Compliance & Ethics Professional - Society of Corporate ...

Compliance & Ethics Professional - Society of Corporate ...

Compliance & Ethics Professional - Society of Corporate ...

  • No tags were found...

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

2012Basic<strong>Compliance</strong>& <strong>Ethics</strong>doN’t miSSyour CHANCEto AttENdAN ACAdEmyiN 2012AcademiesBecome a Certifi ed<strong>Compliance</strong> & <strong>Ethics</strong>pr<strong>of</strong>essional (CCEp) ®following this intensivetraining sessionJune 11–14Scottsdale, aZJuly 9–12Shanghai, Chinaaugust 13–16Boston, manovember 12–15orlando, Fldecember 10–13San diego, CaSPACE iS limitEd.rEgiStEr EArly!Learn more & register atwww.corporatecompliance.org/academies

Letter from the CEOby Roy SnellWhat does your compliance<strong>of</strong>ficer know that you,the CEO…don’t?SnellThis is not to imply that compliance<strong>of</strong>ficers are smarter than anyone else.It’s just that compliance <strong>of</strong>ficers have aunique seat in your house. Your other advisorsmight have a predilection for finding thingsthat “make your day.” The compliance andethics <strong>of</strong>ficer has been asked to prevent,find, and fix problems that maynot “make your day.” Dealing withthe problems when they are small is,<strong>of</strong> course, preferable. However, dealingwith problems even when theyare small can be stressful. Your otheradvisors may not know how importantit is to deal with the issue early.They may not always tell you what you needto know.It’s not that your compliance <strong>of</strong>ficer doesn’twant you to smile. In fact, I am sure they livefor those moments. We published the firstevercompliance pr<strong>of</strong>essional stress surveyreport just yesterday. About 60% <strong>of</strong> compliancepr<strong>of</strong>essionals have awakened in the middle<strong>of</strong> the night and/or wanted to quit in the lasttwelve months, all due to job-related stress.And it’s pretty clear from the results that theCEO’s support and interest in what they knowaffects their stress level. So asking them whatthey know might just help on two fronts. Youwill be more aware <strong>of</strong> current issues, and youmight help their stress level by being involved.They know about more problems becausethey are looking. They know about more problemsbecause employees trust them or believethey might do something about the problem.As a CEO myself, I know I have to work atdrawing things out <strong>of</strong> some <strong>of</strong> my advisors.Some advisors are reluctant to tell you badnews. If you want to know where ethical orregulatory trouble lurks, there is no one else inyour organization with more information thanyour compliance <strong>of</strong>ficer.Most <strong>of</strong> all, they know which problemswon’t go away or get better with age. Theyknow the price you pay when your advisorssuggest you choose to deny and defend orlook the other way. They know the benefits<strong>of</strong> preventing, finding, and fixing problems.They know the damage that legal and ethicalproblems can cause. No one cares more aboutthis. No one knows more about preventing,finding, and fixing problems than the compliance<strong>of</strong>ficer. What do they know that you don’tknow? They know just what you are payingthem to know. ✵Contact Roy Snell at roy.snell@corporatecompliance.org<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 3

“ ”You tell the truth, youdon’t lie; you comeforward when you seesomething that’s wrong.See page 17<strong>Compliance</strong> & <strong>Ethics</strong><strong>Pr<strong>of</strong>essional</strong>Editor-in-ChiefJoseph Murphy, Esq., CCEP, Of Counsel, CSLG, Haddonfield, NJ,jemurphy@cslg.comExecutive EditorRoy Snell, CCEP, CHC, CEO, roy.snell@corporatecompliance.orgArticles40 Powerful witness preparation:The most important personBy Dan Small and Robert F. RoachThe second in a series <strong>of</strong> articles about preparing to give testimonyin court or during a deposition.44 Nuts & bolts for boards: What ethicsoversight really means [CEU]By Frank J. NavranAn in-depth look at the roles and responsibilities <strong>of</strong> individual board members,the ethics committee, and the board as a whole.55 Multinationals and due diligence:What are the red flags?By Charles ThomasSix key principles to prevent bribery and seven warning signs to considerwhen performing due diligence on vendors and suppliers.59 Computers and copyrights:A continuing source <strong>of</strong>avoidable liability [CEU]By Thomas W. KirbySeemingly innocent sharing by employees can expose employersto stiff penalties.63 Is your ethics and compliance trainingreally preparing your employees? [CEU]By Charles RuthfordEffective compliance training helps stressed employees think clearlyand develop good habits that lead to good performance.Advisory BoardCharles Elson, JD, Edgar S. Woolard, Jr. Chair in <strong>Corporate</strong>Governance, Director <strong>of</strong> the John L. Weinberg Center for<strong>Corporate</strong> Governance at University <strong>of</strong> Delaware.Jay Cohen, <strong>Compliance</strong> Consultant, Assurant Inc.John Dienhart, PhD, The Frank Shrontz Chairfor Business <strong>Ethics</strong>, Seattle University; Director,Northwest <strong>Ethics</strong> Network; Director, Albers Business<strong>Ethics</strong> Initiative; Fellow, <strong>Ethics</strong> Resource CenterOdell Guyton, JD, CCEP, Senior <strong>Corporate</strong> Attorney,Director <strong>of</strong> <strong>Compliance</strong>, U.S. Legal–Finance & Operations,Micros<strong>of</strong>t CorporationRebecca Walker, JD, Partner, Kaplan & Walker LLPRick Kulevich, JD, Senior Director, <strong>Ethics</strong> and <strong>Compliance</strong>,CDW CorporationSteve LeFar, President, Sg2Stephen A. Morreale, DPA, CHC, CCEP, Principal,<strong>Compliance</strong> and Risk DynamicsMarcia Narine, JD, Vice President Global <strong>Compliance</strong>and Business Standards, Deputy General Counsel,Ryder System, Inc.Ann L. Straw, General Counsel US, Votorantim CimentosNorth America, Inc.Greg Triguba, JD, CCEP, Principal,<strong>Compliance</strong> Integrity Solutions, LLCStory Editor/AdvertisingLiz Hergert, +1 952 933 4977 or 888 277 4977liz.hergert@corporatecompliance.orgCopy EditorPatricia Mees, CCEP, CHC, +1 952 933 4977 or 888 277 4977patricia.mees@corporatecompliance.orgDesign & LayoutSarah Anondson, +1 952 933 4977 or 888 277 4977sarah.anondson@corporatecompliance.org<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> (CEP) (ISSN 1523-8466)is published by the <strong>Society</strong> <strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> and <strong>Ethics</strong>(SCCE), 6500 Barrie Road, Suite 250, Minneapolis, MN 55435.Subscriptions are free to members. Periodicals postage‐paid atMinneapolis, MN 55435. Postmaster: Send address changes to<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> Magazine, 6500 Barrie Road,Suite 250, Minneapolis, MN 55435. Copyright © 2012 <strong>Society</strong><strong>of</strong> <strong>Corporate</strong> <strong>Compliance</strong> and <strong>Ethics</strong>. All rights reserved. Printedin the USA. Except where specifically encouraged, no part <strong>of</strong> thispublication may be reproduced, in any form or by any means,without prior written consent from SCCE. For subscriptioninformation and advertising rates, call +1 952 933 4977or 888 277 4977. Send press releases to SCCE CEP PressReleases, 6500 Barrie Road, Suite 250, Minneapolis, MN55435. Opinions expressed are those <strong>of</strong> the writers and not <strong>of</strong>this publication or SCCE. Mention <strong>of</strong> products and services doesnot constitute endorsement. Neither SCCE nor CEP is engaged inrendering legal or other pr<strong>of</strong>essional services. If such assistanceis needed, readers should consult pr<strong>of</strong>essional counsel or otherpr<strong>of</strong>essional advisors for specific legal or ethical questions.Volume 9, Issue 2<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 5

News<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012Almost half <strong>of</strong> US workershave observed misconductThe <strong>Ethics</strong> Resource Centerannounced in Januarythe results <strong>of</strong> its NationalBusiness <strong>Ethics</strong> Survey. Inits January 5 press release,it stated “Over the past twoyears, 45 percent <strong>of</strong> U.S.employees observed a violation<strong>of</strong> the law or ethicsstandards at their places <strong>of</strong>employment. Reporting <strong>of</strong>this wrongdoing was at an alltimehigh—65 percent—butso too was retaliation againstemployees who blew thewhistle: more than one in fiveemployees who reported misconductthey saw experiencedsome form <strong>of</strong> retaliation inreturn.” To download thecomplete survey results, visitwww.ethics.org/nbes ✵OECD criticizes corruptionenforcement in three nationsThe Organization forEconomic Development’sWorking Group on Briberyreleased three reports inJanuary to chastise threenations for poor corruptionenforcement. The internationalgroup urged Japan,Italy, and Switzerland todo more to implementthe OECD’s Convention<strong>of</strong> Combating Bribery <strong>of</strong>Foreign Public Officials, anagreement that all threecountries had previouslysigned. The group assertedthat Japan and Switzerlandeach had only completed twoprosecutions since signingthe convention, and Italy hadonly sanctioned three companiesand nine individuals,after bringing 60 defendantsto trial. ✵“‘Over the past two years, 45 percent<strong>of</strong> U.S. employees observed a violation<strong>of</strong> the law or ethics standards at theirplaces <strong>of</strong> employment…more thanone in five employees who reportedmisconduct they saw experiencedsome form <strong>of</strong> retaliation in return.’”Read the latest news online · www.corporatecompliance.org/newsEx-SEC<strong>of</strong>ficial finedfor taking jobwith allegedPonzi schemerThe complex fraud case<strong>of</strong> Robert Allen Stanfordis far from resolution, butone segment <strong>of</strong> the casehas concluded. The JusticeDepartment reported inJanuary that a formerSecurities and ExchangeCommission <strong>of</strong>ficial hasagreed to pay a $50,000 finefor working with the allegedPonzi schemer after allegedlytaking part in SEC decisionsnot to investigate him.Spencer C. Barasch, alawyer who was head <strong>of</strong>enforcement in the SEC’sFort Worth regional <strong>of</strong>fice,left the SEC in 2005 andwent on to briefly representStanford in an agencyprobe. According to theSEC’s Inspector General, thatwas after Barasch had beeninvolved in SEC decisions notto pursue warnings aboutStanford. Barasch has deniedany allegations <strong>of</strong> wrongdoing,the Justice Departmenthas reported. However, undera civil settlement, he agreedto pay the maximum fine fora violation <strong>of</strong> the statute. ✵6 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

NewsSEC changes policy onadmission <strong>of</strong> guiltThe US Securities andExchange Commissionannounced a fundamentalpolicy shift in Januaryregarding its practice <strong>of</strong>allowing defendants to settlefraud charges with only afine payment. In a January 6announcement, Securitiesand Exchange CommissionEnforcement DirectorRobert Khuzami stated thatUK fraud increases50 percent to $3.25BAn analysis <strong>of</strong> publiclyreported cases <strong>of</strong> fraud in theUnited Kingdom reveals thatit rose to £2.1 billion ($3.25billion) in 2011, a 50 percentincrease over 2010. The 2011FraudTrack report, producedby the accounting firm BDOLLP, based its analysis oncases <strong>of</strong> fraud <strong>of</strong> more than£50,000 in publicly availablecorporations and individualswill no longer be able toassert that they “neither admitnor deny” civil fraud charges,if they have also admitted toor were convicted <strong>of</strong> a criminalviolation in a parallelcriminal case. The policy willalso apply to defendants whoenter deferred prosecutionagreements with criminalauthorities. ✵reports, including the UK’snational, regional, and localpress.Tax fraud, which accountsfor 36 percent <strong>of</strong> the total,was significantly higher thanother forms. Employee fraudaccounted for 10 percent,management fraud for 5 percent,and corruption for lessthan 1 percent.” ✵RegulatorsapproveDodd-FrankinvestorprotectionsThe Commodity FuturesTrading Commissionapproved in January new rulesdesigned to rein in banksand their derivatives tradingefforts. The new regulationsinclude requirements that customerfunds must be storedin separate accounts from aninstitutions’ own collateral.The rule targets brokeragefirms and derivative clearingorganizations. “Segregation<strong>of</strong> customer funds is the corefoundation <strong>of</strong> customer protectionin the commodityfutures and swaps markets,”said agency Chairman GaryGensler. The change occurredshortly after the collapse <strong>of</strong> MFGlobal, in which $1.2 billion incustomer money disappeared,and nearly a third has still notbeen located. ✵Thankyou!Has someone done something great for you,for the compliance pr<strong>of</strong>ession, or for SCCE? Ifyou would like to give recognition by submittinga public “Thank You,” please send it toliz.hergert@corporatecompliance.org.Entries should be 50 words or fewer.Read the latest news online · www.corporatecompliance.org/news<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 7

SCCE NewsSCCE conference NewsNational conferences<strong>Compliance</strong> & <strong>Ethics</strong> Institute, October14–17, Las Vegas at Aria: New to the agendathis year is the Multinational/Internationaltrack to go along with tracks in Risk, <strong>Ethics</strong>,Case Studies, General/Hot Topics, andAdvanced Discussion Group. View topics andspeakers, along with other information:www.complianceethicsinstitute.orgHigher Education <strong>Compliance</strong> Conference,June 3–6, Austin, Texas: Make sure to registerbefore Wednesday, April 25 to save $250.www.highereducationcompliance.orgAcademiesAcademies address methods for implementingand managing compliance programs basedon the Seven Element Approach. Courseswill address subject matter in each <strong>of</strong> theseareas and better prepare interested parties forthe CCEP exam. The Academy is designedfor participants with a general knowledge <strong>of</strong>compliance concepts and anyone working in acompliance function.www.corporatecompliance.org/academiesRegional conferencesSCCE’s regional conferences are one-dayprograms designed to provide the hot topicsand practical information that compliancepr<strong>of</strong>essionals need to create and maintaincompliance programs in a variety <strong>of</strong> industries.The 2012 regional conferences include:··Chicago, April 27··New York, May 18··Anchorage, June 15··San Francisco, June 22··Atlanta, October 12··Houston, Nov 2www.corporatecompliance.org/regionalWeb conferencesSCCE members save $850 by purchasing asubscription. Select ten individual session foronly $900 vs. $1,750 if purchased separately.www.corporatecompliance.org/webconferencesThankyou!“Thank you to all the SCCE staff, but especially themeeting planners for their continued hard workand dedication to delivering the best complianceand ethics programs available anywhere!”—Art WeissFind the latest conference information online · www.corporatecompliance.org/events<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 9

SCCE NewsSCCE website NewsContact Tracey Page at 952-405-7936 or email her at tracey.page@corporatecompliance.org with any questions about SCCE’s website.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012<strong>Corporate</strong> <strong>Compliance</strong> and <strong>Ethics</strong> WeekMay 6–12 marks the 8th annual <strong>Corporate</strong><strong>Compliance</strong> and <strong>Ethics</strong> Week! This is a greattime for your <strong>of</strong>fice to set up a new compliancetraining program, raise awareness,and thank employees fortheir dedication to compliance andethics. SCCE has a complimentaryweb conference and downloadableposters, and you can also purchaseproducts online and get greatideas to educate your <strong>of</strong>fice on compliance andethics. For more information visit:www.corporatecompliance.org/candeweekUsing incentives in your compliance andethics programA new addition to SCCE’s resource centeris Joe Murphy’s paper on using incentivesin your compliance and ethics program. Itprovides a road map for organizations thatunderstand, yet struggle with, adequate control<strong>of</strong> incentives. To download a free copy,check out the Issues & Answer’s section underthe Resources tab.www.hcca-info.org/incentivesThird-party essentialsDo you know the risks posed by your agentsand contractors? Third Party Essentials:A Reputation/Liability Checkup When UsingThird Parties Globally, written by MarjorieW. Doyle, is now available for download onSCCE’s website. This complimentary bookletincludes a checklist to test the health <strong>of</strong> yourorganization’s third-party controls.www.corporatecompliance.org/compliancebasicsWeb conferencesSeveral web conferences covering many differenttopics are coming up soon. You canregister online for upcoming live webinars.Can’t make the time commitment? Pastweb conferences can be viewed instantlyby streaming the recorded session to yourcomputer. It’s a great way to earn 1.2 CEUstowards your certifications and catch up onthe latest compliance issues.www.corporatecompliance.org/webconferencesFind the latest SCCE website updates online · www.corporatecompliance.orgViewing your CEUs onlineDon’t get stressed out about your certificationrenewal date at the last minute. To stay on top<strong>of</strong> your CEU credits, make sure they are alllisted in your account. View them under the“Member” tab by clicking on “My Account,”then click on “Activities” and “CEUs.”www.corporatecompliance.orgSCCE’s stress survey results now availableA new survey sponsoredjointly by SCCE and the HealthCare <strong>Compliance</strong> Associationreveals that the stress levels forcompliance and ethics pr<strong>of</strong>essionalsare very high. Overall,58% <strong>of</strong> survey respondentsreported that they <strong>of</strong>ten wakeup during the middle <strong>of</strong> the night worryingabout job-related stress and 60% report havingconsidered leaving their job in the last 12months due to job-related stress. Download acomplimentary PDF <strong>of</strong> the survey results fromSCCE’s website.www.corporatecompliance.org/surveys10 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

SCCE NewsNewsContact Eric Newman at 952-405-7938 or email him at eric.newman@hcca-info.org with any questions about SCCEnet.SCCEnet (www.corporatecompliance.org /sccenet) is thecomprehensive social network for compliance and ethicspr<strong>of</strong>essionals. Subscribe to dozens <strong>of</strong> discussion groupsand get your compliance questions answered. Share yourexperience with your colleagues. Offer your resources andpolicies in the libraries.Download the SCCEnet Mobile App··The SCCEnet mobile app runs on Apple,Android, and Blackberry Devices. Youcan read and post new discussions, searchand download compliancedocuments fromour libraries, and searchthrough the 9,000 SCCEnetmembers in the directory.www.corporatecompliance.org/mobileUpdate your SCCEnet pr<strong>of</strong>ile using yourLinkedIn ® account··Now you can update your SCCEnet pr<strong>of</strong>ilewith the information you have on yourLinkedIn pr<strong>of</strong>ile. This includes your pr<strong>of</strong>ilepicture, work history, and your LinkedIn ®contacts that are also on SCCEnet.Instructions at http://bit.ly/sccepr<strong>of</strong>ileSCCE is now on Google+··Add SCCE to your circles:www.corporatecompliance.org/googleSubscribe to the following SCCEnet compliancediscussion groups:··Go to www.corporatecompliance.org/groups and click“My Subscriptions” to subscribe to discussiongroups and participate.––2012 SCCE <strong>Compliance</strong> and <strong>Ethics</strong> Institute––Auditing and Monitoring <strong>Compliance</strong> Network––Chief <strong>Compliance</strong> <strong>Ethics</strong> Officer Network––Communication Training and Curriculum Development––Competition Law and Antitrust Network––<strong>Compliance</strong> Diversity Forum––<strong>Compliance</strong> Risk Management––<strong>Ethics</strong> Forum––European <strong>Compliance</strong> and <strong>Ethics</strong>––FCPA: Foreign Corrupt Practices Act Forum––Financial Institutions Network––Global <strong>Compliance</strong> and <strong>Ethics</strong> Community––Higher Education Forum––Investment Management Forum––SCCE <strong>Compliance</strong> Academies––Social Media <strong>Compliance</strong>––Social Responsibility Forum––Utilities and Energy NetworkPopular resource: Exiting Employee<strong>Compliance</strong> Considerations··Outline <strong>of</strong> considerations when employeesleave, including trade secrets, recordsmanagement, compliance functions.Available at http://corporatecompliance.org/exitWatch compliance videos on YouTube··Subscribe to SCCE’s YouTube channel:www.youtube.com/compliancevideosPopular discussions··2011 National Business <strong>Ethics</strong> Survey:http://corporatecompliance.org/NBES··Handbook vs. Policies vs. Code:http://corporatecompliance.org/HPCFind the latest SCCEnet updates online · www.corporatecompliance.org/sccenet<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 11

People on the Move<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012· Scott Killingsworth hasjoined the Board <strong>of</strong> Governors<strong>of</strong> the Center for <strong>Ethics</strong> and<strong>Corporate</strong> Responsibility atGeorgia State University. Aunit <strong>of</strong> the J. Mack RobinsonCollege <strong>of</strong> Business at GeorgiaState University, the Centerintegrates the best insights<strong>of</strong> scholars and businesspeople to develop strategiesfor addressing the complexethical challenges faced byorganizations. Formerlythe Southern Institute forBusiness and <strong>Pr<strong>of</strong>essional</strong><strong>Ethics</strong>, the Center was establishedin 1993 and became apart <strong>of</strong> the Robinson Collegein 2007.· Chris DePippo has beenappointed Vice President,Chief <strong>Ethics</strong> and <strong>Compliance</strong>Officer at CSC, a leadingglobal IT services companyin Falls Church, Virginia.DePippo will report to theAudit Committee <strong>of</strong> the CSCBoard <strong>of</strong> Directors and, foradministrative purposes,to William Deckelman, thecompany’s Vice President,General Counsel. MichaelW. Laphen, CSC Chairman,President and CEO said, “TheBoard <strong>of</strong> Directors and ourexecutive management havebeen very impressed with hispassion and capabilities in thedisciplines <strong>of</strong> ethics and compliance,and we are confidenthe will provide extraordinaryleadership as we continue tostrengthen our commitmentto building and maintaininga culture <strong>of</strong> integritythroughout CSC.” DePippojoined CSC in 2008 and holdsan undergraduate degreefrom Cornell Universityand an MBA from GeorgeWashington University.Peopleon theMove· The Board <strong>of</strong> Directors <strong>of</strong>Eli Lilly and Company haselected Katherine Baicker,PhD as a new member,effective December 12,2011. Baicker is Pr<strong>of</strong>essor<strong>of</strong> Health Economics in theDepartment <strong>of</strong> Health Policyand Management at theHarvard School <strong>of</strong> PublicHealth. She is also a ResearchAssociate at the NationalBureau <strong>of</strong> Economic Researchand an elected member <strong>of</strong>the Institute <strong>of</strong> Medicine. Asa member <strong>of</strong> Lilly’s board,Pr<strong>of</strong>essor Baicker will serveon the Public Policy and<strong>Compliance</strong> committee. Shewill serve under interimelection and will stand forelection by Lilly shareholdersat the company’s annualmeeting in April 2012.· DCG, a leading provider<strong>of</strong> corporate services, hasmade two new appointmentsto strengthen its realestate and compliance teams.Andrew McNulty has beenappointed Senior Managerin DCG Real Estate. Andrewis a member <strong>of</strong> the RoyalInstitution <strong>of</strong> CharteredSurveyors and is also a directoron a number <strong>of</strong> Jerseycompanies with exposureto commercial real estate inthe UK. Paul Martlew hasbeen appointed <strong>Compliance</strong>Manager. His role includesmonitoring and reportingon internal procedures andregulation across DCG’s threebusiness units, <strong>Corporate</strong>Services and Capital Markets,Real Estate, and Fund Services,as well as internal audit forDCG’s Luxembourg <strong>of</strong>fice.Paul joined DCG in 2009 asassistant compliance managerand has over 8 years’ experiencein compliance, includingthe prevention <strong>of</strong> moneylaundering and combatingthe financing <strong>of</strong> terrorism.Paul holds the InternationalDiploma in <strong>Compliance</strong> and12 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

