliss@ngc.com.Compliance & Ethics Professional May/June 2012Advertise inCompliance & EthicsProfessional magazineSCCE’s magazine is a trusted resource for complianceand ethics professionals. Advertise with us and reachdecision makers!For subscription information and advertising rates, contactLiz Hergert at +1 952 933 4977 or 888 277 4977 orliz.hergert@corporatecompliance.org.Compliance & EthicsJanuary/February201220Why risk it?The motivations ofthe whistleblowerMarlowe DomanProfessionalA PUBLICATION OF THE SOCIETY OF CORPORATE COMPLIANCE AND ETHICSMeetVernitaHaynesSCCE and HCCAinterview their 10,000thmember: Vernita Haynes,Compliance & PrivacyAnalyst for the Universityof Virginia Health System26Rock in the pondethicsFrank C. Bucaro28The simplestpossible codeof conduct foremployeesAlexandre da Cunha Serpawww.corporatecompliance.orgSCCE & HCCA reach 10,000th member35An ethicalcorporate culturegoes beyondthe codeDawn LomerSCCE’s magazine is published bimonthly and has a current distribution of over 2,700 readers. Subscribersinclude executives and others responsible for compliance: chief compliance officers, risk/ethics officers,corporate CEOs and board members, chief financial officers, auditors, controllers, legal executives,general counsel, corporate secretaries, government agencies, and entrepreneurs in various industries.See page 1442 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

COMPLIANCE PROGRAM ADVISOR Last Year’s Best Practices Are This Year’s Standards“Think about how you might tailor the Guidance to your organization. And know that, as you do, the Criminal Divisioncares about all the things you might be considering – “tone from the top” support, encouragement of a culture ofcompliance that rewards ethical behavior and establishes whistle-blowing mechanisms, senior-level oversight anddirect reporting lines, [and] periodic reviews and re-evaluations to test and ensure program effectiveness …— Assistant U.S. Attorney General Lanny Breuer,Prepared Remarks to Compliance Week 2010: 5th Annual Conference“Contact Ethisphere today to obtain additional information regarding Compliance Program Advisor subscription package optionsat info@ethisphere.com, 1.877.629.8724 and/or www.ethisphere.com/compliance-program-advisor/

y Dan Small and Robert F. RoachPowerful witness preparation:The pure and simple truth»»The need to tell the truth does not lessen the need to prepare the witness to testify.»»If you make a mistake, stop and fix it. The jury will understand.»»Deal with the bad stuff up front. Being defensive or trying to cover it up will only make things worse.»»Witnesses should include positive aspects about themselves as part of telling the truth.»»Witnesses should concentrate on what they saw, heard, or did and avoid speculation.Compliance & Ethics Professional May/June 2012In this series of articles, lead author and seasoned trial attorneyDan Small sets forth ten, time-tested rules to assist you in thecritical task of preparing witnesses. Robert F. Roach assistedDan in this series by providing additional “in-house” perspectiveand commentary. The first installment of this series was publishedin our January/February issue.There is great wisdom in the quote,adopted from Mark Twain, “Always tellthe truth. It makes it easier to rememberwhat you said the first time.” Real witnesspreparation is an intensive and challengingprocess. However, it must begin and end withone fundamental principle: Always tell thetruth. The witness must be clear and comfortablethat at no time is the lawyer telling him/her what to say, other than to say the truth.The need to tell the truth, though, does notlessen the need to prepare. On the contrary,it only heightens it. To quote a very differentauthor, Oscar Wilde, “The pure and simpletruth is rarely pure and never simple.” Thegoal of good witness preparation is to get tothe truth and bring it out effectively in thisdifficult environment. Truth is often the firstcasualty of poor preparation.Rule 3: Tell the TruthNo witness takes an oath to “tell the truth.”That is a myth. The oath at the beginningof testimony is to “tell the Truth, the wholeTruth, and nothing but the Truth.” Like manythings in our normal lives, we tend to blurit all together into one image. Like manythings in the precise and artificial world ofbeing a witness, we need to examinethe entire statement and make surethat we understand and consider allthree parts.1. “The Truth”Witnesses should understand thatthis is not only a rule of law; it is a Smallrule of self-preservation. Lying, orstretching the truth, as a witness maynot only be a crime. It’s foolish.Witnesses should understand, tobe blunt about it, that they are not asgood at lying as they think they are.That’s because they are used to gettingaway with it relatively easily. Innormal conversations, certain kinds Roachof social “white lies” are generally acceptedor ignored. Even more serious lying is rarelydirectly challenged, and never with the kindof intensity and expertise you will experienceif you try it as a witness.The consequences of telling a lie are oftenworse than whatever it was the questionerwas asking about in the first place. It is what44 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

we used to call the “Watergate Syndrome,”perhaps now the “Martha StewartSyndrome”: people getting caught and prosecutedfor covering up, not for the initialsubject matter being investigated. Don’t do it.Tell the truth.There are no shortcuts here. The truth ofwhat you saw, heard, or did, and remember, isa narrow, precise line. No matter how often orhard someone tries to get you to veer off thatline, resist the “oh, what the heck” tendency.Once you’re off track, it becomes harder andharder to get back on. No matter how manytimes a question is asked, and in howevermany different ways, the truth—and yourtruthful answer—must remain the same.As prosecutors, we used theacronym BOBS: Bring Out theBad Stuff. Whatever the issuesare, you and your lawyer candeal with them. It will be muchharder if they only come outafter you’ve tried to cover up orgloss over the problems.“The Truth” also includes honest mistakesIn a witness environment, the setting, theoath, and the court reporter all combine tomake people feel that they cannot make a mistake.So, when they inevitably do, they panicand either ignore it or try to mold and shapeit into something else. Don’t do it! When youmake a mistake, which every witness does atsome point, keep two things in mind.First, remember the Law of Holes: “Whenyou’re in a hole, stop digging!” Trying to workaround a mistake will ultimately only make itworse. As soon as you realize you made a mistake—howeverthat happens—stop and fix it.The goal is a clear and accurate record, so stopand clarify any mistakes.Second, don’t worry about it. You shouldnot expect to be perfect. Juror #6 doesn’t expectit either. He’s nervous, too. He knows hewould make mistakes, and he does not wantrobots talking to him. Your mistake draws youcloser to him, not further away.2. “The whole Truth”The “whole truth” means both the good stuffand the bad stuff. Both need to come out, andin many situations, the witness must take thelead in bringing them forward.The bad stuffNone of us is perfect, and most of us havethings in our past that are embarrassing ordifficult. The Internet, and its search engines,can make those things live forever. As awitness, some of those things may become relevant,or the questioner will try to make themrelevant. The key is to avoid making the situationworse by trying to hide or be defensiveabout these things. As prosecutors, we usedthe acronym BOBS: Bring Out the Bad Stuff.Whatever the issues are, you and your lawyercan deal with them. It will be much harder ifthey only come out after you’ve tried to coverup or gloss over the problems.The good stuffJust as a witness must take responsibility forbringing out the bad stuff, they must alsobring out the good stuff about themselves,their work, those involved in the litigation,or other matters. The questioner will not ask.It must come from the witness. For example,a wide range of healthcare professionals getup in the morning, get dressed, have somebreakfast, go to work—and then spend the daysaving lives or helping those in need. After awhile, to them, it’s just what they do every day,nothing special to talk about. But to Juror #6,Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 45

it is amazing, wonderful work, if it’s truthfullydescribed.That can only come from the witness.Every witness, in every profession and allwalks of life, has good stuff to talk about. Animportant goal of preparation is to find it andconvince the witness that, for this one day, it isnot “vanity” to talk about it. It is an essentialpart of telling the whole truth.3. “Nothing but the Truth”In this environment, truth has a differentand more precise meaning than it does in anormal conversation. Truth in a conversationis what you believe. But “belief” includesguesses, inferences, and all kinds of otherthings that stretch a precise definition ofthe truth. Truth in the witness environmentis strictly limited to what the witnesssaw, heard, or did. Anything beyond that isspeculation. Thus, a witness can testify tosomething if they:··saw it—witnessed it, read it, etc.;··heard it—heard someone say it, whether tothem or others; or··did it—wrote it, said it, took some action.Everything else is a guess. So much ofwhat makes us intelligent, interesting, intuitivepeople, and so much of what makes usgood conversationalists, is based on our viewof what’s in someone else’s head. Why didsomeone do something? What did they meanwhen they said something? How did theyreact to something/someone? It’s all guessing.We do it every day in normal conversation,and take pride in it. Don’t do it as a witness.“The Truth, the whole Truth, and nothingbut the Truth” is hard work, but essential. ✵Dan Small (dan.small@hklaw.com) is Partner with Holland & Knightin Boston and Miami. His practice focuses on complex civil litigation,government investigations, and witness preparation. He is the authorof the ABA’s manual, Preparing Witnesses (Third Edition, 2009).Robert F. Roach (robert.roach@nyu.edu) is Chief Compliance Officerof New York University in New York City and Chair of the ACC CorporateCompliance and Ethics Committee.Compliance & ETHICS INSTITUTE PREVIEWsession 204: Complying with Global Anticorruption Laws: A Case StudyMonday, October 15, 2012, 1:30 Pm – 2:30 pmCompliance & Ethics Professional May/June 2012Government enforcement of anti corruption laws isincreasing around the world. Although companiesare aware of the risks presented in this area, theyaren’t always able to effectively mitigate the risks.This case study will explore how a global companyin the medical device and pharmaceutical industry evaluated its risks and worked withits managers to develop a set of tools for managers to use to comply with local laws andsignificantly mitigate the corruption risks in their areas.Attend SCCE’s 11th Annual Compliance & Ethics Institute in Las Vegas, NV,to hear more! Visit www.complianceethicsinstitute.org for more information.Susan Roberts, ExecutiveVP and Chief ComplianceOfficer, Bausch & Lomb Inc.46 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Become a CertifiedCompliance & EthicsProfessional (CCEP) ®Broaden your professional qualificationsIncrease your value to your employerGain expertise in the fast-evolvingcompliance fieldThere’s never been a tougher or better time to bea part of the compliance and ethics profession.Budgets are tight, governments around the worldare looking to add new regulations, public trust inbusiness is low, and employees are tempted to cutcorners.As a Certified Compliance and Ethics Professional(CCEP) ® you’ll be able to demonstrate your abilityto meet the challenges of these times and have theknowledge you need to help move your programand your career forward.Learn more about what it takes to earn the CCEP ®at www.corporatecompliance.org/ccepHear fromyour peersRob Clark, Jr, CIA, CISA, CCEP, CBM,Chief Compliance Officer,Clark Atlanta University, Atlanta, GA1) Why did you decide to get certified?I chose to pursue this because it was apparentthat in the field of Compliance, this is THEdesignation to hold. I have spent over 20 yearsin auditing and compliance and have earnedthe certifications of Certified Internal Auditor(CIA) and Certified Information Systems Auditor(CISA), but when I was hired in March 2010 byClark Atlanta University to be the Chief ComplianceOfficer, as well as the Chief Audit Executive,I wanted to demonstrate competency in theCompliance arena with this designation.2) Has obtaining the CCEP certificationhelped you? If so, in what ways?Since I just achieved the designation, it is stillfairly new. I have received positive support andrecognition from the President, the Provost,Executive Cabinet, and the Audit Committee ofthe Board of Trustees.It has also helped to earn that much morecredibility as I was just featured in an article inCompliance Week about the robust complianceprogram employed here at CAU.3) Would you recommend that yourpeers get certified?Absolutely. I believe that, as professionals, weshould be in a constant state of improvementand expanding our skill sets and competencies.I believe it will give holders of the designationthat much more credibility with our organizationsand stakeholders.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 47

y Adam TurteltaubThe economy, compliance,and ethics»»The percentage of compliance programs with increasing budgets is on the rise.»»Although budgets are on the rise, staffing levels for the Compliance department are not following suit.»»Stress levels among compliance professionals are rising as they do more work with fewer staff.»»Compliance is more likely to be seen as a positive asset, rather than a hindrance to doing business.»»Many respondents thought that economic conditions may lead to more compliance failures.Compliance & Ethics Professional May/June 2012Beginning in 2009, shortly after theMarket Meltdown, the Health CareCompliance Association and theSociety of Corporate Compliance and Ethicsbegan annually surveying the Compliancecommunity.The goal of this research was to determinewhat has happened to compliance programsand staffing, as well as where budgets andstaffing are likely to go in the coming year.The survey has also examined the jobsecurity of compliance professionals,as well as the related measure ofmanagement attitudes towards complianceand ethics programs.The survey was again fielded atthe end of 2011. At that time, tentativeTurteltaub signs of economic recovery appearedto be sprouting up. The unemployment ratehad declined to 8.5% and the economy hadadded jobs every month since September 2010.The question was whether the complianceeconomy was experiencing similar signs ofrecovery.The survey revealed a brighteningpicture. The percentage of compliance programswith increasing budgets is on therise (see figure 1). More than a third (38%)of respondents reported that their budgetshad increased in 2011. This is an increasefrom 32% in 2010 and just 26% the year prior,indications that the financial commitment tocompliance is on the rise. And it should benoted that an even higher percentage expect2012 spending to increase.Still, it should also be noted that the budgetsare not necessarily leapfrogging forward.Of the 38% reporting an increase, roughly twothirds saw budgets increase “somewhat” withjust one third seeing budgets increase greatly.Respondents from publicly-traded companieswere more likely than any other group toreport their budgets had increased greatly.Also seeing a gain, although a slight anddirectional one, was staffing (see figure 2). Theyear-to-year gain in respondents who reporteda rise in staffing was a small one, but it tooappears to reflect a trend. Here again, publiclytradedcompanies led the rest of industry with45% reporting an increase in staffing. Andlooking to 2012, respondents expected thattrend to continue.Although a recent survey of complianceprofessionals revealed significant levels ofon-the-job stress, fear of losing one’s job doesnot seem to be a driver of that stress. Overall,just 4% of respondents reported that theywere very concerned about losing their jobs,and 52% were not at all concerned, virtuallyunchanged from a year earlier. When measuringtheir risk versus others where they work,77% felt that their jobs were about the sameor less at risk than those of others withintheir organizations.48 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

