Robert T. Morgan and Carol A. Morgan Global Compliance: China

Transcription

Volume Five
Number Three
June 2008
Bimonthly
Earn CEU Credit
see page
33
Meet
Robert T. Morgan and
Carol A. Morgan
Two highly successful corporate
professionals share insights on their jobs
and their roles as husband and wife.
page 22
Also:
What are Boards to do
when Investors Call?
page
40
Global Compliance:
China
page
44
So, What’s Your
Compliance Strategy?
page
6
Advisory Board
INSIDE
4
Publisher:
Society of Corporate Compliance and Ethics,
+1 952 933 4977, or 888 277 4977
Editor-in-Chief:
SCCE starts LinkedIn group
5
Executive Editor:
Advisory Board:
Charles Elson, JD
Edgar S. Woolard, Jr. Chair in Corporate Governance, Director of the John
L. Weinberg Center for Corporate Governance at University of Delaware.
Jay Cohen
Global Compliance Leader, Dun & Bradstreet
John Dienhart, PhD
The Frank Shrontz Chair for Business Ethics, Seattle University;
Director, Northwest Ethics Network; Director, Albers Business Ethics
Initiative; Fellow, Ethics Resource Center
Odell Guyton, JD
Senior Corporate Attorney, Director of Compliance,
U.S. Legal–Finance & Operations, Microsoft Corporation
Rebecca Walker, JD
Partner, Kaplan & Walker LLP
Rick Kulevich, JD
Senior Director, Ethics and Compliance, CDW Corporation
Steve LeFar
General manager, Mediregs, Wolters Kluwer Law and Business
Stephen A. Morreale, DPA, CHC, CCEP
Principal, Compliance and Risk Dynamics
Marcia Narine, JD
Vice President Global Compliance and Business Standards,
Deputy General Counsel, Ryder System, Inc.
Ann L. Straw, CCEP, Vice President and Chief Compliance Officer,
Laidlaw International, Inc.
José A. Tabuena, JD, CFE, CHC
VP Integrity and Compliance/Corporate Secretary
MedicalEdge Healthcare Group, Inc.
Greg Triguba, JD, CCEP
ERM, Ethics and Compliance Officer, Intuit
Story Editor/Advertising:
Marlene Robinson, SCCE, +1 952 933 4977, or 888 277 4977
marlene.robinson@corporatecompliance.org
Copy Editor:
Patricia Mees, CCEP, CHC, SCCE,
+1 952 933 4977, or 888 277 4977
patricia.mees@corporatecompliance.org
Layout:
Gary DeVaan, SCCE, +1 952 933 4977, or 888 277 4977
gary.devaan@corporatecompliance.org
Compliance & Ethics (C&E) (ISSN 1523-8466) is published by the Society of Corporate
Compliance and Ethics (SCCE), 6500 Barrie Road, Suite 250, Minneapolis, MN 55435.
Subscription rate is $195 a year for non-members. Periodicals postage-paid at Minneapolis, MN
55436. Postmaster: Send address changes to Compliance & Ethics, 6500 Barrie Road, Suite 250,
Minneapolis, MN 55435. Copyright © 2008 the Society of Corporate Compliance and Ethics.
All rights reserved. Printed in the USA. Except where specifically encouraged, no part of this
publication may be reproduced, in any form or by any means without prior written consent of
the SCCE. For subscription information and advertising rates, call SCCE at +1 952 933 4977, or
888 277 4977. Send press releases to SCCE C&E Press Releases Department, 6500 Barrie Road,
Suite 250, Minneapolis, MN 55435. Opinions expressed are those of the writers and not of this
publication or SCCE. Mention of products and services does not constitute endorsement. Neither
SCCE nor C&E is engaged in rendering legal or other professional services. If such assistance is
needed, readers should consult professional counsel or other professional advisors for specific legal
or ethical questions.
The Business of Ethics— By Deborah E.
Wallace
Surveys show that the way US corporations plan and
conduct business needs reframing to encourage ethical
standards.
Rory Jaffe, MD, MBA, CHC
rsjaffe@gmail.com
Roy Snell, CCEP, CHC, CEO, SCCE
roy.snell@corporatecompliance.org
Letter from the Leadership — By Rory
Jaffe
6
CEU Article: So, What’s Your Compliance
Strategy? — By Henry Klehm III, David
Schweiger, and Andrew Schweiger
A look inside the strategic planning process used at
Deutsche Bank to foster cultural change and ensure a
successful implementation of their global compliance
initiative.
18 SCCE Advisory Board
19 Letter from the CEO — By Roy Snell
Why are we where we are?
22 Meet Robert T. Morgan and Carol A.
Morgan — an Interview by By Marlene
Robinson
Two highly successful corporate professionals share insights
on their jobs and their roles as husband and wife.
32 Federal Agency Compliance: Applying
corporate lessons in government
settings — By Emil Moschella
Federal agencies, such as the FBI, are adopting a
corporate compliance paradigm to identify potential
weaknesses in their internal controls and to detect
non-compliant behavior.
37 Upcoming Audio/Web Conferences from
SCCE
40 CEU Article: What are Boards to do when
Investors Call? — By Lou Thompson
Shareholders are becoming more like activists in
demanding that boards hear their concerns and act
upon them.
43 SCCE Compliance Academies
44 CEU Article: Global Compliance: China —
By Scott Lane and Robert Leffel
Five compliance and ethics issues to consider as you
navigate the obstacles of doing business in China.
47 Congratulations to New CCEPs
50 Statute Gone Wild?— By Guy Aulabaugh
Under a Deferred Prosecution Agreement, Mantra
Films is serious about compliance.
51 SCCE Corporate Members
52 New SCCE Members
Society of Corporate Compliance and Ethics • +1 952 933 4977 or 888 277 4977 • www.corporatecompliance.org
3
June 2008
By Rory Jaffe, MD, MBA, CHC
SCCE President
SCCE starts
LinkedIn group
Editor’s note: Rory Jaffe is the new president of the
Society of Corporate Compliance & Ethics and Editorin-Chief of Compliance & Ethics Magazine. He was the
Executive Director of Medical Services for the University of California, a position
that, as part of a major reorganization of the University, has been eliminated.
I joined LinkedIn, a social network for professionals, about two years ago,
when UC Davis business school announced to its alumni that there was
now an alumni group on the LinkedIn site. I filled out the profile form,
linked up to a few people I knew, then sat back and pretty much ignored
the whole thing. I just could not figure out any use for the site, other than
to collect connections—it felt like baseball card collecting.
Time passed, and then I found myself looking for a new job. I quickly learned
that looking for job listings is almost a hopeless task. It would take a full-time
effort just to scan the thousands of web sites and hundreds of thousands of job
listings. And then, I’d have no way of really knowing what the job was like,
and my prospective employer would have to guess about what Rory was like.
It was only then that I understood the virtues of networking. I had
only two good sources of job information—friends and headhunters.
And I usually found out about the good headhunters from friends.
Social networking suddenly made more sense. It is a wonderful way to
get reliable and useful information about jobs and about prospective
employees. And when you add
not only your friends, but also
friends of your friends to your
social network, the multiplier effect greatly extends
your ability to obtain reliable
information. I have 52 direct connections
on LinkedIn so far. But when you add in
their connections—that is, friends of friends—the number soars to
over 2700. That’s over 2700 people who may know about jobs and can
provide prospective employers with reliable information about me.
But one of the weaknesses of LinkedIn is the same problem I had
when originally looking for job listings. There are over 20 million
people on LinkedIn. How do I sort through all that to find the people
I know? LinkedIn groups help. LinkedIn groups allow people with
similar interests or backgrounds to readily find each other.
We started the SCCE LinkedIn group for that reason. Current members of SCCE can join the group and then easily find other SCCE
members to connect with, and network for jobs, advice, or simply to
commiserate. And compliance officers tend to have lots of reasons to
commiserate with each other. I encourage you to explore the benefits
of networking with other SCCE members through our LinkedIn
group. Just make sure you record the same email address with LinkedIn as you do with SCCE—that’s how we verify membership.
To join SCCE LinkedIn group:
http://www.linkedin.com/e/gis/61769/3D294E6025B3
By the time you read this, I hope to have found a job, but in case not,
consider this a shameless example of networking—contact me if you
know of some interesting opportunities! n
Relationships Matter
Your professional relationships are key to your professional success.
Want more networking opportunities? SCCE has set up a LinkedIn group for our members. LinkedIn is the “Facebook” for professionals. You
can join for free and set up your professional profile online, then network with colleagues and classmates. You can join the group by visiting this
link: http://www.linkedin.com/e/gis/61769/3D294E6025B3. How can LinkedIn help me? LinkedIn is a place to find and leverage professional opportunities, now and throughout your career. LinkedIn enables you to:
n Present yourself and your professional capabilities
n Find and reconnect with colleagues and classmates
n Leverage powerful tools to find and reach the people you need
n Build a powerful network of trusted professionals
n Discover professional relationships and opportunities
n Tap into inside connections and information
n Get the edge that gives you competitive advantage
There are already 20 million professionals in the LinkedIn Network and that number is growing fast. Whether you seek a job, a hire, a reference,
a sales lead, an expert, or an inside connection at one of 50,000 companies, LinkedIn is an irreplaceable resource for building your professional
relationships and achieving your goals.
June 2008
4
The Business of Ethics
By Deborah E. Wallace, EdD
Editor’s Note: Deborah Wallace, Principal
Owner of Boston-based Brinkpoint Consulting, has more than 20 years of experience in
the areas of board effectiveness and leadership
development. She may be contacted by phone at
781/259-0550 or by e-mail at
dwallace@brinkpointconsulting.com.
R
esults from the 2007 Ethics
Resource Center’s “National
Business Ethics Survey”1 reveal a
discouraging statistic: only 9% of US companies surveyed believe that they have strong
ethical cultures. Further, despite a modest
decrease in misconduct following the Enron
debacle in 2000 and the enactment of the
Sarbanes-Oxley Act in 2002, instances of
misconduct have slowly crept back to preEnron levels. In addition, activities associated
with misconduct are increasingly creative.