People on the Movethe International Diploma inAnti-Money Laundering. Heis a Fellow <strong>of</strong> the International<strong>Compliance</strong> Associationand a Member <strong>of</strong> theJersey <strong>Compliance</strong> OfficersAssociation.· Maggie Wetzell has beenappointed Vice President <strong>of</strong>Contracts and <strong>Compliance</strong> atOasis Systems in Lexington,Massachusetts, a leader inInformation Technology,Systems Engineering,Enterprise Applications,and Program ManagementServices to the Department<strong>of</strong> Defense. Maggie will beresponsible for supportingall aspects <strong>of</strong> new proposalgeneration, including contracts,sub-contracts andpricing, as well as post awardcontract compliance. She isa retired senior executive,GS-15 with 38 years <strong>of</strong> experiencein Contracting andProgram Management withthe Department <strong>of</strong> the AirForce and 7 years <strong>of</strong> ProgramManagement/Contracting inthe private sector.Received a promotion? Have anew hire in your department? ·If you’ve received a promotion, award, or degree;accepted a new position; or added a new staffmember to your <strong>Compliance</strong> department, please letus know. It’s a great way to keep the compliancecommunity up-to-date. Send your updates toliz.hergert@corporatecompliance.org.Get the executive trainingDVDs that workThe <strong>Ethics</strong> Serieswith Dr. MarianneJenningsProduced by DuPont Sustainable Solutions• “<strong>Ethics</strong> Is a CompetitiveAdvantage” lists five keyreasons why ethics matter. Thisprogram explores why workingin the gray areas is risky.(20 min.)• “Speaking Up WithoutFear” discusses howorganizations can draw outwrongdoing and help create aculture where employees feelempowered. (15 min.)• “Ethical Leadership: Tone at All Levels”explores how employees can handle the tensionbetween increasing an organization’s bottom lineand protecting its good reputation. (20 min.)SCCE members:$450 per segment,or $1,175 for the seriesNon-members:$495 per segment,or $1,295 for the seriesEach segmentis availableindividually,or all togetheron one DVD.Learn more and purchase online atwww.corporatecompliance.org<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 13

FeatureQ & Apictured from right to leftDavid C. HumphreysPresident and CEOArt WeissChief <strong>Compliance</strong>and <strong>Ethics</strong> OfficerRobert BradleyVice President andGeneral Counselan interview by Art WeissMeet David C. Humphreysand Robert Bradley<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012AW: David, please tell us a bit aboutTAMKO and yourself.DCH: At the age <strong>of</strong> 69, my grandfatherE.L. Craig started TAMKO in 1944 with asingle ro<strong>of</strong>ing line, housed in a former streetcarbarn in Joplin, Missouri. Eight years later,he suffered a stroke and my grandmother tookover the leadership <strong>of</strong> the company. Later, mymother managed the company until she leftto raise her family, so that my father becamepresident in 1960. He led the company’sgrowth for the next 33 years, until his deathin 1993. I succeeded him the next year. Mymother continues today to serve as Chairman<strong>of</strong> the Board.Over the course <strong>of</strong> TAMKO’s 68 years, wehave continued to grow both in the number<strong>of</strong> manufacturing facilities and in our productlines. In addition to asphalt ro<strong>of</strong>ing products,such as shingles and rolls, we also producewaterpro<strong>of</strong>ing, window and door wraps,composite decking and railing systems, andcements and coatings. In addition, we are veryvertically integrated as we manufacture anumber <strong>of</strong> our raw materials, such as recycledfelt paper, polyester and fiberglass mats, and14 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Q & AFeaturefiberglass fibers, and we process our ownasphalt and ground limestone.My pr<strong>of</strong>essional background is as botha trial defense and corporate tax lawyer.Complex regulatory and statutory constructionwas part <strong>of</strong> that career. Understandingthat there need to be clearly defined black-andwhiteboundaries, but recognizing that thereare shades <strong>of</strong> gray, is important in being successfulin attaining compliance. Our “betweenthe hash marks” compliance metaphor reflectsthe need for clearly defined boundaries inorder for employees without legal training tosucceed at real world compliance, as we wantto stay in the center“As a lawyer, I had beenprogrammed to avoid allrisk possible. In the world<strong>of</strong> business, risk is part <strong>of</strong>the daily challenge andI had to learn to acceptsome risk <strong>of</strong> failure.”<strong>of</strong> the field where thelights are bright andthe rules are mostclear, and away fromthe sidelines wherethe visibility is not asgood and the opportunityfor bias on thepart <strong>of</strong> regulatory refereesis more likely t<strong>of</strong>ind us out <strong>of</strong> bounds.Taking on the top job at TAMKO was avery real change in responsibility and necessitatedan adjustment in my risk tolerance. Asa lawyer, I had been programmed to avoid allrisk possible. In the world <strong>of</strong> business, risk ispart <strong>of</strong> the daily challenge and I had to learnto accept some risk <strong>of</strong> failure. And as “theclient” instead <strong>of</strong> the lawyer, I had to learn tolive with some risk. <strong>Compliance</strong> is one aspect<strong>of</strong> risk that must be managed.AW: TAMKO believes in a free marketeconomy, continuous improvement, Six Sigma,and follows the Deming principles. How dothese principles mesh with compliance?DCH: If you look at compliance from thetotal quality management perspective—we’llcall it a Deming or Six Sigma perspective(because Six Sigma is an extrapolation <strong>of</strong>Deming with enhanced tools and people withhigh-level skill sets)—you will understandthat all processes are subject to variation fromat least five different sources, including people,and that it is critical as to what that variationis, how wide it is, and where it comes from.Then you have to learn how to figure out howto minimize the variation.So in the context <strong>of</strong> compliance, we als<strong>of</strong>ocus on people and our processes. For example,in the environmental compliance, variationcan come from machines from normal wearand tear, from breakdown, from defects inthe machines themselves, or in the manner inwhich they are operated,installed, or maintained.As such, environmentalcontrol equipment can failor even just quit workingas the result <strong>of</strong> a poweroutage. We try to avoidthose failures by understandingour processthat affect environmentalequipment and try to addbackstops to our processesto avoid failures. When those failures happen,environmental noncompliance can be avoideddespite equipment failure. If the environmentalcontrols fail, production automatically shutsdown, which maintains compliance. As wehave come to map out and understand our processesbetter, we can now see the possibility <strong>of</strong>implementing failsafe controls.It’s the same thing in terms <strong>of</strong> personalcompliance: Understanding the existence <strong>of</strong>variation in human behavior led us to rethinkhow we manage issues, like avoidance <strong>of</strong>sexual harassment. We now see training asproviding bright–line boundaries as to whatbehavior is not acceptable. Knowing thatpeople are variable, we accept that trainingalone is not sufficient, because there are toomany opportunities for miscommunications<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 15

FeatureQ & A<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012between the trainer and the trainee; traineesdon’t understand all <strong>of</strong> what they are hearingand they certainly don’t retain all they hear.And, whatever they did learn will erode overtime. More training helps, but it never getsyou to 100% understanding. That tells you acouple <strong>of</strong> things: One is that training has to bevery simple in providing very bright lines forpeople, so they don’t have to make judgmentcalls, so they know what’s good and what’sbad. I think the other is to provide all sorts <strong>of</strong>mitigation mechanisms, so that bad behavior,if it happens, is reported quickly and handledquickly. You have to expect and trust peopleto do what they should do, but when they fail,you need to act quickly to mitigate the failure.AW: What does it mean to place people intoa state <strong>of</strong> self-control and how does that benefitcompliance?DCH: The state <strong>of</strong> self-control meansknowing what you’re doing and what you’resupposed to do. The training really does that;it puts people in a state <strong>of</strong> self-control. Butagain, I think there would need to be verybright lines given. You can’t expect to trainpeople to all be experts. We don’t want ouremployees playing outside the hash marks,near nebulous boundaries that may turn outto be shifting around. So, to me, self-controlcomes through training continuous improvementby example <strong>of</strong> the failures.AW: How would you describe TAMKO’sculture to someone outside the company?DCH: I would say our culture is one wherepeople feel that they’re given the responsibilityto do their jobs, the freedom to do theirjobs, and they’re held accountable for that.But, I think in large part, if I had to say, it’sa cultural trust where we trust people to dotheir jobs and they trust us to take care <strong>of</strong>them in return. And it’s also one where weexpect people to take the initiative to come towork, get their jobs done well, and perform aswell as they’re expected to, or better. It’s nota culture where people who need proddingor people who feel entitled do well. It’s verymuch a culture where the expectations arehigh for performance.AW: TAMKO is privately held, and doesn’tdo business in foreign countries. TAMKO isnot subject to many <strong>of</strong> the government regulationsand laws that others are, and yet youdecided to have a compliance <strong>of</strong>ficer. Whatdrove that decision?“You have to expect andtrust people to do what theyshould do, but when theyfail, you need to act quicklyto mitigate the failure.“DCH: It had nothing to do with being apotential target or not. I think it had everythingto do with having an additional resourceto focus on compliance, as contrasted with theLegal department, which has a whole otherrange <strong>of</strong> responsibilities. So, focusing on complianceis a broad spectrum in itself, but I thinkit’s a better way to attack. I think it’s a betterway to make compliance an important aspect<strong>of</strong> how we do business, separate in its ownright, separate from the Legal department. Andeven though we’re relatively small and we’reprivately held (so we don’t have SEC reportingobligations or FCPA issues to deal with sincewe don’t operate in foreign countries), still therisks <strong>of</strong> non-compliance in a variety <strong>of</strong> areaswe do operate in are significant, not in terms<strong>of</strong> how many laws or regulations we may besubject to, but just because the severity <strong>of</strong> thepenalties for non-compliance have an evenlarger proportional effect on a smaller firm.If we do an outstanding job in environmentalcompliance and employment law–related compliance,and I think we do, then the risks thatwe do face are minimized.16 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Q & AFeatureAW: TAMKO has a saying, “100% compliance,100% <strong>of</strong> the time.” That’s more than justa goal or a slogan, isn’t it?DCH: That’s the minimum, so yeah. I mean,if we’re going to have compliance, we need tobe compliant. You can’t be partially complaint.AW: Can you explain the concept <strong>of</strong> operating“between the hash marks?”DCH: As I mentioned before, the concept <strong>of</strong>operating between the hash marks is a footballmetaphor based on the fact that if you playbetween the hash marks, that’s where the lightsare the brightest. Not only the referees, buteveryone in the stands can see where you are,and you know where you are as a team. Thecloser you get to the sidelines outside the hashmarks, the closer you come to the boundaries.And in football, if you step on the line, you’reout <strong>of</strong> bounds. In the world <strong>of</strong> compliance, if youstep on the line, you may have severe penalties.The other thing is that, in the businessworld, you can be running down the field ona breakaway for great success (a touchdownin football), but then find that, retroactively,the boundaries have been moved. Where youthought you’d been doing a great job, you’vebeen out <strong>of</strong> bounds the past 60 yards. And so,operating in a world where the boundaries canmove against you, it’s much safer to stay in themiddle <strong>of</strong> the field.In addition, in the world <strong>of</strong> business andregulatory compliance, you’re operating in aworld where the referees have a vested interest,in effect, a bias toward seeing you step out<strong>of</strong> bounds. It’s probably best to play where thelights are brightest and where everyone elsecan see where you are, so that if the referee callsyou out <strong>of</strong> bounds, it will ultimately be overturnedas a bad call, because everyone can seethat you were right in the middle <strong>of</strong> the field.AW: Can you explain TAMKO’s Rule <strong>of</strong>Basic Honesty?DCH: The Rule <strong>of</strong> Basic Honesty is whatit says. We expect people to be honest in thenormal context <strong>of</strong> what honesty means, whichis: You tell the truth, you don’t lie; you comeforward when you see something that’s wrong.I would say it can be summed up as: You dothe right thing. Bob, can you add to that?RB: It means, along with complying withboth the letter and spirit <strong>of</strong> the law, it formsthe backbone <strong>of</strong> all our policies. It means morethan simply telling the truth. It includes doingyour job the way it should be done, not takingshort cuts that may save time but do notproduce the right result. It means that everyTAMKO employee has the right to rely onevery other employee to do their jobs. It meansour customers and vendors can rely on us.“The Rule <strong>of</strong> Basic Honesty iswhat it says. We expect people tobe honest in the normal context<strong>of</strong> what honesty means, which is:You tell the truth, you don’t lie;you come forward when you seesomething that’s wrong.”AW: Bob, even though TAMKO has independent<strong>Compliance</strong> and Legal functions, wework together almost daily.RB: That’s true. Many <strong>of</strong> TAMKO’s policieswere in place before we had a Chief<strong>Compliance</strong> and <strong>Ethics</strong> Officer. Since you cameon board, many <strong>of</strong> TAMKO’s policies havegone through revisions to clarify the messageand remove the “legalese.” The Legaldepartment has primary responsibility forinvestigating potential policy violations, butwe work with <strong>Compliance</strong> to apply our policiesto the facts and recommend responses.AW: David, you mentioned coming forwardin your discussion <strong>of</strong> the Rule <strong>of</strong> BasicHonesty. The Federal Sentencing Guidelinesrequire an anonymous system for reporting<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 17

FeatureQ & A<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012violations <strong>of</strong> law. Do you remember what youtold me when we first talked about creatingwhat most people call a “hotline”?DCH: I recall that I was not excited aboutit, because I saw people using it as a place tocomplain anonymously about whatever isbugging them that day, rather than for anyvaluable purpose.AW: Your direction was to design a systemwhere employees could report violations <strong>of</strong>TAMKO policy or culture, through the abilityto anonymously <strong>of</strong>fer feedback to seniormanagement through questions, comments,concerns, or requests for guidance, in additionto having the required mechanism to reportsuspected violations <strong>of</strong> law. The vendor wechose used the name Silent Whistle.DCH: Yeah, I really did not like the term.It sounded like a whistleblowing system, andI really didn’t see that that was the right wayto approach any <strong>of</strong> these issues, if you wantcompliance. You’ll have people complaining,but they won’t give you ideas or suggestions,so the fact that we changed it into the TAMKOEmployee Feedback System turned it awayfrom an “us against them” concept, a whistleblowerconcept, and into a way to give bothnegative and positive feedback, which I thinkis important.AW: In the three years that we’ve had ourformal feedback system, we’ve received over300 entries; 87% are from employees asking aquestion, seeking guidance, <strong>of</strong>fering a suggestion,or giving an opinion. Our vendor’s datashows that, among all <strong>of</strong> its clients, 75% <strong>of</strong> allentries are reports <strong>of</strong> violations. We have theexact opposite side <strong>of</strong> the universe for that.What does that tell you about TAMKO employeesand their willingness to <strong>of</strong>fer feedback?DCH: We’re special. Seriously!RB: You know, I think it’s important tonote in those statistics the portion <strong>of</strong> TAMKOemployees who aren’t reporting a violation<strong>of</strong> law. We have not received a single report<strong>of</strong> an employee violating any law or regulation.Instead, they are reporting violations<strong>of</strong> TAMKO’s own policies, which keep ourconduct between the hash marks, and keep usfrom getting to a violation <strong>of</strong> law.DCH: I think what it tells us is that wehave, for the most part, a group <strong>of</strong> people whobelieve in doing the right thing, who acceptour Rule <strong>of</strong> Basic Honesty, and that there arevery limited instances <strong>of</strong> behavior that may benon-compliant. And as a result <strong>of</strong> that, I thinkthat’s why we don’t have a lot <strong>of</strong> reports <strong>of</strong>non-compliance or any illegal activity.AW: On another note that speaks toTAMKO’s culture and philosophy, TAMKOrecently came to the aid <strong>of</strong> employees and thecommunity, because you felt it was the rightthing to do. Can you talk about the April andMay tornados and what drove TAMKO’s decisionto go above and beyond?DCH: When the Tuscaloosa (Alabama) tornadohit, I think we had five people who hadhomes affected, and a lot <strong>of</strong> people who hadcars that were damaged or destroyed. And sothat caused me to think about what can we doto help these people, because I’m sure they’resitting there—although they may have insurance—they’rein a period <strong>of</strong> time in their liveswhere they don’t have the insurance proceeds,they don’t have a place to live, and they probablydon’t have a lot <strong>of</strong> money in the bank.I wouldn’t be surprised if many live frompaycheck to paycheck, so it seemed like theyprobably needed some assistance.And then when the tornado hit Joplin,it brought that thinking home even more,because we had, I think, another 20–25 peoplewho lost homes and some who lost cars. It wasreally a function <strong>of</strong> just trying to help peoplewho were in a situation that had to be verydifficult. They lost a place to live, probably hadno place to live, and lost not only their house,18 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Q & AFeaturebut everything in it. I don’t know what I’d doif I lost everything and found myself doingwithout. I guess our impulse was to try to helpfolks get through the period <strong>of</strong> time whiletheir insurance was being sorted out, and tohelp them (to some extent) cover the loss ontheir deductible for their house and for theircar, because those are large out-<strong>of</strong>-pockets forthe average person, which are usually verydifficult to absorb. So we thought we’d at leasttry to help on that front, in terms <strong>of</strong> helpingour employees. So I think, at the end <strong>of</strong> theday, we helped our employees and if they hadimmediate family who lost houses, we tried tohelp them as well.In terms <strong>of</strong> contributions to the community,TAMKO as a company has given to the RedCross, and I have personally to the SalvationArmy and some other groups. We did that tosome extent in Tuscaloosa, but on a much largerscale here in Joplin, because it’s our hometownand because we felt that immediately afterthe storm, it was important to immediatelymake some contributions and set an examplefor others in the area to do the same. I thinkwhen TAMKO gave a million dollars to theRed Cross, I think it set a very high bar locally,which was met by at least one other local companyand a couple <strong>of</strong> national companies thathad a presence. I think that it at least led theway for a significant amount <strong>of</strong> contributions.AW: What’s the most important thing thatyou look for when you hire somebody to joinTAMKO?DCH: I didn’t know what that was until afew years ago, when I was getting ready tohire a chief financial <strong>of</strong>ficer and I brought in asearch firm to help. We spent a day and a halftalking about the position and, at the end <strong>of</strong>the day, the representative said, “I know whatyou’re looking for.” I said, “Really? What’sthat?” And he said, “You’re looking for someoneyou can trust.” That probably sums upwhat I look for in people I hire myself or forthe company. I look for someone I can trust,which basically means I’m looking for someonewho is honest, who is humble, and whomI can depend on.AW: We also hear about the concept <strong>of</strong> “gettingthe right person on the bus.” What doesthat mean?DCH: It means hiring people you can trust,number one. You can hire talented people thatyou can’t trust, and then you have a bunch<strong>of</strong> people with a lot <strong>of</strong> talent, but you end upnot knowing whether you can get anythingdone. Hiring attitude over talent is extremelyimportant. You get the right people, the rightattitudes, presumably with the right skills, andyou get them to the right place where they canmake a difference.“Hiring attitude over talentis extremely important. Youget the right people, the rightattitudes, presumably withthe right skills, and you getthem to the right place wherethey can make a difference.”AW: What advice would you have for otherCEOs as they attempt to build a compliant andethical culture in their organizations?”DCH: Understand that any compliancefailure puts the organization at significantrisk (financial, operational, and reputation)such that 100% compliance, 100% <strong>of</strong> the timerequires an appreciation <strong>of</strong> that risk and leadershipfrom the top to establish a compliantand ethical culture.AW: Thank you, gentlemen. ✵Art Weiss is Chief <strong>Compliance</strong> and <strong>Ethics</strong> Officer for TAMKO BuildingProducts in Joplin, MO. He may be reached at art_weiss@tamko.com.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 19

SCCE welcomes New MembersAlabamaGeorgiaMichigan··Susan Cotten, Health InformationDesigns, LLC··Deborah Key, Southern Nuclear··Barbara A. Stephens, Poarch CreekIndians··Jeffery Davis, Southern Company··Blair Marks, Lockheed Martin··Elaine Neely, Kaplan Higher Education··Mark Snyderman, Laureate Education, Inc··Earl Blackburn III, Terumo CardiovascularSystems··Frederick H<strong>of</strong>fman, NHBP GamingCommission··Rick Hrivnak, Auto Club GroupArizona··Jennifer McAleer, Northern ArizonaRegional Behavioral Health Authority··James Rough, Navigant Consulting, Inc··Shirley Stang, DMB Associates, IncArkansas··Patricia C. Calderon, Tyson Foods, IncCalifornia··Robert Bragaw, Liquidity Services, Inc··Otto Sanchez Cocino, MAAC··Glenda Estioko, Asian Americans forCommunity Involvement (AACI)··Patrick Hamblin, Gemological Institute <strong>of</strong>America··Jeff Hecht, The Word & Brown CompaniesIllinois··Garin Bergman, IDEX Corporation··Rolf Christiansen, Jr, Caesar’sEnterainment, Inc··Kirk Dobbins, CVS Caremark··Ann Kafer, GROWMARK··Tracie Wilcox, Fidelis SeniorCareIndiana··Lori Cochrane··Sherry Davis, Eli Lilly & Company··Joel Gibbons, National FFA Organization··Jeffery Maxwell, Eli Lilly and CoIowa··Karen Steggerda, Brighton ConsultingGroup··Rochelle J. Hunter, Johnson Controls, Inc··Cris Mattoon, The Auto Club GroupMinnesota··Mary E. Gale, William MitchellCollege <strong>of</strong> Law··Cheryl Hayne, 3M··Kathleen Panciera, William MitchellCollege <strong>of</strong> Law··Michelle D. Rovang Burke, University <strong>of</strong> StThomas, Veritas Institute··JoAnn Thompson, Otter Tail PowerCompanyMissouri··Gregory Billhartz, Ralcorp Holdings, Inc··Kent Swagler, Bi-State DevelopmentAgency (d/b/a Metro St Louis)<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012··Kelly Hoevelkamp, Allergan··Megan Janis, PG&E··Janie Mah, Cisco Systems··Avi Moscowitz, Corinthian Colleges, Inc··Diana Olin, Adobe Systems Incorporated··Annemarie O’Shea··Sammy Pen, Unity Care Group Inc··John Sega, Northrop GrummanCorporationColorado··Kristin Zompa, Gartner IncFlorida··Karen Clapsaddle, Lockheed Martin··Salem Flores Alatorre, Sr., SFA··Laura M. Paredes, Ingram Micro Inc··Nancy Stephenson, The Nemours Foundation··Teresa Wong, Physicians United PlanKansas··Margaret VoorheesKentucky··Susan Reinach-Lannan, RecoverCare LLCMaryland··Jessica H<strong>of</strong>fman, Lockheed Martin··Leo Mackay, Jr, Lockheed Martin··James D. Massey, MedImmune, LLC··Laurin Mathson, Lockheed Martin··Rielle Miller Gabriel, Lockheed Martin··Mike Mulleavey, Lockheed Martin··Julia Pallozzi-Ruhm, US Government··Mark Shaffer, Barnes Group Inc··Michaela Wheeler, AerotekMassachusetts··Patricia Moks, PricewaterhouseCoopers LLPNew Jersey··Meghan Davis, Johnson & Johnson··Dean Forbes, Johnson & Johnson··Thomas Hardin, Johnson & Johnson··Deborah Lake, Johnson & Johnson··Chris Matteson, Johnson & Johnson··Sheila O’Rourke, Caldwell College··Chris Petersen, Johnson & Johnson··Iskah C. Singh, Unilever United States, Inc··Nancy Waltermire, AvetaNew Mexico··Brandt Graham, URENCO, USA··Perry Robinson, URENCO, USA20 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