One explanation for the job securitymay be that management perceptions ofcompliance are generally seen as positive(see figure 3). More than half (56%) ofrespondents reported that their managementsees compliance as a somewhat or verypositive asset in helping the organizationthrough the current economic conditions. Bycontrast, just 17% report that their managementsees compliance as somewhat of or agreat hindrance. Interestingly, these numbershave remained largely unchanged overthe past few years, despite the increasingnumbers of corporate scandals.And fears of more scandals remain highamong compliance professionals. More thana third (36%) of respondents believe thatthe current economy “greatly” increases therisk of compliance failures, and another 52%believe that it “somewhat” increases the risk.These numbers are remarkably similar tothe previous year’s findings (37% and 53%respectively).In sum, the research suggests that theworst of the recession may be over, at least forcompliance budgets. More compliance professionalsare seeing their budgets rise, and theyanticipate that this trend will likely continuenext year.It’s troubling, though, that the rise inspending is not being accompanied by anincrease in staffing. With growing demandsupon compliance programs, both fromincreased regulation and enforcement,the demands on existing staff are increasing.Recent research has indicated that thecompliance community is already feelinggreat stress. The data indicates that a brighteningeconomic picture is not translatinginto more people to do the work, and torelieve the stress of those already workingin Compliance. ✵Adam Turteltaub is Vice President of Membership for SCCE. He can becontacted at adam.turteltaub@corporatecompliance.org.Figure 150%45%40%35%30%25%20%15%10%5%0%Figure 240%35%30%25%20%15%10%5%0%IncreaseDecrease26%24%Figure 370%60%50%40%30%20%10%0%27%Change in Budget32%14%38%43%11% 11%2009 2010 2011 2012 ProjectedIncreaseDecrease51%18%Change in Staffing31%10%33%9%34%2009 2010 2011 2012 Projected58%Management Perception of Compliance56%32%29%Positive or Very Positive Neither Positive nor Hindrance Somewhat or Great Hindrance27%17%13%7%20092010201117%Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 49

y Justin EstepOverzealous I-9 compliancecan result in a discriminationlawsuit»»The United States government has drastically increased Form I-9 audits.»»Many Human Resources representatives are misinformed about Form I-9 specifics.»»The United States government is also investigating Form I-9 discrimination.»»Companies are forced to pay heavy Form I-9 discrimination fines.»»Consistent Form I-9 policy is the best deterrence to fines.Compliance & Ethics Professional May/June 2012EstepAs most of corporate America is alreadyaware, Form I-9 compliance enforcementhas increased at an exponentialrate during the Obama administration. SinceJanuary 2010, more than 5,000 companiesfrom many industries have been subject toForm I-9 audits by Immigration and CustomsEnforcement (ICE). 1 Many of theseinvestigations have resulted in finesissued by the U.S government, andsome ICE raids have led to criminalcharges being brought against ownersand managers. An unintended consequenceof Form I-9 ICE raids has beenthe growing number of discriminationsuits brought as a result. These suits are rarelybrought against employers who are maliciouslypreventing people from working, but manytimes are levied against persons who weremisinformed about Form I-9 requirements andbroke the law by being “over compliant.”In order to limit a company’s Form I-9liability, every Human Resources (HR) departmentrepresentative should be trained in therules and regulations governing the I-9 form. Athorough vetting of the M-274 (The Handbookfor Employers: Instructions for Completing aForm I-9) 2 by each HR representative is essentialto avoiding fines and sanctions related to theform. A Form I-9 policy, based on the guidancefound within the M-274, is vital because of theintricacies of the Immigration and NationalityAct (INA), which governs employment verificationlaws related to I-9 forms. The convolutedand detailed INA regulations for I-9 formsresult in investigations of employers who hadnothing but the best intentions. One of themost commonly overlooked regulations inthe INA is the anti-discrimination provision,which prevents employers from asking potentialemployees for specific documents to verifyemployment eligibility. The INA anti-discriminationprovision also prohibits employers fromplacing additional document burdens on workauthorizedemployees.Unfortunately, many HR representativesstill “over document” employees’ workauthorization, exposing their company to discriminationlawsuits brought by the UnitedStates Department of Justice (DOJ) as well asother government entities, or even the wrongedindividuals themselves. In order to complywith employment eligibility verification regulations,an employer must examine either anoriginal document from List A (U.S. passport,Employment Authorization document,50 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

In the current enforcementenvironment, many employershave become concerned that theirI-9 forms may contain errorsand have overcompensated bydeveloping unnecessary (andsometimes illegal) practices toimprove their I-9 compliance.Permanent Resident card, etc.) or a combinationof a List B (driver’s license, voter registrationcard, etc.) and a List C document governmentissuedbirth certificate, Social Security card,etc.). The potential employee must be allowed toprovide any combination of valid documents inorder to satisfy Form I-9 requirements.In the current enforcement environment,many employers have become concerned thattheir I-9 forms may contain errors and have overcompensatedby developing unnecessary (andsometimes illegal) practices to improve their I-9compliance. As a result, some companies haveasked individuals to provide specific documentsfor employment eligibility verification, or if acandidate is not a citizen of the United States,they have asked for more documents than arenecessary to complete a Form I-9.Generations Healthcare, a healthcareprovider based in California, was recentlyinvestigated and is now being prosecutedby the DOJ for mandating that all non-UScitizens, who apply for employment withGenerations’ St. Francis Pavilion facility inDaly City, present extra work authorizationdocumentation, a burden that was not placedon native-born US citizens. 3Other employers, such as Garland SalesInc., a Georgia rug manufacturer, refusedto accept sufficient employment verificationdocuments from persons of foreignorigin, and would request that naturalizedUS citizens provide their permanent residentcard, or “green card.” 4 If the employee refusedGarland’s request, their employment offer wasrescinded. As a result, the Office of SpecialCounsel (OSC) for Immigration Related UnfairEmployment Practices prosecuted the companyand required them to pay $10,000 in backpay and civil penalties.To protect a company from an OSCemployment discrimination investigation, andto also remain vigilant in employment verificationpractices, we recommend that a company’sHR department has a detailed Form I-9 compliancepolicy with a corresponding checklist.Specifically, the policy should instruct yourHR department to provide each potentialemployee with the government approved list ofacceptable Form I-9 documents. This ensuresthat no miscommunication can occur and preventsyour HR department from accidentallyrequesting specific documentation, whichcould be construed as discriminatory.Above all, a company’s Form I-9 policyshould stress consistency. Most OSC investigationstarget companies that treat foreignnationals and naturalized U.S. citizens differentlythan native born U.S. citizens. Bykeeping employment eligibility verificationprocesses consistent for each potentialemployee and keeping a well-trained HR staff,any company should be able to navigate theever choppier enforcement waters surroundingthe Form I-9. ✵1. Jordan, Miriam: “Crackdown Resumes on Firms’ Illegal Hires.” WallStreet Journal, November 15, 20112. U.S. Citizen and Immigration Services: Handbook for Employers:Instructions for Completing Form I-9 Employment EligibilityVerification Form. M-274 (Rev. 06/01/11) N. Available at http://www.uscis.gov/files/form/m-274.pdf3. United States Department of Justice: “Justice DepartmentFiles Lawsuit Against California Healthcare Provider AllegingDiscrimination.” News release, September 30, 2011. Available at http://www.justice.gov/opa/pr/2011/September/11-crt-1301.html4. -United States Department of Justice. “Justice Department SettlesAllegations of Citizenship Status Discrimination and RetaliationAgainst Georgia Rug Manufacturer.” News release, December30, 2011. Available at http://www.justice.gov/opa/pr/2011/December/11-crt-1718.htmlJustin Estep is an Attorney with FosterQuan, LLP in Austin, Texas. He maybe reached at jestep@fosterquan.com.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 51

Frederico Melville NovellaChairman of the Risk andCompliance CommitteeChristie IppischCorporate Compliance OfficerGrupo ProgresoGuatemala CityGuatemalaan interview by Adam TurteltaubMeet Frederico MelvilleNovella and Christie IppischCompliance & Ethics Professional May/June 2012AT: Tell us a bit about Grupo Progreso’sbusiness.FMN: Grupo Progreso started operationsin Guatemala in 1899 with a cement companycalled Cementos Novella. In 2007, it expandedits operations to have a new division of distributionand sale of construction materials andaggregates, white line (home appliances andfixtures), tools, etc.With 112 years in business, its core businessis the production of cement, and it hasapproximately 7,000 employees overall. It operatesfrom Guatemala to Panama; and we are inall the Central American countries with differentproducts.AT: For how many years has the companyhad a compliance function?FMN: Since the company started operations,it has been managed with a strict code of ethics,with the example set by the founder Carlos F.Novella and his offspring. Then, six years ago,in March 2006, a formal code of ethics was writtenand made public to all of the employees.Also, the role of a Compliance department witha compliance officer started that year.AT: What led the company to create aCompliance function?FMN: Grupo Progreso is a family-ownedcompany. They were focused on maintainingthe legacy of the family founder by incorporatingthis family’s legacy in the corporation.The founder’s principles were instilled in hisoffspring and following generations, and thenwere written down as a code of values, ethics,and conduct (COVEC).As the Chairman of the Board andLead Director of the Corporate Risk andCompliance Committee, I was aware of thenecessities of a Compliance department. I wasthe main promoter of the compliance program,52 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

with the support of the board members, whohave also always believed in the necessity ofthis department.AT: How standard is it for companiesin Guatemala to establish a Compliancedepartment?CI: We are one of the leading Guatemalancorporations. This is a new trend, seen todayas an actual necessity. Cementos Progresohas been recognized and given awards byCentrarse, which is a local entity that promotesthe social responsibility of companies.AT: How is the compliance team structured?CI: The compliance officer reports to theAudit Committee. Here we call it the Riskand Compliance Committee. There is a vicepresident who is responsible for Compliance,Legal and Risk (audit). The compliance officerreports organizationally to him.AT: What’s your background, and how didyou become a member of the compliance team?CI: I have twenty-three years of experience,mainly in banking. I was treasurer of the secondlargest bank in Guatemala during early 1990s,then I worked almost nine years for Citibank asCountry Treasurer, and then I was the FinancialInstitutions and Public Sector Head.While I worked for Citibank, we focusedon training banks, financial companies, andthe government with topics like anti-moneylaundering, know-your-customer policies,managing regulatory issues, etc. Due to mybackground, I started as an advisor to the Riskand Compliance Committee, becoming theCorporate Compliance Officer.AT: What is the outline of your program?In the U.S., companies tend to follow theFederal Sentencing Guidelines, of course.What did you use?CI: Basically, my role as a CorporateCompliance Officer is to establish the mechanismsof control and application of the code ofethics and conduct. And I effectively managethe mechanisms to notify us of good or badconduct. The hotline, emails, suggestion boxes,and notifications are presented directly to me.I also work to create a culture of integrityand doing the right thing. This includes establishingprocedures and controls to identifyand manage conflicts of interests. I also monitorthat the company complies with the lawsand regulations, supported by areas such asInternal Audit and Legal.AT: What are some of the key compliancechallenges that Grupo Progreso faces?CI: Trying our best, through our people,to help change a negative view of complianceinto a winning culture and a winningorganizational compliance culture! It is achallenging subject, since locally you need toconvince the board members that implementinga code of ethics and all of the compliancestructure will benefit the company, and it’snot only an extra bureaucratic process withinthe company.AT: Are these challenges typical for yourindustry, or are they common for other businessesin Guatemala?CI: They are common for all businesses inGuatemala.AT: What role does the Guatemalan governmentplay in encouraging compliance programs?CI: They have been proactive by starting toimplement the role of the compliance officerin the financial system with strict anti-moneylaundering controls, and all internationalrequirements, such as the antiterrorist laws.The government—the Superintendent of TaxAdministration, for example—has enforcedand strengthened regulatory issues and controlssignificantly. ✵Adam Turteltaub is Vice President of Membership for SCCE. Hecan be contacted at adam.turteltaub@corporatecompliance.org.Christie Ippisch can be contacted at cippisch@hotmail.com.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 53

y Gilbert Geis, PhD and Henry N. Pontell, PhDCorporate codes of conductin the United States»»A code of conduct informs employees about acceptable behaviors the company expects and the conduct that will not be tolerated.»»Codes have proliferated as courts have held employers responsible for monitoring the actions of their employees.»»If codes are not enforced, employees will see them as window dressing, and ignoring the rules will become part of the corporate culture.»»The content of codes has changes as price fixing, foreign bribes, sexual harassment, and insider trading scandals have come to light.»»The effectiveness of a code of conduct is not a mitigating factor in the Dodd-Frank legislation.Compliance & Ethics Professional May/June 2012The Corporate Compliance Committee ofthe American Bar Association’s Sectionof Business Law defines business codesof conduct in the following terms:A corporate compliance and ethics programconsists of an organization’s code(s)of conduct, policies, and proceduresdesigned to achieve compliance with applicablelegal regulations and internal ethicalstandards. To do so, the organization must:first, create an ethical corporate culturethat educates and motivates the organization’semployees to act consistent withlegal rules and cultural norms and second,deter and detect violations through riskassessment, monitoring, auditing, andappropriate discipline. 1In a shorthand definition, two law writersnote that, for them, a corporate code of conductis “any written statement of ethics, law,or policy (or some combination thereof) indicatingthe obligation of one or more classes ofcorporate employees.” 2The striking surge in recent decades inthe number of corporate codes of conduct inthe United States has been motivated primarilyby the prospect of more lenient treatmentif a company employee is discovered violatinga law related to his/her job. Sophisticatedcompany codes and devoted dedication toindoctrination of employees regarding theimportance of the codes may result in amnestyfrom prosecution, less severe penal sanctions,or reduced civil fines. The codes alsohold the prospect of deterring undesirablepractices more efficiently than regulatoryoversight, because of the formalforewarning to possible miscreantsthat certain behaviors are forbiddenby company policy. 3 The developmentof corporate codes of conductalso requires corporate executives todetermine what forms of behavior Geis(beyond those that are illegal) violatethe moral and ethical standards thatthe company desires to uphold. Thecodes further can serve as discussiontopics for internal seminars that seekto translate their words into attitudesand actions on the part of all of acompany’s workers.The codes thus represent an Pontellattempt by the business world to de-fang thevicarious liability doctrine enunciated byAmerican courts that decrees that a companycan be found guilty of criminal conduct if anemployee does business in a manner that violatesthe law, even though the employee hadreceived explicit orders that he/she was notto engage in that conduct. The doctrine has54 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