By way of clarifying the issue, it is important to distinguish compliance from ethical
behavior. Compliance, more specifically
regulatory compliance, is the adherence to
laws, agency regulations, and recognized
(industry) standards. Compliance programs
and newly respected compliance officers have
flooded US corporations in the last 5 years in
an effort to stem the tide of public mistrust.
Ethical behavior, while central to organizational compliance, is also central to organizational values.
The costs of misconduct compromise an
organization’s business performance as well
as its reputation. A 2002 American Family
Voices study, entitled “The Cost of Corporate Recklessness,” released by the No More
Enrons Coalition,2 estimated the total costs
of corporate scandals to be in excess of $200
billion dollars. The figure is based on the
accounting “failures” at Enron, Arthur Ander-
sen, WorldCom, Adelphia Communications,
Tyco, and others and includes the loss of jobs,
investment savings, pension, and of course,
tax revenue.
In addition, research conducted in 2007
demonstrated that stock price, earnings as a
percent of assets, and volatility all respond
negatively to allegations and announcements of misconduct.3 Specifically, the report
showed that, on average, businesses lose
41% of their market value when news of the
misconduct is revealed.
On average,
businesses lose
41% of their market
value when news of
the misconduct is
revealed.
We also know that there is a correlation
between market-imposed penalties following
misconduct and a company’s reputation. Reputational penalties can include loss of sales
and market share by companies convicted of
consumer fraud or by companies who have
been victims of product tampering. Or, when
a firm is dishonest in its dealings with its
vendors and suppliers, reputational penalties
can range anywhere from the imposition of
prohibitive costs to the permanent loss of
services.
Although changes by individual corporate
citizens are essential to repairing our reputation, this alone will not lead to sustainable
change. What can lead to sustainable change
is a fundamental reframing of how US corporations plan and conduct business.
In 1988, R. Edward Freeman and Daniel
Gilbert published Corporate Strategy and
the Search for Ethics.4 In it, they argued that
our business culture needs to become one in
which corporate strategy is built on the basis
of ethical reasoning. We can be more vigilant
in tracking and punishing individual misconduct and we can require top-down ethics
“training,” but separating ethics from strategy,
as the vast majority of US corporations apparently do, is not the way out and up.
Systemic change – change that becomes
institutionalized and habitual – is the
responsibility of our boards and CEOs who
must intuitively understand that, no matter
how huge the potential financial gain may be
if ethics are ignored or compromised, there
will always be an even bigger cost down the
line. n
1 ERC’s National Business Ethics Survey available at http://www.ethics.
org/research/nbesoffers.asp. Accessed May 5, 2008.
2 American Family Voices study, The Cost of Corporate Recklessness
released by The “No More Enrons” Coalition October 18, 2002
3 Murphy, Deborah L, Shrieves Ronald E, Tibbs Samuel L: Understanding the Penalties Associated with Corporate Misconduct: An Empirical
Examination of Earnings and Risk. University of Tennessee, revised
May 2006. This is an unpublished research paper available in full online
through the Social Science Research Network at http://papers.ssrn.com/
sol3/papers.cfm?abstract_id=993479 Its publication is forthcoming in
The Journal of Financial and Quantitative Analysis but access to articles
requires membership.
4 Freeman, R. Edward; Gilbert, Daniel R. Jr: Corporate Strategy and the
Search for Ethics. Prentice Hall, Englewood Cliffs, New Jersey, 1988
With only 9% of US companies believing that they have strong ethical cultures,
building and re-establishing our reputation
for conducting business ethically and with
integrity will have to be a systemic effort.
5
June 2008
So, What’s Your
Compliance Strategy?
By Henry Klehm III, JD; David Schweiger, PhD; and Andrew Schweiger
Editor’s note: Henry Klehm is a partner at Jones
Day Law Firm in New York City and former
Global Head of Compliance, Deutsche Bank,
AG. He may be contacted by e-mail at
hklehm@jonesday.com.
David Schweiger is President and Andrew Schweiger is a Senior Consultant with Schweiger &
Associates in Columbia, SC, a consulting firm
specializing in strategy development and execution. Dr. Schweiger can be reached at
David@scaas.com.
I
n the wake of an enforcement action
by one of your primary regulators two
years ago, the board of directors instituted numerous governance reforms. You,
the CEO, and the General Counsel quickly
hired a great chief compliance officer (CCO).
The CCO, who is also a lawyer by training,
immediately set to work on the remediation
of the crisis, while re-building the department to enhance the quality of compliance
staff, expand compliance coverage to previously uncovered areas of the firm, and implement new systems and workflow tools to
detect and investigate potential wrongdoing.
Now, the firm’s credibility with its regulators
is re-built, the auditors find little wrong with
the activities of the Compliance department,
and the remediation required as part of the
regulatory settlement is essentially done.
Most importantly, during the break following the executive session at the close of the
committee meeting before the general board
session, the frequently irascible chair of the
board’s Audit Committee sits down next
to you for the informal lunch. Right away,
she tells you how impressed she and the rest
of the committee are with the speed of the
June 2008
6
department’s improvement and remediation
of the regulatory crisis that had threatened
the firm. She whispers that a senior regulator,
whom she recently ran into in Washington,
told her that the firm had done the best
among its industry peers in clearing up the
problems. Ah, a good day so far. Maybe a
cookie for desert as a reward!
But, (and there is always a “but” with this
curmudgeon) in the next breath, she wonders
how the department will handle the increased
regulatory risks associated with the new,
major acquisition in a third-world country
that is being considered in the board session
that afternoon. Moreover, she notes that other
strategic initiatives suggest entry into new,
highly regulated businesses in the quest for
improved distribution and increased vertical
integration to capture margins previously
paid to retail distributors across developed
markets. Without a pause, she asks, “Where
will they find people experienced in our business and familiar with the regulators in that
part of the world? How is the department
going to cope with the expected substantial
information technology (IT) burden to conduct surveillance of the retail business?”
Your sinking feeling is exacerbated through
the connection those questions make to your
memory of the budget session with the senior
team last week, in which every business line
and department, except Compliance, reported
improved cost management. In your minds
eye, you recall in precise detail the budget
book Compliance page which reflected a 70%
increase in costs over the last two years, and
the “Not Available” under the columns for expected changes for the next three fiscal years.
“Those are very important questions that
we have been considering since our board
strategic planning session six months ago.
Compliance will report on that in two
months at the next committee meeting, if
that’s okay with you,” is the best response
you can muster. After she notes that the
agenda is filled for that meeting with the
independent auditor retention review, you
agree that Compliance will report at the following meeting in four months. With your
desire for the cookie gone and apologies, you
excuse yourself to make a quick call before
the meeting starts in 15 minutes. It’s time to
get some help and figure out how to move
beyond simply having turned around the
compliance organization. As you make your
call, you cannot help but think about all the
compliance challenges facing your organization and all the others out there. You need a
department that addresses these issues with a
forward-looking strategic approach.
The Context for Compliance Strategy
The questions, posed by our hypothetical
audit chair, boil down to one: “What’s your
Compliance strategy?” Before answering that
though, we should ask why now is the right
time to devote the time and human resources
to the development of a compliance strategy.
The answer is multi-faceted. As a corporate
governance matter, the directors are obligated
by corporate law to use a good faith effort
“to assure themselves that information and
reporting systems exist . . . that are reasonably
designed to provide senior management and
the board itself timely, accurate information
sufficient … to reach informed judgments
concerning both the corporation’s compliance
with law and business performance.”1 The US
Federal Sentencing Guidelines and the policies
of the US Department of Justice regarding
prosecution of corporate entities drive home
the importance of ensuring effective compli-
ance programs for all corporate entities. A
department that is not forward-looking and
strategic cannot be effective at informing directors about future compliance risks.
More broadly, the corporate scandals in the
early part of this decade had direct impact
on Compliance departments of corporations, in general, and financial institutions
in particular. Among other things, increased
scrutiny and penalties for missteps drove
substantial increases in the allocation of
resources to preventing and detecting
violations of law and firm policy.
Costs have skyrocketed as firms have
been forced by regulatory, peer, or
non-governmental organization
(NGO) pressure to improve the
quality of the professionals engaged
in compliance activities, and to
substantially enhance the technology
devoted to the task. Full-time staff
devoted to the function is no longer
a small fraction of a percentage
point of the total employee base. As
others have noted, compliance is no
longer a back office, low cost, faceless
function.
impact on Compliance departments. Since
the burst of the technology bubble and the
economic shocks following 9/11, the general
business climate rebounded and the Dow
reached new all time highs. Merger and acquisition activity also reached all time highs.
Established businesses began seeking expansion into new growing markets around the
world and new distribution options. With the
expansion also comes new compliance risks
that must be managed to avoid slip-ups that
can be oh-so-costly to new ventures.
Our experience suggests that few major
Compliance departments consider the issues
in comprehensive terms. Many focus on the
effectiveness of their programs vis-à-vis the
expectations of their critical external constituency, their regulators, or their critical internal
business clients. More CCOs should think
in comprehensive strategic terms. Business
people, on the other hand, absent crisis,
tend to evaluate compliance in terms of cost,
because it is very tough to measure return on
investment (ROI) or internal rate of return
(IRR) for compliance activities. Can
more effective compliance be achieved
Costs have skyrocketed as
firms have been forced by
regulatory, peer, or nongovernmental organization
(NGO) pressure to improve
the quality of the professionals engaged in compliance
activities, and to substantially enhance the technology
devoted to the task.
Another consequence of the scandals was an
explosion in the pace of regulatory change,
not just in the United States. Attractive new
markets, such as the People’s Republic of
China and India, moved with lightning speed
to tightly regulate business activity and ensure
that scandals do not erupt in their backyards.