New York··James Dixon, ConEdison Energy··Ann M. Florkowski, ACE Group Holdings··Paul M. Holstein, FBI··Emile Kattan, DZ BANK AG··Josh Leicht, FJL Associates, LLC··Tara Mancinelli, Lockheed Martin··Susan McCormack, Long Island Center forIndependent Living, Inc··Ana Taras, William F. Ryan CommunityHealth Center··Sonya Tennell, MetroPlus Health Plan. Inc··Melinda Ward, Rochester Institute <strong>of</strong>TechnologyNorth Carolina··Heather Adams, Family Dollar··Michael LeClair, Alliance One InternationalOregon··Edward Boehmer, Acumed LLC··Eva Kripalani, Eva Kripalani Legal andConsulting ServicesPennsylvania··Holly L. Belton, P.H. Glatfelter Company··Scott Caulfield, Capital Principles, LLC··Tom Cornely, Johnson & Johnson··Rob McBryde, GSI Commerce··Leonard Swantek, Victaulic CompanySouth Carolina··John L. Miller, Fluor Government GroupTennessee··Donna Champ, Bechtel National, Inc··Kim Davenport··Sharleen Robinson, Chattanooga GoodwillIndustries, IncTexas··Edwin Buckingham, III, Solvay NorthAmerica, LLC··Alexandria Falls, CPS Energy··Patricia MacGibbon, Dresser, Inc··Robert Vander Lugt, Northrop GrummanCorpUtah··Anthony Joy, AusencoVirginia··Eva Bishop, Raytheon Company··Thomas Donovan, Northrop GrummanCorp··Alison Jameson, Department <strong>of</strong> Justice··Beth Mersch, Northrop Grumman Corp··Rebecca Osowski, Morgan, Lewis &Bockius LLPWashington··Jennifer Badgley, Premera Blue Cross··Jasbinder Dhoot, JSJ Consulting··Phillip Downes··Don Ellis, Northshore Utility District··Evelyn Hager, Seattle City Light··Jane Maring, Costco Wholesale Corp··Dan Shea, Micros<strong>of</strong>tWisconsin··Veronica W. Robinson, Milwaukee CountyWashington, DC··Joy Dorsey, Pepco Holdings, Inc··Steven Lawrence, Williams Lea··Sarah Sims, AARP ServicesPuerto Rico··Manuel Sevilla, Sr., Johnson & JohnsonAustralia··Neville Tiffen, Rio Tinto LimitedBarbados··Mark Taitt, Caribbean Development BankBrazil··Fabio Moreno, Sr., Alexandre De MoraesLaw FirmCanada··Jakub Ficner, I-SightMalaysia··Kanakaraja Muthusamy, AR<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 21

Featureby Cynthia Scavelli, Esq., CCEPRecipe for a <strong>Compliance</strong> Dayin 2012»»Reach out to SCCE and other compliance pr<strong>of</strong>essionals for valuable ideas.»»Events should reflect your company’s culture and stay on budget.»»Contact different company departments for their expertise and suggestions.»»Initiate a Planning Committee early. Things always take longer than you think!»»Plan a simple event for your first year. You can always add more later.»»Engage your employees with fun contests and creative prizes.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012ScavelliAt FIS, the world’s largest provider<strong>of</strong> banking and payments technology,we put our <strong>Compliance</strong> Day“recipe” together to promote ethical behaviorthrough education and awareness. Our first<strong>Compliance</strong> Day—Spotlight on <strong>Ethics</strong>—washeld in August 2011. The goal was toencourage internal reporting <strong>of</strong> ethicalissues and raise awareness <strong>of</strong> theFIS ethics hotline/website as a toolfor reporting potential ethics violations.We chose to put the spotlighton ethics because honesty and ethicalbehavior are integral parts <strong>of</strong> our corporateculture and the foundation <strong>of</strong>our company’s five Guiding Principles.Another selection consideration, in the age<strong>of</strong> the new Dodd-Frank Wall Street Reformand Consumer Protection Act, was the benefitto the company <strong>of</strong> making our internal reportingmechanisms more visible to employees.FIS’s online <strong>Compliance</strong> Day enabled us tosatisfy our employees’ hunger for awarenessregarding the company’s Code <strong>of</strong> BusinessConduct and <strong>Ethics</strong>, other policies, and ethicaldilemmas (such as conflict <strong>of</strong> interest), as wellas the tools used to report misconduct. Thepositive feedback we received from our annual<strong>Ethics</strong> Awareness Survey in December 2011confirmed our goal was achieved.Ingredients—Ideas from SCCESCCE’s website 1 gave us the inspiration andresources to put together our first <strong>Compliance</strong>Day. The website provides a tutorial Web conference,awareness ideas, promotional posters,and articles from other companies documentingtheir various compliance celebrations.As a relatively new member, I found SCCE’s<strong>Compliance</strong> and <strong>Ethics</strong> Academy was also avaluable resource, providing relevant trainingclasses on topics and material which enhancedour vision <strong>of</strong> <strong>Compliance</strong> Day. Attending theAcademy was especially beneficial because <strong>of</strong>the opportunity to meet other compliance pr<strong>of</strong>essionalsand swap “recipes.” One ingredientfor our recipe came from a fellow attendeewho suggested an electronic scavenger hunt.This activity was challenging, educational,and a lot <strong>of</strong> fun for the employees. Details concerningthis activity will be discussed later on.Know the shopping budget—Get creativeEach year, <strong>Corporate</strong> <strong>Compliance</strong> & <strong>Ethics</strong>Week is celebrated in May. Because FIS’sannual client conference is also in May, we22 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featurechose to hold our compliance event in Augustso that we could draw upon internal FISresources, such as Marketing, <strong>Pr<strong>of</strong>essional</strong>Development Training, and <strong>Corporate</strong>Communications. We knew that our large andgeographically dispersed employee base madeit difficult to host an onsite event. Instead, wedecided to have an online celebration. Ourinitial rollout was targeted to U.S. employeesand featured our inaugural FIS <strong>Corporate</strong><strong>Compliance</strong> “Walk the Talk” newsletter andnew online ethics awareness training. FIS’sinternational locations are scheduled to havetheir own <strong>Compliance</strong> Days throughout2012 with the appropriate customization andtranslations.To garner attention and excitement surroundingthe upcoming day, we announcedan essay contest with a prize. Employees wereencouraged to submitan essay, in 500 wordsor less, on what complianceand ethics meansto them and describehow adherence to theseconcepts influences theday-to-day decisionsthey encounter on thejob. The top three winners won a coveted (and“budget low-cal” item)—an extra vacation day.The first place essay winner was featured inour newsletter. Utilizing our budget low-calapproach, we tried to keep costs to a minimumand relied on internal resources to promoteand host the event.We advertised the event through an e-mailblast and a customized electronic banner onthe FIS Intranet. The banner, featuring an eyecatchinganimation, was created free <strong>of</strong> chargeby our Marketing department and conspicuouslyposted where most employees wouldsee it during the weeks leading up to the day.We also mentioned the event in other online“When trying to createan event that aligns withyour company’s culture,you need to ask someinsightful questions.”communications. Our Marketing departmentalso assisted with the format, branding, andcustomization <strong>of</strong> our newsletter. Fortunately,our customized new ethics awareness trainingwas done in-house by our subsidiary, FIS<strong>Compliance</strong> Solutions, 2 which kept costs downas well. In keeping with our theme <strong>of</strong> a spotlight,the main expense was green (FIS’s mainbrand color) mini-flashlight prizes imprintedwith the FIS <strong>Ethics</strong> website address.Event recipeCombine department input and add a dash <strong>of</strong>your company’s culture.When trying to create an event that alignswith your company’s culture, you need toask some insightful questions. Are you aninformal or formal company? What issues areimportant to your business and why? Who isyour audience? Whattime <strong>of</strong> the year is bestfor an event <strong>of</strong> thisnature? What is yourbudget? What is yourcompany’s culture andcommunications tone?By using your company’sdepartmentalresources, you will be able to spice up your<strong>Compliance</strong> Day. By combining input from differentinternal resources and the answers to theabove questions, you can create your perfectsignature dish using the following quick recipe:1. Start a Planning Committee with executivesupport to achieve the best collaborationpossible. As we learned, tone from the topis very important for success.2. Stir in representatives from Marketing,<strong>Pr<strong>of</strong>essional</strong> Development Training,Human Resources (HR), Legal, InformationSecurity, Risk, Internal Audit, and management.Every area has a differentperspective and can be helpful in serving<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 23

Feature<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012up your creation. The FIS Marketing teamassisted with the customization and layout<strong>of</strong> the newsletter, editing, and onlineadvertising, and, together with HR, <strong>of</strong>feredvaluable insight into past successes (andfailures) in organizing and conductingcompany-wide events. FIS’s InformationSecurity team contributed an article aboutthe importance <strong>of</strong> data security and how toreport a security incident.3. Combine the expertise <strong>of</strong> these groups tosuggest topics, write content for the ethicsawareness training, and be part <strong>of</strong> the pilotgroup to provide feedback on the training.Our signature dish—FIS <strong>Compliance</strong> Day 2011:Spotlight on <strong>Ethics</strong>Several months prior to the event, we plannedan initiative to have employees renew theiracknowledgement <strong>of</strong> the Code <strong>of</strong> BusinessConduct and <strong>Ethics</strong>. By doing so, employeesrefreshed their understanding <strong>of</strong> the company’sethics expectations and were primed tobe receptive to our message about <strong>Compliance</strong>Day. We then mentioned the upcoming eventin an <strong>Ethics</strong> Essentials article featured in ourquarterly HR newsletter. Three weeks prior tothe online event, we sent out a communicationannouncing the essay contest and explainingthat <strong>Compliance</strong> Day would feature brandnew ethics awareness training. We also sentan inaugural FIS <strong>Corporate</strong> <strong>Compliance</strong> “Walkthe Talk” newsletter.On the actual <strong>Compliance</strong> Day, we sentout an electronic communication with a linkto our newsletter and the online training linkthrough FIS <strong>Compliance</strong> Solutions. Our trainingtopics included:··Conflict <strong>of</strong> interest··Gift policy··Fair dealing··<strong>Compliance</strong> with laws··Handling confidential information··Security awareness··Security incident reporting··Privacy··Open door policy··Reporting to our ethics hotline/websiteMini-quizzes after each topic assistedemployees in staying focused on the training.At the end <strong>of</strong> the training, each employeehad to pass an eight-question test and printtheir completion certificate. FIS <strong>Compliance</strong>Solutions’ training platform enabled us tokeep track <strong>of</strong> the completion rate <strong>of</strong> employeesfor auditing purposes and gave us the abilityto send out reminders.“Many employees came forwardwith suggested topics for futurearticles and ways to improveawareness <strong>of</strong> our complianceprogram…We hoped that<strong>Compliance</strong> Day would opennew lines <strong>of</strong> communication andwere pleased that is what it did.”The newsletter featured an introductionwith the purpose <strong>of</strong> the event, a <strong>Compliance</strong>Quick Reference section, the winning essay, anarticle about the importance <strong>of</strong> data securityand how to report a security incident, the ethicalquote <strong>of</strong> the day, an electronic scavengerhunt, and “<strong>Compliance</strong> Talk.” The <strong>Compliance</strong>Quick Reference section provided an overview<strong>of</strong> company’s expectation <strong>of</strong> its employees.Each subsequent newsletter will have thissection with different information and willeventually be combined for concise employeeguidance on multiple issues. The electronicscavenger hunt asked employees questionsabout FIS policies and directed them to useour Intranet to find the answers. This funexercise was not only educational, but it droveemployees to our Intranet to find the policies24 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Featureand become more savvy about the location <strong>of</strong>items housed on the Intranet. “<strong>Compliance</strong>Talk” featured a Q&A-style format in whichour Chief <strong>Compliance</strong> Officer (CCO) answeredfrequently asked ethics-related questions andprovided additional information about how toreport suspected misconduct.Many employees came forward with suggestedtopics for future articles and ways toimprove awareness <strong>of</strong> our compliance program.Employees who participated in theelectronic scavenger hunt or essay contest,proactively made suggestions, or were the firstto complete the training were awarded a miniflashlightas a prize with a special note fromour CCO thanking them for their participation.We hoped that <strong>Compliance</strong> Day wouldopen new lines <strong>of</strong> communication and werepleased that is what it did.Think to the future…What’s next on yourmenu?<strong>Corporate</strong> <strong>Compliance</strong> & <strong>Ethics</strong> Week for 2012is scheduled for May 6−12. Now that you havea basic recipe, your <strong>Compliance</strong> and <strong>Ethics</strong>department can capitalize on this by servingup a different theme and message each year.At FIS, we are already planning <strong>Compliance</strong>Day 2012: Spotlight on Privacy.Bon appetite! ✵1. SCCE’s website, www.corporatecompliance.org, Resources section:<strong>Corporate</strong> <strong>Compliance</strong> and <strong>Ethics</strong> Week.2. FIS <strong>Compliance</strong> Solutions is FIS’s regulatory compliance s<strong>of</strong>twareand consulting services arm that serves U.S. financial institutions. Itprovides risk assessment s<strong>of</strong>tware, e-learning, instructor-led training,advisory services, regulatory reporting solutions, compliancetools and expert consulting services. For more information, pleasecall 866-355-5150 or email compliance.solutions@fisglobal.com.Cynthia Scavelli is the <strong>Corporate</strong> <strong>Compliance</strong> & <strong>Ethics</strong> Counsel at the FISheadquarters in Jacksonville, Florida. She is responsible for ethics hotlineinvestigations, FCPA third-party due diligence, and global anti-briberytraining, and she monitors legislative/regulatory changes for selectedbusiness units. Cynthia may be contacted at cynthia.scavelli@fisglobal.com.Don’t forget to earn your CCEP CEUs for this issueComplete the <strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> CEU quizfor the articles below from this issue:··Nuts & bolts for boards: What ethics oversightreally means by Frank J. Navran (page 44)··Computers and copyrights: A continuing source<strong>of</strong> avoidable liability by Thomas W. Kirby (page 59)··Is your ethics and compliance training reallypreparing your employees? by Charles Ruthford(page 63)To complete the quiz:Visit www.corporatecompliance.org/quiz, then selecta quiz, fill in your contact information, and answer thequestions. The online quiz is self-scoring and you will seeyour results immediately.You may also fax or mail the completed quiz to CCB:Fax: +1 952 988 0146mail:<strong>Compliance</strong> Certification Board6500 Barrie Road, Suite 250Minneapolis, MN 55435, United StatesQuestions? Call CCB at +1 952 933 4977 or888 277 4977.To receive one (1) CEU for successfully completing thequiz, you must answer at least three questions correctly.Quizzes received after the expiration date indicated on thequiz will not be accepted. Each quiz is valid for 12 months,starting with the month <strong>of</strong> issue. Only the first attempt ateach quiz will be accepted.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 25

Feature Boehme <strong>of</strong> Contentionby Donna BoehmeMachiavelli and the 2011Person <strong>of</strong> the Year<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012“There is nothing more difficult to take in hand, more perilous toconduct, or more uncertain in its success, than to take the leadin the introduction <strong>of</strong> a new order <strong>of</strong> things.”(Niccolo Machiavelli, 1532)BoehmeEverything old is new again. Machiavellimay have been the first to observe theperilous nature <strong>of</strong> the chief compliance<strong>of</strong>ficer job (in my book, it’s right up there withcoal miner and deep sea fisherman), but nearlyfive centuries later, former federal prosecutorMichael Volkov has echoed thoseearly observations by naming theCCO the 2011 “Person <strong>of</strong> the Year.” 1CCOs are the “unsung heroes,” saysVolkov, noting “there are institutionalforces which hold them backfrom achieving their mission.” Towhich we can almost hear beaten butyet unbowed CCO’s everywhere responding“THANK YOU!”In many respects, 2011 has been a “perfectstorm” for compliance. Commentators havecited unprecedented levels <strong>of</strong> enforcementand new regulation, the controversial Dodd-Frank whistleblower regime, the Volckerrule and financial reform, UK Bribery Act,record-breaking FCPA and qui tam settlements,the rise <strong>of</strong> social power, and the entry<strong>of</strong> Generation Y into the workforce. 2011also marked the twentieth anniversary <strong>of</strong>the Federal Sentencing Guidelines, promptingthe <strong>Ethics</strong> Resource Center to assemblea committee to <strong>of</strong>fer recommendations topolicymakers. Support for the role <strong>of</strong> theempowered CCO should be at the very top <strong>of</strong>the ERC agenda, because the unspoken truthwe must shout from the ro<strong>of</strong>tops is that, alltoo <strong>of</strong>ten, CCOs are positioned for failure. 2According to a new SCCE/HCCA survey, 58%<strong>of</strong> compliance pr<strong>of</strong>essionals surveyed felt isolatedand in an adversarial position, and 60%considered leaving their jobs in the last yeardue to stress. 3 What the Person <strong>of</strong> the Yearreally needs to be successful is empowerment,direct unfiltered reporting to the board,adequate autonomy from management, andsufficient resources. Earth to Boards: Try thatfor “tone from the top.”Volkov also predicts that the CCO willbe elevated to C-suite status within the nextfive years. This would be fast work, givenMachiavelli’s “institutional forces” underminingthe CCO mission. Will 2012 yield bettercompliance? Only to the extent boards, government,and policymakers create levers <strong>of</strong>empowerment to position the Person <strong>of</strong> theYear for success instead <strong>of</strong> failure. ✵1. Michael Volkov: “The Person <strong>of</strong> the Year – The Chief <strong>Compliance</strong>Officer.” Corruption, Crime & <strong>Compliance</strong> online, December 15,2011. Available at http://corruptioncrimecompliance.com/2011/12/theperson-<strong>of</strong>-the-year-the-chief-compliance-<strong>of</strong>ficer.html2. See RAND Symposium Report “Perspectives <strong>of</strong> Chief <strong>Compliance</strong>and <strong>Ethics</strong> Officers on the Prevention and Detection <strong>of</strong> <strong>Corporate</strong>Misdeeds.” Available at http://www.rand.org/pubs/conf_proceedings/CF258.html3. HCCA and SCCE: “Stress, <strong>Compliance</strong>, and <strong>Ethics</strong>” survey, January2012. Available at http://www.corporatecompliance.org/staticcontent/StressSurvey_report.pdfSend comments to Donna Boehme at dboehme@compliancestrategists.com.26 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

COMPLIANCE PROGRAM ADVISOR Last Year’s Best Practices Are This Year’s Standards“Think about how you might tailor the Guidance to your organization. And know that, as you do, the Criminal Divisioncares about all the things you might be considering – “tone from the top” support, encouragement <strong>of</strong> a culture <strong>of</strong>compliance that rewards ethical behavior and establishes whistle-blowing mechanisms, senior-level oversight anddirect reporting lines, [and] periodic reviews and re-evaluations to test and ensure program effectiveness …— Assistant U.S. Attorney General Lanny Breuer,Prepared Remarks to <strong>Compliance</strong> Week 2010: 5th Annual Conference“Contact Ethisphere today to obtain additional information regarding <strong>Compliance</strong> Program Advisor subscription package optionsat info@ethisphere.com, 1.877.629.8724 and/or www.ethisphere.com/compliance-program-advisor/