een called “the blackest hole in the theory ofcorporate criminal law.” 4 In the leading case,United States v. Hilton Hotels Corp., a purchasingagent had twice been told not to boycottsuppliers who refused to contribute to a fundto promote tourism. The employee grantedthat he defied orders and said he did so out ofanger and pique at the suppliers. The court, infinding the company guilty, justified its rulingwith the following reasoning:With such important interests at stake,it is reasonable to assume that Congressintended to impose liability upon businessentities for the acts of those to whomthey chose to delegate their affairs, thusstimulating a maximum effort by othersand managers to assure adherence by suchagents to the requirements of the [law]. 5The Supreme Court’s decision turned itsback on an earlier federal appellate court rulingthat had held in 1946 that the Holland FurnaceCompany was not liable for the wartime act ofa salesperson who, contrary to the rules of theWar Production Board, had sold a new furnaceto a customer whose own furnace was not wornout, damaged beyond repair, or destroyed. 6Arguments against vicarious liability reston the assumption that a company with a strongcompliance program has already maximizedwhatever detection and deterrence force itsprosecution for the wrongdoing of its employeemight carry. 7 This viewpoint, however, is at bestarguable. It could be that charging the corporationwill intensify and improve its efforts tokeep employees honest and may cause otherentities to re-evaluate their compliance codesso as not to have an offense, such as the one inquestion, occur in their ranks.Antitrust activityThe Sherman Antitrust law of 1890 representedan attempt by the United States to combat theincreasing monopolistic trend in the businessworld. The eminent economist Adam Smith, asfar back as 1776, wrote about the desire of businessesto eliminate competition by conspiringto fix prices. “People of the same trade seldommeet together, even for merriment and diversion,”Smith wrote, “but the conversation endsin a conspiracy against the public, or in somecontrivance to raise prices.” 8One General Electric conspiratorsaid: “Every direct supervisorI had directed me to meet withcompetition. It had become socommon and gone on for somany years, I think we lost sightof the fact that it was illegal.”The 1961 heavy electrical antitrust conspiracyled to the production of the firstwave of corporate codes of conduct in theUnited States. These codes largely dealtwith price-fixing, the subject that in theearly days was the major focus of corporatecodes of conduct. 9 The case involved29 corporations and 45 individuals, includingvice presidents of the industry giantsWestinghouse and General Electric (GE).Seven of the defendants received 30-day jailsentences, an outcome that, at the time, wasconsidered draconian.One General Electric conspirator said:“Every direct supervisor I had directed meto meet with competition. It had become socommon and gone on for so many years, Ithink we lost sight of the fact that it was illegal.”10 Yet, General Electric in 1946 had issueda directive, number 20.5, that spelled out thecompany’s policy against price-fixing in termsstronger than those found in the federal law.It read:Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 55

It is the policy of the company to complystrictly in all respects with the antitrustlaws. There shall be no exception to thispolicy, nor shall it be compromised orqualified by an employee acting for oron behalf of the company. No employeeshall enter into any understanding, agreement,plan or scheme, express or implied,formal or informal, with any competitor,in regard to prices, terms or conditions ofsale, production, distribution, territories, orcustomers; nor exchange or discuss with acompetitor prices, terms, or conditions ofsale, or any other competitive information;nor engage in any other conduct that in theopinion of the company’s counsel violatesany of the antitrust laws. 11charged companies, without internal directives,retained the malefactors.Bribery to secure foreign contractsTwo developments prompted further activityin the development of internal codes of conductin American companies. The first was theWatergate break-in by thugs working on behalfof the re-election of President Richard M.Nixon. The investigation of the botched burglaryuncovered numerous illegal donationsof corporate moneys to the president’s electioncampaigns. These contributions tended to bedisguised by accounting tactics that brokethem into small amounts unlikely to be discoveredby external auditors who rarely did morethan a cursory sampling of such transactions.Compliance & Ethics Professional May/June 2012Each manager periodically was asked toindicate in writing that he/she was adheringto this policy, specifying that: “I am observingit and will observe it in the future.” But,most employees presumed that the directivewas window-dressing, meant to lull thepublic and the regulatory authorities. OneGE employee, however, refused to engage inprice-fixing after he initialed the document.A witness before a U.S. Senate committeeinvestigating the price-fixing crimesexplained what happened:[My superior] told me, “This fellow is afine fellow, he is capable in every respectexcept he was not broad enough for his job,that he was so religious that he thought, inspite of what his superiors said, he thoughtthat having signed that, that he shouldnot do any of this and he is getting us introuble with competition. 10The consequences for the convicted violators,in part, reflected the existence of the codeat General Electric. The company fired allthose implicated in the conspiracy. The otherIt is telling that, despite theseguidelines, prosecutions forinsider trading often rely noton the core law but on auxiliaryviolations such as perjury.The second situation was the discoverythat American companies were paying hugebribes to overseas corporations, politicians,and political parties to obtain contracts. Anamnesty approach saw more than 400 companies,including 117 of those on the Fortune 500List, admit to having paid out more than $300million to foreign sources. In 1977, Congressenacted the Foreign Corrupt Practices Actthat criminalized such actions. Corporationsresponded to both of these scandals by creatinginternal governance rules that prohibitedoverseas bribery. 12 Specifically, offendingcompanies had to assure the Securities andExchange Commission that they had takensteps to see that such activities did not recur.In addition, in 1988, the Insider Tradingand Securities Fraud Enforcement Act56 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

mandated that broker-dealers and investmentadvisers had to establish, maintain, andenforce reasonably designed written policiesand procedures, taking into considerationdetails of their operations in order to preventthe misuse of material, nonpublic information.It is telling that, despite these guidelines,prosecutions for insider trading often relynot on the core law but on auxiliary violationssuch as perjury. The reason is that mensrea, or criminal intent, is often particularlydifficult to establish, because the accusedcan often claim that he/she always intendedto engage in the transaction and that it wascoincidental that the move was made prior tointernal awareness of, as yet, nonpublic informationabout an anticipated large gain or lossin the stock.What do the codes say?Corporate codes of conduct have became morewidespread and somewhat more complexwith the passage of time and with the federalmandates discussed below, but their essentialnature does not differ much today from thecodes put in place during the half century thatfollowed the end of the second World War.The pioneer survey of corporate codes of conductwas undertaken in 1984 by Fried Frank,an international corporate law firm headquarteredin New York and with offices in,among other places, London, Hong Kong, andShanghai. The survey was updated three yearslater with about one-third of the companiesresponding. Subjects were companies listed byFortune magazine as the largest five hundredin the United States. Presumably, those whoresponded were the most likely to have codesin place (90% of them did), although organizationalprivacy and secrecy concerns may havelimited the response somewhat.A common thread in the codes was thedesire to protect the company from liability.Table 1, from the second Fried Frank survey,indicates the categories reported by thecompanies.TABLE 1: Issues addressed in corporate codes of conduct 13ISSUEPERCENTConflict of interest.......................................97%Gifts..............................................................87%Misuse of confidential information............. 83%Foreign corrupt practices .......................... 83%Political contributions ................................ 79%Insider trading .............................................73%Antitrust.......................................................64%Labor relations............................................ 27%Other........................................................... 29%Source: Siegel (2006:1603)Cressey and Moore also found what theycalled “a disproportionate degree of attention”accorded to conflicts of interest in the corporatecodes. They note that this discrepancy isparticularly pronounced in regard to nonindustrialfirms. They believe that a traditionalemphasis had been placed on preventing actsdirectly harming the company and that onlyrecently had concerns about public interestscome to the fore. 14The Federal Sentencing GuidelinesThe compliance code movement picked upconsiderable speed in 1991 with the introductionof the United States SentencingCommission’s Guidelines for the Sentencingof Organizations (FSGO), 15 a document thatset out criteria for aggravating or mitigatingstipulated penalties. The FSGO established“the most significant impetus toward internalcorporate policing.” 16 The most important mitigatingfactor was the presence of a program“to prevent and detect violations of law.” TheCommission issued what came to be calledthe “seven steps” for constructing a satisfactorycompliance effort. These steps call for aprogram that is “reasonably designed, implemented,and enforced so that it generally willCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 57

Compliance & Ethics Professional May/June 2012be effective.” Obviously, the hedge words“reasonably” and “generally” provide a gooddeal of leeway for prosecutorial and judicialjudgment and it is hardly surprising thatmitigations on the grounds of compliance programshave not been readily achieved.The greater importance ofcorporate codes of conduct wasillustrated in the Caremark casesin which the members of theboard of directors were suedfor what was alleged to be theirfailure to deal with, or even learnabout, illegal actions within thehealthcare company.This first set of guidelines specified thedesignation of specific high-level personnelto set the program into operation. In a burstof bureaucratic statement-of-the-obvious, theseven steps indicated that those running theprogram ought themselves not to possess whatwas labeled “a propensity to engage in illegalactivities.” Finally, the guidelines noted thatcompanies should take into account their particularcharacteristics in formulating rules, suchas their size, the likelihood of certain forms ofwrongdoing given their kind of business, andtheir prior history of corporate misconduct.After several years of study and debate, in2004 the USSC, responding to a report of an adhoc committee, revised the FSGO, expandingtheir reach and renaming them the “ethics andcompliance program.” The new guidelinesurged the diligent promotion of complianceand the provision of incentives to see thatthey are obeyed. They also called for ongoingevaluation of the effectiveness of the complianceprogram to expand the earlier focuson post-violation inquiries about what hadgone wrong. The training of new employeesand refresher courses for existing personnelwas also made more stringent. Particularlyimportant were stricter standards for membersof the board of directors who were nowrequired to “be knowledgeable about thecontent and operation of the compliance andethics program and [to] exercise reasonableoversight with respect to [its] implementationand effectiveness.” Finally, the new guidelinesmandated risk assessment proceduresto determine those matters that had to bestressed in the guidelines. 17The FSGO had been authorized because ofdisconcerting evidence that different judgeswere imposing very different penalties foroffenders who seemingly had committed muchthe same kind of crime. But the rather rigidguidelines had irritated many judges, becausethey saw them as undermining their judgmentabout proper punishment, reducing them to nomore than robots consulting preexisting tables.This view prevailed with the Supreme Court in2004 when, in United States v. Booker, the FSGOwere decreed to be advisory, not mandatory.Later research found that about 70% of thesentences levied following the Booker decisionadhered to the FSGO. 18 The greater judicialflexibility nonetheless did permit businesses totry to benefit from the development and installationof comprehensive codes of conduct.The greater importance of corporate codesof conduct was illustrated in the Caremarkcases 19 in which the members of the board ofdirectors were sued for what was alleged to betheir failure to deal with, or even learn about,illegal actions within the healthcare company.A Delaware chancery court thought thatthis was asking too much of the board, but itendorsed a settlement stipulation that explicitlyimposed a somewhat precise fiduciaryduty on the directors to attend to internal violations,although the judge suspected that the58 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

ule would not notably alter significantly whathad always been part of the directors’ obligations.The stipulation decreed:The Board will establish a Compliance andEthics Committee of four Directors, two ofwhich will be non-management directors,to meet at least four times a year to effectuatethese [compliance] policies and monitorbusiness segment compliance with theARPL [the Anti-Referrals Payment Lawwhich prohibits kickbacks], and report tothe Board semi-annually concerning complianceby each business segment. 19The most prominent attention in theUnited States to corporate guidelines has beenin regard to workplace sexual harassment. TheU.S. Supreme Court offered a standard for considerationof such guidelines by the judiciary:While proof that an employee has promulgatedan anti-harassment policy withcompliant procedure is not necessary inevery instance as a matter of law, the needfor stated policy suitable to the employmentcircumstances may appropriately beaddressed in any case when litigating thefirst element of the defense.” 20Kimberly Ellerth, a salesperson in the company’sChicago office, had sued BurlingtonIndustries for alleged sexual overtures by hersupervisor and his implied threats of retaliationfor her failure to “loosen up.” She hadnot reported her concerns to officials of thecompany. The Supreme Court indicated thatthe core issue was vicarious liability and thatBurlington in its defense could claim thatit had made suitable efforts to inhibit suchkinds of behavior by its employees. The Courtindicted two possible elements of such adefense: (1) That it exercised reasonable careto prevent and correct promptly any sexuallyharassing behaviors; and (2) that the employeeunreasonably failed either to take advantageof any preventative or corrective opportunitiesprovided or otherwise avoided them. 21Tyson Corporation: A case studyIn December 1997, Tyson Foods, Inc. pledguilty to felony charges based on its illegallygiving the United States Secretary ofAgriculture approximately $12,000 in giftsand favors, including football tickets, travelsubsidies, and food. As part of its settlementagreement the company, which at the timehad 66,000 employees in 27 American statesand a number of foreign countries, agreed topay a multimillion dollar fine and be placedon a four-year term of probation. The settlementalso mandated the creation of an EthicsCode Office and the creation of a corporatecode of conduct. In addition, two personswere prosecuted by the Independent Counselappointed to handle the case. A Tyson lobbyistwas acquitted of the bribery charge,but convicted for making false statements tofederal agents and received a small fine. Thecompany’s media director was found guilty ofbribery and sentenced to the minimum termallowable under the FSGO, a year and a dayof prison time. The agricultural secretary wasnever tried. The Tyson story provides insightsinto how governance codes can be mandatedand their operation can be closely monitored.And it also tells a tale of the kinds of indulgencespersons performing in the politicalarena can achieve.The settlement arrangement requiredthat Tyson report quarterly on its ethics programto a federal judge, a probation officer,the United States Department of Agriculture(USDA), and the Office of the IndependentCounsel (OIC, which was abolished in 1999and reformed as a branch of the federalDepartment of Justice). During the probationaryperiod, there were more than 70 surpriseCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 59