Moreover, regulation by policy statement
from senior regulators has become a source
of frustration for CCOs, who must decipher
broad and vague pronouncements into real
policies, processes, and systems that will
meet the ever-skeptical eye of examiners and
investigators.
Finally, the broader economy has a definite
More recently, the mortgage bubble burst,
with the full consequences as yet unknown.
And, the colossal control failure at the French
bank, Societé Generale, puts a price tag well
into the billions on the failures of control
systems. How many financial institutions will
see their senior executives testifying before
Congress about the adequacy of borrower due
diligence in “no doc” loans or rogue trader
controls?
Taken together, all these factors demonstrate
that, like never before, assessing the compliance risks associated with business plans has
become more challenging and critical to
protecting major investments.
at lower cost?
Yes. Reconciling these apparently
conflicting priorities requires the
development of a forward-looking
strategic plan. The plan must be fact
driven and based on a detailed assessment of existing and emerging com-
pliance risks, business strategic plans,
and existing compliance capabilities.
Executed with the right process, the
outcome answers the compliance
strategy question before it is asked,
improves transparency to all constituents, and builds expertise and ownership of compliance management decisions.
In the end, the planning process develops
sound strategies, initiatives, and action plans
that enable Compliance departments to more
effectively achieve their present and future
missions.
In this article, we start with a description of
the Global Compliance department, and the
challenges it faces. As we search for a solution
to those challenges, we summarize the problems that strategic planning poses for virtually
any organization. We then review how we
designed and executed a strategic planning
process at Deutsche Bank that addressed the
Continued on page 9
7
June 2008
SCCE Introduces
2008 Regional Conferences!
The Regional conferences are one-day programs designed to provide the hot
topics and practical information that compliance professionals need to create
and maintain compliance programs in a variety of industries. We will also offer
the CCEP exam on Saturday, following each of the local programs.
October 17, 2008 | Minneapolis, MN
CCEP Exam October 18, 2008
November 14, 2008 | Atlanta, GA
CCEP Exam November 15, 2008
Purpose SCCE Regional conferences provide a forum to interact with local
compliance professionals, share information about our compliance successes and
challenges, and create educational opportunities for compliance professionals to
strengthen the industry.
Who should attend? Compliance officers, in-house and outside general
counsels, privacy and security officers, regulatory affairs VPs and directors,
billing, coding professionals, government agency staff.
Learning objective
Attendees learn about current regulatory requirements,
governement enforcement initiatives, and the management of effective
compliance programs and meet and network with other compliance
professionals locally.
Become a Certified Compliance & Ethics Professional (CCEP)
Becoming CCEP certified demonstrates sufficient knowledge of government regulations
and compliance processes to understand and address legal obligations and promote
organizational integrity through the operation of effective compliance programs.
June 2008
8
Register online at www.corporatecompliance.org
Questions? Call +1 952 933 4977 or 888 277 4977
So, What’s Your Compliance Strategy?
unique challenges of compliance departments today, as well as those inherent in any
planning process. Finally, we summarize the
results of the process.
Strategic Planning
As we began to ponder a comprehensive
solution to the multi-variate equation, we
also recognized that scale and nature of the
Global Compliance department (GCD) at
Deutsche Bank, AG (DB) would also be an
important factor. The GCD serviced a truly
global bank with operations in more than 35
countries and more than 68,000 employees
around the world. The GCD itself had grown
significantly in the previous four years, and
included staff “on the ground” in over 23
different countries who had a broad variety of
educational backgrounds, professional qualifications, and substantive work experiences. IT
costs had increased substantially also, as regulators around the world pushed for higher
levels of information technology. Human
resource cost also grew as staff levels increased
and the market for experienced compliance
professionals became highly competitive. Like
many other staff in similar control functions,
the overwhelming majority of the employees
in the GCD had never participated in the
development of business strategy. Given
the wide dispersion in geographic, cultural,
and management experience within the
GCD, successful strategic planning requires
complete senior management agreement on
the need for the effort and the underlying
process.
Senior management had a fairly clear picture
of these challenges, but we needed to know
what the rest of the GCD’s management was
thinking. We conducted an anonymous survey to assess whether our views were shared.
The results can be summarized as follows:
nStrategy. There was consensus that the
department could do a better job in devel-
...continued from page 7
oping and communicating its strategy to
the organization.
nOrganizational structure. People
believed the organizational structure was
solving local and business line problems,
but there was a belief that global initiatives
were being less effectively executed.
nSystems. These were thought to be very
localized and needed more global alignment.
nProcesses. There was general agreement
that processes were generally strong, but
would need incremental upgrades in
certain key areas.
nResourcing. Human and financial
resources were thought to be adequate but
the development and retention of talent
needed enhancement.
These results suggested that achieving “buy
in” would not be the major challenge. We
then considered what the process for creating the strategy would entail. We found a
number of complex models and approaches
to planning, but we did not find any that
had been used comprehensively for a large
Compliance department. Further, while the
models varied significantly in effectiveness
and approach to the completion of the actual
process (more about that later), the models
and processes typically involved the following
steps in some form:
nThe development of a series of organizational goals or targets (revenue growth,
margin increase, entry into new markets,
etc.);
nAn analysis of the external environment
(e.g., markets/industries in which the organization plays);
nAn assessment of the organization’s internal capabilities and competencies (i.e.,
strengths and weaknesses);
nAn analysis to uncover the gaps between
the organization’s capabilities and the
market/industry it wishes to serve;
nThe development of strategic initiatives to
close these gaps (e.g., acquisitions, local
start–ups/greenfield operations, capital
investments, organic growth); and
nThe development of three-to-five-year ac-
tion plans.
On the surface, strategic planning appeared
fairly straightforward and logical – if we
could understand our external environment
and its direction, along with our own set of
capabilities, then we could effectively make
and execute strategic decisions, right? Maybe,
maybe not. The analytical models help us ask
the right questions and collect and analyze
the right information, but the success of any
strategic planning effort ultimately depends
on an organization’s ability to execute the
initiatives outlined in its plan. Without the
commitment, cooperation, and subsequent
buy–in of all pertinent parties at all levels of
the organization, a strategic plan is only as
good as the 8-1/2 x 11 inch sheet of paper
on which it is printed. Depending upon the
approach we chose, one of two outcomes
seemed likely to result: (1) Strategic planning – the corporate cliché; or (2) Strategic
development and execution – the catharsis.
Strategic planning – the cliché
Although highly important and vital to the
growth and development of any business
or organization, strategic planning efforts,
unfortunately, have become a bit of a cliché.
Oftentimes in these endeavors, senior-level
executives either go offsite and develop a plan
in a small cabal, or bring in a consulting firm
to do it for them. In the first case, the plan
often lacks the depth of information that is
needed to be fact based.
In the latter, the buzz begins. Strategic
management consultants are brought in.
“Cross-functional teams” are formed within
the organization. Research is cultivated.
Continued on page 10
9
June 2008
So, What’s Your Compliance Strategy? ...continued from page 9
Meeting upon meeting upon meeting is
held over a lengthy time period. The result?
A thick PowerPoint deck chock full of data,
market facts and figures, customer satisfaction
surveys, etc. Internal data is generated. The
resulting strategic initiatives will be executed.
The dog-and-pony show presentation of the
findings is made to the leadership team that
optimistically approves some of the initiatives. Hands are shaken and the “strategically
focused” organization is off and running.
Fast forward one year. The last remaining
copy of the “Plan” is sitting on the shelf of
an executive, collecting dust or becoming
the proverbial doorstop. Occasionally, it is
referred to for specific points of organizational scripture. By and large, the strategy is
abandoned in favor of the organization’s longtime status quo – normalcy and resistance to
change.
The failure of strategic planning efforts can
be blamed on numerous people and a host
of factors: Perhaps the executive team wasn’t
fully committed to driving change or did not
do a very good job at communicating it to
the organization. Perhaps middle management, the notoriously most difficult point of
an organization to change, was either resistant
to the Plan or did not understand how they
could effectively contribute to it. Or maybe,
despite all the data and hard work, the initiatives were unrealistic, bureaucratic, or stifled
by political barriers. Or one could just blame
it all on the consultants. Many of these factors, in fact, often combine to doom the plan.
Bottom line: poor execution of the Plan.
The most crucial factor, though, is that
most of the people who will need to
execute the Plan to make it work either do
not understand it, have no ownership of
it, or do not know what they need to do to
contribute to it.
June 2008
10
Compliance strategy – the catharsis
Aware of the pitfalls associated with large
global departments in large institutions
discussed above, the GCD leadership team
knew that it needed to develop and execute a
process that would yield more than a glossy
binder of PowerPoint slides. The strategic
planning process, hereafter referred to, as
“Strategic Planning for Effectiveness” (SPE),
needed the commitment, cooperation, and
collaboration necessary from all members of
the GCD to yield positive value. Moreover,
SPE had to be replicable, yet flexible in the
future, across the organization as external
regulatory environments and business priorities constantly change.
To that end, the leadership team of the GCD
engaged a boutique management-consulting
firm to help it design and facilitate the execution of the SPE across its complex organizational matrix. Because we had not found
anyone who had done this before, we decided
a small firm would force ownership in the
GCD leadership team for two reasons. First,
the process would need to be repeated in the
future, and it would be unlikely that separate
resources would be made available to support
such future efforts. Second, as a matter of
professional development, we wanted our
leaders to become strategic thinkers.
From the beginning of the SPE process, we
carefully focused on design. The design process involved the consultants as well as senior
GCD leaders. More importantly, the leaders
and several middle-level employees from each
of the GCD’s various regional and divisional
operating units were assigned key roles in the
process. We did this upfront to increase the
likelihood that there would be commitment,
collaboration, and ultimately, better execution across the organization. Within reason,
this would work better than if the plan was
hatched and executed by a select few leaders,
particularly in an organization that had not
done this before.