Featureby Steve McGrawGRC focus: Keep youremployees close and yourauditors closer»»With regulatory attention continuing to focus on GRC results, corporations need to focus on ensuring compliance is up to par.»»Corporations need to show employees that all internally reported issues will be taken seriously.»»Sharing compliance self-assessments and mitigation programs with auditors can help corporations establish a strong reputation.»»GRC should be viewed as increasingly beneficial, especially when preparing for mergers and acquisitions.»»GRC systems can provide information to show trend lines and correlations to address root-cause issues before regulators ask.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012McGrawAs we continue through 2012, the focus<strong>of</strong> regulatory bodies continues to befirmly focused on Governance, Riskand <strong>Compliance</strong> (GRC) results. Corporationsand their boards <strong>of</strong> directors need to payincreasing attention to reducing compliancethreats. This task <strong>of</strong>ten falls on theshoulders <strong>of</strong> the compliance <strong>of</strong>ficer,along with the need to ensure thatcompliance programs adhere to themost current versions <strong>of</strong> ever-changinglaws and regulations.What many corporations havelearned already is that the best way toprotect a company’s interests is to ensure thatcompliance is up to par internally, before theregulators come calling. This said, there are afew areas that corporations should pay veryclose attention to as we move through the year.Bounty hunter threats are increasingPersonal greed has long been the primarymotivator behind fraud and abuse, and regulatorsare now increasingly using a variety<strong>of</strong> greed-oriented rewards to help identifyand prosecute <strong>of</strong>fenders. The Securities andExchange Commission (SEC) and CommoditiesFutures Trading Commission (CFTC) now haveformal whistleblower bounty hunter programs,using a percentage <strong>of</strong> the sanctions as rewards.As these and similar programs begin to hittheir strides, compliance <strong>of</strong>ficers and theirboards <strong>of</strong> directors will face increasing threatsto their internal compliance programs and,ultimately, their institutional brands.Corporations also need to show theiremployees that the <strong>Compliance</strong> departmentwill follow up on issues that are reported internally.For example, a corporation can removeidentifying facts from the reported claims, thenpost them on in-house blogs to show employeesexamples <strong>of</strong> what is being reported andthat each claim is being taken seriously.Demonstrating compliance effectiveness iscriticalHistorically, regulators have been satisfiedwith companies that have implemented complianceprograms, but now they want pro<strong>of</strong>that the programs are actually working. Moreregulatory authorities will begin to require aprocess that distills data and demonstrates theoverall effectiveness <strong>of</strong> a company’s complianceprogram.28 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureAs an <strong>of</strong>fshoot <strong>of</strong> this growing requirement,progressive corporations are taking stepsto “keep their friends close and their auditorscloser.” By proactively sharing their complianceself-assessments and mitigation programs withauditors, companies can establish a strong reputationwith their auditors and regulators anduse that reputation to minimize the likelihoodand impact <strong>of</strong> potential compliance breakdownsand whistleblower allegations.Growing importance <strong>of</strong> the “G” in GRCBoards are more sophisticated than ever before,and many are demanding processes and tools t<strong>of</strong>acilitate and streamline their oversight responsibilities.For example, many board membersare now using iPads and related portal productsto review enterprise risk management (ERM)programs in much more timely detail to bettermonitor a broad range <strong>of</strong> risk indicators. Theyare also taking a more active role in confirmingmanagement’s assertions on the company’sethics and regulatory compliance posture.Viewing GRC as strategic tool can haveother benefits for a company, especially whenit comes to mergers and acquisitions. Whenbeing scrutinized by regulators before a mergeror acquisition, demonstrating that an effectivecompliance program is in place can makethe regulators more comfortable. An effectivecompliance program can also make a companymore attractive to a likely acquirer, thus puttingthe company a step ahead <strong>of</strong> competitors.“For example, a corporationcan remove identifying factsfrom the reported claims,then post them on in-houseblogs to show employeesexamples <strong>of</strong> what is beingreported and that each claimis being taken seriously.”The rise <strong>of</strong> analyticsGRC systems collect enormous amounts <strong>of</strong>data. From the board down, GRC users needto see trend lines and correlations to identifyand address root-cause issues beforeauditors come calling. As examples, theadditional insight corporations can glean bylinking training programs to the types <strong>of</strong>issues received via a whistleblower hotline, ormining various systems to determine how tochange audit plans for the next cycle, can behighly valuable.The compliance landscape is changingfor many regulated industries. It’s criticalthat internal teams keep on top <strong>of</strong> changesin regulations and maintain their company’scompliance and ethics programs, becausewaiting until the regulators show up can <strong>of</strong>tenbe too late. ✵Steve McGraw is President and CEO <strong>of</strong> <strong>Compliance</strong> 360 out <strong>of</strong> Atlanta. Hemay be reached at steve.mcgraw@compliance360.com.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 29

11 th AnnualSAVE THENEW DATEAND $575 WHENYOU REGISTER EARLY*<strong>Compliance</strong> & <strong>Ethics</strong> InstituteOctober 14–17, 2012 | Las Vegas, Nevada USA | Aria in Las VegasMore tracks and sessions than everbefore to meet the need for educationon the issues you are facing• Risk Track• <strong>Ethics</strong> Track• Multinational/International Track• Case Study Track• Advanced Discussion Groups• Investigations Workshop• Speed Networking, and moreKeynote presentation byJAMES B. STEWARTColumnist, The New York TimesAuthor, Tangled Webs: How FalseStatements Are UnderminingAmerica: From Martha Stewart toBernie Mad<strong>of</strong>fOver 90 sessions and 130 speakersVisit www.complianceethicsinstitute.org to learn more, register,and find details on booking your hotel stay at Aria in Las Vegas.*Register on or before July 11, 2012, to save $575

The Art <strong>of</strong> <strong>Compliance</strong> Featureby Art Weiss, JD, CCEPThe consequences <strong>of</strong> EnronWeissYou can’t be around compliance pr<strong>of</strong>essionalsmuch without hearing certainbuzz phrases—things like “tone at thetop” and “ethical culture.” One <strong>of</strong> my favoritecompliance phrases is “ethical culture.” I talkabout it all the time at my company and at SCCEgatherings. I may even mumble it inmy sleep. Just in case the Department<strong>of</strong> Justice has bugged my bedroom, Iwant them to know I’m ethical.But I think I insulted someone’sDad recently when I used the phraseduring a presentation. We were talkingabout the Federal SentencingGuidelines, what prosecutors look for whenmaking charging decisions, codes <strong>of</strong> conduct,hotlines…you know—compliance stuff. Thebuzz phrases were flying back and forth, andout <strong>of</strong> my mouth came a true story from whenI was hired to be my company’s first Chief<strong>Compliance</strong> Officer. (We added “<strong>Ethics</strong>” tomy function later, after some compliance pr<strong>of</strong>essionalI heard speak at an SCCE programstarting using the word in what seemed likeevery other sentence.)I told the group that when I first became acompliance <strong>of</strong>ficer, I looked on eBay for someEnron stuff for my <strong>of</strong>fice. I thought it wouldbe funny for the compliance guy…well, youget it. I told <strong>of</strong> finding a copy <strong>of</strong> Enron’s code<strong>of</strong> conduct on eBay. The seller stated that thisparticular copy <strong>of</strong> Enron’s code was “Good AsNew…Never Been Opened!”I use this example when speaking aboutthings like not having a check-the-box complianceprogram and having meaningful policies.I went on to say that Enron’s code was actuallyquite comprehensive. The problem was thatno one ever opened it. This gets laughs everytime. It got laughs this time, too.“I told <strong>of</strong> finding a copy <strong>of</strong> Enron’scode <strong>of</strong> conduct on eBay. Theseller stated that this particularcopy <strong>of</strong> Enron’s code was ‘GoodAs New…Never Been Opened!’”Later I read a note from an attendeewhose father worked for Enron. The attendeeliked my presentation, but pointed out thatnot everyone at Enron was unethical. I can’timagine the personal and pr<strong>of</strong>essional sufferingthat this attendee’s family endured. Thisillustrated to me the effect that a few culturallychallenged individuals, let loose in an environment<strong>of</strong> looking the other way, can have on notjust a company and its shareholders, but itsemployees and their families. Ethical cultureis real. If it fails, it has far‐reaching results andconsequences that we need to keep in mind.No more Enron stories. Anyone have acopy <strong>of</strong> the WorldCom code? ✵Art Weiss is Chief <strong>Compliance</strong> and <strong>Ethics</strong> Officer at TAMKO Buildingproducts in Joplin, MO. He may be contacted at art_weiss@tamko.com.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 31

Featureby Michele Abely, CCEP<strong>Compliance</strong> in a casino world»»Operate in a good faith manner and in the best interest <strong>of</strong> the company and its customers.»»Do the research to find the best answers and solutions.»»Document all decisions in a memo including the research done, the findings, and the outcome.»»Ensure all related procedures are written and/or updated regarding any decisions.»»Communicate decisions clearly and ensure that outcomes are executed consistently.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012AbelyThree years ago I stepped into therole <strong>of</strong> Casino <strong>Compliance</strong> Manager.I had spent the prior nine years atthe Mohegan Sun Casino in Uncasville,Connecticut working in Finance andMarketing. These departments’ functionstranslate to many different industries.There are responsibilitiesand programs I oversee in Casino<strong>Compliance</strong> that would be familiarto most compliance pr<strong>of</strong>essionals(e.g., instituting and maintaining anemployee hotline, Title 31 and antimoneylaundering programs, recordretention, policy and procedure management,etc.), but this was in addition to what reallywas a whole new world—The Indian GamingRegulatory Act (IGRA), National IndianGaming Commission (NIGC), MinimumInternal Control Standards (MICS), ClassIII gaming, State Compact, Tribal GamingCommission, Title 25, tribal sovereignty andmore. It is not uncommon to hit uncharteredterritory in the realm <strong>of</strong> compliance in acasino world.Indian gaming and legislation backgroundPer the National Indian Gaming Commissionwebsite, The Indian Gaming Regulatory Act(IGRA) was enacted by the United StatesCongress on October 17, 1988, to regulate theconduct <strong>of</strong> gaming on Indian lands. IGRA’spurpose is to provide a statutory basis for theoperation <strong>of</strong> gaming by tribes to promote tribaleconomic development, self-sufficiency, andstrong tribal governments. IGRA establishedthe National Indian Gaming Commission(NIGC). The primary mission <strong>of</strong> the NIGC isto regulate gaming activities on Indian landsfor the purposes <strong>of</strong> shielding Indian tribesfrom organized crime and other corruptinginfluences, ensuring that Indian tribes are theprimary beneficiaries <strong>of</strong> gaming revenues, andassuring that gaming is conducted fairly andhonestly by both operators and players.In 1999, NIGC instituted the MinimumInternal Control Standards (MICS). In 2006, afederal appeals court decision determined thatNIGC had exceeded its authority in issuingClass III MICS. (Class III refers to casino-stylegaming or games <strong>of</strong> chance such as blackjack,craps, roulette, or slots). However, many tribalcasinos continue to use the Class III MICSas a regulatory benchmark, some because <strong>of</strong>requirements in their tribal/state compactsor gaming ordinances and others by choice.As the Casino <strong>Compliance</strong> Manager, I ensureadherence to the MICS. The MICS provide aguideline <strong>of</strong> rules necessary to run the gamingoperation, but they are somewhat generic. As aresult, Mohegan Sun has established Standards<strong>of</strong> Operation <strong>of</strong> Management (SOMs) whichare property-specific policies that must align tothe MICS. My Casino <strong>Compliance</strong> departmentis the gatekeeper <strong>of</strong> those SOMs and ensuresthey support the MICS.32 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureRole <strong>of</strong> compliance manager in a casino worldAs a Casino <strong>Compliance</strong> Manager who overseesa <strong>Compliance</strong> department, I must befamiliar with the laws that govern the casinooperation and understand what gaming regulatorsrequire. Many times it can be a world<strong>of</strong> chaos where we are confronted with tryingto accommodate many layers <strong>of</strong> regulations.I frequently have to review if a particularactivity, game, or promotion is done properlyunder federal law. Yes? Okay, then whatabout state law? Yes? Okay, then what aboutthe MICS, the Tribal State Compact, the TribalOrdinance, and company policy? A lot <strong>of</strong>checking and double checking is done to seethat all the rules are followed and all the regulationsare satisfied.Communication skills to work successfullywith gaming regulators, inspectors, and theoperation are imperative, because I act as theliaison between the operation managementand the regulators. I must be able to coordinatecompliance across various departments,manage each department’s different internalcontrols, and ensure that they are kept up todate and in line with the many regulations.My Casino <strong>Compliance</strong> department investigatescompliance issues, ensuring that anyproblems with gaming compliance are rectifiedas quickly as possible. We also oversee therules <strong>of</strong> all casino promotions and contests toensure the integrity <strong>of</strong> each one.It’s not a perfect casino worldAs a new <strong>Compliance</strong> Manager, I frequentlyreferred to SCCE documentation and literature.Once I realized how useful and relevantthe information was, I became a member <strong>of</strong>SCCE and then earned my CCEP to establishcredibility in this field. The one area I havetrouble finding information on is specificcasino-related topics in relation to compliance.The following three come to the forefront on aregular basis.“I frequently have to review ifa particular activity, game, orpromotion is done properly underfederal law. Yes? Okay, thenwhat about state law? Yes? Okay,then what about the MICS, theTribal State Compact, the TribalOrdinance, and company policy?”Bank Secrecy Act (BSA), Title 31.Casinos are considered financial institutions.Certifications, programs, seminars,and webinars in anti-money laundering are<strong>of</strong>ten focused on the banking industry. Thebest source for casino compliance managersis directly from the Financial CrimesEnforcement Network (FinCEN) and the IRS.Networking with others in the industry isanother good resource.In a casino, the scenarios that arise forsuspicious activity reporting are not commonoutside <strong>of</strong> the gaming industry and, therefore,become a gray area when looking forcomparisons and points <strong>of</strong> reference. Issuessuch as patrons switching seats when hittinga jackpot or redeeming chips at several differentlocations are not identified in anti-moneylaundering sources.Another challenge involves the many positionsin the casino that require training in theBSA. As <strong>Compliance</strong> Manager, I am responsiblefor seeing that 86 different positions arebeing trained on how to recognize and reportmoney laundering. This is a daunting task,because it is not a one-size-fits-all program.Each position needs to know varying degrees<strong>of</strong> information. Extended training sessionswith too much information are costly in terms<strong>of</strong> the employees’ time, and employees tend tolose interest when the training is too lengthyor inapplicable to them.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 33

View from the Front Linesby Meric Craig Bloch, CCEP, CFE, PCI, LPIDoes your boss listen to you?BlochBusiness leaders don’t always see the benefits<strong>of</strong> a robust investigation to runninga business. This is unfortunate, but notsurprising. An investigation’s scope and findingsare not <strong>of</strong>ten made relevant to the worldin which business people operate. One way foryou to achieve relevance is to understandhow business people think.<strong>Compliance</strong> pr<strong>of</strong>essionals arebusiness advisors. Of course, businessadvisors cannot be effective ifbusiness leaders are not listening, soit will never be enough to conduct aninvestigation and just report the facts.An investigator must consider how to capturethe attention <strong>of</strong> the decision-makers.The need to be relevant is a constantchallenge for any business advisor. JimLukaszewski tackles the issue and <strong>of</strong>fers someguidance in his book Why Should the Boss Listento You? Lukaszewski describes how leadersthink and operate, and why this is importantto the trusted advisor. At the core <strong>of</strong> his book,he presents a seven discipline approach tobecoming a strategic trusted advisor:1. Be trustworthy: Trust is the first disciplineand the foundation for a relationshipbetween advisor and leader or boss.2. Become a verbal visionary: The leader’sgreatest skill is verbal skill, and theleader’s advisor must also have powerfulverbal skills.3. Develop a management perspective:To be a management advisor is to be ableto talk more about the boss’s goals andobjectives than about whatever your stafffunction happens to be.4. Think strategically: One <strong>of</strong> the great realities<strong>of</strong> management is that the leader’s jobis always about tomorrow, and almostnever about yesterday.5. Be a window to tomorrow: Understandand use the power <strong>of</strong> patterns. A sophisticatedadvisor is one who can forecasttomorrow with some level <strong>of</strong> accuracy.6. Advise constructively: Giving advice startswhere the boss is and where he/she has togo (where the advisor is or has been).7. Show the boss how to use advice: If youwant to see your recommendations comealive, teach the boss how to accept anduse advice.Who doesn’t want to be noticed? Whodoesn’t want to be part <strong>of</strong> the decision-makingprocess? The key is to look at the questions,issues, opportunities, and problems from theboss’ perspective first.Every compliance issue is, ultimately, abusiness issue. Whatever your compliancerole, you are working hard to improve theorganization by reducing unacceptable businessrisks. Ensuring that your contribution isrelevant and incorporated in decision-makingwill showcase your value to the organization.But only if your boss will listen to you. ✵Meric Craig Bloch is the <strong>Compliance</strong> Officer for the North Americandivisions <strong>of</strong> Adecco SA, a Fortune Global 500 company with over 8,000employees and $6 billion in annual revenue in North America. He hasconducted more than 300 workplace investigations <strong>of</strong> fraud and seriousworkplace misconduct. He is an author and a frequent public speaker on theworkplace investigations process. Follow Meric on Twitter @fraudinvestig8r.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 35

Featureby Emil MoschellaDOJ review: FBI’s Integrityand <strong>Compliance</strong> Program»»The FBI implemented a corporate-style compliance program to allow for the early detection <strong>of</strong> internal control weaknesses.»»The DOJ OIG reported that the FBI’s program has been beneficial to its efforts to monitor and enhance compliance.»»The DOJ OIG suggested that other agencies may wish to consider implementing a similar kind <strong>of</strong> program.»»Remedial legislation, policies, and processes are inadequate.»»An integrated compliance and ethics program in government agencies is important.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012In March 2007, the Department <strong>of</strong> Justice(DOJ) Office <strong>of</strong> Inspector General (OIG)issued a highly critical report regardingthe Federal Bureau <strong>of</strong> Investigation’s (FBI)implementation <strong>of</strong> a statutorily authorizedinvestigative tool called “National SecurityLetters” (NSLs). These are demandletters provided to telephone companies,financial institutions, Internetservice providers, and consumercredit agencies for “transactional,” asopposed to “content,” information.The DOJ OIG found, among otherMoschella things:··that faulty recordkeeping understatedthe total number <strong>of</strong> NSLs issued by about20% less than the number that had beenreported to Congress.··failure to self-report non-compliance to thePresident’s Intelligence Oversight Board, asrequired by Section 4 <strong>of</strong> Executive Order12334. This section requires: “InspectorsGeneral and General Counsel <strong>of</strong> theIntelligence Community shall, to the extentpermitted by law, report to the Board concerningintelligence activities that theyhave reason to believe may be unlawful orcontrary to Executive order or Presidentialdirective.”The OIG report resulted in CongressionalOversight Committee hearings, 1 andnumerous press editorials critical <strong>of</strong> the FBIand calling for change. 2Of course, the FBI moved quickly to fix theproblems identified by the OIG. In addition,and without prompting from the DOJ OIG, theFBI notified the OIG that it would put in place acorporate-style compliance program that wouldallow for the early detection <strong>of</strong> internal controlweaknesses that could lead to non-compliantactivity in the future. The private sector generallyadapts the process suggested by FederalSentencing Guidelines for Organizations(FSGO), 3 and similarly, the FSGO formed thebasis for the FBI effort, together with corporatebest practices. The FBI effort was, and continuesto be, a pioneering experiment in managing thegovernment’s duty to comply with the law andan example <strong>of</strong> a functionally integrated complianceand ethics program.The DOJ’s reviewOIG, as part <strong>of</strong> its responsibility to follow-upwith the FBI on the NSL fixes, reviewed theFBI’s Integrity and <strong>Compliance</strong> program (ICP).Since there was no law, rule, or other mandaterequiring the FBI to internally adapt thecorporate-style compliance programs, and nomodel for it in government, it was a first <strong>of</strong> itskind in terms <strong>of</strong> FBI implementation and theOIG review. The questions for the DOJ OIG: Isit a worthwhile effort? Is it working?36 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Feature<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012April 5, 2010 and claimed the lives <strong>of</strong> 29 <strong>of</strong>the 31 men working at this site. The articlereports that The Mine Safety and HealthAdministration (MSHA) issued a report thatputs the full blame for the horrific accident atthe Upper Big Branch Mine on PCC/Massey,the mine owner-operators. Clearly, the reportmakes a strong case for culpability and thereport details gross negligence in the company’sinspection process.Interestingly, five days prior to the catastrophe,the Department <strong>of</strong> Labor’s (DOL) OIG,through its Office <strong>of</strong> Audit, issued a report,titled Journeyman Mine Inspectors [in the MSHA]Do Not Receive Required Periodic Retraining,as required by the Federal Mine Safety andHealth Act <strong>of</strong> 1977 (Section 505). The reportnotes that “Journeyman [MSHA] inspectorsare required to receive one week <strong>of</strong> specifiedretraining each year, or two weeks everyother year.” In short, the DOL OIG found thatMSHA did not comply with the law. Further,the OIG described the effect <strong>of</strong> this non-complianceas follows:This increases the possibility that hazardousconditions may not be identified andcorrected during inspections which, inturn, could increase the risk <strong>of</strong> accidents,injuries, fatalities, and adverse health conditionsfor miners. 7Unfortunately, the recent MSHA reportdoes not deal with MSHA’s failure. However,the report does allude to the issuance <strong>of</strong> afurther report which will examine MSHA’sactions prior to the explosion and during therescue and recovery operation. The internalreview will evaluate the quality <strong>of</strong> MSHA’senforcement activities, “including any weaknesses,and the adequacy <strong>of</strong> regulations,policies and procedures.” Of course the issuance<strong>of</strong> regulations, policies and procedures, aswell intentioned and needed as they may be, is“Of course the issuance<strong>of</strong> regulations, policiesand procedures, as wellintentioned and neededas they may be, is aninadequate solution withouta management commitmentto enforce and complywith those rules that goesbeyond mere rhetoric.”an inadequate solution without a managementcommitment to enforce and comply with thoserules that goes beyond mere rhetoric.Let’s take a look at an example. H.R. 3697was introduced on December 16, 2011, about aweek after the issuance <strong>of</strong> the MSHA report. Itpurports to be a bill requiring improved minesafety practices. Sec. 604 <strong>of</strong> the bill mandatesthat the Secretary <strong>of</strong> Labor require “that eachmine inspector conducting inspections underthe Federal Mines Safety and Health Act <strong>of</strong>1977 receive a full additional week <strong>of</strong> training,in addition to the training that was provided toor required <strong>of</strong> such inspectors prior to the date<strong>of</strong> enactment.” Inasmuch as DOL OIG previouslyfound that the MSHA did not complywith the requirements for training journeymaninspectors, what confidence should we havethat the DOL, through the MSHA, will complywith this requirement if enacted into law?The answer is found in the good will andintentions <strong>of</strong> the leadership and employees <strong>of</strong>MSHA, which I do not doubt for an instant.The problem <strong>of</strong> course is that agency executives,both appointed and career, come and goand priorities shift. As a result, these requirementsrun the risk <strong>of</strong> simply being prioritized<strong>of</strong>f <strong>of</strong> the agency’s radar screen through thepress <strong>of</strong> business, inadequate funding, etc.38 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