Compliance & Ethics Professional May/June 2012visits to the company site by inspectors forthe USDA and OIC. They checked records ofethics training sessions, saw to it that postersproclaiming the existence of a help-linefor whistleblowers were displayed prominently,and randomly questioned employeesabout the company’s code of conduct. Hadthe inspectors been dissatisfied with Tyson’sethics efforts, its probation could have beenrevoked and serious penalties inflicted on it.The man in charge of the reformativeprogram was an attorney, but he notes thatnationwide only 19% of persons in positionsequivalent to his are lawyers, and only 3% havebackgrounds in security work—most are fromthe management ranks of their company. Heemphasizes that the corporate code of conductmust be “much more than a statement of ideals”and notes that it should, when they are relevant,cover the following topics: advertising, antitrustand unfair competition, bribery and improperpayments, company books and records, conflictsof interest, environmental affairs, equalemployment opportunity, frauds and misrepresentation,government contracting, internationalbusiness, political contributions, proprietaryinformation, and securities transactions. 22The surprise ending to the case camewhile both men were in the process of appealingtheir convictions. In late 2000 and early2001, President Bill Clinton granted full pardonsto both malefactors. The lesson seems tobe that white-collar bribery is an insignificantwhite-collar crime; after all, lobbyists engagein it constantly, albeit typically staying justinside the laws which they themselves havehad a significant hand in formulating. That acode of conduct and strict supervision of thewrongdoing company can be a consequenceof the bribery is perhaps the best that can beexpected, given the very tight link betweencorporate contributions and the survival ofpoliticians in office.Sarbanes-OxleyThe Sarbanes-Oxley Act of 2002 (SOX), moreformally known as the Public CompanyAccounting Reform and Investor ProtectionAct, was passed as a result of a widelypublicizedseries of scandals that involvedEnron and its auditor and collaborator incrime, the auditing and consulting firm ofArthur Andersen, as well as WorldCom, Tyco,HealthSouth, and several other prominentbusiness operations. SOX requires public companiesto report whether they have a code ofethics that applies to their principal financialofficer, comptroller, or principal accountingofficer. When the Securities and ExchangeCommission (SEC) promulgated regulationsto flesh out the statute, it added the principalexecutive officer to the roster of those obligatedto meet the terms of a corporate code ofconduct. A satisfactory code must contain atleast five elements:1. Honest and ethical conduct, includingthe ethical handling of actual or apparentconflicts of interest between personal andprofessional relationships;2. Full, fair, accurate, timely, and understandabledisclosure in reports that a registrantfiles with, or submits to, the Commissionand in other public communications madeby the registrant.3. Compliance with applicable governmentlaws, rules, and regulations;4. The prompt internal reporting of violationsof the code to an appropriateperson or persons identified in the code;and5. Accountability for adherence to the code. 23If a company decides not to adopt such acode, it must indicate why it had failed to doso. If a code is adopted, it must be publiclyavailable and any changes in its content mustbe conveyed to the SEC.60 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

The prosecutors’ perspectiveThe Thompson MemorandumThe federal Department of Justice (DOJ) in2003 indicated how it intended to respond incases in which reliance on a corporate codeof conduct was an intricate part of the cultureof a company suspected of having violatedthe law. The DOJ statement—known as theThompson Memorandum, after the deputyattorney general over whose signature it wasreleased—lists nine considerations that federalprosecutors should take into account in decidingwhether to investigate, charge, or negotiatea plea with the organization. Three of the considerationsrelate to codes of conduct:1. The corporation’s timely and voluntarydisclosure of wrongdoing and its willingnessto cooperate in the investigation of itsagents, including, if necessary, the waiverof corporate attorney-client and workproduct protection;2. The existence and adequacy of the corporation’scompliance program; and3. The corporation’s remedial actions,including any effort to implement aneffective corporate compliance programor to improve an existing one, to replaceresponsible management, to discipline orterminate wrongdoers, to pay restitution,and to cooperate with the relevant governmentagencies. 24The Thompson Memorandum spelledout in some detail the ingredients of a corporatecode of conduct that should be takeninto account when determining the dispositionof a case. The critical factors, it declared,are “whether the program is adequatelydesigned for maximum effectiveness inpreventing and detecting wrongdoing byemployees and whether corporate managementis enforcing the program or is tacitlyencouraging or pressuring employees toengage in conduct to achieve business objectives.”The Memorandum repeated that pointin other words as well: the aim would be todetermine whether compliance rules weremerely a “paper program” or whether they“were designed in and implemented in aneffective manner.”The fact that an infraction had presumablyoccurred which brought the companyto the attention of the authorities could, ofcourse, challenge any claim of effective designand implementation. Besides, the words“adequately” and “maximum effectiveness”leave a good deal to be desired in regard topreciseness.The McNulty MemorandumThe emphasis on waiving attorney-clientprivilege and work project privilege aroused astorm of protest from business organizationsand the defense bar. In late 2006, in an updateof the Thompson Memorandum, assistantattorney general Paul McNulty added threeelements to the clause in response to criticismsof the guideline undercutting the traditionalattorney privileges. These were:1. A corporation can cooperate withoutwaiving its privilege if it can provide thenecessary information through other means.2. Waiver requests should be made only ifthere is a “legitimate need,” defined as “acareful balancing of important policy considerationsunderlying the attorney-clientprivilege and the work project doctrineand the law enforcements needs of thegovernment’s ‘s investigation.”3. Waiver requests require high-level supervisoryapproval, which varies dependingon the sensitivity of the information beingsought. 25It is, at best, arguable whether theMcNulty Memorandum will do much to keepCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 61

prosecutors from demanding waivers. As onewriter expressed it, McNulty compared toThompson can be regarded as “a distinctionwithout a difference,” when a prosecutor isseeking a conviction and may well use everyweapon available in his or her arsenal toachieve that end. 26heed to corporate compliance with codes ofconduct. Perhaps the bill’s sponsors believedthat codes of conduct had failed, or perhapsthey believed that they were as satisfactoryand useful as they possibly could be. In anycase, it was neither the regulatory stick nor theself-regulatory carrot that carried the day.Compliance & Ethics Professional May/June 2012The Dodd-Frank Regulatory Reform ActThe severe global economic depression thatbegan to unfold in 2008 involved very dubiousactions by some of the largest and mostpowerful investment firms and banks in theUnited States, including Bear Stearns, LehmanBrothers, Merrill Lynch, Countrywide, AIG,and Bank of America. The meltdown inevitablybrought to the forefront the question:Why had not the earlier reforms, particularlythe emphasis on corporate codes of acceptableconduct, been unable to prevent the disaster?William Laufer addressed this disturbing considerationin the following terms:We must consider how firms that are heldin the highest regard, which have cuttingedgecompliance policies, and records ofgood corporate citizenship, are allegedto condone tacitly, tolerate, or participateactively in elaborate frauds. 27Laufer notes in particular the case ofGoldman Sachs (the most successful WallStreet firm) which allowed one of its clients,a wealthy investor, to designate which toxicsubprime derivatives were to be peddled toGoldman customers while he himself wasshorting these same derivatives. GoldmanSachs settled with the SEC for $500 million forits sins, less than the amount that it annuallycontributes to charity.But what is particularly notable aboutthe Dodd-Frank Wall Street Reform andConsumer Protection Act (a measure that ranto more than 2,000 pages) was that it paid noAuditing codes of conductTwo fundamental questions lie at the heart ofan audit of corporate codes of conduct. First,do such codes deter the conduct that they, atleast on their face, intend to inhibit? Second,even if unlawful conduct occurs, does a decentcorporate effort to prevent such behavior provebeneficial to the corporation in the ensuingdetermination of how the case is to be dealtwith? Or, on the other hand, as Gary Spence, aprominent defense lawyer has claimed, are thecodes “being adopted more for public relationsthan for the good of the public?” 28 This issueis beyond empirical determination, becausethere is not and likely never will be an accurateroster of corporate wrongdoing, so thatchanges in illegal corporate behavior can becorrelated with the appearance of interveningvariables, such as codes of conduct.At the same time, as one writer hasobserved: “For all that is known about thehistory and content of corporate ethics codesit is striking how little is known about theireffect in regulating conduct.” The writerpoints out that even the little that is known is“inconclusive” and notes that the knowledgebase largely is made up of studies of collegeundergraduates or business school majors whorespond to questionnaires, a situation very differentfrom the everyday world of corporatedecision-making. 29This opinion echoes an earlier observationmaking the same point: “Unfortunately,very little research has been devoted towardsdiscovering whether they [that is, corporatecodes of conduct] are effective in promoting62 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

ethical decision-making behavior.” 30 Thispair of researchers sought to gain someinsight into the question by testing 150 businessstudents regarding ethical choices andfound that corporate codes of ethics arenot influential in determining a person’sdecision-making in situations involving ethicalconsiderations. This conclusion, at best asuggestive hint at the possible inadequacy ofcodes of conduct alone, reinforces the earlierrecommendation of two managerial scholarsthat codes of conduct should be accompaniedby five other elements:··Offer training programs which independentlyand explicitly address specifictreatment of ethical issues;··Limit the opportunity to engage inunethical behavior by providing a welldevelopedstructure and a system ofchecks and balances, including explicitpenalties for unethical behavior;··Let the employees know what penaltiesthe company imposes on those whoengage in unethical behavior;··Recognize how the behavior of coworkersand superiors can influence thebehavior of other employees in the organization;and··Develop an ethics committee to addressnew issues and help establish and evaluateexisting codes and policies. 31In regard to the question concerning prosecutorialleniency because of corporate duediligence in seeking to create a law-abidingworkforce, a 1989 plaint by attorneys for theRockwell Corporation during the sentencingphase of a case involving wrongful doublebillingsets forth the company’s chagrin thatits best compliance efforts had been ignored:The case…raises an issue that cuts to theheart of self-governance. If a defense contractorspends as much time, effort, andmoney on self-governance as Rockwellhas, deals with an incidence of employeewrongdoing in full accordance with theGovernment’s expectations as Rockwellhas, and it is then rewarded with the wraththe Government normally reserves for therecalcitrant, is such effort warranted? 32This is of course but one anecdotal itemand it occurred before greater emphasis wasplaced on corporate conduct codes. Do companiescontinue to believe that their formalefforts to coerce, cajole, and otherwise createconformity are not adequately recognizedand rewarded? Or has the great surge in theappearance of corporate codes of conduct providedbetter protection to corporate entitiesembroiled in instances of corporate violationsof laws and regulations?Liability based on codes of conductThere exists in regard to corporate codes ofconduct what Goldsmith and King 16 call the“unintended dilemma” that arises when acompany responds to regulatory incentivesby inaugurating a compliance program thatgenerates incriminating information that mayproduce civil and criminal liability. Earlier, andoften, companies learning of such waywardnessmay have informed the authorities of theirproblem, negotiated a correction, and clearedthe matter up. Today, in the United States theyseem more likely to calculate the chances thatthey will be caught and assume that risk, ifthey believe that the odds are in their favor.One of the reasons for this shift is that thesituation has changed and companies mayfind themselves in a court facing civil lawsuitsthat arise from self-incrimination. As a lawprofessor has noted: “Corporations will sometimesbe held liable for violating the voluntarystandards that they adopt in codes of conduct,even if these standards are higher thanthe obligations imposed on the corporationsCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 63