Furthermore, the entire GCD leadership
team was well aware that the SPE process
would require a cultural shift across the
organization for long-run success. Instead of
spending limited budget dollars and utilizing
scarce resources for training and development
programs to initiate the cultural shift, the
team embarked on developing a process that,
in and of itself, would create a cultural shift
within the organization. By driving ownership for both design and execution deeply
into the organization, we would move the
entire GCD from a reactive to a proactive
stance that would enable the organization to
operate more efficiently and effectively in the
longer term.
Designing the SPE process
With the proper design team in place, a series
of face-to-face and virtual meetings were held
with the design team, during the month-long
design phase, to discuss and develop the process. To support the development and critical
“buy-in,” a series of surveys were issued across
the GCD to connect the forthcoming analytical components of the strategy development
process with organizational commitment,
success, and more importantly, with reality.
Coupled with the feedback from the GCD,
the design team determined that the strategy
development and execution process would:
nInclude the proper analytical components
(see below);
nSupport the business-line goals and strategies;
nBe fact based;
nBe organic and flexible to material envi-
ronmental changes;
nLink regulatory understanding and
business-line priorities to the execution of
strategic decisions;
Corporate Compliance & Ethics:
Guidance for Engaging Your Board
“This video provides an
overview of the Board’s
role in compliance.”
www.corporat ecompliance.or g
Odell Guyton
Senior Corporate Attorney,
Director of Compliance,
Microsoft Corporation
“It’s pretty clear that
the best compliance
program in the world
is meaningless, even if
it’s funded with a good
well-meaning compliance
officer, if the leadership
of the company is not
behind it and isn’t
supportive…”
Bringing the vision of
leadership together
with a compliant and
ethical culture
Honorable
Michael E. Horowitz Commissioner, United States Sentencing Commission
Order Today!
Non-Members $395 SCCE/HCCA Members $345
Name
Total Payment $ ______________
Title
 Purchase Order # _____________
 Check/Money Order
 VISA
 MasterCard
Company
Address
Number
City
Exp. Date
State
Zip
Phone
Name of Card Holder
Fax
Signature of Card Holder
E-mail
Please make check payable to:
Format:  DVD  VHS
Society of Corporate Compliance and Ethics (SCCE)
Mail to: SCCE
6500 Barrie Road, Suite 250
Minneapolis, MN 55435
FAX: +1 952 988 0146
Online: www.corporatecompliance.org
E-mail: info@corporatecompliance.org
Phone: +1 952 933 4977, or 888 277 4977
11
June 2008
nDevelop in-house strategic expertise and
ownership of strategic decisions;
nCreate an internally replicable strategy
development process;
nProvide a process to develop teams, individual managers, and executives;
nCreate and nurture cross-matrix strategy
development teams; and
nMinimize long-term dependence on strategic consultants.
In order to properly roll out this process
across the organization, the GCD senior
leadership team, along with the consulting
group, developed an SPE workbook to help
codify and guide the effort. The workbook
included analytical tools and action components (outlined in the next section) and was
issued to the leadership teams of the GCD’s
eleven regional units and nine business unit
divisions. Completion was required in less
than three months. Importantly, GCD senior
leadership and the consultants provided support to all the units throughout the SPE to
enable the teams to develop their plans.
Workbook content – the SPE process
The process was divided into the following
five logical and easy-to-implement steps for
execution:
Step 1: External environmental assessment. This assessment was divided into two
areas. The first focus was on the regulatory
environment in which we operated. We asked
for comprehensive focus and examination of
new or changed regulation in our key compliance risks:
nBusiness conduct
nOrganizational duties
nMarket conduct
nReputation risk, and
nAnti-money laundering risk
The result provided a detailed analysis of the
regulatory changes, the regions and business
June 2008
12
lines impacted by them, the regulator driving
the change, and the available time to respond.
The second area focus was on key business-line
initiatives. As a support and control function,
the GCD’s role was to enable the bank’s businesses to succeed in executing their strategies
and delivering on their goals. Through detailed
meetings and interviews by compliance leaders with more than 300 key business people,
current and future strategic priorities for each
business line (e.g., global banking, private
wealth management) were identified. We captured data, in a systematic fashion, regarding
their plans for the introduction of simple and
exotic new products and for entry into new
geographic markets (e.g., Islamic countries).
The regulatory changes and business-line
initiatives were examined and prioritized
through a two-dimensional screening matrix
that would become the signpost for guiding present and future focus for the GCD.
Business-line and regulatory priorities were
rank ordered, based on the following two
dimensions:
1. The importance of an initiative to a
business and the likelihood it would be
implemented by the business
n High – the initiative would be critical
to the success of the business.
n Medium – the initiative would greatly
help the business achieve its goals.
n Low – the initiative would be helpful,
but not have a significant impact on the
achievement key business goals.
2. The impact of the regulation on the execution of a business initiative
n High – regulation could make the initiative extremely expensive or prohibitive, if not properly addressed.
n Medium – regulation could make the
initiative more expensive or have a
material impact.
n
Low – regulation is unlikely to make
the initiative more expensive or have a
material impact
Step 2: Internal capability assessment.
Any organization’s ability to respond to the
environmental issues identified is a function of its resources. To better understand
the GCD’s resources and how they enabled
it to respond to the environment, a detailed
capability analysis was conducted. In prior
exercises, the GCD identified its four major
roles: advisory, advocacy, prevention, and
detection. The capability assessment analyzed
our resources against these four roles.
1. Advisory. In the advisory role, the GCD
provides strategic support to the business, fosters business growth by providing
guidance and advice to the businesses on
compliant business solutions, monitors
and interprets legal and regulatory focuses,
develops proposals for changes to meet
regulatory requirements, and supports
implementation.
2. Advocacy. In the advocacy role, the GCD
proactively engages in purposeful dialogue
with the bank’s regulators (which number
more than 200 globally), lawmakers, and
various financial-services industry trade
groups. The department seeks to influence
the development of rules that affect the
bank’s business and operating environment; manage regulatory inquiries, audits,
inspections and investigations; and participate in the regulatory consultation process.
3. Prevention. In the prevention role, the
GCD designs and implements programs
and processes, such as policy development
and employee training.
4. Detection. In the detection role, the
GCD conducts risk-based electronic or
manual surveillance and monitoring to
identify violations of law and policy, and
to test the strength of compliance controls.
Compliance Policies/
Document Sharing Project
Our goal: to make
1,000 documents
available to members
If
you contribute
you will have
50
50
documents,
chances to win!
Contribute a document and enter the
iPod/Audio Conference Giveaway!
We are pleased to bring you the iPod/Audio Conference
Giveaway. Contribute one or more documents to the SCCE
Compliance Library, and be registered for a chance to win an
iPod or an SCCE Audio conference. Drawings will be held on a
monthly basis starting in July 2008, so there are many opportunities for YOU to win. The more documents you add to the
library, the better your chance of winning!
E-mail your document(s) to Caroline Lee Bivona
at caroline.leebivona@corporatecompliance.org
With 2,300 lawyers in
30 locations, Jones Day
One Firm Worldwide is
a proud law firm sponsor of this giveaway!
www.jonesday.com
June 2008
www.corporatecompliance.org
13
888-580-8373
So, What’s Your Compliance Strategy?
A detailed analysis of these roles and the
capabilities that support them was conducted
throughout the entire GCD. The analysis included an examination of the assets, skills and
knowledge/people, systems, work processes,
organizational structure, and performance
metrics and how they all interacted to enable
the capability. For example, the GCD’s ability
to provide the businesses advice on such areas
as real estate or Islamic lending practices (e.g.,
Sharia law) was identified.
These categories were defined as follows:
Assets. These are things physically used by
the department that can produce future economic benefit, the measurement of which can
be expressed in monetary terms. An asset
typically is listed on a balance sheet (e.g.,
computer hardware, facilities).
Skills and knowledge/people. The
employee set and unique capabilities,
such as intellectual capital, within a
specific industry that bring value to the
department (e.g., an employee or group
with valuable experience and knowledge
in the regulatory environment).
Metrics. Quantitative and qualitative
measurements, often used to assess the effectiveness and efficiency of the execution of
an activity (e.g., number of surveillance hits,
training sessions given, suspicious activity
reports filed).
June 2008
14
ing initiative, we told them to consider options
that were both effective and efficient. “Consider
ways to creatively redeploy and utilize existing
resources within the global compliance organization as an alternative to securing additional
new resources (i.e., adding new costs to your
budget should be your last alternative).”
The last point was particularly important to
the success of the SPE. People tend to rely
on and guard resources under their immediate control, and to locally develop solutions
to problems when they occur. The need
for autonomy and the “not invented here
syndrome” often prevail. The tendency often
results in excess costs and slow and inefficient
implementation solutions to problems
that, more often than not, stretch across
locations and individual spans of control.
Through a collaborative strategy development and execution effort, we sought to
break down these silos and achieve more
effective and efficient use of capabilities
across the GCD.
Given a resource-scarce
environment, it was critical that everyone realized
that not every gap closing
strategy could be supported and that priorities
needed to be set.
Systems. Typically, software that allows the
department to manage its flow of information
and make decisions (e.g., transaction surveillance software).
Work processes. Specific sequences of activities used to manage workflow and reach a
desired goal (e.g., surveillance “hit” investigative processes, branch examination processes,
financial management processes).
Step 3: Gap analysis. Based on the first
two steps, a gap analysis was conducted to
identify gaps between the GCD’s current
and required regulatory and business focuses,
and the capabilities needed to effectively and
efficiently meet the regulatory and business
priorities. The specific questions included:
nWhat capabilities add no value and should
be dropped (i.e., they add no value but
consume scarce resources)?
nWhat capabilities do we need that do not
currently exist?
nWhat capabilities should be better leveraged or significantly improved because
they are underutilized or inefficient?
To ensure that “the baby was not thrown
out with the bath water,” each capability was
examined with respect to the assets, skills and
knowledge/people, systems, and work processes. In some cases, we found the capability
important but in need of improvement in one
or more elements. Frequently, we found the
area for improvement was development and
addition or redeployment of key people.