FeatureThe MSHA should take under considerationthe observation <strong>of</strong> the DOJ InspectorGeneral “to consider implementing a similarkind <strong>of</strong> [compliance] program.” An internalmanagement program to detect and preventviolations <strong>of</strong> the law in the future by theMSHA will provide for a systematic approachto identify risks <strong>of</strong> non-compliant behaviorand address those before they are found byan inspector general, Congressional oversight,watchdog group, and, more importantly,before the non-compliance possibly contributesto a tragic outcome.ConclusionThe DOJ OIG report focused its review on thequestion <strong>of</strong> whether the risk <strong>of</strong> non-compliancewill be avoided through the implementation <strong>of</strong>a corporate-style compliance program. Whilethat is an important consideration, the effect<strong>of</strong> such a program on overall organizationalethics, the efficiency <strong>of</strong> operations by performinga task right the first time, and theenhancement <strong>of</strong> the overall public trust ingovernment institutions are anticipated but yetto be measured. There is both a strong philosophicand business case to be made on behalf<strong>of</strong> the notion <strong>of</strong> implementing corporatestylecompliance programs at all levels in thegovernment sector. The DOJ IG report is a welcomedendorsement <strong>of</strong> that case. ✵1. See “Senators Cite F.B.I. Failures as Chief Promises Change” by ScottShane, New York Times, 3/28/07.2. See “Make the FBI Follow the Law,” Boston Globe, 3/13/2007; “Breakup the FBI,” LA Times, Opinion by John Yoo (former DOJ <strong>of</strong>ficial),3/21/2007; “Revise the Patriot (sic) Act,” Editorial, LA Times, 3/26/07.3. See United States Sentencing Guidelines, Chapter 8 et seq., particularlyUSSG § 8B2.1, for the elements <strong>of</strong> an effective compliance andethics program.4. Available at www.justice.gov/oig/reports/2011/e1201.pdf.5. In re Caremark International Inc. derivative litigation, Court <strong>of</strong> Chancery<strong>of</strong> Delaware, Decided: Sept. 25, 1996.6. Available at http://rcgce.camlaw.rutgers.edu/sites/rcgce.camlaw.rutgers.edu/files/rcgce_whitepaper.pdf7. Report number 05-10-001-06-001, p. 3.Emil Moschella is Executive Director at Rutgers Center for Government<strong>Compliance</strong> and <strong>Ethics</strong> in Ashburn, VA. He may be contacted atemoschella@camlaw.rutgers.edu.Help keep your program fully staffedList Your Job Openings with SCCEIt’s hard to have an effective compliance andethics program when you have openingsin your staff. To help ensure you fill thoseopenings quickly, list your compliance jobopportunities with the <strong>Society</strong> <strong>of</strong> <strong>Corporate</strong><strong>Compliance</strong> and <strong>Ethics</strong>.Our online jobs board will put yourpositions on our website for 90 days andcosts just $400 per position. In addition,for each month you advertise with us, yourlisting is included in our monthly SCCEJobs Newsletter, which we send out to over13,000 email addresses.Don’t leave your compliancepositions open any longer thannecessary. Post your job listingswith SCCE today.Just visit us online atcorporatecompliance.org/newjobsor call us at +1 952 933 4977or 888 277 4977.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 39

y Dan Small and Robert F. RoachPowerful witness preparation:The most important person»»The most important person in the room is the one who says nothing: the court reporter.»»Consider your words carefully—the reporter’s machine is cold, mechanical, and humorless.»»Words have different meanings: think about manager.»»Avoid using jargon that jurors may not understand or find confusing.»»If you are not sure what counsel is asking, ask for clarification rather than answering the question.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012In this series <strong>of</strong> articles, lead author and seasoned trial attorneyDan Small sets forth ten, time-tested rules to assist you in thecritical task <strong>of</strong> preparing witnesses. Robert F. Roach assistedDan in this series by providing additional “in-house” perspectiveand commentary. The first installment <strong>of</strong> this series was publishedin our January/February issue.<strong>Corporate</strong> <strong>of</strong>ficers and employeescommunicate all the time: duringmeetings, telephone calls, presentations,and conferences, to name a fewexamples. However, even a person who is askilled communicator in business settings mayfind testifying under oath challenging. As weexplain in Rule 2, it is critical to prepare yourwitness for the unique experience <strong>of</strong> answeringquestions under oath and having thetestimony transcribed word-for-word.Rule 2: Always remember that you aremaking a recordOne <strong>of</strong> the many unnatural things about beinga witness is that <strong>of</strong>ten the most importantperson in the room is the only one who doesn’tsay anything: the person making the transcriptor taking the notes. A witness cannot“unring the bell.” Once words come out <strong>of</strong>your mouth, they are committed to the coldwritten page, under oath. Even humor andsarcastic remarks read like factual statementsin a transcript. Every word is there, for all tosee, for all time.What is the answer?TimeFirst, slow down and be precise.Answer each question as if you weredictating the first and only draft <strong>of</strong>an important document. (You are!)Consider each word carefully. This isextremely difficult to do. You cannotdictate a document this importantquickly, casually, or “<strong>of</strong>f the cuff.”You need to be fully prepared, andthen approach it with the right sense<strong>of</strong> pace, care, and precision.SmallLanguageSecond, be aware <strong>of</strong> the power <strong>of</strong>language. When every word is transcribedand under oath, languagetakes on an extraordinary importance,far beyond normal conversation. Then,Roachwhen two or more sides are fighting over whatthose words mean, and each is trying to usethem for their own purposes, the problemsmultiply. We must be aware <strong>of</strong>, and carefullyconsider, each word in the question. Most40 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

language issues come within three interlockingworlds: “English,” jargon, and “legalese.”“English”Open any dictionary at random, to any page,and you will see a basic truth: there are veryfew “simple” words. Most have more thanone meaning. In the heat <strong>of</strong> litigation, thosedifferences can be blown up in degree andsignificance. If the witness is not 100% clearabout how the questioner is using a word, theycannot answer the question. If they answer, thequestioner will assume their definition is theone in play.One common tactic is for questioners to tryto bully their way through language problems.Consider this exchange:Q: Who did you report to?A: Please rephrase the question.Q: What don’t you understand about myquestion?A: I’m not comfortable with “report.” Ihad consultants and investors, but“report” sounds like I’m in the Army.Q: You know what the word “report”means, don’t you?A: Well, yeah.The witness gave in to a question with theunspoken “you idiot!” at the end. Prepare thewitness by explaining that in such circumstances,the issue is not whether you’re toostupid to know what “report” means (which ishow the witness may feel); the issue is whetherthe questioner is too stupid to know that thedictionary has twenty-five different definitions<strong>of</strong> the word, and you didn’t know which one shemeant! Be sure you know, before you answer.JargonEvery pr<strong>of</strong>ession, industry, region, and endlessother categories, has its own language. Wecall it jargon. In Webster’s words, jargon is “thetechnical terminology or characteristic idiom<strong>of</strong> a special activity or group.” But like somany other words, jargon has multiple meanings.When Juror #6 hears jargon, it comesacross less as impressive technical know-how,and more like Webster’s next definition <strong>of</strong> theword: “obscure and <strong>of</strong>ten pretentious languagemarked by circumlocutions and longwords.” Witnesses need to work hard to stayaway from jargon, and to recognize when theyfall back into it, and stop to explain.“Jargon interferes withcommunication in so manyways. Jurors don’t understand it.They don’t like it and <strong>of</strong>ten feelit’s condescending. It can makethe witness seem cold anddistant, talking about humanissues in dehumanizing terms.”Jargon interferes with communicationin so many ways. Jurors don’t understand it.They don’t like it and <strong>of</strong>ten feel it’s condescending.It can make the witness seem coldand distant, talking about human issues indehumanizing terms. Lastly, its impact can g<strong>of</strong>ar beyond the words themselves: Juror #6 maymiss the next several minutes <strong>of</strong> testimony,because he is still trying to figure out thejargon, and eventually may turn <strong>of</strong>f entirely.Help your witness to understand what kind <strong>of</strong>jargon he or she speaks, and how to avoid it.“Legalese”In every case there are legal standards andconcepts that have to be broken down fromtheir confusing language, and explained inclear and simple terms. Counsel must helpthe witness understand what they are, so<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 41

they don’t stumble upon them blindly—or getlured into them unsuspectingly. Then witnessand counsel must be ready to deal with themduring testimony.The greatest language challenges comewhen a word exists in the intersection <strong>of</strong> twoor three <strong>of</strong> these separate circles, when a wordhas different meanings in English, jargon,and/or legalese. Then, it is particularly importantfor the witness to be 100% sure whichmeaning the questioner intended, or he/shecannot answer the question.One quick example: the seemingly innocuousword “manage” or “manager.” In English itcan mean a range <strong>of</strong> things, from managing abaseball team (the boss), to managing a footballteam (picking up the towels, etc., the coach isthe boss), to managing a checkbook, to managingto escape a dull party. In the jargon <strong>of</strong> somebusinesses and industries, “manager” has aparticular meaning—which may or may notmean the real “boss.” In legalese, many statelegislatures, in their wisdom, gave the corporatesecretary <strong>of</strong> an LLC the name “manager,”even though such a statutory manager mayonly be there to sign documents and have littleor nothing to do with running the business.Which meaning does the questioner mean?Remember the most important person: thecourt reporter. He/she doesn’t know what theword means, unless either the questioner orthe witness makes it clear. Insist on the discipline<strong>of</strong> clarity. ✵Dan Small (dan.small@hklaw.com) is Partner with Holland & Knightin Boston and Miami. His practice focuses on complex civil litigation,government investigations, and witness preparation. He is the author<strong>of</strong> the ABA’s manual, Preparing Witnesses (Third Edition, 2009).Robert F. Roach (robert.roach@nyu.edu) is Chief <strong>Compliance</strong> Officer<strong>of</strong> New York University in New York City and Chair <strong>of</strong> the ACC <strong>Corporate</strong><strong>Compliance</strong> and <strong>Ethics</strong> Committee.SCCE’s <strong>Compliance</strong> & <strong>Ethics</strong>Regional Conferences<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012Midwest • April 27 • Chicago, ILUpper Northeast • May 18 • New York, NYAlaska • June 15 • Anchorage, AKWest Coast • June 22 • San Francisco, CASoutheast • October 12 • Atlanta, GASouthwest • November 2 • Houston, TXwww.corporatecompliance.org/regionalSCCE Regional Conferencesprovide a forum to interactwith local compliancepr<strong>of</strong>essionals, share informationabout our compliance successesand challenges, and createeducational opportunities forcompliance pr<strong>of</strong>essionals tostrengthen the industry.42 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Kaplan’s Courtby Jeffrey M. KaplanConflicts <strong>of</strong> interest:Where law and ethics meetKaplanIhave long been fascinated by the field <strong>of</strong>conflicts <strong>of</strong> interest (COI) and last yeareven launched a blog devoted entirely tothe topic. What lies behind this interest in asubject that most “normal” individuals wouldfind depressing at best?To begin, COI is an area where,more than any other, law and ethicsmeet. Indeed, many legal fields withwhich compliance and ethics (C&E)pr<strong>of</strong>essionals routinely deal are basedentirely on COI ethical principles(as in the case <strong>of</strong> anti-corruptionlaw) or largely on these principles(as is true for fraud and insider trading law).Additionally, the realm <strong>of</strong> fiduciary duty canbe seen as the legal embodiment <strong>of</strong> ethicalstandards, as reflected in Justice BenjaminCardozo’s justly celebrated words that “[a]trustee is held to something stricter than themorals <strong>of</strong> the marketplace. Not honesty alone,but the punctilio <strong>of</strong> an honor the most sensitive,is then the standard <strong>of</strong> behavior.” 1Studying COIs helps underscore theimportance <strong>of</strong> other areas <strong>of</strong> knowledge, too,for C&E pr<strong>of</strong>essionals. One <strong>of</strong> these is psychology,and particularly, the large number<strong>of</strong> recent studies showing how seeminglyirrational many ethics-related decisions are.Specifically, “behavioral ethics” research hasdemonstrated the counterintuitive fact thatdisclosing COIs actually increases the likelihood<strong>of</strong> wrongful behavior. Yet anotherimportant area <strong>of</strong> knowledge for C&Epr<strong>of</strong>essionals is economics, and the concept<strong>of</strong> “moral hazard” (which can be seen as a“cousin” <strong>of</strong> COIs) helps illuminate the manylinks between incentives and C&E risks.“COI is an area where,more than any other,law and ethics meet.”Finally, proper handling <strong>of</strong> COIs is essentialto a healthy ethical culture which, in turn,can be viewed as “business anthropology”(although this term has other meanings, too).This is because a failure to sufficiently addressCOIs—the most common C&E problem in manycompanies—can undermine employees’ sense<strong>of</strong> “organizational justice,” thereby contributingto an overall erosion <strong>of</strong> its culture. And, to bringus full circle, increasingly the law recognizes theimportance <strong>of</strong> culture to compliance.In short, COIs embrace a broad range<strong>of</strong> knowledge concerning law, psychology,economics, and anthropology that C&E pr<strong>of</strong>essionalsneed for their work. In this sense,studying COIs provides an ongoing—andpr<strong>of</strong>essionally relevant—liberal arts education,which is why I am so fascinated by the field.(More information about all <strong>of</strong> the abovetopics can be found on the Conflict <strong>of</strong> InterestBlog—www.conflict<strong>of</strong>interestblog.com). ✵1. Meinhard v. Salmon, 164 N.E. 545 (N.Y. 1928)Jeffrey Kaplan is a Partner with Kaplan and Walker, LLP in Princeton, NJ.He can be contacted at jkaplan@kaplanwalker.com.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 43

y Frank J. NavranNuts & bolts for boards: Whatethics oversight really means»»Total independence is an unattainable goal. The best we can hope for is to continually get closer to that goal.»»Perhaps the best we can ask <strong>of</strong> boards is a “good faith effort” toward being as independent as possible.»»The level <strong>of</strong> independence on the board informs the culture <strong>of</strong> the organization, and vice versa.»»Independence is more attainable when the board aims for a operating culture that values ethics over compliance.»»You get what you measure, and assessing the effectiveness <strong>of</strong> the organizational culture requires that one ask differentquestions and apply different standards than when assessing organizational compliance.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012NavranThe demands on boards <strong>of</strong> directorsare changing, after a spate <strong>of</strong> globalethics scandals, updates to the FederalSentencing Guidelines for Organizations(FSGO), requirements from Sarbanes-Oxley(SOX), and new standards <strong>of</strong> independence.These changes address both theindividual conduct <strong>of</strong> directors andincreased responsibilities for boards,including the oversight <strong>of</strong> organizationalethics and compliance, andthe understanding and practice <strong>of</strong>what is expected and required <strong>of</strong>decision-makers if they are to meetthe organization’s standards for doingwhat is “right, fair and good.”To fulfill their new responsibilities inthe area <strong>of</strong> ethical oversight, many boardmembers find themselves directing a set <strong>of</strong>activities in an area where they have littlefamiliarity. These activities include seekingspecific information from <strong>Ethics</strong> and<strong>Compliance</strong> <strong>of</strong>fices, interpreting that information,engaging independent ethics assessors,and knowing what to look for in an independentethics assessment. As a result, manyboard members can experience a sense <strong>of</strong>exposure, uncertain if they are effectivelymeeting the requirements associated withoversight <strong>of</strong> organizational ethics.This article explores the current level <strong>of</strong>understanding as to what ethics oversightentails and highlights areas <strong>of</strong> emerging consensusand differences <strong>of</strong> opinion.IndependenceLet’s begin with a discussion <strong>of</strong> the basicissue—independence. Both regulation andpublic opinion are advocating greater “independence”among board members. Thisis commonly understood as having twomeanings:1. Reducing the number <strong>of</strong> “executive” boardmembers (i.e., members <strong>of</strong> the board whoare also active members <strong>of</strong> the executiveleadership <strong>of</strong> the organization itself), and2. Reducing the conflicts <strong>of</strong> interest boardmembers might experience in the exercise<strong>of</strong> their board duties and responsibilities.Independence is a “term <strong>of</strong> art” thattypically is used to indicate a freedom fromconflicts <strong>of</strong> interest. Conflicts <strong>of</strong> interest referto the real or perceived tension that decisionmakersexperience between what is in the bestinterest <strong>of</strong> the organization on whose behalfthey are making the decisions, and the interests<strong>of</strong> the decision-makers themselves.In the first instance (reducing the number<strong>of</strong> “executive” board members), the concernis that the board has responsibilities to hire,44 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

evaluate, compensate, and sometimes fire theCEO. Does a CEO’s presence on the board (orworse, a position as chairman <strong>of</strong> that body)conflict with the board’s obligations to acton behalf <strong>of</strong> the organization’s stakeholders,investors, and others? Does the CEO’s presenceon the board compromise the board’sintegrity or, equally legitimate, create anappearance <strong>of</strong> a compromise to the reasonableobserver?Independence is a special case <strong>of</strong> applyingthe principle <strong>of</strong> fairness. If I am to be fairin the exercise <strong>of</strong> my duties and obligations,then I ought not be influenced by the impact<strong>of</strong> my actions on my personal wants or needs.I ought to be able to make decisions as a boardmember independent <strong>of</strong> concern for WIIFM(What’s In It For Me?).Can independence be absolute?Can I ever make a decision without consideringwhat will happen to me as a result <strong>of</strong> thatdecision? In a word, no! Every business decisionany board member makes is conflicted,because it is subject to the external influence<strong>of</strong> potential personal loss or gain. If I am aboard member and choose to do X—anythingat all—and my sole basis for choosing X is thatI truly believe it to be the very best thing to d<strong>of</strong>or the company, am I free from conflict or theappearances <strong>of</strong> conflict?Perhaps not. If it is good for the companyand I am board member, doesn’t that improvethe odds that it is good for me too? If the decisionmakes the company more pr<strong>of</strong>itable,safer, more efficient, better respected, or moresuccessful by any measure, then I may be recognizedas having contributed to that success.I get to keep my board position. I continue todeserve and earn the respect <strong>of</strong> my peers. Iam acknowledged as having contributed. Myshares increase in value. All <strong>of</strong> these outcomesaccrue to me and all <strong>of</strong> them are <strong>of</strong> value tome, thus I gain from my decision.Sanford Krolick suggested in his bookEthical Decision Making Style 1 that there arefour sets <strong>of</strong> criteria that are considered everytime any member <strong>of</strong> an organization at anylevel (up to and including members <strong>of</strong> theboard) considers a business action or makes abusiness decision. To paraphrase Krolick:··Pragmatic considerations: What are thebusiness consequences <strong>of</strong> this action ordecision?··Altruistic considerations: What impactwill this action or decision have on othersor my relationship with them?··Idealistic considerations: What is the rightthing to do, as defined by the values andprinciples that apply to this situation?··Individualistic considerations: What willhappen to me as a consequence <strong>of</strong> thisaction or decision?If we focus on the individualistic, wemay argue that it is difficult (perhaps impossible)to consider any decision as whollyindependent. The argument states that inevery decision, the person acting experiencessome individual consequences. Even a whollyunselfish act <strong>of</strong> doing for others may leave aresidue <strong>of</strong> satisfaction, joy, or comfort in theperson committing the act, or may result inothers noting the action and finding it admirableor praiseworthy. A similar claim couldbe made that there is an individualistic elementin any act <strong>of</strong> idealism or pragmatism.No matter what we do, there is a personalconsequence and there may be a personalbenefit, even if wholly “internal” to thedecision-maker.If this is an accurate description <strong>of</strong>human psychology, and I believe it is, thenwe cannot escape the reality that everyaction and decision has the potential forpersonal impact. Therefore, absolute independence(e.g., 100% altruism, pragmatism,and/or idealism untainted by individualism)is a myth.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 45

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012What do we really mean by independence?If we agree that absolute independence isunattainable, then what are we left with asan ideal? Perhaps we can merely hope thatthe preponderance <strong>of</strong> the influence will be forthe greater good and that we will consciouslywork to recognize and minimize the influence<strong>of</strong> the individualistic considerations as wemake our decisions.We agree that boards <strong>of</strong> directors needto address the concern about the lack <strong>of</strong>independence <strong>of</strong> their members. If absoluteindependence is unattainable, what should wedemand <strong>of</strong> our boards? I suggest the best wecan ask is “good faith.”Is good faith the most we ought to aspireto? It is enough that the decision-maker merelysubordinates the individualistic considerations(What’s in it for me?) to the pragmatic (Whatis best for the company?), the altruistic (Whatis best for the company’s stakeholders, shareowners, employees, customers, suppliers, etc.?)and idealistic (What is the right thing to doaccording to the applicable values and principles?).Given the inability to ensure absoluteabsence <strong>of</strong> conflicted interests within a board,I suggest that good faith may truly be the bestwe can expect. Appropriate board structuresand the nurturing <strong>of</strong> an ethical culture withinthe organization and the board can reinforcegood faith.Board ethics structuresHow might the board structure itselfregarding organizational and board ethicsresponsibilities?··Who should be on the ethics committee?··What should that committee do?··Who oversees the ethics committee?··Where does the ethics committee go whenthey have a question?These questions do not lend themselves topat answers. Rather they present opportunitiesfor the board to engage in thoughtful refectionas to how this board might best address itsethics oversight obligations. In those deliberations,there are several things the board mightconsider.What can directors do to ensure an ethicalorganizational culture?Perhaps the most powerful tool available toboards is an independent ethics assessment.What is an ethics assessment? What are theoptions, and what are the advantages and disadvantages<strong>of</strong> those options?<strong>Ethics</strong> assessments are perhaps the mostaccessible means <strong>of</strong> entry into the ethics consultingarena for those who wish to <strong>of</strong>ferethics-related services to their clientele. This isespecially true for accounting firms that maysee an ethics assessment as a natural extension<strong>of</strong> a financial audit, because many timesethical irregularities are unearthed whenconducting a routine audit <strong>of</strong> a client’s books.This interest in ethics assessments is peakingin light <strong>of</strong> recent changes to the FederalSentencing Guidelines for Organizations andthe continuing impact <strong>of</strong> Sarbanes-Oxley.The least comprehensive ethics assessmentis the compliance assessment. This is theprocess whereby the assessor determines thedegree to which one’s ethics program meetsthe standards set forth in applicable law, regulation,and policy, and the degree to whichorganizational and individual behavior satisfiesthe requirements <strong>of</strong> that program.Toward the middle <strong>of</strong> the spectrum, culturalassessments explore how employeesand other stakeholders perceive the standardsand behavior <strong>of</strong> the organization. They assessthe priorities and ethical effectiveness <strong>of</strong>individuals, groups, and units as well as theorganization as a whole.The other extreme <strong>of</strong> the assessment continuumis the systems assessment. In thisprocess, one assesses compliance and cultureas part <strong>of</strong> a bigger whole; the degree to46 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

highly individualized. Leaders may find thatthey have removed the specific actor, but havedone little to alter the forces which motivatedthe undesirable act.which the ethical principles, guidelines, andprocesses <strong>of</strong> the organization are integratedwithin the organizational system.There are innumerable variations inbetween the two extremes, and each type <strong>of</strong>assessment is progressively more complex and<strong>of</strong>fers the client a set <strong>of</strong> data which is morecomprehensive. There is nothing wrong withany <strong>of</strong> them. Each serves a different purpose.What is wrong is when clients’ needs arenot served because they have received thewrong assessment for their desired outcomes.If, for example, the client organization has anexisting program to prevent and detect ethicsviolations and merely wishes to ensure that theprogram satisfies the requirements specifiedin the current iteration <strong>of</strong> Federal SentencingGuidelines for ethics violations, then a complianceassessment is an appropriate response.If the client suspects intentional orunintentional wrongdoing and wants tounderstand why it is occurring, then a culturalor systems assessment may be a better choice.One limitation <strong>of</strong> the compliance-orientedapproach is the difficulty managers may haverecognizing themselves in the findings andaccepting responsibility. <strong>Compliance</strong> assessmentsare narrowly focused and representa high degree <strong>of</strong> vulnerability to anyoneidentified as “out <strong>of</strong> compliance.” Thus,many leaders go to great lengths to distancethemselves from these types <strong>of</strong> findings.Interestingly, an organization’s first responseto negative findings is <strong>of</strong>ten punitive andGoing beyond complianceIf the organization wants to address the rootcauses <strong>of</strong> unethical behavior, then a systemsassessment may be the more effective alternative.For some, a compliance assessment maybe all that they know to ask for. These managersmay not appreciate what else might beaccomplished through a culture- or systemsfocusedethics assessment. Their assessor,especially if that service provider is a legalor financial pr<strong>of</strong>essional, also may not knowwhat to <strong>of</strong>fer, or have the wherewithal toprovide a more comprehensive and/or appropriateethics assessment alternative.There are two traditional ways to gobeyond a check on organizational and individualcompliance: the cultural assessment andthe systems assessment.Cultural assessments have been usedextensively by management consultants overthe years. They assess perceptions and identifyissues relating to how specific groups<strong>of</strong> stakeholders view targeted aspects <strong>of</strong> anorganization, such as leader effectiveness,decision-making, and change management.Their inherent limitation is that they, like thecompliance assessment, do not identify underlyingcauses.Several years ago, some managementconsulting firms that had become involvedin ethics management, including NavranAssociates, saw the value <strong>of</strong> applying “systems”methodology to ethics questions (e.g.,employee perceptions <strong>of</strong> leader integrity, theeffectiveness <strong>of</strong> ethics policies, confidencein ethics systems, and the effectiveness <strong>of</strong>employee hotlines in informing and changingbehaviors) as a supplement to complianceassessments.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 47