Compliance & Ethics Professional May/June 2012by the law. 33 These lawsuits typically rest onallegations of false and misleading advertisingand breach of contract, with the codesof conduct being characterized as a bindingagreement to do what it says.Illustrative is the story of the NikeCorporation which closed its domestic factoriesin 1980 and outsourced production of itsshoes to sites such as Indonesia, Pakistan, andVietnam. A decade later, Nike found itselfbeing harshly criticized by the American mediafor the working conditions in the factories of itsoverseas suppliers. It was reported, for instance,to pay Vietnamese workers $.60 a day, thecountry’s minimum wage, when it cost an estimated$2.10 a day to have decent meals. 34 Nikeresponded at first by maintaining that it wasToday, in the United States[companies] seem more likely tocalculate the chances that theywill be caught and assume thatrisk, if they believe that the oddsare in their favor.responsible only to meet the legal requirementsof the foreign countries, but this position didnot avert a domestic boycott of its products. In1992, Nike adopted a corporate code of conductfor its suppliers and specified its responsibilityfor their adoption of measures regardingmatters such as minimum wages, overtime,occupational health and safety, and environmentalprotection. The conduct mandated inthe codes often was far more demanding thanlocal requirements: for instance, footwear workerswere required to be 18 years of age.Nonetheless, critics complained thatthe codes were nothing more than publicrelations gestures. In 1998, the company wassued in a California court on an allegationthat its reports violated the state law againstfalse advertising. The suit was backed upby a report indicating the use of dangerouschemicals in a South Korean factoryproducing Nike products and the claimthat working conditions often violated thespecifications in the code of conduct. Nikeunsuccessfully argued that what was beingcalled false advertising was permissibleunder the freedom of speech provisions ofthe First Amendment in the Constitution.Nike finally settled the case by agreeingto a $1.5 million donation to the Fair LaborAssociation. 35The Nike case was said to create fear thatit would deter businesses from incorporatingadequate corporate social responsibility principles(CSR) in their codes of conduct. This wouldtake place in the face of what are said to be:reports and literature [that] these codesdo appear to be helping reshape culturalattitudes within at least some MNCs [multinationalcorporations] by raising corporateawareness of potentially adverse MSN activityin the developing world and by creatingbenchmarks through which an externalgroup may measure their business. 35Considering these issues one writerhas observed: “Unfortunately, no empiricalevidence exists that measures how manycorporations reconsidered adopting CSR principlesin their codes of conduct in the wakeof the Nike case.” The same writer notes thatin regard to such codes, companies currentlyface the problem of “creating additional legalobligations and providing opponents with therope to hang them with.” 3364 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Suggestive experimental dataThere is some intriguing but hardly quiteon-targetexperimental data regarding theuse of honesty prompts on subsequentbehavior. One such study found thatpersons who were asked to list the TenCommandments (even if they could recallonly a few or none of them) did not cheaton an honesty test to the extent that otherswithout such an instruction did. The sameresult was obtained when the experimenterindicated that the test was being conductedunder the terms of the (non-existent) universityhonor code. 36 But, these were short-termresults with relatively inconsequential payoffsinvolved. As the American muckrakerUpton Sinclair declared: “It is difficult to geta man to understand something when hissalary depends upon not understanding.” 37And it is difficult to remain honest when acompetitor is outpacing you by playing fastand loose with the law. ✵1. FitzSimon, Jean K. and Paul E. McGreal: Corporate ComplianceSurvey. The Business Lawyer, 2005;60:17592. Pitt, Harvey L. and Karl A. Groskaufmanis: MinimizingCorporate Civil and Criminal Liability: A Second Lookat Corporate Codes of Conduct. Georgetown Law Journal,1990;78:1559-16123. Sigler, Jay and Joseph E. Murphy: Corporate Lawbreaking andInteractive Compliance: Resolving the Regulation-DeregulationDichotomy. New York: Quorum Books, 19914. Fisse, Brent: “Reconstructing Corporate Criminal Law:Deterrence, Retribution, Fault, and Sanctions.” Southern CaliforniaLaw Review, 1983;56:1141-12465. United States v. Hilton Hotels Corp., 467 F. 2d 1000 (9th Cir. 1972),cert. denied 409 U.S. 1125 (1973)6. Holland Furnace Co. v. United States. 158 F.2d 2 (6th Cir. 1946)7. Weissmann, Andrew and Newman, David: “RethinkingCorporate Criminal Liability.” Indiana Law Journal, 2007;82:411-451. See also Walsh, Charles J. and Pyrich, Alissa: “CorporateCompliance Programs as a Defense to Criminal Liability: Can aCorporation Save Its Soul?” Rutgers Law Review, 2005;47:605-6928. Smith, Adam: An Inquiry into the Wealth of Nations. London: W.Strahan and T. Cadell, 1776; bk. 1, ch. 10, 829. Gabel, Joan TA; Mansfield, Nancy P; and Houhgton, Susan M:“Letter vs. Spirit: The Evolution of Compliance into Ethics.”American Business Law Journal, 2009;46:453-48610. Geis, Gilbert: “The Heavy Electric Antitrust Cases of 1961,” inMarshall B. Clinard and Richard Quinney, eds., Criminal BehaviorSystems. New York: Holt, Rinehart and Winston, 1967; pp. 139-15011. United States Senate, Subcommittee on Antitrust and Monopolyof the Committee on the Judiciary, Administered Prices. 87thCongress, 1st Session. 1961; Washington DC, GovernmentPrinting Office, 1712012. Biegelman, Martin T. and Daniel R. Biegelman: FederalCorrupt Practices Act Guidebook: Protecting Your Organizationfrom Corruption and Bribery. Hoboken, NJ: John Wiley, 2010.See also Goelzer, Daniel L: “Designing an FCPA ComplianceProgram: Minimizing the Risks of Improper ForeignPayments.” Northwestern Journal of International Law & Business,1998;18:535-54713. Siegel, Michael L. (2006). Corporate America Fights Back: TheBattle Over the Waiver of the Attorney-Client Privilege. BostonCollege Law Review, 49:1-5414. Cressey, Donald R. and Moore, Charles A: Corporation Codesof Ethical Conduct. New York: Peak, Marewick, and MitchellFoundation, 1980:1615. 56 Federal Register 22,76216. Goldsmith, Michael and King, Chad W: “Policing CorporateCrime: The Dilemma of International Compliance.” VanderbiltLaw Review, 1997;50:1-48. See also Kaplan, Jeffrey M. and Murphy,Joseph R: Compliance Programs and Corporate Sentencing Guidelines(rev. ed.). 1993; St. Paul, MN: Thomson/West17. Hess, David; McWhorter, Robert S; and Fort, Timothy L: “The2004 Amendments to the Federal Sentencing Guidelines andtheir Implicit Call for a Symbiotic Integration of Business Ethics.”Fordham Journal of Corporate and Financial Law, 2006;11:725-76418. Berman, Douglas A. Assessing Federal Sentencing After Booker,”Federal Sentencing Reporter, 2005; 11:291-29419. In re Caremark International Inc., Derivative Litigation. 698 A.2d 959.Delaware Chancery, 199620. Burlington Industries v. Ellerth, 524 U.S. 742 (1998)21. Fair, Cynthia: “ Burlington Industries, Inc. v. Ellerth andFaragher v. City of Boca Raton: A Step in the Wrong Direction?”Boston University Public Law Journal, 2000;9:4409-431. For a critiqueof the decision focused on the court’s failure to appreciatethe empirical evidence regarding workplace sexual harassment,see Lawton, Anne: “Operating in an Empirical Vacuum: TheElleerth and Faragher Affirmative Defense.” Columbia Journal ofGender and Law, 2006;13:197-27322. Copeland, John D: “The Tyson Story: Building an EffectiveEthics and Compliance Program.” Drake Journal of AgriculturalLaw, 2000;5:305-353 and Copeland, John D: “The Tyson Story: AnUpdate. Drake Journal of Agricultural Law, 2001;6:257-25923. 17 CFR §229.406a24. Available at www.usdoj.gov/dag/cft/business_organizations.pdf25. Available at www.usdoj/gove/dag/speeches/mcnulty_memo.pdf26. Weigard, Stephen A: “Waiver of the Attorney-Client Privilegeand Work Product Production from Thompson to McNulty.”University of Cincinnati Law Review, 2008;76:1098-1118. See alsoMarks, Colin P: “Corporate Investigations, Attorney-ClientPrivilege and Selective Waiver: Is a Half Privilege Worth HavingAt All?” Seattle University Law Review, 2006;30:155-19427. Laufer, William S: “ Secrecy, Silence, and Corporate CrimeReforms.” Criminology & Public Policy, 2010;9:455-465 and Laufer,William S: “Corporate Bodies and Guilty Minds: The Failure ofCorporate Criminal Liability.” Chicago: University of ChicagoPress, 200628. Spence, Gary: With Justice for None: Destroying an American Myth.New York: Times Books, 1989, 27729. Newberg, Joshua A: “Corporate Codes of Ethics, MandatoryDisclosures, and the Market for Ethical Conduct.” Vermont LawReview,2005:29:253-29530. Clark, Margaret Anne and Leonard, Sherry Lynn: “CanCorporate Ethics Influence Behavior?”Journal of BusinessEthics,1998;17:619-63031. Ferrell, OC and Gardiner, Garth: In Pursuit of Ethics: Tough Choicesin the World of Work. Springfield, IL: Smith Collins, Ferrell, 199132. United States v. Rockwelll Int’l Corp. (1989). Defendant’s SentencingMemorandum. No. 88-48-CBM (C.D. California)33. Brown, Elizabeth F: “No Good Deed Goes Unpunished: Is Therea Need for a Safe Harbor for Aspirational Corporate Codes ofConduct?” Yale Law and Policy Review, 2002;26:367-42134. Murphy, Sean D. (2005). Taking Multinational Corporate Codes ofConduct to the Next Level. Columbia Journal of Transnational Law,43:389-433.35. Kasky v. Nike, Inc. 45 P.3d 243 (California 2002)36. Ariely, Dan: Predictably Irrational: The Hidden Forces that Shape OurDecisions. New York: HarperCollins, 200837. Sinclair, Upton: I, Candidate for Governor: And How I Got Licked.Berkeley: University of California Press, 1935Gilbert Geis is a Professor Emeritus in the Department of Criminology,Law and Society at the University of California, Irvine. He may be reachedat ggeis@uci.edu. Henry N. Pontell is a Professor in the Department ofCriminology, Law and Society at the University of California, Irvine. He maybe reached at pontell@uci.edu.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 65

y Dawn LomerSocial media evidence:A new accountability»»Courts are seeing an explosion of evidence from social media sites.»»Case law regarding social media evidence is still developing.»»Attorneys and investigators should stay abreast of new rulings as they happen.»»Ethics and common sense rule when it comes to gaining access to personal social media information.»»Rules of preservation apply to social media, just as they do elsewhere.Compliance & Ethics Professional May/June 2012LomerWhen 19-year-old Rodney Bradfordupdated his status on Facebookon October 18, 2009, he had noidea that his message about craving pancakeswould become the crucial piece of evidencethat would clear him of first-degree robberycharges. The Harlem teenager spenttwo weeks in jail before his father noticedthe status update, which had beenposted one minute before the robberyoccurred, from a location 12 milesaway from the crime. The districtattorney subpoenaed Facebook fordocumentation to prove Bradford hadupdated his status from his father’shome in Harlem, providing Bradfordwith a rock-solid alibi and a ticket to freedom.With more than 800 million users onFacebook, 200 million registered Twitter users,about 135 million on LinkedIn, and more than60 million already on Google+, it’s clear thatsocial media has become part of everyday lifefor a huge percentage of the world’s populationwith access to the Internet. It makespeople’s activities, even thoughts and feelings,trackable and discoverable.And while Bradford’s Facebook evidenceworked in his favor, that’s often not the case forthose whose social media activity is broughtunder scrutiny in the courts, which are seeingan explosion of this type of evidence. Theimplications are huge for companies whoseemployees use social media both at work andat home. In fact, half of all companies will needto produce material from social media sitesfor e-discovery by the end of 2013, accordingto a 2011 Gartner report, 1 entitled Social MediaGovernance: An Ounce of Prevention.A world of evidence“We are entering an entirely new world ofcommunication, unprecedented in humanhistory,” says attorney Benjamin Wright, anauthor, e-discovery expert, and instructor atSANS Institute. “Social media makes e-maillook like stone tablets, in terms of the flexibilityof communication, the volume of communicationand the multiplication of copies ofcommunication. I believe that our legal systemis only beginning to scratch the surface of thequestions related to how we gather evidence,how we respect privacy and how we authenticatethe evidence in the courtroom,” he says.Because it’s a relatively new field, newchallenges are coming to light each monthas more and more social media evidence isbeing used. It can be a valuable source ofinformation for both sides in any case, sounderstanding how to collect it ethically andleverage it legally will ensure it’s admissible.66 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

“In e-discovery, there is no differencebetween social media and electronic or evenpaper artifacts. The phrase to remember is ‘ifit exists, it is discoverable’,” said Debra Logan,Vice President and distinguished analyst atGartner, in a company press release. 2 “Uniqueaspects of social media present additionalchallenges, but as with an overall informationgovernance strategy, the key to avoiding ormitigating potential legal issues in the use ofsocial media for business purposes is to have agovernance framework, policy, and user education,”she said.Ethical evidence-gatheringSocial media can certainly be a useful toolfor e-discovery when used responsibly, andit can sometimes be incredibly easy to accessevidence on these sites. If parties in a disputeleave their personal sites open for publicscrutiny, the evidence is generally accessibleto anyone, although there can be limitationson copyright and use of pictures. But, whena party in an investigation has a social mediaprofile with tight privacy settings, gettingaccess to the information can be more difficult.A court may order that passwords bedisclosed or might request a user to providethe evidence from his/her own social mediapages to lawyers for the other side. But,without a formal request for disclosure, investigatorsand attorneys may be left with somedifficult dilemmas.To make matters even more complicated,how you can access information and whatinformation you can use as evidence—each hasits own set of developing rules. So far there arerelatively few standardized, widely acceptedmethods for gathering evidence from socialmedia sites. One approach is for the lawyer orinvestigator to print the social media page andshow it to the judge or administrator. Capturingimages using a screen grab, time-stamping, andusing a web cam to record yourself recordingthe evidence can be helpful to establish timeand place. But this assumes that the materialyou need to access is readily available.Do not deceiveAttorneys and investigators have to be carefulabout how they access information posted on asocial media profile. They cannot misrepresentwho they are in order to join their opposition’sprivate social media network. For example,you cannot create an account under an alias,“friend” the person under investigation, andthen expect to use that information to supportyour case. The evidence won’t be admissible.It also violates the terms of service on somesocial media sites.“Lawyers and private investigatorshave ethical requirements,” says Wright.“Interpretation of those ethical requirementsis that these professionals will not engage indeceit. Professionals need to think very carefullybefore they use some kind of deceit inorder to be ‘friended’ by someone else,” he says,adding that in the right circumstances, policeofficers working undercover may be justified inassuming an identity to gather evidence, basedon the acceptable rules and procedures of alegitimate undercover investigation.Duty to preserveAnother ethical issue surrounds evidencepreservation. If social media profiles belong tothe people who create them, creators shouldhave the right to delete whatever they want,right? Not necessarily. “Lawyers are startingto realize that information contained on socialmedia sites may be related to litigation and arehaving to navigate the intersection of technologyand the law,” says Rebecca Shwayri, anattorney and e-discovery expert at CarltonFields. “Because many social networking sitesare owned and controlled by third parties, thepreservation issues can be more difficult tomanage,” she says.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 67