For each strategy, two costs were identified: “Change the Bank” (one time
development and implementation costs) and
“Run the Bank” (recurring operating costs).
This injected a healthy dose of reality into the
process by ensuring that there were no blank
checks.
Step 4: Gap closing strategies. Once the
gaps were identified, initiatives to close them
were developed. The initiatives ranged from
redeploying or better utilizing existing staff,
to changing work processes, to modifying or
developing new systems.
Step 5: Action plans. The final step in the
process was the development of action plans
for each gap closing strategy and an on-going
review process for ensuring that each plan was
implemented. Each plan was championed
by a member of the leadership team and
included individual accountabilities, milestones and completion dates, deliverables, and
resources (e.g., people and money) needed to
complete the plan.
As leaders began to define the optimal gap clos-
Carrying Out the SPE
Although a sound the design was necessary
to have a shot at success, a good design alone
would not achieve the cultural shift necessary
for success. The interaction and communication among those involved in the SPE process
and the rest of the organization was a vital
component to achieving an effective plan and,
ultimately, execution of the plan. The following is a brief overview of the process used to
carry out the SPE:
Introduction of planning process
As we noted above, we surveyed department
management to lay the foundation for achieving the buy–in among the GCD leadership
team. In that survey, we asked every member
of senior department management to ascertain precisely what they thought was working
well and what was not in the department
that had grown rapidly over the previous four
years. We collated those responses and hung
every one of them in poster size on the walls
of the conference room where we were holding the two-day kick-off meeting with the
entire GCD leadership team present. After
two hours of detailed review and comment,
the responses drove home the need for a unified strategic plan by the GCD.
The meeting then moved to a detailed discussion of the process, and the reasons for
every step. We covered the following topics:
nThe importance of SPE process to the GCD;
nA review of the mission and roles of the
GCD as focal points for the SPE process;
nIntroduction and explanation of the SPE
process with the accompanying “analytic”
document;
nThe importance of getting buy–in from regional/business leadership teams and staffs
as well as others with critical knowledge;
nSet post meeting expectations and schedule with respect to:
o Steps to completion of plan
o Meetings to discuss plan
o
Feedback from plan
o Roll out of plan
nReview process for ensuring its execution;
and
nIntroduction of the roles of outside strategic
consultants who would help coach them
throughout the entire planning process.
Moreover, an internal point person from the
leadership was identified. This person, in
collaboration with the consulting team, was
responsible for ensuring that the SPE ran
smoothly and on time. The internal point
person was a central point for any issues or
questions faced by any team or individual. This
would lead to quick and effective solutions.
To ensure that everyone understood the SPE
process and bought in, we provided an opportunity to provide final feedback and changes.
Creation of Teams
Following the kick off meeting, SPE execution teams were created. With the help of
the consultants, each team addressed the following:
nIdentity of team leaders and members;
nThe scope of their tasks and deliverables;
nDefinition of key activities, resources and
deadlines;
nIdentity of any additional resources; and
nDevelopment of localized implementation
plans including organizational communications with key stakeholders.
Execution of the SPE
Throughout the SPE process, the GCD
leadership, the teams, and the consultants
communicated frequently. For each step of
the SPE, a formal review process, whereby the
leadership team provided feedback to each
team, was held. This ensured that the teams
were on the right track and that emerging
global issues were being captured. These issues
were especially important.
Moreover, as is the case with any process,
improvements were constantly being made to
the SPE based on feedback from the teams.
Rather than bureaucratically execute the SPE,
we wanted to ensure that it worked and that
those involved in it continued to feel that
they had influence over the process itself. We
wanted them to make the SPE “their own.”
The Gala Event
Given the complex nature of the GCD
organizational matrix and its geographic dispersion, a two-day, face-to-face event was held
upon the completion of the planning process.
This event provided the forum for final debate
on all the initiatives and the development
of the actual global strategic initiatives. We
decided a face-to-face meeting was necessary
for two reasons. First, given a resource-scarce
environment, it was critical that everyone
realized that not every gap closing strategy
could be supported and that priorities needed
to be set. Second, there might be common
initiatives that could better be addressed on
a global scale, rather than by each regional or
business team. We looked for cost savings and
to optimize resources and approaches.
Third, gaining ownership and consensus among
all the teams for the overall GCD plan was critical to effective execution. Moreover, the session
was a true test of whether a culture of collaboration and cooperation was emerging and
a barometer of the success of the professional
development component of the SPE process.
During the session, the leadership struggled,
at first, with the sheer number of initiatives
that had been generated and continued to
champion their self-identified priorities. By
forcing the resource constraints and achieving
acknowledgement that only about ten things
could be truly global priorities, the leadership
ultimately developed a list of key initiatives
15
June 2008
that were the most likely to achieve the largest
impact on enhancing the department’s execution of its four key roles. We then identified
sponsors, owners, deliverables, and deadlines.
The end document was a clear, concise, fact–
based strategy that was executable within given
time and resource constraints.
Review and followup phase
Finally, we implemented an on-going periodic review process to monitor the execution
of the gap closing strategies and action plans.
We also made the execution of these plans
a part of the performance reviews of those
responsible for execution.
Results of the SPE to date
The evidence, thus far, suggests that the SPE is
running fairly well from both the organizational
development and substantive perspectives. As
an organization, there is greater alignment and
focus. The “silo mentality” has decreased and a
greater focus on the needs and priorities of the
global organization, rather just than those of
the divisions and regions, had emerged. Clearly,
there is more communication and collaboration
across the organization, which helps the matrix
run much more smoothly. Second, there is a
marked shift in the level of strategic thinking
throughout the organization as well as a more
proactive stance. Third, the leaders of the GCD
are working together to more efficiently utilize
scarce resources. Fourth, and perhaps most
importantly, the SPE process has helped the
GCD establish much stronger partnerships
with the business lines. The process required the
leaders to spend more time interacting with the
businesses to learn more about the businesses
and their strategic priorities. This sent a strong
signal to the business leaders that Compliance
was there to help them and the firm to succeed.
From a substantive perspective, the top global initiatives that emerged addressed the key
results of the survey (summarized above) that
June 2008
16
led to the entire process. Ultimately, several
of the global initiatives accurately targeted
global risks that were highlighted in the risk
assessment process. To highlight a few important items:
nStrategy. At the conclusion of the pro-
cess, approximately ten global initiatives
were defined, as well as other initiatives
by location and business division. The
initiatives were clear and executable and
addressed the important challenges and
risks the GCD was facing.
nOrganizational structure. Six of the
initiatives addressed important structural
issues and enhanced the networking
and global execution capabilities of the
organization.
nSystems. Two initiatives were addressed
that resulted in systems development,
primarily focused on monitoring.
nProcesses. One of the global initiatives addressed the key process in need of
significant enhancements.
nResources. Several of the initiatives
targeted talent development and fostered
organizational alignment. The bottom line
was that the process worked.
Finally, as an unanticipated outcome, the
SPE has become a meta-process, under which
a number of other processes and initiatives
(e.g., risk assessment) have become subsumed. Moreover, the SPE initiatives are not
thought of as “projects,” but as “the way we
do things around here” (i.e., the process has
led to a cultural change in the organization).
This has made for a much more efficient and
less unnecessarily complex organization.
It has gone a long way in building DB’s GCD.
Second, how you implement the SPE is just
has important as its analytical components.
More specifically, the involvement and engagement of people throughout the organization is key to its effectiveness.
Third, strategic thinking is more important
than strategic planning. The SPE is a process
of engaging people to think about strategic
issues facing the organization (e.g., emerging
compliance issues and business priorities). It is
not about filling in and submitting a bunch of
planning forms. When people become comfortable with thinking strategically, the process
becomes a part of the day-to-day culture of
the organization, and people naturally become
more proactive and anticipate and prepare to
respond to emerging strategic issues.
Finally, anything that is worth doing takes
time, resources, and commitment to succeed.
This was something that the leadership team
understood and did well. It was this commitment that caught the attention and enthusiasm of the organization. However, the SPE
cannot be viewed as a one-time event. It is a
management process that needs to continue
to be supported, nurtured, and driven. n
The authors would like to thank Alan Greatorex,
the Head of Global Compliance Training and
Development for Deutsche Bank for the invaluable
role he played in the design and execution of the
strategic planning process described in this article.
1 In re Caremark International Inc. Derivative Litigation, A2d; (Delaware
Chancery Court, 1996).
What we learned
Clearly, we have learned a number of things
from the SPE process. First, although the
process appears to be solely about strategic planning, it has also proven to be an effective organizational development and culture change tool.
Call for Authors
Compliance & Ethics Magazine
Compliance & Ethics Magazine is published bimonthly
by the Society of Corporate Compliance and Ethics
(SCCE). Professionals in the compliance field are
attracted to SCCE because it is the ultimate source
of compliance and ethics information, providing the
most current views on the corporate regulatory
environment, internal controls, and overall conduct
of business. National and global experts provide
informative articles, share their knowledge and
provide professional support so readers can make
informed legal and cultural corporate decisions.
We welcome all who wish to propose corporate
compliance–related topics and write articles.
Topics to consider:
Articles, when the topic allows, should include “how
to” tips. Articles generally run between 1,250 and
2,500 words.
• Enterprise risk management: risk-based
assessments
If you are interested in submitting an article for
publication in Compliance & Ethics Magazine, please
contact Marlene Robinson:
marlene.robinson@corporatecompliance.org
+1 952 933 4977 or 888 277 4977
• Information on new laws, regulations, and
rules affecting international compliance and
ethics governance:
• Developing and managing effective compliance
programs
• Compliance and ethics training: senior
management versus non-management
• Conflict of interest
• Code of conduct
• Security
• Investigations: attorney privileges
• Sarbanes-Oxley Act updates
• Professional liability, audit, accounting
• Compliance & ethics program assessments
• Articles addressing current “hot” compliance
and ethics issues
All Aricles are due by the 15th of the
month 45 days prior to issue date.