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012Systems assessments uncovered wholenew sets <strong>of</strong> data, very different from thatavailable through compliance assessments.Managers, accustomed to other culture assessments,were comfortable with the way the datawere presented and understood their responsibilityfor addressing the issues raised. Thesedata were <strong>of</strong>ten viewed as less threateningthan the findings <strong>of</strong> compliance assessments.They <strong>of</strong>ten pointed to widespread patterns <strong>of</strong>behavior within the organization and raisedbroader issues <strong>of</strong> how the cause <strong>of</strong> the behaviormight be identified and altered to changefuture results. Thus, systems-oriented ethicsassessments were more likely to produce thedesired change over the long run.Where other assessments were <strong>of</strong>tenlimited and narrowly focused, systems assessmentsviewed the organization as a whole andexamined the interconnectedness <strong>of</strong> the ethicsissues within that system, and between thatsystem and critical elements <strong>of</strong> the environmentwithin which it operates. Systems-basedethics assessments, at a minimum, typicallyexamine the relationships within and betweenthese thirteen components:··Mission—the perceived purpose <strong>of</strong> theorganization. What is its reason for being?··Vision—the perceived ultimate futurestate <strong>of</strong> the organization. What will theworld look like if the organization successfullyfulfills its purpose?··Values—the underlying principles and theoperating definition <strong>of</strong> what is right, fair,and good as it applies to this organization.··Environment—the ethical alignmentbetween the organization and stakeholdersexisting outside the organization: customers,suppliers, competitors, unions, regulators—every external entity that has a stake in theorganization or effects its operations.··Resources—how tangible and intangibleresources enable or limit the organization’sability to pursue its mission within its predefinedethical boundaries.··History—how the organization’s historyshapes or limits its ability to operate,per its stated values, in the pursuit <strong>of</strong> itsgoals.··Strategic goals—the ethical issues associatedwith setting and attaining strategicgoals and how congruent those goals arewith the organization’s vision and values.··Strategic plans—how the organizationgoes about attaining its strategic goals andthe ethics issues raised by those plans.··Task definition—how the organizationdefines its work and the ethical implications<strong>of</strong> both preparing employees to dothe work and the inherent rewards theyderive from doing it.··Formal systems—any ethical issuesinherent in conformance to the formalorganizational systems, such as policies,procedures, rules, and regulations.··Informal systems—any ethical issuesinherent in conformance to the informal,especially leader-based or peer groupbasedsystems.··Individuals—the values and principlesmotivating individuals within the workforceand how well those values match thestated values <strong>of</strong> the organization.··Feedback—how the organization learnsfrom its experience and the impact <strong>of</strong>learning (or not learning) on the ethicalgrowth and maturity <strong>of</strong> the organizationand its employees.As we examine traditional rules-orientedassessments and more systemic ethics-focusedassessments, we can note some significantdifferences.48 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Table 1: Differences between traditional assessments and ethics assessments.Assessment Characteristic Traditional (Regulatory) Assessment <strong>Ethics</strong> AssessmentObjectives <strong>Compliance</strong> with required standards <strong>Compliance</strong> status as well as insights into values/principles‐based culture and norms.Assessor qualifications Qualified assessor with content expertise(e.g., laws, rules, regulations)Qualified assessor with content expertise and supplemental“process” expertise (e.g. OD*, OE*, Change Management)Assessment approachAssessment observationsFollow-up requirementsChecklist <strong>of</strong> items that correspond toregulatory requirementsNon-compliance observations (i.e.,deficiencies)Ensure corrective actions are taken toaddress identified deficienciesChecklist <strong>of</strong> items as well as open-ended questions thatinvestigate context and how that context was created/maintainedNoncompliance issues as well as OD/OE observations <strong>of</strong>“ethics” process effectiveness, employee perceptions, andrelated concernsEnsure corrective actions are taken to address identifieddeficiencies, as well as collaboration to ensure that the clientknows how to address the noncompliance observations (e.g.,assistance in drafting RFPs* if external assistance is beingsought, because bad RFPs lead to bad projects)*OD=Organizational Development; OE=Organizational Effectiveness; RFP=Request for ProposalIt should also be noted that not all “ethics assessments” are created equal. There is a continuum<strong>of</strong> sorts between a minimal ethics assessment and a truly comprehensive ethics assessment. Thefollowing table illustrates what some <strong>of</strong> those differences might look like. It is not a question <strong>of</strong> themore comprehensive one being inherently “better.” Rather, the operating question is, “What level <strong>of</strong>detail best fit the needs <strong>of</strong> the organization?” with “fit” being very much a “systems” concept.Table 2: Differences between types <strong>of</strong> ethics assessmentsLess comprehensive ethics assessmentThe goal is typically to gain insight into the ethical status quo andgauge potential support for or resistance to any contemplatedchange.The questions being addressed are typically defined, at least inpart, by the leadership <strong>of</strong> the organization, and can be used tosimply paint a picture <strong>of</strong> the current state, provide baseline datauseful in creating a new ethics initiative, or assess progress <strong>of</strong> anexisting initiative.The methodologies would characteristically include key personinterviews, focus groups, some form <strong>of</strong> employee/stakeholdersurvey, and a review <strong>of</strong> organizational documents.The criteria are adapted to the goals <strong>of</strong> the organization (e.g.,compliance with external standards and perhaps a narrow focuson one element <strong>of</strong> an organization’s current ethical culture).The output is a written report <strong>of</strong> findings, conclusions, andrecommendations supplemented with an executive briefing.The recommendations, with rare exceptions, are non-binding.More comprehensive ethics assessmentThe goal is to provide a defensible evaluation <strong>of</strong> the organization’scurrent effectiveness in meeting certain previously agreed-to ethicsand compliance standards, as well as the presence <strong>of</strong> certainobservable structural elements, their perceived effectiveness, andtheir impact on the organizations continuing development.The questions being answered are both standardized(e.g., presence and impact <strong>of</strong> the various components <strong>of</strong> an“effective” program as defined within the FSGO), supplementedwith organization-specific questions regarding ethics systemseffectiveness and utility.The methodologies are the same as in an assessment (key personinterviews, focus groups, some form <strong>of</strong> employee/stakeholdersurvey, and a review <strong>of</strong> organizational documents). Both the depthand breadth <strong>of</strong> the components are greater.The criteria against which the organization is measured far exceedcompliance issues. One example is inclusion <strong>of</strong> questions related tostandardized instruments (e.g., ERC’s NBES*) that explore attitudesregarding elements <strong>of</strong> the ethical culture.The output is a written report <strong>of</strong> findings, conclusions, andrecommendations supplemented with an executive briefing.The recommendations, with rare exceptions, are at leastsomewhat binding. Rejection <strong>of</strong> a finding would be for cause, notjust managerial prerogative. Organizations would need a defensiblejustification for ignoring the findings and/or recommendations.*ERC’s NBES = <strong>Ethics</strong> Resource Center’s National Business <strong>Ethics</strong> Survey<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 49

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012Possible oversight roles for an ethics committeeIf we assume that there is an effective ethicsmanagement function within the organization,then the <strong>Ethics</strong> Committee <strong>of</strong> the Board wouldhave oversight responsibility to ensure compliancewith the organization’s standards andprocedures. Some oversight roles might be:1. Contribute to the continuing definition <strong>of</strong>the organization’s ethics and compliancestandards and procedures.2. Oversee responsibility for overall compliancewith those standards and procedures.3. Oversee the use <strong>of</strong> due care in delegatingdiscretionary responsibility.4. Oversee communication <strong>of</strong> the organization’sethics and compliance standards andprocedures, ensuring the effectiveness <strong>of</strong>that communication.5. Monitor and oversee the regular assessment<strong>of</strong> the impact <strong>of</strong> the ethics andcompliance function on the organization’sethical culture.6. Oversee enforcement, including the assurancethat standards are uniformly appliedand discipline is uniformly utilized.7. Take the steps necessary to ensure that theorganization learns from its experiences.8. Ensure that the above are regularlyassessed by an “independent” assessor.But an ethics committee, whether operatingat the board level or as an operational committeereporting to the board, can do much more.The committee can be charged to ensure thatthe organization exceeds the requirements foran effective ethics management process. Foreach <strong>of</strong> the above arenas <strong>of</strong> responsibility, theremay be several specific roles.Contribute to the continuing definition <strong>of</strong>the organization’s ethics and compliancestandards and procedures.··Determine which areas <strong>of</strong> operationrequire standards and procedures.··Review existing standards and proceduresfor completeness and utility.··Use information gleaned from employeeand member reporting and clarificationprocesses (e.g., employee hotlines, independentethics audits) to stimulate standardsand procedures revisions.··Review employee and member surveydata to determine where revisions toorganizational standards and proceduresare called for.··Assign responsible functions the task <strong>of</strong>redefining the organization’s positionvia a new or revised set <strong>of</strong> standards andprocedures.··Recommend methods for more effectivelycommunicating standards and proceduresto ensure they are understood andaccepted by employees and others.··Recommend the management behavior(s)needed to reinforce the standards andprocedures.Assume oversight responsibility for overallcompliance with those ethics and compliancestandards and procedures.··Take the position that the committee is theresponsible authority for ethics compliancein its area <strong>of</strong> jurisdiction.··Be the final voice concerning interpretationsregarding the organization’s ethicsand compliance standards and procedures.··Make recommendations on improving theexisting compliance mechanisms.··Oversee the use <strong>of</strong> due care in delegatingdiscretionary responsibility.Oversee the use <strong>of</strong> due care in delegatingdiscretionary responsibility.··Define how the organization will balancethe rights <strong>of</strong> the individual applicant/employee/member and the organization’sneed to avoid increasing the risk <strong>of</strong> a50 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

future violation that comes with placing aknown or suspected violator in a position<strong>of</strong> discretionary responsibility.··Oversee the background investigations <strong>of</strong>applicants/employees/members who arebeing considered for positions <strong>of</strong> discretionaryresponsibility.Communicate the organization’s standardsand procedures, ensuring the effectiveness<strong>of</strong> that communication.··Determine the mechanisms for communicatingthe organization’s ethical standardsand procedures.··Develop and distribute appropriate documentsand/or underwrite training, toensure that all employees know andunderstand the standards and procedures.··Develop mechanisms, such as needs analyses,to identify employees’ or members’areas <strong>of</strong> concern or confusion.··Coordinate policies to ensure that the messagescontained in them are not in conflictwith one another.··Recognizing that communication is twoway,determine mechanisms for solicitingstakeholder input into how standards andprocedures are defined and enforced.··Develop certification mechanisms toensure that the organization has evidencethat each employee has received the appropriateinformation and understands thestandards and procedures they describe.··Create mechanisms (such as ombudsman<strong>of</strong>fices or employee hotlines) t<strong>of</strong>acilitate employees receiving “safe”guidance and/or policy interpretationand to ensure each employee’s access to a“safe” mechanism for reporting suspectedwrongdoing.··Determine what training is necessary foroptimum compliance levels with the publishedstandards and procedures.Monitor and assess compliance.··Develop the internal control mechanismsnecessary to demonstrate individual andorganizational compliance with the publishedstandards and procedures.··Develop mechanisms to demonstrate theeffectiveness and reliability <strong>of</strong> the internalcontrols.··Develop mechanisms to assess the compliance-relatedrisks associated with theorganization’s strategic and operationalgoals, objectives, and plans.··Develop mechanisms to ensure that formalizedmeasurements and rewards donot motivate noncompliance with the organization’sstandards and procedures.··Develop and support whatever additionalreporting mechanisms are deemed necessaryto effectively monitor and assesscompliance with the organization’s standardsand procedures.Oversee enforcement, including the assurancethat discipline is uniformly applied.··Develop mechanisms to ensure consistentdisciplinary responses for essentially similarviolations (i.e., ensure that there are notdifferent standards applied for differentemployees based on position, performance,function, etc.).<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 51

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012··Ensure that disciplinary provisions existfor both those who violate the standardsand procedures and those who knowinglyignore such violations.Take the steps necessary to ensure that theorganization learns from its experiences.··Develop the mechanisms necessary toidentify why misunderstandings and/orviolations occur and to ensure that thelessons learned are systematically appliedto reduce the probability that similarquestions/actions would recur.··Follow-up on recommendations made toimprove compliance mechanisms.Other roles and responsibilitiesThe use <strong>of</strong> ethics committees for executiveand/or administrative oversight <strong>of</strong> the variousethics effectiveness and ethics managementprocesses is widespread but, in some cases, theethics committee is also being required to performfunctions that are at odds with the areas<strong>of</strong> responsibility shown above.<strong>Ethics</strong> committees rightly serve an executiveoversight and leadership role. That roleshould not be compromised by having thecommittee responsible for the investigation<strong>of</strong> alleged wrongdoing or the definition <strong>of</strong>specific disciplinary responses in individualcases. This confuses the issue. Responsibilityfor oversight should be free from the prejudicesassociated with operations. The ethicscommittee should be the advocate for effectiveethics management processes, nothingmore. It best represents the organization’sand employees’ interests by ensuring that theethics management systems are effective andmeet the requirements <strong>of</strong> applicable law andguidelines.It would be inappropriate for an ethicscommittee to be involved in fact findingand/or discipline regarding alleged or provenethics violations. That role puts them in the“<strong>Ethics</strong> managementprocesses work best whenemployees/membersbelieve that thoseprocesses are neutral,and the fairness andimpartiality in the processis not compromised.”position <strong>of</strong> being the facilitators <strong>of</strong> policy, theinvestigators <strong>of</strong> specific circumstances, and thedispensers <strong>of</strong> punishment.The biggest concern is not the committeeemployees’ or members’ ability to handlethe multiplicity <strong>of</strong> functions. Rather, it is theimpact that such a multiplicity may have onthe perceptions <strong>of</strong> employees or members whomight shy away from using available ethicsresources because <strong>of</strong> a perceived conflict <strong>of</strong>interest between the roles <strong>of</strong> executive oversight,policy interpretation, advocacy for theemployee or member, and advocacy for theorganization.<strong>Ethics</strong> management processes work bestwhen employees/members believe that thoseprocesses are neutral, and the fairness andimpartiality in the process is not compromised.Active participation in the day-to-daymanagement and implementation <strong>of</strong> ethicsprocesses takes the ethics committee out <strong>of</strong>the role <strong>of</strong> overseer and makes them the managers<strong>of</strong> the ethics functions. This is akin tohaving the comptroller also be the auditor.There is too great a potential for independenceand impartiality to be sacrificed for it to beendorsed as a preferred practice.Although the ideal may be to distance theethics committee from day-to-day operations,that may not be feasible. If the ethics committeeis to provide oversight and operationalmanagement, that becomes a strong argument52 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

for regular ethics effectiveness assessmentsfrom an independent third party. Assessmentscome in all shapes and sizes. The closer theethics committee is to daily operations, themore comprehensive the independent assessmentshould be.In summary, ethics committees can meetthe requirements <strong>of</strong> the Federal SentencingGuidelines for high-level responsibility foreffective ethics oversight. They can serve amultitude <strong>of</strong> roles and responsibilities, butspecial care must be taken when those roleinclude the day-to-day operation <strong>of</strong> the ethicsmanagement processes. Such care will ensureemployee/member confidence in the organization’scommitment to independence andimpartiality in decision making.ConclusionNot every ethics assessment should be a systemsassessment. There is a time and placefor compliance and culture assessments, butwe should never forget that organizations arecomplex systems made up <strong>of</strong> interconnectedparts and are themselves part <strong>of</strong> larger, morecomplex systems, industries, and society.Often, to understand systems requires a systemicapproach.When the issue is change—fundamentaland ethically consistent change—the systemsassessment provides the decision-makers andchange leaders with the breadth and depth<strong>of</strong> information needed to make that changehappen and endure. The systems assessmentis the tool for today, when organizations areundergoing fundamental change in what theydo and how they do it, but are choosing tohold on to their core values, principles, andethics, and where the ultimate goal is the moreethical organization.As more and more vendors get into thisfield, it may be useful to the reader to recognizethat not every assessment measures thesame things or provides the same value tothose who read its results. An effective assessmentought to define:1. What data ought the <strong>Ethics</strong> <strong>of</strong>fice/functionbe required to provide to the board?2. What do those data mean? (e.g., How manycalls to the ethics line is a “good” number?)a. Where possible, current practices willbe identified and critiqued.b. Available options, including emerging“best practices” (where such exist) willbe discussed.c. An approach will be described thatguides board members in the determination<strong>of</strong> how best to address theirspecific ethics oversight issues andneeds.d. Based on this presentation, it isexpected that board members can beincreasingly confident that they willmeet mandated requirements for ethicsoversight. Furthermore, they can beassured that they are reducing theirpersonal exposure while contributingto the realization <strong>of</strong> higher levels <strong>of</strong>organizational ethics.This document and the recommendationsit presents are but a beginning to buildingboard member confidence, reducing a board’ssense <strong>of</strong> exposure, and providing individualboard members with the confidence that theyare meeting the requirements associated withthe oversight <strong>of</strong> organizational ethics. It representsa start <strong>of</strong> what is truly needed for boardsto effectively fulfill their fiduciary and legalobligations regarding organizational ethicsby providing a conceptual framework anda shared vocabulary necessary for ongoingdialog. ✵1. Sanford Krolick: Ethical Decision-Making Style, Survey andInterpretative Notes. 1987, Addison Wesley. ISBN 0-201-16412-4Frank J. Navran is the Founder and Principal Consultant <strong>of</strong> NavranAssociates. Frank has worked with clients in more than twenty countriesand has authored five books and more than two hundred articles andbook chapters. He may be contacted at frank@navran.com, or for moreinformation, www.navran.com.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 53

CongratulationsNew CCEP © designeesAchieving certification required a diligent effort by these individuals.CCEP © certification denotes a pr<strong>of</strong>essional with sufficient knowledge<strong>of</strong> relevant regulations and expertise in compliance processes to assistcorporate industries in understanding and addressing legal obligations.Certified individuals promote organizational integrity through thedevelopment and operation <strong>of</strong> effective compliance programs.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012··Keyhan Afaghi··Kevin Anderson··Rachel Batykefer··La Tricia Blackburn··Tiffani Bragg··Ellen Brandt··Sabrina Brutus··Diane Burger··Susana Caballero··Joseph Campbell··Lori C<strong>of</strong>fman··Pamela Deboer··Olufemi Dekalu-Thomas··Dave Dixon··Vu Do··David Douglass··Thomas Flint··Robert Frisbee··Elizabeth Gilbert··Carrissa Gonzales··Steven Gregory··Joseph Guagliardo··Thomas Hardin··Lucy Hernandez Delgado··Gregory Hodge··Patrick Hogenbirk··Bill Jones··Jim Kern··Debora Kohan··John Kotlarczyk Jr.··Gerilyn Kusnierek··Robert Leblanc··Sabrina Leite··Roxanne Loomis··John Lossing··Vicki Marsee··Krista Mathews··Steve McFarlane··James McKillop··John Monzone··Ellis Murtha··Juan Musso··Krista Muszak··Felipe Pereira··Gabriela Perez··Louis Perold··Anna Peterson··Susan Pierce··Giovanni Porcelli··Melissa Pretlow··Virginia Ramirez··Catherine Ruster··Michael Sachs··Gordon Scott··Makisa Sherry··Bradley Siciliano··Sarah Sims··Naraiana Souza··Barbara Stein··Tina Stinson-Dacruz··Barbara Stockman··Ana Carolina Szytman··Dee Taylor··Jackie Thomas··Tina Tolliver··Carlos Ubieto Quan··Randy Watanabe··Douglas Webb··John Williamson··Shawn Wilson··Eric Wilson··Cheryl Winter··Russell Woods··Monty Wu··Deborah Ziegler··John ZinkThe <strong>Compliance</strong> Certification Board <strong>of</strong>fers you theopportunity to take the Certified <strong>Compliance</strong> and<strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> (CCEP) © certification exam.Please contact us at ccb@corporatecompliance.org,call +1 952 933 4977 or 888 277 4977, or visitwww.corporatecompliance.org/ccep54 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

y Charles ThomasMultinationalsand due diligence:What are the red flags?»»Failure to comply with regulations like FCPA can cost companies millions.»»Due diligence processes help companies avoid risk and make informed decisions.»»Due diligence is about building trust and strong relationships.»»As companies implement due diligence processes, they will encounter “red flags.”»»It’s important to examine red flags carefully—they may be false positives.ThomasDue diligence is supposed to inspiretrust in the business relationshipsthat companies rely on. And yet,nearly half <strong>of</strong> companies with due diligenceprograms in place also report they lack confidencein the process, according to Dow Jones’State <strong>of</strong> Anti-Corruption <strong>Compliance</strong>Survey 2011. 1 That’s no way to dobusiness—not in a global economywhere international operations representboth opportunity and risk.The UK Bribery Act, which cameinto effect in July 2011, adds a new layer<strong>of</strong> complexity to an already confusingminefield <strong>of</strong> regulation and jurisdiction.Failure to comply with it or with the USForeign Corrupt Practices Act (FCPA) could costcompanies millions <strong>of</strong> dollars and could evenland senior executives in jail. On the reverseside, proper due diligence allows a company toavoid risk. According to the Dow Jones survey,more than half <strong>of</strong> companies have delayed oravoided working with global business partnersbecause <strong>of</strong> concerns about corruption.Due diligence and the prevention <strong>of</strong> briberyDue diligence is a term used for a number <strong>of</strong> conceptsinvolving the investigation <strong>of</strong> a person orentity prior to the signing <strong>of</strong> a contract or a specificact. Due diligence programs should be morethan just impressions formed in internal conferencerooms. Due diligence should be a dedicatedprocess that allows companies to make decisionsbased upon reliable, actionable information.The Bribery Act Guidance issued by theUK Ministry <strong>of</strong> Justice in 2011 outlines six keyprinciples 2 that companies need to refer towhen undertaking procedures to prevent bribery,both within their organization and by thepeople who operate on their behalf. In brief,the principles are:··Proportionality. Companies need to assessthe bribery risks they face and the size <strong>of</strong>their business. This will help to influencewhat steps are taken, including in the field<strong>of</strong> due diligence.··Top-level commitment. Companies needto show through their actions that theywill not tolerate infractions <strong>of</strong> any kind.··Risk assessment. Any company that isat risk from corruption needs to researchthe markets it operates in and the peopleinvolved with the company.··Due diligence. This includes any investigationcovering agents, employees,partners, or others associated with a deal.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 55