Compliance & Ethics Professional May/June 2012However, “There can be very serious penaltiesfor the destruction of evidence at a timethat you know that the social media evidencewill be relevant for some kind of a lawsuit orinvestigation,” says Wright. A Virginia lawyerand his client found this out the hard way.Isaiah Lester was suing Allied Concretefor the alleged wrongful death of his wife,Jessica, who died when an Allied Concretetruck rolled onto her car. His lawyer, MatthewMurray, instructed Lester to “clean up” hissocial media profiles, which contained materialthat cast doubt on Lester’s level of grief.Lester deleted 16 photos from his Facebookprofile, including images of him partying,holding a beer, and wearing a t-shirtthat read “I [heart] hot moms.” The deletioncame to light in the course of the trial, andof the 16 photos deleted, 15 were retrievedand presented in court. There were seriousconsequences. The court found that the deletionof the photos constituted misconduct byLester and Murray, and awarded a total of$722,000 to Allied Concrete for attorney fees—$180,000 to be paid by Lester and $542,000from Murray, who has since resigned.Company social media sites are morestraightforward. “If a company is maintainingits own social media page related to its productsand resources, information on the socialmedia page should be preserved when thereis a reasonable threat of litigation, assumingsuch information is related to the litigation,”says Shwayri. When it comes to personal socialmedia pages, however, evidence preservationcan be more complicated. “Given the millionsof users of social media, it is not reasonable toexpect social media sites to archive all informationrelated to users just in case of a lawsuit,”says Shwayri. “Most users probably don’tarchive their own material because the materialis held by third-party sites.”While the case law is still developingsurrounding social media evidence, its potentialeffect on an investigation, and even ourbehavior, is becoming clear. “At a very philosophicallevel… [social media] creates a greateraccountability to one another and to society,”says Wright, “because, in fact, we’re all ableto watch one another and we all know thatanything I say or do tonight can come back tohaunt me tomorrow.” ✵1. Gartner: Social Media Governance: An Ounce of Prevention.December 17, 2010. The report can be ordered at www.gartner.com/DisplayDocument?ref=clientFriendlyUrl&id=14989162. Gartner press release: “Gartner says by year-end 2013, half of allcompanies will have been asked to produce material from socialmedia websites for E-discovery.” February 17, 2011. Available atwww.gartner.com/it/page.jsp?id=1550715Dawn Lomer is a Corporate Journalist with i-Sight Software in Ottawa,Canada. She may be reached at dlomer@i-sight.com.68 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

CongratulationsNew CCEP © designeesAchieving certification required a diligent effort by these individuals.CCEP © certification denotes a professional with sufficient knowledgeof relevant regulations and expertise in compliance processes to assistcorporate industries in understanding and addressing legal obligations.Certified individuals promote organizational integrity through thedevelopment and operation of effective compliance programs.··Kenneth Amos··David M. Anderson··Jennifer J. Badgley··Juanita Banks··Amii L. Barnard-Bahn··William E. Barthell··Maram I. Batarseh··Kristina M. Bell··Edward Benson··Christina V. Bigelow··Karyn Boston··Lisa A. Bragg··Sandra L. Brennan··Janelle M. Brookman··Linda Gayle Buffett··Viann M. Cabezal··Nancy J. Capell··Neftali Carrasquillo··Debora H. Carroll··Jose P. Casasola··Jeff Cherry··Lori L. Cochrane··Marla B. Colling··Kendra L. Cook··Bethany Cowles··Siobhan Curre··Karl Dahlquist··Sherry Denise Davis··Meghan M. Davis··Stefani B. Dawkins··Christopher P. Denten··Steven M. Desmarais··Thomas P. Donovan··Sandhya V. Drinkwater··Steven P. Dunn··Don A. Ellis··Andrew Finkelstein··Darrin W. Fletcher··Dean Forbes··Ann-Marie Friedman··Charles P. Gallagher··Ruth Giansante··Sara K. Gibson··Scott M. Giordano··Dina M. Given··Joseph M. Gruttadauro··James L. Guhl··Patrick J. Hamblin··Temre L. Hanson··Sharon Harned··Elizabeth A. Harrigan··Paula R. Harris··Susan B. Hauswirth··Cheryl A. Hayne··Frederick E. Hoffman··Anthony ChukwumaIfechikwu··Jonathan C. Ivec··Beth A. Johnson··Glenn P. Kaleta··Christy Kaufman··Deborah S. Key··Ishrag Khababa··Kenneth W. Lehman··Sherry R. Malusa··Jane P. Maring··Ellen M. Martin··Linda P. Martinello··Christopher C. Matteson··Lisa Mau··Jeffery T. Maxwell··Kely L. McKeown··Janet D. McKinney··Laura K. McLaughlin··Frances M. McManus··Kristina Meagher··Marta M. Mercado···Shelley L. Miller···John L. Miller···Roland Mitchell···Linda Morales···Chris D. Morris···Jennifer S. Mudd···Timothy G. Mulshine···Tiffany K. Ngo···Francisco Niclos Negrao ···Gail Naomi Nishida···Julia F. Pallozzi-Ruhm···Shannon S. Pannell···Laura M. Paredes···William A. Patrick···Christi N. Perri···Ravi Nathan Perumal···Christine Petersen···Rugina D. Poellnitz···Evelyn J. Pulliam···Monika G. Rector···Perry Robinson···James J. Rough··Corey R. Sanchez··Rebecca L. Schumann··Amy J. Scully··Michelle M. Shwery··Annette C. Silva··Shari D. Silva··Barbara J. Simmons· Domenico Sneider· Carmelo Stanco· Jody A. Standal· Nancy E. Stephenson· David M. Sterling· Michael S. Stinson· Mary Stutzman· Doris Suh· Juan F. Torres· Jeffrey C. Torres· Jessica L. Truelove· Brian G. Van Hoy· Verena M. Von Dehn· Marcia Wada· Courtney L. Wallize· Brian M. Warshawsky· Jennifer C. White· Ben C. Winegarner· Stefan Wochinz· David A. Wortsman· Marlene Yamashita· Kristin A. ZompaThe Compliance Certification Board offers you theopportunity to take the Certified Compliance andEthics Professional (CCEP) © certification exam.Please contact us at ccb@corporatecompliance.org,call +1 952 933 4977 or 888 277 4977, or visitwww.corporatecompliance.org/ccepCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 69

y Eric R. FeldmanBuilding transparency,accountability, and ethicsin government contracting»»The Federal Acquisition Regulations (FAR) require contractors to self-report credible evidence of violations of federalcriminal law and significant overpayments.»»The federal government now requires more robust corporate ethics and business conduct programs as a component of“present responsibility” determinations when considering suspension and debarment actions.»»A record number of suspensions and debarments of unethical contractors were made in 2011.»»Agency suspension and debarment officials have placed greater emphasis on deficiencies in corporate ethical culture thanon specific FAR violations during recent suspension and debarment actions.»»Contractors can decrease their risk by taking proactive steps designed to improve both the corporate ethical culture andthe effectiveness of the business ethics and compliance program.Compliance & Ethics Professional May/June 2012FeldmanMuch has been written about the2008 amendments to the FederalAcquisition Regulations (FAR),which require federal contractors to report“credible evidence of a violation offederal criminal law or the FalseClaims Act” to the respective federalagency Inspector General and theagency contracting officer. Beforethe FAR Mandatory Disclosure Rulewas approved, industry commentspredicted that the proposed changewould result in mass SWAT teams of federalagents descending on government contractors,and that agency suspension and debarmentofficials would routinely disqualify contractorsfor “failure to timely disclose” even thesmallest of infractions. Fortunately, neither ofthese things has happened.What also hasn’t happened, however, is thekind of increased transparency and collaborativeworking relationships between contractorsand federal agencies envisioned by the authorsof the rule (including myself) who were servingon the National Procurement Fraud Task Forceat the Department of Justice (DOJ). To date, thevast majority of disclosures have been limitedto the Department of Defense (rather than thecivilian agencies), and those disclosures havebeen focused on smaller cost mischargingand false claims cases, rather than the largekickbacks, gratuities, product substitution,and Procurement Integrity Act violations thatfederal law enforcement believes are runningrampant in federal contracting.When any type of disclosure is made, acontractor runs the risk that contracting officers,Defense Contract Audit Agency staff,or suspension and debarment officials willimmediately ask some very fundamentalquestions about the ethical environment ofthe company that may have allowed the violationto occur. A company’s compliance withFAR 52.203-13 requirements for a contractorCode of Business Ethics and Conduct and arelated ethics program might be called intoquestion, leading suspension and debarmentofficials to question the company’s “present70 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

esponsibility” and possibly to suspend ordebar them or their officers from future federalcontracts, even before an investigation ofthe facts is completed.Further, FAR 9.104-1 requirements (i.e., thatprospective contractors be “responsible” parties)can also be invoked if it is determined that acontractor does not have “a satisfactory recordof integrity and business ethics” —potentiallydisqualifying the contractor from futurework. All of these risks are greater when aprime contractor or a whistleblower makes thedisclosure regarding the subcontractor, thuscalling into question the subcontractor’s transparency,ethics, and integrity.Transparency is the goalThe Mandatory Disclosure Rule was originallymodeled after a National ReconnaissanceOffice (NRO) contract provision developedby that agency’s Office of Inspector General(OIG) in mid-2004. The NRO is an agency ofthe Intelligence Community that conducts theresearch and development, acquisition, launch,and operations of the nation’s spy satellitenetwork. The NRO provision was intended toaddress the growing number of procurementfraud cases coming to the Inspector General’s(IG’s) attention from sources other than the contractor’sown systems of control and disclosure.I was the IG during this time and the presumptionwas, if contractors were required toreport credible evidence of fraud to the OIG,with serious penalties for failing to report in atimely manner, the IG and the contractor wouldwork more collaboratively in both conductingthe investigation and in preventing futureincidents from occurring. NRO managementbecame convinced of the value of this approach,and the mandatory reporting provision wasinserted into all NRO contracts in August, 2004.The NRO OIG’s experience with thecontract provision from 2004 through 2007demonstrated the effectiveness of this approachin creating a more transparent, collaborativeenvironment between a government agencyand its substantial—and mission critical—contractor base. As the number of disclosuresincreased, the NRO OIG created additionalopportunities for sharing the best practices inprocurement fraud prevention and detectionbetween the government and contractors, andamong contractors themselves. For example,the annual Business Ethics Conference hostedby the OIG was attended by a large portion ofthe contractor base. The conference providedan opportunity to share data and fraud trends,reporting issues, as well as fraud preventionand investigative techniques. Conference participationincreased steadily, with up to 90% ofinvited contractors sending staff.The NRO documented its experiences inthe Journal of Public Inquiry, a publication forfederal Inspectors General. 1 When the NationalProcurement Fraud Task Force was establishedcirca 2006, several of the agency IG’s, who hadbecome familiar with the NRO’s mandatorydisclosure experience, raised this idea for possiblegovernment-wide application. Departmentof Defense representatives acknowledged thatthe voluntary disclosure program, which initiallyproduced dozens of significant disclosuresafter its implementation in 1986, had waxed andwaned, with few disclosures coming in duringthe 2006/2007 timeframe. With substantialincreases in procurement fraud (particularly inthe war zones) and increasing public outrage, itappeared the time for a mandatory disclosurerequirement had come.Federal agencies seek a corporate ethicalcultureThe proposed FAR rule on mandatory disclosurewas initially drafted based on theNRO experience, but requirements for morerobust corporate business ethics and conductprograms, and specifications regarding bothsource selection and present responsibilityCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 71

