Operationalizing Compliance: Conduct at the Top, Accountability Are Key

Scott Moritz, Managing Director Protiviti Forensic

Almost one year ago, in February of 2017, the U.S. Department of Justice (DOJ) Fraud Section released the Evaluation of Corporate Compliance Programs guidance, which references the FCPA Resource Guide and the Hallmarks of Effective Compliance Programs. This publication introduced the term “conduct at the top” (as opposed to the often cited “tone at the top”) and also placed emphasis on subjects such as the importance of “operationalizing” compliance and holding individuals accountable.

This guidance showcases the DOJ’s increasingly nuanced understanding of ethics and compliance programs and the thoughtful process they employ to elicit information from the companies they engage with in connection with investigations and in assessing their ethics and compliance programs. Introduction of the term “conduct at the top” signals the fact that the DOJ continues to link cooperation credit with the identification of the person or persons responsible for the illicit conduct at the center of the investigation and holding those individuals accountable, no matter how senior they may be.

The guidance demonstrates that the Department is keenly interested in how companies have operationalized compliance and views these activities to be of critical importance in its efforts to gauge effectiveness. Programs that are floating above or are disambiguated from business operations tend to be “paper programs,” i.e., they read very well but they are not enmeshed in business operations or ethical culture, and aren’t likely to be deemed effective. In order for an ethics and compliance program to be truly effective, it must become a part of business operations, not through osmosis but through hard work, by tying the applicable components of the program to the policies, procedures, controls, workflows and approval hierarchies that govern business operations and the organization’s overarching mindset.

Conduct at the top and operationalizing compliance both tie to the concept of accountability. Part of how companies operationalize compliance is based on designating specific people within business operations who are responsible for aligning compliance and business operations and ensuring that the ethics and compliance program is embedded in those operations and processes. Compliance controls must be commensurate with the risks to those business operations, and those individuals must have some accountability for ensuring that the controls are working and any exceptions or red flags receive consistent and appropriate responses.  

I asked Raja Chatterjee, Chief Risk Officer at Tishman Speyer, Richard Bistrong, CEO of Front-Line Anti-Bribery LLC, and Hector Gonzalez, Partner at Dechert LLP, what they thought of the DOJ’s guidance. Below are their answers:

Raja Chatterjee: “The use of the phrase ‘conduct at the top’ is a significant change from ‘tone at the top.’ In no uncertain terms, the government has signaled its intention to look for concrete actions taken by a company’s leadership as opposed to generic gratuitous pronouncements. In other words, the government will look askance if a company’s senior management has a pattern of acting in their economic self-interest when faced with challenging ethical quandaries. On the other hand, it is extremely helpful if a company can point to instances when management demonstrated their commitment to compliance by foregoing a business opportunity or suffering an economic loss as a result of anti-corruption risk that could not be satisfactorily mitigated. In evaluating conduct at the top, the government will also investigate how company management has handled discipline for compliance-related transgressions by members of senior management.”

Richard Bistrong: “…the Evaluation of Corporate Compliance Programs marks a tremendous contribution and complement to the Resource Guide, which […] strengthens the importance of ‘operationalizing’ an ethics and compliance program. By ‘reverse engineering’ the document, multinationals now have a valuable roadmap as a guide to better ensure that stated values are operational values. A few categories that I think go a long way to provide that support include the sections on ‘Training and Communication’ and one that I think is extremely important, ‘Incentives and Disciplinary Measures.’ From my perspective, both sections categorically address how to impact and inspire the commercial mindset, especially for those who work in remote regions where there might be the perception (or reality) that local cultures and business practices conflict with the rules.”

Hector Gonzalez: “While the Evaluation of Corporate Compliance Programs largely reinforces the standards set forth in the [Resource] Guide, its user-friendly format is notable. Specifically, it is organized around approximately 120 questions that enforcement officials may ask when evaluating the effectiveness of a company’s compliance program. When the Evaluation of Corporate Compliance Programs was released, the questions indicated that there might be a new emphasis on (i) compensation/incentive structures, (ii) management failures of oversight, and (iii) resourcing dedicated to compliance programs.”

Indeed, incentive compensation, while a very important component of any revenue-generating enterprise, when used as a blunt instrument can create a toxic ethical culture that can eventually lead to disastrous results. When surveying corporate culture, the pressure to meet sales targets is often cited as the root cause of ethical failures that are the center of securities fraud, bribery and other serious financial crimes. Incentive compensation, without a proper governance structure overlaying it and organizational leadership that is unambiguous in both words and actions that organizational ethos requires that they do business the right way, will eventually lead to the types of perverse behaviors that have played out in the news in spectacular fashion.

Richard Bistrong adds: “For compliance leaders that still might be struggling with whether incentives are even a compliance issue at all, or simply a commercial matter, the evaluation document should remove much of that tension. The DOJ is clearly stating that if there’s a problem, they will query how the company has incentivized compliance and ethical behavior and how the company has considered the potential negative compliance implications of its incentives and rewards. In addition, in the section on third-party management, much of the same questions are asked with respect to third-party incentives.”

The government is making it very simple. It is asking businesses to embed compliance into business operations and to make sure compliance and ethics start at the top of the organization. Those who fail to operationalize compliance or turn a blind eye to illegality within their organizations will be held accountable.

The Evaluation of Corporate Compliance Programs is a public document – and should be a well-thumbed desktop read for corporate compliance officers and organizational leaders alike. You can always reach out to us with questions in the comment section below or on our website.

Add comment