SCCE Advisory Board
Urton Anderson
Chair, Department of
Accounting and Clark W.
Thompson Jr. Professor
in Accounting Education,
McCombs School of
Business,The University
of Texas at Austin
Marjorie Doyle
Practice Leader,
Ethics & Compliance
Solutions
LRN
Charles Elson
Director of the
John L.Weinberg
Center for Corporate
Governance and Edgar
S.Woolard, Jr. Chair in
Corporate Governance,
University of Delaware
Odell Guyton
Senior Counsel and
Director of Compliance,
SCCE Advisory Board
Co-Chair
Keith Halleland
David J. Heller
Gary Hill
Michael Horowitz
Shin Jae Kim Hong
Michael
LaFontaine
Sean Martin
Joseph E. Murphy
Chief Compliance Officer,
U.S. Bancorp
Vice President,
Commercial Law,
Amgen
Co-Founder,
Integrity Interactive
Co-Editor, ethikos
F. Lisa Murtha
Dennis Muse
Haydee Olinger
Mollie Painter-Morland
Daniel Roach
James G. Sheehan
Leonard Shen
Roy Snell
Sheryl Vacca
Cheryl
Wagonhurst
Rebecca Walker
Ex-officio Advisory
Board Member
Founding partner of
Halleland Lewis
Nilan & Johnson, PA
Partner,
TozziniFreire Advogados
São Paulo, Brazil
Managing Director,
Huron Consulting
Group
Vice President
Compliance & Audit,
Catholic Healthcare
West
Chief Ethics and
Compliance Officer
Vice President Risk
Management
Qwest
Chief Executive Officer,
Global Compliance
Medicaid Inspector
General, Office of the
Medicaid Inspector
General, New York State
Vice President and
Chief Ethics Officer
Wal-Mart Stores, Inc.
Vice President–Chief
Compliance Officer
McDonald’s
Corporation
Senior Vice President–
Chief Ethics and
Compliance Officer,
American Express
Litigation partner, member
of the Business Fraud
and Complex Litigation
Group, Cadwalader,
Wickersham & Taft LLP,
and Commissioner, U.S.
Sentencing Commission
DePaul University Associate
Director,The Institute for
Business and Professional
Ethics; Director, Center for
Business and Professional
Ethics, University of Pretoria,
South Africa
CEO, Society of
Corporate Compliance
and Ethics
SCCE Advisory
Board Co-Chair
Debbie Troklus
Assistant Vice President,
Health Affairs/
Compliance, University
of Louisville Health
Sciences Center
Senior Vice President/
Chief Compliance
and Audit Officer,
University of California
Partner, Foley &
Lardner LLP,
LA Office, Regulated
Industries Team
Partner,
Kaplan & Walker LLP
Professionals representing a broad range of industries make up this board.
The level of diverse experience and professional accomplishment is impressive. These industry leaders are
enthusiastic and poised to lead the Society of Corporate Compliance and Ethics into the future. SCCE promotes
the compliance profession by offering valuable programs and tools to enhance knowledge and expertise in the
compliance and ethics field.
We are very excited to have such a diverse and experienced group of people leading this organization.
Roy Snell, CEO
June 2008
18
Why are we where we are?
We have more opportunities for members to get involved, because of the
non-bureaucratic culture of our organization. Most importantly, we are
a successful organization because of the talent of our membership.
We have problems and frustrations just like any other organization.
However, we don’t have the kind of problems that other organizations
do. Our problems are associated with our entrepreneurial, fast-paced,
risk-oriented approach. We want to get as many people involved as we
can. As a result of our 50 compliance conferences, 48 audio conferences, four certifications, two magazines, and a myriad of other activities,
we get a lot of people involved. You may see some people whose names
come up regularly. Because of the number of things we do, we have
to rely on some people to help regularly. The real question is, “How
many people get to be involved in our organization compared to other
professional organizations?”
Opportunities come from growth and risk. Growth and risk comes from
entrepreneurial behavior. If you want to see limited opportunity, join a
bureaucratic, constipated, committee-run organization. “No” is the word
of the day. Everything has to be approved, overseen, changed, analyzed,
and watered down to make sure everyone is happy and on board.
If you count meaningful work, not just superficial, resume stuffing
committee assignments, I would put our organization up against any
other for generating opportunities for members to get involved. We
want more people involved and to do that, we have to keep growing,
take risks, move quickly, delegate, and trust. We must also manage and
tolerate the challenges associated with that approach.
Other organizations have pre-meeting meetings to discuss who should
be invited to meetings. There are meetings to examine all of the political ramifications of the topic to be discussed at the meeting. They
discuss who would be offended or not offended by being included or
not included. We, on the other hand, think of an idea and take action.
We ask someone to get it done. If someone else is offended by not being included, we try to find something for them to do and we get that
ROY sNELL
done too. We have more resources to accommodate all these requests to be involved,
because our resources are not tied up in
meetings, political discussions, and endless
ruminating about ramifications.
We have approximately 150 people writing
articles each year. If you count people who promise to write articles,
that number mushrooms to well over 300. Approximately 50 people are
involved with our certifications annually. With 50 conferences, we have
over 750 new speaking opportunities annually. No association anywhere
near our size can touch this number. We have approximately 100 people
involved in the speaker selection process for our 50 conferences. Approximately 100 people help with the audio conferences annually. Many
people are involved in product development, Website content, and a
myriad of other projects.
In this article I talk about our very talented, experienced, intelligent
membership and our organization’s operational culture. As I mentioned, we have our own problems, but in the long run we grow faster,
do more, and have more opportunities than other organizations. To
create more opportunity, we all can’t be involved in every decision. We
have to be willing to take risks and make mistakes. We are better off
because we often delegate to individuals and trust them, rather than
delegating to committees. It’s not easy to do it the right way. In this
article I discuss why we are the way we are, and the challenges and
compromises associated with our approach.
Why are we the largest compliance and ethics organization in the
world? I must admit, it is an assumption on my part, that with 6,600
members (5,500 HCCA and 1,100 SCCE), we are the largest compliance and ethics professional association in the world. It is the largest
I have ever heard of. Nevertheless, we are very successful because we
do things differently than others, and we have people who know this
profession better than most.
We are where we are because we have a large number of people who
know what they are doing. We have people who know the profession
and where it’s going. They know what is important and what is not.
They are not trying to push their own agenda or trying to cash in on
the compliance/ethics surge. We also have a system that allows them to
be effective. The system or culture we have is unlike many non-profit
membership organizations that become bureaucratic, indecisive, and
compromising.
19
June 2008
Why are we where we are?. ...continued from page 19
The People
Our members, speakers, conference program
chairs, authors, our board, and our committee members have practical knowledge
of our profession. We have many people
making hundreds of good decisions every
month. Our people are practical. They get to
the point. They know what they are doing
because they have lived this profession. They
are not caught up in glamorous fringe issues,
but rather, they understand the profession
at its core. More than anything, they know
where this profession is going, because they
know where this profession has been, and
they know what is important.
try to think about long-term gain as opposed
to short-term gain.
Generally speaking, people are not picked to
work on projects because of who they are,
who they work for, what degree they have,
or how much money they are willing to give.
Volunteers aren’t assigned to tasks because
they are the most vocal or most powerful.
People are assigned to tasks because they
know what they are doing. We have the
courage to assign the right task to the right
person. Because we put the right people on a
project, we have a greater return on investment (ROI). That increased ROI gives us
more resources to get more people involved.
We now have experts from 45 different
industries and 12 countries. Collectively,
these people have a deep understanding of
the profession and all its components. With
the aforementioned diversity of thought
and experience, we minimize group think.
Because we have involvement from many sectors of this profession, we get a balanced and
realistic look at the practical implementation
of compliance and ethics programs.
This is not always easy. It’s often easier to go
with the flow and assign tasks to people who
insist on working on something. It often
easier to pick the person who would be the
most upset if they were not chosen. It is also
a temptation of many organizations to assign
everyone who wants to work on a task to the
task. The world is full of people who can’t
say no and believe more is better. Sometimes
more isn’t better. Others accomplish tasks
through extreme collaboration and by setting
up a series of committees. If you work hard
enough on anything, you can ruin it and
waste resources. There is so much to be done
that there is no need to be so inefficient. We
June 2008
20
There are too many people to mention who
exemplify the knowledge of this profession.
Just look at the Website, magazine, or brochures. Not only do people know what they
are doing, but they come from many different
perspectives. They represent the best of the
best: compliance and ethics officers, consultants, academics, regulators, risk managers,
auditors, certified fraud examiners, outside
lawyers, CEOs, vendors, etc. We have specialists in ethics, risk, law, compliance, hotlines,
auditing, disclosure, education, etc.
Tasks are delegated to a limited number of
experts who get input from others, but they
are not forced to over-engineer everything to
keep people happy. It is difficult for people
on the fringe of our profession to keep things
simple, because they are inexperienced and/
or lost in the details. We delegated tasks to
volunteers who get along, are trusted, avoid
minutia, and pick a date and finish. Sometimes a project requires attention to minutia
or a hard-charging pit bull. It is not often,
but we make sure we get the hard chargers,
and we back them when the going gets tough.
Our members are experienced. People who
know what they are doing can keep projects
simple and too the point. People who don’t
know what they are doing have to include
everything they can think of in a project.
They do that because they don’t know what’s
really important and can’t sort the wheat from
the chaff. Our volunteers are not theoretical.
Our people want to get it right, but they understand the practical limitations that we have
to deal with in the real world. Over the last
12 years we have been very fortunate to have
assembled some of the very best compliance
and ethics professionals in the business.
The System
We don’t do it with a committee when a
collaborative and knowledgeable individual
will do. We don’t write a white paper when
a memo will do. Authority, accountability,
and responsibility are often delegated to an
individual or two, and we trust them. Much
more gets done in our system. We get a better
result than others do. A great example of this
is Debbie Troklus, who runs our certification program. She has a Board, but they
don’t meet just to meet. They don’t meet to
think big things and tell others what to do.