Compliance & Ethics Professional May/June 2012standards, were wisely added by a varietyof experienced IG’s, agency suspension anddebarment officials, and DOJ representatives.The final FAR package was forwardedin the form of a memorandum from AliceFisher, then Assistant Inspector General forthe Criminal Division at DOJ, to the Officeof Federal Procurement Policy (OFPP) at theOffice of Management and Budget. Afterseveral modifications (including an initialexclusion for overseas contracts insertedat the White House level but subsequentlyeliminated by the 2008 Defense SupplementalAppropriations Bill), the rule was sent out forindustry comment and ultimately adopted.The government seeksethical behavior that flowsfrom a corporate culture ofproviding employees withappropriate tools (e.g., training,reporting mechanisms, andcorporate communications)and encouraging staff to dothe right thing in dealing withgovernment customers.Although some confusion and disagreementstill exist over terms like “credibleevidence,” “timely disclosure,” subcontractor“flow down,” and “full cooperation” withgovernment officials, one thing has becomeabundantly clear: Through disclosure andimproved contractor self-governance, thegovernment is looking for more than just compliance.The government seeks ethical behaviorthat flows from a corporate culture of providingemployees with appropriate tools (e.g.,training, reporting mechanisms, and corporatecommunications) and encouraging staff to dothe right thing in dealing with governmentcustomers.Since the creation of the Defense IndustryInitiative in 1986, the nation’s largest federalcontractors have invested considerableresources in developing comprehensive businessethics and compliance programs. Notableprograms include strong leadership commitmentand “tone at the top,” anonymousreporting hotlines, comprehensive codes ofconduct, and tailored ethics training.Many of these programs started strictlyas compliance activities under the company’sLegal department, aimed at ensuring adherenceto the increasingly complex federalregulations that govern the contracting process.Over time, however, most evolved intocomprehensive, values-based programs thatrecognize legal standards, but aim for evenhigher ethical standards of business conduct.Increased attention to values-based ethicsis due, in part, to statements contained inthe Organizational Sentencing Guidelines,particularly the November 2010 amendmentsthat give credit to companies whichdevelop and maintain an “ethical culture.”As a result, agency contracting officials,Inspectors General, and agency suspensionand debarment officers are focusing greaterattention on mandatory disclosure as one elementof transparency that can demonstratethe presence—or absence—of a corporateethical culture.Suspension and debarment actionsThe Obama Administration, under pressurefrom Congress to weed out governmentcontractors for ethics violations and poorperformance, proposed to suspend or debaralmost as many contractors in 2011 as theBush Administration did during its entiresecond term. 2 Federal agencies are underscrutiny after a series of Congressional72 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

hearings and reports from agency IGs and theGovernment Accountability Office accusedprocurement officials of failing to keepunethical contractors out of the $500 billion ayear federal market. According to the GeneralServices Administration, the proposed debarments(more than 1,000 during 2011) are themost since 1997, the earliest year comparabledata is available.As Kathleen Miller reported in BloombergNews, Moira Mack, a spokesperson for theOffice of Management and Budget, said, “Fortoo long, the government failed to use suspensionand debarment, even in the face ofegregious conduct by contractors. That’s whythis administration has been pushing fortougher oversight of contractors, and we’veseen results.” The Project on GovernmentOversight, a federal contracting watchdog,agreed stating, “We are starting to see thependulum swing to more contractor accountability,but government needs to do a lot moreto ensure it only works with responsible contractorsand thereby protects the public.”Agencies can propose contractors fordebarment for poor performance, as well asa variety of ethical issues, including overbilling,falsely claiming entitlement to specialtreatment under minority or small businessprograms, or violating any of the manyFAR requirements that govern the bidding,negotiation, execution, and management ofgovernment contracts. Because of the FARMandatory Disclosure Rule, an increasingnumber of such ethical issues are beingreported by the contractors themselves, theirprime contractors, or subcontractors. From thecontractors’ vantage point, the political pushfor greater accountability through the use ofsuspensions and debarments, combined withthe Mandatory Disclosure Rule, make themvulnerable both for reporting and failing toreport. They view themselves to be “betweena rock and a hard place.”An interesting phenomenon is emerging:It is not uncommon for a prime contractor (inorder to proactively protect itself) to “drop adime” on a subcontractor or supplier for evena minor FAR violation by disclosing it to theagency IG and contracting officer. The IG orcontracting officer sends the disclosure to theagency’s suspension and debarment official(SDO). This is standard procedure within theDepartment of Defense. The SDO asks thesubcontractor what it knew, when, and whyit did not disclose the infraction. If a determinationis made that there is a deficiency inthe subcontractor’s ethical culture, the SDOissues a debarment notice, based on a lack of“present responsibility” as defined in the FARethics and integrity provisions. This is not acontrived scenario; it has happened multipletimes in the past year.How should a contractor respond?The scenario described above puts the federalcontractor or subcontractor in the awkwardposition of either indicating that its controlsand compliance mechanisms were so weakthat its corporate leadership did not knowabout the alleged violation, or that it knew butfailed to disclose. Either explanation can bedevastating for the contractor and its futurebusiness with the government, because eachindicates the contractor has a weak ethical cultureand needs to significantly strengthen itscorporate ethics and compliance programs inorder to demonstrate “present responsibility.”What is a contractor to do? If the companyhas followed the practices neatly described inthe 2010 amendments to the OrganizationalSentencing Guidelines, it has likely chartered“periodic independent assessments of theeffectiveness of its ethics and complianceactivities” already. These assessments can beused to demonstrate that the company hasindeed established a credible, effective ethicsprogram that promotes an ethical culture.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 73

Compliance & Ethics Professional May/June 2012The problem violation can then be characterizedas an anomaly, a one-time failure by abad actor who circumvented company controlsand was outside the norms of companyculture.But what if such an independent assessmenthad not been previously conducted, andthe company’s ethics and compliance activitieshave not been values-based, comprehensive, oreffective? In recent cases, the government hasbeen willing to set aside debarment determinationsin favor of several company actions,including:··A complete internal investigation thatidentifies the facts surrounding the allegedviolation, the causal factors that led tothe problem, and recommendations forimprovements to processes and controls;··A comprehensive external, independentassessment of the company’s ethicalculture by a values-based ethics expert,including evaluation of the company’sethics and compliance program, and specificrecommendations for improvement;··A company action plan that outlines proposedsteps for implementing each of therecommendations contained in the independentassessment; and··A period of independent monitoring(typically 2-5 years) to evaluate companyprogress in implementing the actionspromised in its plan, and to report onimprovements to the corporate ethics andcompliance posture.The independent monitor as corporate mentorAn independent monitor is often thought of asa corporate “cop” brought in as the result of aDeferred or Non-prosecution Agreement withthe DOJ. A monitor is tasked with reportingon whether the corporate behavior that gotthe company into trouble has either ceasedor is continuing to occur. In some cases, themonitor has been a retired senior militaryEstablishing standards forcorporate self-governance andcreating an ethical culturethrough comprehensive ethicsand compliance programs, andholding contractors accountablefor maintaining these standards,is a more logical way to reducerisk and improve accountabilityto the taxpayer.officer, political appointee, a law firm, or alarge accounting firm that includes monitoringamong several lines of business services it providesto its clients. The monitoring approachis often limited to looking over the shoulderof the subject company to report any obvious,continuing violations in the specific area thatgot the company in trouble in the first place.In the new paradigm of transparency andethical culture as an essential element of governmentcontracting, this traditional, reactiveapproach to monitoring is outdated. SDOs,U.S. Attorney’s Offices, government regulators,and others who scrutinize the behavior ofgovernment contractors and regulated entitiesare focusing greater attention on less punitive,more effective ways of rehabilitating companiesso they can continue to be governmentcontractors, regulated professionals, productiveemployers, and responsible missionpartners. It is not just that these governmententities face unmanageable caseloads (whichthey do), or that they are suffering from woefullyinadequate resources to accomplish theirmission (which they are). Many individualswho have worked in this area believe thatrepeated, multiple government investigationsof contractor misconduct are simply notthe most effective way of making sure that74 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

contractors are ethical. Establishing standardsfor corporate self-governance and creating anethical culture through comprehensive ethicsand compliance programs, and holding contractorsaccountable for maintaining thesestandards, is a more logical way to reduce riskand improve accountability to the taxpayer.In 2008, Acting Deputy Attorney GeneralCraig S. Morford issued a memorandum toU.S. Attorneys outlining the best practiceprinciples for using and choosing independentmonitors. The memorandum waswritten in response to the frequent appointmentof former senior government officials(including former Attorney General Ashcroft)to serve as monitors, leaving in doubt theindependence and integrity of the monitoringprocess used in such agreements. TheMorford memo reiterated the inherent valueof independent monitoring, stating that“the corporation benefits from expertise inthe area of corporate compliance from anindependent third party. The corporation,its shareholders, employees, and the publicat large benefit from reduced recidivism ofcorporate crime and the protection of theintegrity of the marketplace.” 3Ideally, an independent corporate monitoris a person or entity who has in-depthknowledge and experience with regulatoryschemes and oversees businesses that havebeen sanctioned for the violation of one ormore regulations or laws. In some cases, theindependent monitor is engaged proactivelyin response to investigations and the threat orpotential for sanctions. The corporation paysfor the monitor, and, in exchange for agreeingto ongoing oversight, typically avoidsmore severe sanctions (such as suspension,debarment, or prosecution). Describing themonitor’s role, Morford said that, once anagreement is reached on how to preventfuture misconduct, “[a] monitor’s primaryresponsibility is to assess and monitor acorporation’s compliance with the terms of theagreement specifically designed to addressand reduce the risk of recurrence of the corporation’smisconduct, and not to furtherpunitive goals.” More specifically, the memoindicates the monitor should “oversee a company’scommitment to overhaul deficientcontrols, procedures, and culture.”In practical terms, the most effective independentmonitor, consistent with the Morfordview described above, would take any numberof the following steps to “mentor” the company,resulting in a strengthening of thecompany’s ability to function as a responsiblegovernment contractor:··Assess the company’s corporate ethicalculture;··Evaluate internal controls over corporatefinancial, purchasing, contracting, humanresources, property management, or otherkey business processes;··Assess key risks and vulnerabilities, particularlyin the areas of fraud and duediligence over subcontractors and suppliers;··Evaluate the adequacy of the company’sbusiness ethics and conduct programs; and··Make recommendations for improvement.Convergence of the FAR and independentmonitoringGovernment agencies, regulators, contractingofficers, and SDOs are looking for animportant characteristic in governmentcontractors: transparency. In many ways, themandatory disclosure requirements and theethics and business conduct provisions ofthe FAR provide tacit recognition that mistakesin government contracting will occur;that some employees might make bad, evenunethical decisions; and that the differencebetween an ethical and an unethical companyis often the manner in which the companydeals with the problem after it occurs. In fact,SDOs are increasingly focusing on the stateCompliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 75

of a company’s “ethical culture” in makingdecisions on “present responsibility” —themain factor that drives whether to suspendor debar a contractor from doing businesswith the government. This is recognized inthe FAR-mandated penalties for a company’s“failure to timely disclose” credible evidenceof violations or overpayments (i.e., suspensionor debarment).As of the writing of this piece, there hadnot yet been a case of the government suspendingor debarring a company solely forviolating the Mandatory Disclosure Rule.However, there have been several cases inwhich the government determined that theunderlying violation, coupled with the failureto disclose in a transparent manner, signaledan unethical corporate culture that raisedenough questions about the company’s “presentresponsibility” that a proposed debarmentwas in order.In an increasing number of cases, welladvisedcompanies have avoided or reversedsuspension/debarment decisions by offeringto proactively hire an independent monitorto (1) conduct an independent assessmentof the ethical culture of the company, (2)evaluate the strength of the corporate ethicsand compliance activities, (3) make specificrecommendations to improve the ethicsprogram and internal controls of the company,and (4) independently monitor (withreports to the government) the company’sprogress in implementing the monitor’srecommendations.The steps described above have not onlybeen enough to avoid suspension, debarment,prosecution, and other punitive actions,but they have also created greater transparencyin the government contracting process.Strengthening their ethical culture, establishingor enhancing the FAR-mandated businessethics and conduct programs, and educatingstaff about the broad applicability of mandatoryreporting requirements have, in fact, helpedcompanies become more responsible governmentcontractors. In the final analysis, isn’t thatthe end game we are all working toward? ✵1. Larsen, Alan S. and Feldman, Eric R.: “Convincing Contractors toReport Their Own Procurement Fraud.” Journal of Public Inquiry,Spring/Summer, 2006.2. Miller, Kathleen: “US Agencies Want 1,000-plus Contractors Barred.”Bloomberg News, December 28, 2011.3. Morford Craig S: “Selection and Use of Monitors n DeferredProsecution Agreements and Non-Prosecution Agreements withCorporations.” U.S. Department of Justice, Office of the DeputyAttorney General, March 7, 2008.Eric R. Feldman is President of Core Integrity Group LLC and Director ofCorporate Compliance, Affiliated Monitors in Redondo Beach, California. Hemay be contacted at eric@coreintegritygroup.com.Thank you!Compliance & Ethics Professional May/June 2012Has someone done something great for you,for the Compliance profession, or for SCCE?If you would like to give recognition bysubmitting a public “Thank You” to be printed inCompliance & Ethics Professional magazine, pleasesend it to liz.hergert@corporatecompliance.org.Entries should be 50 words or fewer.76 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Your Guide to Becomingan Effective InvestigatorThe First Information Is Almost Always Wrong:150 Things to Know AboutWorkplace InvestigationsBy Meric Craig Bloch, Esq., CCEP, PCI, CFEEffective workplace investigations are equal partsart and science. Meric Bloch has mastered bothaspects through years of hard-earned experience.In this book, he details the strategies and tacticshe knows work best.His practical guidance will help readers learn toplan and conduct thorough investigations andturn the results into valuable knowledge for theirorganizations. His insightful approach is mappedout in three sections.• Protect Your Career—How to Think Likea Workplace Investigator• Protect Your Company—How to Integrate YourInvestigations into Your Company’s Operations• Protect Your Case—How to Conduct anEffective Workplace InvestigationWith this tutorial, readers will learn not only how touncover the truth about misconduct or fraud, butalso how to ensure that the results can help anorganization resolve issues and move forward.ORDER ONLINE ATwww.corporatecompliance.org/booksGet the executive training DVDs that workThe Ethics Series withDr. Marianne JenningsProduced by DuPont Sustainable Solutions• “Ethics Is a Competitive Advantage” lists five key reasonswhy ethics matter. This program explores why working in the grayareas is risky. (20 min.)• “Speaking Up Without Fear” discusses how organizations candraw out wrongdoing and help create a culture where employees feelempowered. (15 min.)• “Ethical Leadership: Tone at All Levels” explores howemployees can handle the tension between increasing anorganization’s bottom line and protecting its good reputation. (20 min.)SCCE members: $450 per segment, or $1,175 for the seriesNon-members: $495 per segment, or $1,295 for the seriesLearn more and purchase online atwww.corporatecompliance.orgEach segmentis availableindividually,or all togetheron one DVD.Compliance & Ethics Professional May/June 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 77