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012··Communication. Companies need toexplain policies and procedures to staffand others.··Monitoring and review. Policies, procedures,assessments, and due diligenceshould be kept up to date and checked onperiodically.Red flagsAs companies implement their due diligenceprocesses, they’ll likely encounter one or more“red flags” that might divert their attention oreven impede their progress. Below are some <strong>of</strong>the common issues and suggested techniquesto address them.··Too much information on the Web.Consider adapting your search parameters,getting a team involved, or contracting theresearch to a firm with specialist researchcapabilities.··Too many people with the same name.Again, adapt the search strategy, get extraidentifiers, or use a pr<strong>of</strong>essional firm. Adatabase that allows for name variations isalso very useful.··No results. There are a few possibleoptions here: (1) The person has left a verylow public pr<strong>of</strong>ile and there are no negativeissues relating to him/her; (2) The individualhas altered or concealed his/heridentity; and (3) You have incorrect details.Ask the individual under examination toconfirm personal and business information.It could be a major red flag if searchresults don’t produce anything <strong>of</strong> value.··Similar name with a red flag. If the nameis common, this may or may not indicate aproblem. Consult with an expert to checkthe identifiers you have in place.··The subject is on a sanctions list, or hascommitted a crime, or there are allegations<strong>of</strong> a crime. A red flag might be abig issue or it might be an error—a false“It’s important to takeaway that, on furtherexamination, these redflags may turn out to befalse positives. Reportsmay relate to anotherperson, for example.”positive. Have the result reviewed andconsider further checks.··The subject has a long, complex history.A high-pr<strong>of</strong>ile individual or firm mayhave many red flags, some <strong>of</strong> which canbe explained by media errors or politics.If you want to proceed, you will almostcertainly have to use a higher level <strong>of</strong> duediligence and possibly make some difficultjudgment calls.··The subject has no significant problems,but has a history with colleagues/partners.Often, a subject will claim (or a publicrecord will indicate) that an individual orfirm was linked to someone who encounteredan issue, but held no blame. This willprobably require more in-depth investigationand assessment. Dealing with red flagsrequires discretion, diplomacy, legal compliance,and business sense.It’s important to take away that, on furtherexamination, these red flags may turnout to be false positives. Reports may relate toanother person, for example. In other cases,results will be correct, but the information canbe set aside for further investigation, if necessary.For example, if the subject was the client<strong>of</strong> a financial institution that had fraud problems,but there is no suggestion the subjectwas anything but a victim.Last, sometimes the evidence maybe strong enough to justify ending the56 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

Become a Certified<strong>Compliance</strong> & <strong>Ethics</strong><strong>Pr<strong>of</strong>essional</strong> (CCEP) ®Broaden your pr<strong>of</strong>essional qualificationsIncrease your value to your employerGain expertise in the fast-evolvingcompliance fieldThere’s never been a tougher or better time to bea part <strong>of</strong> the compliance and ethics pr<strong>of</strong>ession.Budgets are tight, governments around the worldare looking to add new regulations, public trust inbusiness is low, and employees are tempted to cutcorners.As a Certified <strong>Compliance</strong> and <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong>(CCEP) ® you’ll be able to demonstrate your abilityto meet the challenges <strong>of</strong> these times and have theknowledge you need to help move your programand your career forward.Learn more about what it takes to earn the CCEP ®at www.corporatecompliance.org/ccepHear from your peersGayle L. Macias, MBA, CCEP, CGMS, SeniorDirector, <strong>Corporate</strong> <strong>Compliance</strong>, Office <strong>of</strong>Accountability, <strong>Compliance</strong> and <strong>Ethics</strong> (ACE),Audit & Risk Management/SST1) Why did you decide to get certified?Nearly two years ago, our board and senior leadershipdecided to develop a formal corporate complianceprogram and asked if I had any interest inassisting in the design and implementation phasefor a 6 to 18 month “secondment.” I was asked toconsider the assignment, given my background inthe Legal department supporting government grantcompliance. Our VP <strong>of</strong> Audit and Risk ManagementServices recommended the SCCE CCEP as a wayto gather the information and skills necessary to besuccessful. The organization supported me in thecertification process in November 2009, and as theysay, the rest is history! Within the first 6 months<strong>of</strong> the secondment, I was “hooked” and when theactual position was posted, I applied. I am currentlythe Senior Director <strong>of</strong> The Office <strong>of</strong> Accountability,<strong>Compliance</strong>, and <strong>Ethics</strong> for World Vision, Inc.2) Has obtaining the CCEP certificationhelped you? If so, in what ways?Yes, very much so. The materials, information(e.g. The Complete <strong>Compliance</strong> and <strong>Ethics</strong> Manual,books, and other resources) as well as the excellentinstruction provided at the Academy have assistedme in the customization <strong>of</strong> a corporate complianceand ethics program for my organization. Certificationshows a true commitment to the pr<strong>of</strong>ession anda way to embrace a specific body <strong>of</strong> knowledge.In addition, the CCEP certification provides a way<strong>of</strong> showing a level <strong>of</strong> expertise and respect fromcolleagues, as well as other pr<strong>of</strong>essionals in thepr<strong>of</strong>ession. In addition, in order to retain certification,pr<strong>of</strong>essional development is a must—it keepsyou up to date and knowledgeable by meeting thebiannual CPE requirements.3) Would you recommend that your peersget certified?Certainly! I don’t know how anyone can design, develop,implement, and keep such a program currentand relevant without a strong foundation and network<strong>of</strong> other pr<strong>of</strong>essionals to draw from. In today’sworld, pr<strong>of</strong>essional certification is a valuable asset,both for the individual, as well as their organization!

y Thomas W. KirbyComputers and copyrights:A continuing source <strong>of</strong>avoidable liability»»When employees share copyrighted materials, employers can take a huge hit—sometimes millions <strong>of</strong> dollarsfor something as simple as passing around an electronic newsletter to a few colleagues.»»Not all copyright cases settle.»»Under the “statutory damages” provision <strong>of</strong> the Copyright Act, a court is not limited by actual damages,but may award up to $150,000 in statutory damages for each work the defendant has willfully infringed.»»Courts are not shy about using the power <strong>of</strong> imposing statutory damages.»»Relatively simple best practices can greatly diminish your exposure.KirbyKindergarten teaches us to share, andcomputers make sharing quick andeasy. But when employees sharecopyrighted materials, employers can take ahuge hit—sometimes millions <strong>of</strong> dollars forsomething as simple as passing around anelectronic newsletter to a few colleagues.Let me give a few examplesfrom my recent experience representingelectronic newsletter publishers.The names are confidential (at leastin part because <strong>of</strong> the embarrassmentthat can be caused by companies’ violations<strong>of</strong> the law and <strong>of</strong> the rights <strong>of</strong>others), but here are the basic facts:··Specialized lawyers in a national firm gotimpatient passing along a single paper copy<strong>of</strong> a newsletter and began forwarding theelectronic version simultaneously to thegroup. The firm settled quickly for well overa million dollars.··The founder <strong>of</strong> a modest family businessstarted grooming his two adult childrento take over. As part <strong>of</strong> their education, hebegan emailing them copies <strong>of</strong> his industrynewsletter. The firm settled for almost half amillion dollars.··A communications executive began forwardingan electronic newsletter to othersenior executives. The firm settled for a milliondollars.··Employees in a large real estate firm foundseveral newsletters useful and beganforwarding them to colleagues. The firmsettled for almost two million dollars.··The manager <strong>of</strong> a small consumer sales divisionforwarded a specialty newsletter to thepresidents <strong>of</strong> the division and the parent companyto help them understand how the fieldwas developing. After paying an estimatedmillion dollars in defense costs to its lawyers,the company also paid a $500,000 settlement.Of course not all copyright cases settle.Legg Mason 1 elected to litigate in defense <strong>of</strong> theactivities <strong>of</strong> research employees who had posteda subscription to Lowry’s Financial Reportson the firm Intranet and otherwise passed itaround. Legg Mason claimed my client’s actuallosses were tiny, but the jury awarded nearly$20 million in statutory damages.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 59

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012“It is important toremember that eachissue <strong>of</strong> a publication isa separate work entitledto a separate award <strong>of</strong>statutory damages.”My practice mainly involves representingelectronic newsletters, but a wide variety <strong>of</strong>works can give rise to serious copyright liability.For example, in one recent case an insurancebroker was found to have secretly copied a rival’sbusiness materials to make a series <strong>of</strong> successfulbusiness proposals. Instead <strong>of</strong> statutory damages,the plaintiff demanded the pr<strong>of</strong>its earnedby this infringement, plus interest covering thedecades before the infringement was discovered.Tens <strong>of</strong> millions <strong>of</strong> dollars were awarded.Another case involved copies <strong>of</strong> instructionsand advertising for storm windows. Theinfringers were former authorized distributors.Their failure to make a defense resultedin a default that was held to establish willfulinfringement. The court held that two registeredworks had been infringed and awarded$31,000 per work in statutory damages.These numbers are high because <strong>of</strong> a specialremedy in the law to implement the strongpublic policy in support <strong>of</strong> copyright compliance.Under the “statutory damages” provision<strong>of</strong> the Copyright Act, a court is not limited byactual damages, but may award up to $150,000in statutory damages for each work the defendanthas willfully infringed. For non-willfulinfringement, the law identifies a range <strong>of</strong>statutory damages, depending on the circumstances,<strong>of</strong> up to $30,000 per work (with a floor<strong>of</strong> $750 per work in most circumstances).In addition, a winning plaintiff may alsobe awarded its legal fees in bringing thecase. The public policy underlying statutorydamages reflects the reality that it is extremelydifficult for a plaintiff to see copyrightinfringements in most cases, because theyhappen behind closed doors; thus, when aninfringement is discovered (sometimes by accident,sometimes through whistleblowers, andsometimes in other ways), through this seriousremedy the law wants to ensure that copyrightholders do not lose the incentive provided bycopyright to create and distribute new worksmerely because <strong>of</strong> infringers’ secrecy.Courts are not shy about using the power<strong>of</strong> imposing statutory damages. I recentlydid a simple computer search for 2008–2011cases reporting copyright statutory damagesawarded by juries. I found about a dozensuch cases, involving all sorts <strong>of</strong> copyrightedworks. In two cases the juries had awardedthe maximum <strong>of</strong> $150,000 per work, and in athird the jury had awarded $140,000. The averageacross the dozen cases was about $75,000per work. Willfulness was found in almost allcases. The lowest award was $15,000 per work,and that was in unusual circumstances wherethe employer could not have known that anindependent contractor had been infringing.The news recently has focused on recordingindustry lawsuits against two individualswho were alleged to have posted thousands <strong>of</strong>songs for others to copy through peer-to-peers<strong>of</strong>tware; for purposes <strong>of</strong> keeping the trialsmanageable, each case focused on only 20–30songs. One infringer was a single mom; theother was a college student. The songs theyposted for free download were on sale overthe Internet for under $1 each. One case wastried three times, the other once. In each trial,the juries awarded tens <strong>of</strong> thousands <strong>of</strong> dollarsin statutory damages per song. The trialjudges have held that, for individuals actingfor personal pleasure completely outsideany business context, the awards should bereduced to $2,250 per song. For employers, the60 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

important message is the size <strong>of</strong> the awardsjuries are willing to make, even against defendants<strong>of</strong> limited means.In one <strong>of</strong> the file sharing cases (SonyEntertainment et al v. Tenenbaum), 2 the U.S.Court <strong>of</strong> Appeals just issued its opinion. Thecourt reinstated the large jury award, holdingthat the trial judge should not have rushed tomake a constitutional ruling (that the damagesawards were unconstitutionally large) withoutfirst using its common law power to issue a“remittitur,” an order allowing a plaintiff tochoose between a reduced award and a newtrial on damages. The opinion is lengthy, butkey points for business and other institutionalinfringers include:··The right <strong>of</strong> copyright owners to demandthat a jury set statutory damages isreaffirmed.··Because statutory damages are intended todeter and punish as well as to compensate,it is error for a judge to tell the jury thatthe total amount <strong>of</strong> a statutory damagesaward needs in any way to be related tothe amount <strong>of</strong> actual damage (such as lostpr<strong>of</strong>its) suffered by the copyright holder.··Presumably because <strong>of</strong> the differentpublic policies underlying copyright law,Supreme Court precedents limiting punitivedamages seem not to apply to statutorydamages. (The court avoided a directruling, but made its views pretty clear).Individual infringers may take someconsolation from the possibility <strong>of</strong> a remittitur.But that remedy <strong>of</strong>fers little solace forbusinesses and other institutions, because nomodern U.S. court has ever granted a remittiturto such an infringer. Indeed, in the LeggMason case mentioned above, the trial courtdeclined to reduce a $20 million award forcopying a financial newsletter.It is important to remember that each issue<strong>of</strong> a publication is a separate work entitled to aseparate award <strong>of</strong> statutory damages. Thus, abusiness whose employees have been forwardingor otherwise infringing a daily newsletterfor a year faces a worst-case liability <strong>of</strong> almost$40 million. For infringement <strong>of</strong> a weekly, theexposure is nearly $8 million. So multi-milliondollar settlements <strong>of</strong>ten make sense.Your business doesn’t have to accept suchrisks. Relatively simple best practices can greatlydiminish your exposure. I discussed thosebest practices in an article I wrote in 2007, 3 andthe advice I give there still holds. Meaningfulemployee education, periodic polling <strong>of</strong>employees about copying, realistic evaluation<strong>of</strong> subscription needs, and taking out anappropriate license from Copyright ClearanceCenter, all taken together, will work. But effectiveprotection requires someone to take charge,whether it is corporate counsel, an informationpr<strong>of</strong>essional, or an alert executive. So long asemployers’ heads remain planted in the sand,unpleasant surprises will arrive from behind.I represent publishers in addressinginfringements. But, those publishers muchprefer to make their livings from selling subscriptionsto the publications they create, andthey actively warn against infringement andencourage me to do likewise. However, astechnology has made copying easier, they havebeen increasingly victimized, and they are notgoing to take it anymore. Employers who providecomputer systems to their employees andreap the benefits <strong>of</strong> those wonderful devicesmust effectively prevent employee infringementand obtain proper licenses, or accept theconsequences. ✵1. Lowry Reports Inc. v. Legg Mason et al. 271 F.Supp.2d 737 (2003) UnitedStates District Court, D. Maryland, Northern Division. July 10, 2003.2. See Sony BMG Music Entertainment v. Tenenbaum, 721 F. Supp. 2d 85(D. Mass. 2010).3. Thomas W. Kirby: “Managing Copyright Liability in the ComputerAge.” Copyright Clearance Center, Inside Counsel, November 16,2007. Available at www.copyright.com/media/pdfs/article-inside-counselthomas-kirby.pdfThomas W. Kirby is a senior litigation partner at Wiley Rein LLP. He can bereached at tkirby@wileyrein.com.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 61

DON’T GOHALFWAY.GO 360.COMPLIANCE PROGRAM EFFECTIVENESS: You’ve established a complianceprogram – but can you prove that it’s working? Regulators now look beyond the presence <strong>of</strong> a compliance program,demanding concrete evidence that that your program is effective. Partial compliance is non-compliance. You need acomprehensive, unified solution that helps you identify and fix the gaps… before something falls through them.Learn more at the <strong>Compliance</strong> Effectiveness Resource Center: visit www.compliance360.com/Effective<strong>Compliance</strong>.GET THE 360° VIEW.www.compliance360.com

y Charles RuthfordIs your ethics and compliancetraining really preparingyour employees?»»Our current web-based ethics and compliance training may leave us unprepared for people having to deal with risks.»»We cannot assume that people under stress will first consider a rational, step-by-step process to deal with a risk.»»When facing a difficult situation that has personal consequences, the human mind bases its choices on intuition andemotion rather than rational reasoning.»»Interactive, collaborative, transformative, management-led learning activities can influence values, intuition, behaviors,decision-making, and ultimately bottom-line performance.»»Leadership and involvement by front-line managers is crucial to the success <strong>of</strong> training and change activities.RuthfordIhave good news and bad news. First letme give you the good news: Over the pastfew decades, the technology for onlineweb-based training has evolved significantly.Today’s courses are readily available, scalable,efficient, and reasonably good at conveyinginformation.The bad news? Online trainingdoesn’t typically prepare people toreact properly when faced with anethics challenge or compliance risk.In this article, I will show why onlinetraining comes up short. I also willdescribe how interactive, collaborative,transformative, management-led learningactivities can prepare people for thosedifficult situations.HistoryWhen we developed ethics and compliancetraining in the early 1980s, we used a fairlysimple approach. We explained the rules andexpectations, and made the consequences formisconduct clear. We provided the learnerwith tools such as an ethical decision-makingmodel that, if applied correctly, wouldlead people to the proper decision. And wedirected them to their management or anethics hotline for advice and help.These courses were designed and built byskilled training developers. They used state<strong>of</strong>-the-artprocesses and were delivered byexperienced trainers. We started in the classroomand, over the years, transitioned to thepresent-day web-based delivery. The premisefor our design approach was simple: Becausepeople want to avoid the pain that couldresult from a misstep, they would recognizethe issue, pause before acting, and then gothrough an objective, step-by-step decisionmakingprocess. They then would respondappropriately to the questionable situation,and the sun would rise over our untarnishedreputation yet another day.Making choicesOur previous assumptions about how peoplereact under stress—and how this affects theirethical decision-making—may not be correct.Nobel Laureate Pr<strong>of</strong>essor Daniel Kahnemanshows that people facing difficult situationsreact quickly. Their split-second choices<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 63

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012are controlled by intuition and emotionrather than objectivity. Pr<strong>of</strong>essor Kahnemandescribes two systems present in the mind inhis 2011 book Thinking Fast and Slow. 1 System 1operates automatically and quickly, with littleor no effort. There is no sense <strong>of</strong> voluntarycontrol. Examples <strong>of</strong> automatic activities associatedwith System 1 might include locatingthe source <strong>of</strong> a sudden sound, completing thephrase “bread and …,” or detecting hostilityin a voice. System 1 continuously assesses theenvironment around us. It creates heuristics,or “rules,” based on our observations, experiences,beliefs, and intuition. System 1 wants toknow how everything is going. If a threat orrisk is present, System 1 reacts quickly, first,and takes control.“If people react quickly anddepend on intuition and emotionrather than cognition in makingtheir choices, is it possible toinfluence those choices?I believe the answer is yes.“System 2 allocates attention to the mentalactivities that demand it. System 2 operateswhen you look for a particular person in acrowd, tell someone your phone number, parkyour car in a narrow space, or compare twoproducts for overall value. System 2 wouldrationally handle a six-step ethics decisionmakingprocess.Imagine a situation where you don’t meetexpectations or keep your promise. What’syour first reaction? If you’re like most people,you probably feel guilt, embarrassment, orshame. How can you face your colleagues,friends, or family? What if they find out thatyou’re a fraud or haven’t been completelyhonest? System 1 perceives this as a realthreat and snaps into action. Your mind reactsquickly, intuitively, and maybe even irrationallyto avoid exposure. System 1 applies thepreviously developed heuristics to figure outwhat to do. If you think the more rational,problem-solving System 2 is going to get anyairtime, think again. System 1 has control, andthis is when people start looking for shortcutsto avoid embarrassment. This is the time whengood people with honest intentions are mostlikely to have an ethics or compliance lapse.If people react quickly and depend onintuition and emotion rather than cognitionin making their choices, is it possible to influencethose choices? I believe the answer is yes.System 1 is influenced by a person’s underlyingvalues, beliefs, and experiences which, inturn, influence behaviors. Can personal valuesand intuition be influenced? Again, I believeresearch supports a “yes” answer.In the book Influence: The Psychology <strong>of</strong>Persuasion, 2 Dr. Robert Cialdini describes sixinfluencers:··Reciprocity. If I do something for you, it’svery likely you will return the favor.··Liking. We want to be like the peoplearound us. Be it a fashion trend, languagestyle, or food choices, we as humans havean innate desire to fit in.··Social norms. “This is the way things aredone around here.”··Commitment and consistency. These aresubtle influencers. If we make a decision ortake a particular action, we will expend allkinds <strong>of</strong> effort and resources to make ourchoice or direction successful. This happenseven when the obvious course <strong>of</strong> action is todrop the project and cut our losses. To dropthe project is to say that our original decisionwas wrong. The mind has a hard timewith “being wrong.” It will make the casethat the original decision was the right oneand set out to prove it. This also is knownas throwing good money after bad.64 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