They get the right people together when they
have a specific and a defined task. They hire
experts to guide them, and follow their lead.
If someone decides they know better and they
don’t, we don’t cave in just because they are
powerful, loud, confident, or just to keep the
peace.
Joe Murphy shared an old saying with me
“Don’t let perfection be the hobgoblin of
the good.” That may apply to professional
associations more than any other type of
entity. Many people think that if they can
make something a little better, it should be
changed. Things rarely ever get done on time
with that approach. Some things just fall by
the wayside altogether, because people get
frustrated and tired of the endless additional
ideas and change. Some believe most of the
important work on a project is accomplished
in the first 20% of the effort. The remaining
80% of time is spent perfecting the project,
changing their changes, and it results in
marginal improvement. That time could have
been put to better use. Our people don’t add
things on just because they can think of more
to do. They understand the ultimate mission
and get the task done. They then move on to
another unaccomplished task.
We are clear of purpose. We often have a
single task in mind when we start a project.
In most organizations, when people get
together to work on a specific project, they
see all kinds of other knobs on the dashboard
that could be turned, twisted, or tweaked.
Our leaders keep our volunteers on track and
focused. For example, our conference planning committee focuses on program content
and leaves the conference management to
the conference managers. They don’t change
the timing of sessions just because they can
think of another way to do it. They don’t
worry about how to register people. Our
leaders focus their activities within their area
of expertise. As a result, the content of our
meetings is second to none.
Sometimes people get involved in projects
and inevitably see something related to the
task at hand but outside their project scope.
They think there is a better way to do it.
Many organizations will go along to get
along, even though what they are suggesting
to change was just changed. Oftentimes there
are many ways to do something. The variation of benefit between the choices can often
be minimal. A change may result in a better
outcome, but the effort to reengineer something may not outweigh the time required
to change it. There are lost opportunity costs
too. That time could have been spent getting
something done that had never been done
before. Our volunteers don’t change things
because someone can think of another way
to do it. Our volunteers don’t cave in to
reinventing the wheel to keep the peace. We
get so much more accomplished because we
don’t change our changes, but rather, we use
that time to accomplish new things.
We have meetings with up to 200 speakers.
Our main planning committee is never more
than three people who select track chairs who
are delegated responsibility, authority, and
accountability for selecting speakers within
their track. We also have specific groups
working on specific tasks, such as certification or the magazine. These groups perform
a function. They don’t get together to think
of things others could do for them. Things
happen between meetings because they stay
focused, develop task lists, and follow up.
Each working group has someone in charge
that can make sure that things are accomplished. We don’t delegate all the decision
making to the group, but rather to the leader
of the group. Unlike other organizations,
we don’t always have to wait until the next
meeting to make a decision or get approval.
The leader gets feedback from the group and
makes decisions. In other organizations, committees can’t do anything without everyone
on board. These groups act slowly and often
water down what ever they are working on to
get agreement. They wait until everyone signs
off on it; therefore, things can take forever.
People working in our system have a greater
chance of feeling a sense of accomplishment.
Generally speaking, we delegate to those who
can make a decision and who can get work
done in a reasonable amount of time. We
delegate to those who are collaborative and
can keep it simple. We delegate to those who
can take direction and keep their word. We
are not successful because of an individual
or two. We are successful because of the
incredibly large number of experienced and
knowledgeable people in our organization,
how we assign tasks, and the system we ask
people to work within.
It is harder to do it the easier way. People
sometimes get mad because they can’t decide
things they want to decide, or can’t get
involved in things they want to get involved
in. People get mad because they can’t change
something they want to change. It’s frustrating not to be involved in everything and
know everything that is going on.
However, we disappoint fewer people in the
long run, because we get more done and the
things get done better. Most importantly, this
system results in growth and that means there
are more opportunities for more people to get
involved. It’s not always true; however, it’s true
a materially significant amount of time. At the
end of the year, we see the significant accomplishments because of our systems and people.
The results at the end of the year more than
make up for the compromises that are made
along the way. It is significantly more rewarding than the alternative. As a result, we have an
organization we can all be proud of. n
Contact Us!

info@corporatecompliance.org
Fax: 952/988-0146
SCCE
Phone: 888/277-4977
To learn how to place an advertisment
in Compliance & Ethics, contact
Jodi Erickson Hernandez:
e-mail: jodi.ericksonhernandez@
corporatecompliance.org
phone: 888/277-4977
21
June 2008
feature
article
Meet Robert T. Morgan, CCEP, CFE
Group Investigations Manager, Financial Integrity Unit, Microsoft Audit Group
& Carol A. Morgan, CCEP, CFE, CPA, CIA, CISA
Vice President, Audit & Risk Management Services, World Vision
Editor’s note: Marlene Robinson, Story
Editor for Ethics and Compliance Magazine,
conducted this interview with Bob and Carol
Morgan. Bob may be contacted by e-mail
at Bobmorg@Microsoft.com or by phone at
425/722-1586. Carol may be contacted by
e-mail at CMorgan@WorldVision.org or by
phone at 253/815-2460.
This month we are offering a special interview
with two highly skilled corporate professionals who are committed to living out
their deepest values at home and at work.
They share the same beliefs, not only in the
compliance and ethics profession, but in their
roles as husband and wife.
Bob and Carol have been married more than
38 years, have raised two daughters, and are
now enjoying their role as grandparents to two
growing boys. They have moved eleven times and
lived in five states and seven different cities. Each
started in a profession very different from where
they find themselves now. Changes in careers
and unexpected opportunities helped mold the
roles they now hold. It is not so strange that the
choices they made complement not only their
home life, but the workplace as well.
According to a recent study conducted by the
Families and Work Institute it is now necesJune 2008
22
sary for 78% of married couples to work in
order to maintain the lifestyle that they desire.
MR: Bob, what is Microsoft’s Financial
Integrity Unit (FIU)?
Bob: The FIU is an investigative unit
embedded in the Microsoft Audit Group.
The FIU is one of three entities that compose the group. Internal Audit and Enterprise
Risk Management are the other two. The
FIU’s mission is to assist Microsoft and the
board of directors in the effective discharge
of their responsibilities over financial integrity and compliance with Microsoft’s Standards
of Business Conduct and policies.
To accomplish our mission in serving a
multi-national company like Microsoft, the
FIU has professional investigators assigned to
Microsoft offices located in the United States,
Asia, and Europe. Our primary focus is to
prevent, detect and investigate violations of
Microsoft’s Standards of Business Conduct,
but the FIU takes great pride in the contributions that it makes to the company’s control
and compliance environment by making
recommendations for process improvements
and policy enhancements.
MR: Bob, how was Microsoft’s Financial
Integrity Unit formed?
Bob: In setting the tone at the top,
Microsoft’s executive management recognized
the importance of being a good corporate citizen. To create an environment of exemplary
corporate governance, Microsoft established
the Office of Legal Compliance in 2002. After
conducting an in depth study, the company
then decided it needed a group of professional investigators whose sole responsibility
would be to identify and mitigate the risks of
financial fraud and abuse. This was a timely
decision, as you will remember Congress
passed the Sarbanes-Oxley Act during the
summer of 2002. Martin Biegelman was hired
as the FIU’s first director and was immediately
tasked with staffing the FIU with competent
and qualified investigators. A retired U.S.
Postal Inspector, Martin looked for and found
people with similar backgrounds in federal
and local law enforcement, forensic accounting and data analysis. He also placed significant emphasis on individuals holding professional certifications, such as the Certified
Public Accountant (CPA) and Certified Fraud
Examiner (CFE). I was the second person
to be hired in December 2002. We now
have eleven investigators located in five cities
around the world and are looking to place
investigators in two more cities.
MR: Why label it an FIU rather than the
more common name, Special Investigation Unit?
Bob: Microsoft wanted to place greater
emphasis on corporate governance, which
entails more than conducting investigations
in the traditional reactive mode. I believe the
name, Financial Integrity Unit, connotes a
broader and more positive meaning to the
approach that Microsoft wishes to convey
to its employees, customers, and partners
about compliance. Because our unit is an
integral part of the Microsoft Audit Group,
it is important that we have a comprehensive fraud risk management strategy that is
aligned with the company’s business objectives and organizational structure.
MR: Being a part of a global team of
investigators that detect and prevent fraud in
non-US locations sounds very intriguing and
would probably make a good James Bond
movie. What is your professional background
and how did you get into the fraud and compliance field?
Bob: After teaching high school physics
and mathematics for four years, I joined the
Philadelphia Police Department for which I
served as a patrolman and detective for six
years. I then became a US postal inspector
and in that capacity held numerous criminal
investigative assignments. My experience as
a postal inspector taught me skills on how
to conduct effective investigations of a wide
variety of white-collar crimes, such as mail
and wire fraud, identity theft, and financial
embezzlement. More importantly, I learned
the necessity of having effective crime prevention and security programs, which go handin-hand with identifying, recommending,
and implementing strong internal controls,
process improvements, and well-defined policies. The US Postal Service is a business and
therefore, has an organizational structure and
strategies like any business. As a result, it was
not too difficult for me to make the transition
from federal law enforcement to Microsoft
and apply those same skills that I learned in
the government to the compliance and investigative work that I now do in the FIU.
MR: Bob, in your position you supervise
a very diversified group of individuals, not
all are US citizens, and many are of different
nations. Is it difficult to understand the specific cultures, social mores, and national laws?
Bob: I believe going to work for a company with a global presence like Microsoft’s
posed the biggest challenge for me. I had
traveled extensively throughout the U.S. as a
postal inspector, but I had never traveled to
Europe, Asia, or Latin America until I joined
Microsoft. Although learning new cultures,
social mores, and foreign national laws has
been a challenge, it has also been the most
interesting and rewarding aspect of my job. I
never in my wildest dreams imagined that I
would visit some of the places where I have
been and meet people with such diverse
backgrounds. I have found that if you treat
everyone with respect and dignity, they will
treat you the same way, regardless of their
ethnic or cultural backgrounds. I must say
that I have learned a great deal from the people with whom I have worked and believe I
am a much better person for the experience.