Feature The last wordby Joe Murphy, CCEP“Papa don’t preach”: Advicefrom Madonna for your CEOCompliance & Ethics Professional May/June 2012MurphyWe all know the CEO needs to setthe right tone at the top, but whatdoes that mean? Here is one areawhere maybe Madonna has the right idea:“Papa don’t preach.” Tone at the top is not“talk at the top;” it should mean action at thetop to support your program.What often passes for tone at the top issome policy statement, perhaps written infulminating style, swearing a mightyoath to support the law. From myexperience in antitrust compliance, Iwould say this is the rule rather thanthe exception. The general counsel orantitrust lawyer writes it and the CEOsigns it (with or without reading it).Of course, employees (who are fairlysmart on these types of things) know that thisis from the lawyers, not the CEO.Interestingly, guidance written by the UK’sOffice of Fair Trading (OFT) on how to do acompetition law compliance program seems tocatch this point. 1 For example, the OFT’s guidancestresses the need for commitment fromsenior management and the board. But unlikesome of the other standards around, the OFTindicates that this means action, not just talk.The guidance makes a very good point aboutsenior management showing what they havedone to help the company comply, such asattending the compliance training themselves.It tells management that “They need todemonstrate this commitment through theiractions clearly and unambiguously.”Another suggestion from the OFT is “theremainder of the board of directors (or seniormanagement team if the business is not acompany) challenge the effectiveness of compliancemeasures that have been undertaken,for example by asking questions about whatis being done to identify, assess, mitigate andreview competition law risk.”Tone at the top is not“talk at the top;” it shouldmean action at the top tosupport your program.In an article I wrote for ethikos magazine 2 afew years ago, I offered a list of 11 steps a CEOcould do to make a difference, without eversaying the words “ethics” or “compliance.”Something as simple as having an obviouslyused copy of the company code of conduct onhis or her desk could send a subtle but importantmessage. Going around the table at anexecutive staff meeting, asking each VP whathe or she had done to promote the programwould be another, more dramatic step. TheCEO could call the helpline with a question(I once heard a CEO say he had done this—tothe apparent surprise of his ethics officer), orpublicly turn down a business trip because ofthe appearance of a conflict of interest.The CEO and other executives can setthe tone at the top in many ways, but start bypromising not to preach. ✵1. UK Office of Fair Trading: Quick Guide to Competition LawCompliance. www.oft.gov.uk/shared_oft/ca-and-cartels/competitionawareness-compliance/quick-guide.pdf2. Joe Murphy: “How the CEO Can Make the Difference in Complianceand Ethics,” ethikos , vol. 20, no. 6; (May/June 2007)Joe Murphy is Of Counsel to Compliance Systems Legal Group andEditor-in-Chief of Compliance & Ethics Professional Magazine. He may becontacted at jemurphy@voicenet.com.78 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

sTakeawaysMay/June 2012Compliance & EthicsProfessionalTear out this page and keep for reference, or share with a colleague. Visit www.corporatecompliance.org for more information.Understanding the proposed EUdata protection regulationby Robert Bond (page 24)»»The EU is in the process of revising its dataprivacy regime to harmonise data protectionacross its member states.»»The propsed Data Protection Frameworkwill implement greater enforcement powersthat apply to both data controllers and dataprocessors.»»The Framework will focus on consent,breaches, data transfers, accountability, andliability.»»Individuals will have greater control of theirpersonal data, and special protections for thedata of children are included.»»Foreign businesses that target EU citizens willincur significant compliance obligations.Buyers on the takeby Peter J. Crosa (page 30)»»Embezzlement or misappropriation isn’t limitedto line employees. The E&C purview netshould be cast from the lowest level employeeto the executive board, and from stockroom toboardroom.»»Staff is more likely to be influenced by unscrupulousvendors while away from the office.»»No vendor should be considered incapableof inappropriate influence, from janitors tolawyers.»»Investigators frequently uncover an employeeperpetrator who has a tragic character flawthat is germane to misappropriation.»»Cash kickbacks, entertainment, and otheruntraceable gifts are often subject tomisappropriation.It’s time to change theSEC’s cultureby Marlowe Doman (page 34)»»Individuals may get financial rewards if theyprovide the SEC with information that leads tosuccessful enforcement actions against WallStreet wrongdoers.»»If the action is successful, whistleblowers canbe granted between 10% and 30% of any fineover $1 million collected by the SEC.»»For the laws to achieve their goals of exposingand halting Wall Street corruption, the SECmust confront its own culture and dark pasttoward whistleblowers.»»Over the past decade, the SEC allegedlymistreated its employees who attempted tocorrect wrongdoing within the Commission,as well as outsiders who reported securitiesviolations.»»The Dodd-Frank whistleblower provisionsprovide the SEC with an opportunity for a freshstart in its treatment of whistleblowers.Ethical decision-makingmodels: Decisions, decisionsby Roz Bliss (page 40)»»Ethical decision-making models help employeesmake the good choices.»»Employees know when something just doesn’tseem right.»»Encourage employees to examine and identifypossible alternatives.»»What would a reasonable person think aboutthis decision?»»It takes courage to do the right thing.Powerful witness preparation:The pure and simple truthby Dan Small and Robert F. Roach(page 44)»»The need to tell the truth does not lessen theneed to prepare the witness to testify.»»If you make a mistake, stop and fix it. The jurywill understand.»»Deal with the bad stuff up front. Being defensiveor trying to cover it up will only makethings worse.»»Witnesses should include positive aspectsabout themselves as part of telling the truth.»»Witnesses should concentrate on what theysaw, heard, or did and avoid speculation.The economy, compliance, andethicsby Adam Turteltaub (page 48)»»The percentage of compliance programs withincreasing budgets is on the rise.»»Although budgets are on the rise, staffinglevels for the Compliance department are notfollowing suit.»»Stress levels among compliance professionalsare rising as they do more work with fewerstaff.»»Compliance is more likely to be seen as apositive asset, rather than a hindrance todoing business.»»Many respondents thought that economic conditionsmay lead to more compliance failures.Corporate codes of conduct inthe United Statesby Gilbert Geis, PhD & Henry N. Pontell,PhD (page 54)»»A code of conduct informs employees aboutacceptable behaviors the company expectsand the conduct that will not be tolerated.»»Codes have proliferated as courts have heldemployers responsible for monitoring theactions of their employees.»»If codes are not enforced, employees willsee them as window dressing, and ignoringthe rules will become part of the corporateculture.»»The content of codes has changes as pricefixing, foreign bribes, sexual harassment, andinsider trading scandals have come to light.»»The effectiveness of a code of conduct is not amitigating factor in the Dodd-Frank legislation.Social media evidence:A new accountabilityby Dawn Lomer (page 66)»»Courts are seeing an explosion of evidencefrom social media sites.»»Case law regarding social media evidence isstill developing.»»Attorneys and investigators should stayabreast of new rulings as they happen.»»Ethics and common sense rule when it comesto gaining access to personal social mediainformation.»»Rules of preservation apply to social media,just as they do elsewhere.Building transparency,accountability, and ethicsin government contractingby Eric R. Feldman (page 70)»»The Federal Acquisition Regulations (FAR)require contractors to self-report credibleevidence of violations of federal criminal lawand significant overpayments.»»The federal government now requires morerobust corporate ethics and business conductprograms as a component of “present responsibility”determinations when consideringOverzealous I-9 compliancesuspension and debarment actions.can result in a discrimination »»A record number of suspensions and debarmentslawsuitof unethical contractors were made in 2011.by Justin Estep (page 50)»»Agency suspension and debarment officials»»The United States government has drastically have placed greater emphasis on deficienciesincreased Form I-9 audits.in corporate ethical culture than on specific»»FAR violations during recent suspension andMany Human Resources representatives aredebarment actions.misinformed about Form I-9 specifics.»»»»Contractors can decrease their risk by takingThe United States government is also investigatingForm I-9 discrimination.proactive steps designed to improve both thecorporate ethical culture and the effectiveness»»Companies are forced to pay heavy Form I-9 of the business ethics and compliance program.discrimination fines.»»Consistent Form I-9 policy is the bestdeterrence to fines.+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 79Compliance & Ethics Professional May/June 2012

SCCE’s 2012 Upcoming EventsLearn more about SCCE’s educational opportunities at www.corporatecompliance.org/eventsMay 2012Sunday Monday Tuesday Wednesday Thursday Friday SaturdayMother’s Day1 2 3 4 56 7 8 9 10 11 12Basic Compliance &Ethics AcademySão Paulo, Brazil13 14 15 16 17 18 1920 21 22 23 24 25 26Basic Compliance & Ethics AcademyBrussels, BelgiumMay Day27 28 29 30 31SCCE OFFICE CLOSEDMemorial DayCorporate Compliance & Ethics WeekMay 6–12, 2012CCEP‐I ExamCCEP‐I ExamUpper Northeast RegionalConferenceNew York, NYShavuot beginsJune 2012Sunday Monday Tuesday Wednesday Thursday Friday SaturdayHigher EducationCompliance ConferenceAustin, TXFather’s DayWEB CONFERENCE:Anti-Corruption: WhatEvery Ethics & ComplianceProfessional Needs To Know1 23 4 5 6 7 8 910 11 12 13 14 15 16Basic Compliance & Ethics AcademyScottsdale, AZCCEP ® Exam17 18 19 20 21 22 23First Day of SummerCCEP ® ExamAlaska RegionalConferenceAnchorage, AKWest Coast RegionalConferenceSan Francisco, CA24 25 26 27 28 29 30All Upcoming EventsBasic Compliance & EthicsAcademiesMay 7–10 • São Paulo, BrazilMay 21–24 • Brussels, BelgiumJune 11–14 • Scottsdale, AZJune 25–28 • San Diego, CAJuly 9–12 • Shanghai, ChinaAugust 13–16 • Boston, MANovember 12–15 • Orlando, FLDecember 10–13 • San Diego, CARegional ConferencesUpper Northeast • May 18 • New York, NYAlaska • June 15 • Anchorage, AKWest Coast • June 22 • San Francisco, CASoutheast • October 12 • Atlanta, GASouthwest • November 2 • Houston, TXHigher EducationCompliance ConferenceJune 3–6 • Austin, Texas11th AnnualCompliance & Ethics InstituteOctober 14–17 • Las Vegas, NevadaAria in Las VegasBasic Compliance & Ethics AcademySan Diego, CACCEP ® ExamJuly 2012Sunday Monday Tuesday Wednesday Thursday Friday Saturday1 2 3 4 5 6 7Canada DaySCCE OFFICE CLOSEDIndependence Day8 9 10 11 12 13 14Basic Compliance & Ethics AcademyShanghai, ChinaCCEP‐I Exam15 16 17 18 19 20 21Ramadan begins22 23 24 25 26 27 2829 30 31Dates and locations are subject to change.

11 th AnnualSAVE THENEW DATEAND $575 WHENYOU REGISTER EARLY*Compliance & Ethics InstituteOctober 14–17, 2012 | Las Vegas, Nevada USA | Aria in Las VegasMore tracks and sessions than everbefore to meet the need for educationon the issues you are facing• Risk Track• Ethics Track• Multinational/International Track• Case Study Track• Advanced Discussion Groups• Investigations Workshop• Speed Networking, and moreKeynote presentation byJAMES B. STEWARTColumnist, The New York TimesAuthor, Tangled Webs: How FalseStatements Are UnderminingAmerica: From Martha Stewart toBernie MadoffOver 90 sessions and 130 speakersVisit www.complianceethicsinstitute.org to learn more, register,and find details on booking your hotel stay at Aria in Las Vegas.*Register on or before July 11, 2012, to save $575

Join us for SCCE’s 10th AnnualHigher EducationCompliance ConferenceJune 3–6, 2012 | Austin, TexasAT&T Executive Education Conference CenterENJOY TIMELY & USEFUL SESSIONSRegister today andenjoy the flexibilityof two conferencesfor the price of one!Complimentary access to HCCA’sResearch Compliance Conferenceis included with your HigherEducation Compliance Conferenceregistration. The parallel schedulegives you the freedomto attend sessions ateither conference:two for the price of one.HEAR FROM EXPERTSDefining and Communicatingthe Role of Compliance & EthicsDonna McNeely, University Ethics Officer,University of IllinoisGrace Fisher Renbarger, Former VicePresident and Chief Ethics & ComplianceOfficer, Dell Inc.Kimberly F. Turner, Chief Audit Executive,Texas Tech University SystemBehavioral Ethics: Why GoodPeople Do Bad ThingsRobert Prentice, Professor of BusinessLaw and Business Ethics in the Business,Government & Society Department,McCombs School of Business,University of TexasBest Practices forHigher EducationAudit & ComplianceLisa Murtha, Partner,SNR Denton US LLPLarry Plutko, SystemwideCompliance Officer, TheUniversity of Texas SystemMichael L. Somich, ExecutiveDirector of Internal Audits,Duke UniversityMary Lee Brown, AssociateVice President Audit,Compliance & Privacy,University of Pennsylvaniaand Health SystemVIEW THE FULL AGENDA & REGISTER ATwww.highereducationcompliance.orgActiance, IncAdeccoBoulette & Golden, LLPDIGITS, LLCDow Lohnes, PLLCJohns Hopkins Health SystemNational Institute ofEnvironmental Health SciencesNational Science FoundationNew York UniversityNJ Higher EducationStudent Assistance AuthorityTexas Tech University SystemThe University of Technology JamaicaThe University of TexasUCLA Health SystemUniversity of CaliforniaUniversity of California at Santa CruzUniversity of California, DavidUniversity of ConnecticutUniversity of IllinoisUniversity of LouisvilleUniversity of Pennsylvaniaand Health SystemUniversity of Southern CaliforniaUniversity of Vermont