··Scarcity and Authority. The influence <strong>of</strong>these two is straightforward and obvious.I’m not going to say much more aboutthem because, over the long term, the firstfour influencers have a far greater effect onbehaviors. I’ll come back to Cialdini’s workin a bit.Scaling the learning approachA key step in any training design is to set yourachievement goals. The standard I like to useis Donald Kirkpatrick’s four-level learningassessment model: 3··Level 1 is Reaction. This measures whatstudents thought <strong>of</strong> the course. They alsomay recognize when they have encounteredan ethics or compliance issue.··Level 2 is Learning. Here the students cantell others, in their own words, about thematerial presented in the course. Learners“know” the material, but there is no guaranteethey would apply it.··Level 3 is Behavior. The students incorporatethe concepts <strong>of</strong> the course into theirpersonal values and intuition. They act inalignment with stated learning objectives.When Level 3 achievers encounter challengingsituations, their values, beliefs, andintuition have a chance <strong>of</strong> guiding theirSystem 1 responses in the proper direction.··Level 4 is Performance. The learners’actions have a measurable effect on theoutcomes <strong>of</strong> the organization. These outcomescould be reduced cost, improvedquality, or timelier delivery.Most <strong>of</strong> today’s ethics and compliancetraining efforts only achieve Level 1 or Level 2results. And although we wish all <strong>of</strong> ourcourses could lead to Level 3 or Level 4 results,unfortunately, most training budgets andresource allocations for ethics and compliancekeep us firmly grounded at Level 1 orLevel 2. Basically, the annual training is done,and we can tell the regulators that we are incompliance. However, if we could achieve atleast Level 3 results, we have the potential tosignificantly reduce organizational risk andassociated reputational and cost impacts.Good ethics and compliance habits alsobecome good performance habits.Here is a choice point. If Level 1 or Level 2learning and the associated risks are acceptable,then online web-based training isprobably your best choice. It’s scalable andefficient. However, if you wish to be better preparedand reduce your risks, then a differentlearning approach is needed.In the early 2000s, I was involved with adesign team that was trying to develop anonline learning activity for newly mintedfirst-line managers. Our promotion rate wasfairly low, and it took several months to filla classroom with 24 to 30 managers. Somepeople had to wait as long as six months toattend their first management class. The lack<strong>of</strong> knowledge and skills caused by the delaypresented unacceptable risks. This wasn’t anethics or compliance course, but the lessonslearned are applicable.The first thing we did was focus onthe attributes <strong>of</strong> highly successful learningexperiences. Not surprisingly, interactive,collaborative, and transformative learningactivities were more likely to achievea Kirkpatrick Level 3 or Level 4. When thelearner was able to influence the learning outcomes,the activity was even more effective.Yes, people can learn individually; however,the most effective learning occurs when peopleare learning together in a co-creative fashion.The resulting hybrid online learningexperience was a success. Students participatedin the class from their “home” locationsaround the world. A facilitator convened four90-minute conference calls with a “pod” <strong>of</strong> 10 to15 managers over a 45-day class term. Duringthe conference calls, the facilitator presentedtopics <strong>of</strong> interest. Managers were directed to<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 65

<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012an online forum for their assignments andworked in three- or four-person study teamsto complete them. A portion <strong>of</strong> each call wasreserved for questions and answers. The onlineforum allowed managers to share ideas andask questions <strong>of</strong> their “pod mates.” An onlineassessment tool identified strengths and weaknesses.A website provided convenient access toresource and reference materials. The facilitatormonitored and contributed to the forum. Thestudy schedule was flexible, with the exception<strong>of</strong> the four calls.Finally, each participantwas required todevelop his or her ownpersonal learning planwith a set <strong>of</strong> learningobjectives. The scalabledesign allowed newclasses to start weekly,if needed.The managementtraining describedabove was successfulbecause it was interactive,collaborative, andtransformative. Thecourse had a leader,and the managerscould learn from each other. The managerscontrolled the learning pace. I’m not sayingthat all ethics and compliance courses shouldbe as elaborate as this one. We’d be run out <strong>of</strong>town by senior management. I’m simply usingthis example to highlight the underlying attributes<strong>of</strong> the design.Let’s go back to the first four <strong>of</strong> Cialdini’sinfluencers: reciprocity, being like others,meeting the social norms <strong>of</strong> the group, andcommitment and consistency. I think you cansee how they meld together with the attributes<strong>of</strong> the successful management class. Thisapproach can influence values, behaviors, andthe all-important intuition.“The trust <strong>of</strong> managementis generally low, butemployees trust theirfirst-line manager themost. Why is this findingimportant? Because ittells us that if you want tochange things, first-linemanagers must beinvolved, and they need tohave a major role.”There is one more piece to this puzzle, andthen I’ll pull it all together. T.J. and SandarLarkin published some groundbreakingfindings in their 1994 book CommunicatingChange: How to Win Employee Support for NewBusiness Directions. 4 The authors found thatfirst-line managers are the most trusted members<strong>of</strong> leadership. The trust <strong>of</strong> managementis generally low, but employees trust theirfirst-line manager the most. Why is this findingimportant? Because it tells us that if youwant to change things,first-line managersmust be involved, andthey need to have amajor role. This findingcan be applied toethics and compliancetraining.Managers can provideleadership withthe deployment <strong>of</strong>training activities. Toolssuch as the Internet,company Intranets,and streaming videoservers are usefulfor delivering trainingmaterials into thehands <strong>of</strong> first-line managers, who need to havean active role. The training must include interactiveactivities that require participants to talkand solve problems with each other. At the end<strong>of</strong> an exercise, a manager-led discussion aboutthe results helps crystallize the learning. If themanager’s only role is to get everyone into theroom and push the start button for participantsto sit and listen, then you are back to traditionalweb-based information transfer.To have effective ethics and compliancelearning experiences, we need to embrace anew model and approach. Gone are the dayswhere a single employee is interacting withhis/her computer. This includes apps on our66 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

smartphones. Although the phone is cool, it’sstill one employee interacting with the onlinecourse. We need to be using learning activitieswhere first-line managers gather team memberstogether and lead them through the coursework.In the course, they need to solve real-lifescenarios, deal with case studies that arerelevant to the employees’ organization, andengage in role-playing. This learning approachhas been shown to achieve Level 3 behaviorchange and, in some cases, Level 4 performanceimprovements. When we achieve Level3 results, people’s intuition is influenced, andtheir automatic System 1 responses are morelikely to be aimed in the desired direction.The bottom lineWe shouldn’t be asking, “How inexpensivelycan we do ethics and compliance training?”and then checking the box. We should beasking what kind <strong>of</strong> investment we are willingto make in order to minimize risk and, moreimportant, improve bottom-line performance.The good habits employees develop in thisapproach to ethics and compliance translateinto better performance in everything they do.People want to be known for good ethics, goodcompliance, good integrity, and good performance.It’s a matter <strong>of</strong> pride. Let’s give them achance to show us what they can do. ✵1. Kahneman, Daniel: Thinking Fast and Slow. New York: Farrar, Strausand Giroux, 2011.2. Cialdini, Robert B: Influence: The Psychology <strong>of</strong> Persuasion. New York:William Morrow and Company, Inc., 1984, 1993.3. Kirkpatrick, DL, and Kirkpatrick JD: Evaluating Training Programs(3rd ed.). San Francisco: Berrett-Koehler, 2006.4. Larkin, TJ, and Larkin, Sandar: Communicating Change: How to WinEmployee Support for New Business Directions. New York: McGrawHill, Inc., 1994.Charles Ruthford is a Principal in the <strong>Ethics</strong> and <strong>Compliance</strong>Consulting practice <strong>of</strong> Solutions House in Seattle. He can be reachedat charlesr@solutionshouse.com or at www.solutionshouse.com/ethics-and-compliance-practice.Advertise in<strong>Compliance</strong> & <strong>Ethics</strong><strong>Pr<strong>of</strong>essional</strong> magazineSCCE’s magazine is a trusted resourcefor compliance and ethics pr<strong>of</strong>essionals.Advertise with us and reach decision makers!For subscription information and advertisingrates, contact Liz Hergert at +1 952 933 4977 or888 277 4977 or liz.hergert@corporatecompliance.org.<strong>Compliance</strong> & <strong>Ethics</strong>January/February201220Why risk it?The motivations <strong>of</strong>the whistleblowerMarlowe Doman<strong>Pr<strong>of</strong>essional</strong>A PUBLICATION OF THE SOCIETY OF CORPORATE COMPLIANCE AND ETHICSMeetVernitaHaynesSCCE and HCCAinterview their 10,000thmember: Vernita Haynes,<strong>Compliance</strong> & PrivacyAnalyst for the University<strong>of</strong> Virginia Health System26Rock in the pondethicsFrank C. Bucaro28The simplestpossible code<strong>of</strong> conduct foremployeesAlexandre da Cunha Serpawww.corporatecompliance.orgSCCE & HCCA reach 10,000th member35An ethicalcorporate culturegoes beyondthe codeDawn LomerSCCE’s magazine is published bimonthly and has a current distribution <strong>of</strong> over 2,700 readers.Subscribers include executives and others responsible for compliance: chief compliance<strong>of</strong>ficers, risk/ethics <strong>of</strong>ficers, corporate CEOs and board members, chief financial <strong>of</strong>ficers,auditors, controllers, legal executives, general counsel, corporate secretaries, governmentagencies, and entrepreneurs in various industries.See page 14<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 67

Feature The last wordby Joe Murphy, CCEPSure, it’s ethical, but is it legal?<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012MurphyHow many times have you heard “Itmay be legal, but is it ethical?” or thestatement, “We’ve moved beyondethics to compliance.” But our field is complianceand ethics. Why not just ethics?<strong>Ethics</strong> purports to be about values, andto be above merely obeying the law. Soundsgood, until you look at history and experiencea bit closer. The problem with“values” is that there are quite afew values, and they <strong>of</strong>ten conflict.Loyalty is certainly a popular value,but is loyalty to family always good?If you are making a hiring decision,would your values tell you to rewardyour family out <strong>of</strong> loyalty and hireyour brother for that open position in the company?Loyalty to country is good, but if yourcountry is a fascist dictatorship, is loyalty theright value? We make choices among valuesall the time.What is law? Law is society’s assessment <strong>of</strong>the order <strong>of</strong> values, based on the community’sexperience. So, if your loyalty and honor tellyou to do something (e.g., an act <strong>of</strong> revenge),but the law says otherwise, this sets the priorityfor your values.Here is an example: Your long-term friendworks for a competitor. The competitor is a disadvantagedbusiness struggling to survive. Itis also devoted to saving the environment. Youknow there is plenty <strong>of</strong> business available foryour company to survive, but you and this onecompetitor have been shortlisted as the twobidders for a contract. So, out <strong>of</strong> loyalty, friendship,concern for disadvantaged businesses,and respect for the environment, you callthe competitor and agree to let him win. Youhave certainly been very ethical, with valuesprevailing over pr<strong>of</strong>it, but you have committeda crime. Why? Because society, in weighingcompeting values, has decided that competitionbrings the best value to all <strong>of</strong> society.“The problem with ‘values’ isthat there are quite a few values,and they <strong>of</strong>ten conflict. Loyalty iscertainly a popular value, but isloyalty to family always good? Ifyou are making a hiring decision,would your values tell you toreward your family out <strong>of</strong> loyaltyand hire your brother for thatopen position in the company?”Another example: People are suffering in aparticular dictatorship. In an exercise <strong>of</strong> compassionand courage, you go there to see foryourself and to see if you can help people. Ofcourse, you need to spend money there to survive.You are certainly following values andbeing ethical, but you have committed a criminalviolation <strong>of</strong> a U.S. boycott law. <strong>Society</strong> hasdecided that limiting this dictatorship is apriority value. Yes, you have been true to yoursense <strong>of</strong> values, but you broke the law.So before we proclaim the battle to preventcriminal conduct “done,” and decide it istime to “move on to ethics,” remember that inaddressing compliance with laws, you havenever left the issue <strong>of</strong> values. ✵Joe Murphy is Of Counsel to <strong>Compliance</strong> Systems Legal Group andEditor-in-Chief <strong>of</strong> <strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> Magazine. He may becontacted at jemurphy@voicenet.com.68 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977

sTakeawaysMarch/April 2012<strong>Compliance</strong> & <strong>Ethics</strong><strong>Pr<strong>of</strong>essional</strong>Tear out this page and keep for reference, or share with a colleague. Visit www.corporatecompliance.org for more information.Recipe for a <strong>Compliance</strong> Dayin 2012Cynthia Scavelli (page 22)»»Reach out to SCCE and other compliancepr<strong>of</strong>essionals for valuable ideas.»»Events should reflect your company’sculture and stay on budget.»»Contact different company departments fortheir expertise and suggestions.»»Initiate a Planning Committee early.Things always take longer than you think!»»Plan a simple event for your first year.You can always add more later.»»Engage your employees with fun contestsand creative prizes.GRC focus: Keep youremployees close and yourauditors closerSteve McGraw (page 28)»»With regulatory attention continuing t<strong>of</strong>ocus on GRC results, corporations need t<strong>of</strong>ocus on ensuring compliance is up to par.»»Corporations need to show employeesthat all internally reported issues will betaken seriously.»»Sharing compliance self-assessments andmitigation programs with auditors can helpcorporations establish a strong reputation.»»GRC should be viewed as increasinglybeneficial, especially when preparing formergers and acquisitions.»»GRC systems can provide information toshow trend lines and correlations to addressroot-cause issues before regulators ask.<strong>Compliance</strong> in a casino worldMichele Abely (page 32)»»Operate in a good faith manner and inthe best interest <strong>of</strong> the company andits customers.»»Do the research to find the best answersand solutions.»»Document all decisions in a memoincluding the research done, the findings,and the outcome.»»Ensure all related procedures are writtenand/or updated regarding any decisions.»»Communicate decisions clearly and ensurethat outcomes are executed consistently.DOJ review: FBI’s Integrity and<strong>Compliance</strong> ProgramEmil Moschella (page 36)»»The FBI implemented a corporate-stylecompliance program to allow for the earlydetection <strong>of</strong> internal control weaknesses.»»The DOJ OIG reported that the FBI’sprogram has been beneficial to its effortsto monitor and enhance compliance.»»The DOJ OIG suggested that other agenciesmay wish to consider implementing asimilar kind <strong>of</strong> program.»»Remedial legislation, policies,and processes are inadequate.»»An integrated compliance and ethicsprogram in government agencies isimportant.Powerful witness preparation:The most important personDan Small and Robert F. Roach (page 40)»»The most important person in theroom is the one who says nothing:the court reporter.»»Consider your words carefully—thereporter’s machine is cold, mechanical,and humorless.»»Words have different meanings:think about manager.»»Avoid using jargon that jurors may notunderstand or find confusing.»»If you are not sure what counsel is asking,ask for clarification rather than answeringthe question.Nuts & bolts for boards: Whatethics oversight really meansFrank J. Navran (page 44)»»Total independence is an unattainable goal.The best we can hope for is to continuallyget closer to that goal.»»Perhaps the best we can ask <strong>of</strong> boardsis a “good faith effort” toward being asindependent as possible.»»The level <strong>of</strong> independence on the boardinforms the culture <strong>of</strong> the organization,and vice versa.»»Independence is more attainable whenthe board aims for a operating culture thatvalues ethics over compliance.»»You get what you measure, and assessingthe effectiveness <strong>of</strong> the organizationalculture requires that one ask differentquestions and apply different standardsthan when assessing organizationalcompliance.Multinationals and duediligence: What are thered flags?Charles Thomas (page 55)»»Failure to comply with regulations like FCPAcan cost companies millions.»»Due diligence processes help companiesavoid risk and make informed decisions.»»Due diligence is about building trust andstrong relationships.»»As companies implement due diligenceprocesses, they will encounter “red flags.”»»It’s important to examine red flagscarefully—they may be false positives.Computers and copyrights:A continuing source <strong>of</strong>avoidable liabilityThomas W. Kirby (page 59)»»When employees share copyrightedmaterials, employers can take a huge hit—sometimes millions <strong>of</strong> dollars for somethingas simple as passing around an electronicnewsletter to a few colleagues.»»Not all copyright cases settle.»»Under the “statutory damages” provision<strong>of</strong> the Copyright Act, a court is not limitedby actual damages, but may award up to$150,000 in statutory damages for eachwork the defendant has willfully infringed.»»Courts are not shy about using the power <strong>of</strong>imposing statutory damages.»»Relatively simple best practices can greatlydiminish your exposure.Is your ethics and compliancetraining really preparing youremployees?Charles Ruthford (page 63)»»Our current web-based ethics and compliancetraining may leave us unprepared for peoplehaving to deal with risks.»»We cannot assume that people under stresswill first consider a rational, step-by-stepprocess to deal with a risk.»»When facing a difficult situation that haspersonal consequences, the human mindbases its choices on intuition and emotionrather than rational reasoning.»»Interactive, collaborative, transformative,management-led learning activities caninfluence values, intuition, behaviors,decision-making, and ultimately bottomlineperformance.»»Leadership and involvement by front-linemanagers is crucial to the success <strong>of</strong>training and change activities.<strong>Compliance</strong> & <strong>Ethics</strong> <strong>Pr<strong>of</strong>essional</strong> March/April 2012+1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org 69

SCCE’s 2012 Upcoming EventsLearn more about SCCE’s educational opportunities at www.corporatecompliance.org/eventsMarch 2012Sunday Monday Tuesday Wednesday Thursday Friday SaturdayDaylight Saving Time BeginsFirst Day <strong>of</strong> Spring1 2 34 5 6 7 8 9 1011 12 13 14 15 16 1718 19 20 21 22 23 2425 26 27 28 29 30 31April 2012Palm SundayApril Fool’s DayEasterTax DayPurim beginsSt. Patrick’s Day1 2 3 4 5 6 78 9 10 11 12 13 1415 16 17 18 19 20 2122 23 24 25 26 27 2829 30WEB CONFERENCE:How to Use Incentivesin Your <strong>Compliance</strong> and<strong>Ethics</strong> ProgramSunday Monday Tuesday Wednesday Thursday Friday SaturdayBasic <strong>Compliance</strong> & <strong>Ethics</strong> Academy (SOLD OUT)Chicago, ILWEB CONFERENCE:<strong>Corporate</strong> FraudInvestigationsCCEP ® ExamPassover beginsMidwestRegional ConferenceChicago, ILAll Upcoming EventsBasic <strong>Compliance</strong> & <strong>Ethics</strong>AcademiesApril 16–19 • Chicago, IL (SOLD OUT)May 7–10 • São Paulo, BrazilMay 21–24 • Brussels, BelgiumJune 11–14 • Scottsdale, AZJuly 9–12 • Shanghai, ChinaAugust 13–16 • Boston, MANovember 12–15 • Orlando, FLDecember 10–13 • San Diego, CARegional ConferencesMidwest • April 27 • Chicago, ILUpper Northeast • May 18 • New York, NYAlaska • June 15 • Anchorage, AKWest Coast • June 22 • San Francisco, CASoutheast • October 12 • Atlanta, GASouthwest • November 2 • Houston, TXHigher Education<strong>Compliance</strong> ConferenceJune 3–6 • Austin, Texas11th Annual<strong>Compliance</strong> & <strong>Ethics</strong> InstituteOctober 14–17 • Las Vegas, NevadaAria in Las VegasMay 2012Sunday Monday Tuesday Wednesday Thursday Friday Saturday1 2 3 4 5Mother’s Day6 7 8 9 10 11 12Basic <strong>Compliance</strong> &<strong>Ethics</strong> AcademySão Paulo, BrazilMay Day<strong>Corporate</strong> <strong>Compliance</strong> & <strong>Ethics</strong> WeekMay 6–12, 2012CCEP ® Exam13 14 15 16 17 18 19Upper Northeast RegionalConferenceNew York, NY20 21 22 23 24 25 26Basic <strong>Compliance</strong> & <strong>Ethics</strong> AcademyBrussels, BelgiumCCEP ® Exam27 28 29 30 31Shavuot beginsSCCE OFFICE CLOSEDMemorial DayDates and locations are subject to change.

Your Guide to Becoming an Effective InvestigatorThe First Information Is Almost Always Wrong:150 Things to Know AboutWorkplace InvestigationsBy Meric Craig Bloch, Esq., CCEP, PCI, CFEEffective workplace investigations are equal parts art and science. Meric Blochhas mastered both aspects through years <strong>of</strong> hard-earned experience. In this book,he details the strategies and tactics he knows work best. His practical guidancewill help readers learn to plan and conduct thorough investigations and turn theresults into valuable knowledge for their organizations. His insightful approach ismapped out in three sections:• Protect Your Career—How to Think Like a Workplace Investigator• Protect Your Company—How to Integrate Your Investigations into Your Company’s Operations• Protect Your Case—How to Conduct an Effective Workplace InvestigationWith this tutorial, readers will learn not only how to uncover the truth about misconduct or fraud,but also how to ensure that the results can help an organization resolve issues and move forward.ORDER NOWThe First Information Is Almost Always WrongQtyCostSCCE Members..................................................................................................................................................................$95Non-members ..................................................................................................................................................................$105Join SCCE! Add $200 and pay the member price for your order ........................$200(New members only. Regular dues $295/year.)Sales tax for MN (6.875%) or PA (8%)..........................................................................................$Contact Information (PLEASE TYPE OR PRINT)Mr. Mrs. Ms. Dr.SCCE Member IDTOTAL $Payment OptionsMake check payable to SCCE and mail to:SCCE, 6500 Barrie Road, Suite 250Minneapolis, MN 55435, United StatesOr FAX order to: +1 952 988 0146Check enclosed (payable to SCCE)My organization is tax exemptInvoice me | Purchase Order #I authorize SCCE to charge my credit card (choose below)CREDIT CARD: AmericanExpress Diners Club MasterCard VisaCredit Card Account NumberFirst Name M.I. Last NameCredit Card Expiration DateTitleCardholder’s NamePlace <strong>of</strong> EmploymentStreet Address (NO PO BOX NUMBERS)City State ZipCardholder’s SignaturePrices subject to change without notice. SCCE will charge your credit card the correct amount if the total aboveis incorrect. SCCE is required to charge sales tax on purchases from Minnesota (6.875% ) and Pennsylvania(8%). Please calculate this in the cost <strong>of</strong> your order. Additional charge apply for international orders: pleasecontact SCCE for more information. All purchases within the continental U.S. receive free FedEx Ground shipping.(Federal Tax ID: 23-2882664)TelephoneE-mailFax6500 Barrie Road, Suite 250, Minneapolis, MN 55435+1 952 933 4977 or 888 277 4977 (P) • +1 952 988 0146 (F)www.corporatecompliance.org • helpteam@corporatecompliance.org

10th AnnualHigher Education<strong>Compliance</strong> ConferenceJune 3–6, 2012 | Austin, TexasAT&T Executive Education Conference CenterCome to Austin, Texas, for the primary networking event for complianceand ethics pr<strong>of</strong>essionals within higher education. Don’t miss theoppportunity to gather with your peers and discussemerging issues, share best practices, and buildvaluable relationships.Join us in June to hear the following hot topics!• Program Integrity: Juggling and Jeopardy• Maximum Efficiency on a Shoestring Budget:Making the Most <strong>of</strong> What You Have• Engaging the University Community in ERMRegister byApril 11 andSAVE$250!• How to Handle Whistleblower Complaints in Higher Education:What Happens after the Whistle Blows• <strong>Compliance</strong> & <strong>Ethics</strong> Programming for Small Campuses: LeveragingResources through Effective Communication across Risk DisciplinesVIEW THE FULL AGENDA & REGISTER ATwww.highereducationcompliance.orgRegister today and enjoy the flexibility<strong>of</strong> two conferences for the price <strong>of</strong> one!Complimentary access to HCCA’s Research<strong>Compliance</strong> Conference is included with yourHigher Education <strong>Compliance</strong> Conferenceregistration. The parallel schedule gives youthe freedom to attend sessions at eitherconference—two for the price <strong>of</strong> one.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!