MR: Tell us about the role ethics and cul-
ture plays in the operation of your program.
Bob: That is why it is so important to
identify and recruit personnel for the FIU
with cultural backgrounds that are as diverse
and reflective of the countries where the
company does business. I rely on our foreignbased investigators for advice on how to handle situations in the countries where they are
assigned, because they know the laws, culture,
and social mores better than I do. Our diverse
team speaks eleven different languages, has
over 200 years of investigative experience, and
nearly everyone on the team possesses at least
one professional certification.
MR: How does the FIU work with
Microsoft’s Ethics and Compliance Program?
Bob: The FIU works hand-in-hand
with the Office of Legal Compliance (OLC),
which reports directly to Microsoft’s General
Counsel and Senior Vice President of Law
and Corporate Affairs. The attorneys
assigned to the OLC provide legal guidance
and counsel for all our investigations in a
very collaborative process. The OLC manages our external vendor, which receives
and documents complaints and issues that
are submitted to the company’s 24/7 business conduct line (hotline). The OLC refers
issues to the FIU that fall within our area
of responsibility. We then work with the
OLC to prepare an investigative plan that
will effectively address and resolve the issue.
Management and Human Resources are kept
informed along every step of the investigative
process. When an investigation is concluded,
we work together to identify and correct any
process or control weaknesses that may have
contributed to the problem.
MR: Why do you find the FIU system
better than other departmental anti-fraud
solutions?
Bob: The investigative process may
23
June 2008
Meet Robert T. Morgan & Carol A. Morgan ...continued from page 23
differ from one company or organization
to another. The differences are frequently
based on the nature of the business and
the organizational structure. Microsoft is a
technology company and highly innovative.
We therefore try to use and leverage the
company’s technology in our never-ending
pursuit to be as proactive as possible in our
risk assessment efforts. We have also learned
from other companies and adopted industry
best practices to improve our program. We
periodically meet with our counterparts from
similar and other industries to discuss new
methodologies and emerging risks. These
benchmarking sessions have proven to be
invaluable learning experiences that make us
all better at carrying out our responsibilities
and organizational missions.
MR: Bob, how have the FIU and
Microsoft benefited from its relationship
with SCCE?
Bob: As you know, Odell Guyton,
Microsoft’s Director, Office of Legal
Compliance, is on the board of SCCE.
Odell is responsible for introducing us
to the HCCA [Health Care Compliance
Association] symposiums that he sponsored
at Microsoft, beginning nearly six years
ago. It was through my attendance at these
symposiums that I learned about the seven
principles of an effective compliance program.
When I received the first literature and e-mail
about the SCCE, I recognized the importance of pursuing the SCCE’s professional
certification designation (CCEP) and how an
ongoing relationship with the SCCE could
vastly improve the expertise of our unit, just
like the benchmarking sessions do with our
industry counterparts. We think so much of
the value that the SCCE has to offer through
the Compliance Academy training I recently
attended, that we are encouraging others of
the FIU to become members of the organization and pursue the CCEP designation.
June 2008
24
MR: Carol, can you tell us about your
position and the mission at World Vision?
Carol: As the Vice President for Audit
and Risk Management Services (ARMS), I
am accountable to the Audit Committee of
the World Vision US Board of Directors for
all aspects of the audit function. Our department mission is to promote stewardship
of resources through objective, cost effective assessments designed to add value and
improve operations.
MR: Carol, what is your professional
background and how did you get into the
audit and compliance profession?
Carol: I began my working career
in health care as a laboratory technician
at Holy Redeemer, what was then a small
Catholic hospital in suburban Philadelphia.
After taking a break to spend time with my
children, it became apparent that the field
had exploded with the use of technology. I
recognized that I would have to be retrained
to just catch up with all the innovations that
occurred during my sabbatical. It was then
that I made the decision to change careers
and, with the advice of my husband Bob, I
chose accounting. During my education process I took my first auditing class and knew I
had found my niche.
I started my auditing career with the
Defense Contract Auditing Agency (DCAA)
in Washington, DC. This expanded my audit
focus to include government compliance. A
move to the West Coast made it necessary
to change direction, so I took a position
in the Internal Audit department at Safeco
Insurance. This blended well with my audit
compliance experience because, as you know,
the insurance industry is highly regulated. I
really missed government auditing, but it was
apparent that federal positions were few and
far between. Instead, I did the next best thing
and went to work for Todd Pacific Shipyards,
a government contractor, as the manager of
the Internal Audit department. Then Sarbanes-Oxley hit the profession, and I realized
I would need public accounting experience
to stay current. I accepted a position with
McGladrey and Pullen, a CPA firm, where
I expanded my experience to not-for-profit
accounting specific to credit unions. It was
during this time that I received a call from a
former co-worker, whom I worked with at
Safeco, about the opportunity with World
Vision. So here I am. I guess you could say I
was called to work at World Vision.
MR: Carol, when you made your choice
to work for World Vision, what unique
qualities or qualifications did you bring to
this position?
Carol: I think my eclectic background
and varied experiences prepared me for my
role here at Word Vision. Did I mention
I had a decorating business while I was a
stay-at-home mom? Bob’s work and job in
the government necessitated frequent moves,
eleven in all, that strengthened my project
management and decision-making abilities.
I got to the point where I could sell our
existing property and choose a new home
all within the span of four weeks. Meeting
new people during these relocations helped
sharpen my listening skills, and that is what
an auditor does best, listens. I believe I cope
well with stress because at a young age, as a
laboratory technician, I worked in the blood
bank. Talk about stressful situations! One
wrong action and a real live person could be
irreparably harmed. That is not to say I do
not become impatient or anguish about outcomes. It just means I believe I do a good job
of putting a situation into perspective. Also,
it was a very easy transition from safeguarding the taxpayer dollar as a government auditor to championing the needs of the poor
through the stewardship of donated funds.
Want to become certified in
Compliance & Ethics?
Earn your Certified
Compliance & Ethics
Professional (CCEP)
certification today,
and be recognized for
your experience and
knowledge.
The Society of Corporate Compliance and
Ethics (SCCE) offers you the opportunity to
take the Certified Compliance and Ethics
Professional (CCEP) certification exam.
The CCEP gives individuals from all industries
the platform to demonstrate their knowledge
and expertise in compliance and ethics.
In the U.S., the exam is available at an H&R
Block near you. The exam is also available in
more than 30 countries.
CCEP Certification
Benefits
n
Demonstrate professional standards and
status for compliance professionals
n
Heighten the credibility of compliance
practitioners and enhance the credibility
of compliance programs staffed by these
certified professionals
n
Ensure that each certified practitioner has
the knowledge base necessary to perform
the compliance function
n
Facilitate communication with other
industry professionals, such as government
officials and attorneys
n
Demonstrate the hard work and dedication
necessary in the compliance field
qUALIFICATIONS
See the CCEP Candidate Handbook at
www.corporatecompliance.org/handbook
Cost: $250 for SCCE members
$350 for non-members
Credits Required: 20
You may obtain all twenty credits by:
n
attending SCCE-sponsored conferences
n
speaking at conferences regarding
compliance and ethics
n
attending conferences, seminars, or
workshops sponsored by other companies
(please fill out an Individual Accreditation
Application for each)
TAKING THE EXAM
There are several opportunities to
take the CCEP exam:
n
At SCCE’s Compliance and Ethics Institute,
SCCE’s Academies, or SCCE’s Regional
Conferences
n
At an H & R Block near you:
visit www.goAMP.com to register
n
In more than 30 countries: visit
www.corporatecompliance.org/CCEP
for more information
Questions?
Please contact SCCE via phone at
+1 952 933 4977 or 888 277 4977
or e-mail info@corporatecompliance.org
Or visit our Web site:
www.corporatecompliance.org/CCEP
Society of Corporate
Compliance & Ethics
Minneapolis, MN 55435, United States
“We sought the assistance of a
professional certification consulting firm,
Applied Measurement Professionals,
for the development of this certification.
Many experienced compliance and
ethics professionals were involved in
the 18-month process. We had more
than 100 people sit for the first exam. I
couldn’t be more pleased with the effort
and response. This is a big step in the
maturation process for the compliance
and ethics profession.”
— Roy Snell, CEO, SCCE
25
June 2008
MR: World Vision has been very successful in building a better world for children.
Can you tell us more about their program?
Carol: World Vision is a Christian
humanitarian organization dedicated to
working with children, families, and their
communities in nearly 100 countries around
the world, to reach their full potential by
tackling the causes of poverty and injustice.
Citizens in the United States have helped
to sponsor more than 920,000 children by
giving them access to critical resources, such
as clean water, better nutrition, health care,
education, and economic opportunities. In
fiscal year 2007, we raised more than $957
million. These funds were used to drill 194
water wells in Nigeria, Mali, and Ghana
alone, respond to 85 humanitarian emergencies, and assist an estimated 7 million disaster
survivors. We moved more than 147,000
metric tons of food donated by the United
States government and World Food Program
equaling 4,900 semi truckloads of freight.
Together with churches and businesses, we
facilitated the assembly of 70,000 caregiver
kits for use by volunteers in Africa to care
for the needs of people affected by HIV and
AIDS. We have made more than $355 million in small micro-enterprise loans with a
repayment rate of 98%. To achieve all this,
we partner with more than 12,000 churches
and work with more than 7,200 volunteers.
In our advocacy efforts, we have coauthored the Child Soldier Act, which
limits assistance to countries using children
in armed conflict, and stressed the importance for Congress to extend the President’s
Emergency Plan for AIDS Relief. Last year
we began a tour of more than 80 churches
with the “World Vision Experience AIDS,”
interactive exhibit, which gives visitors a reallife look into the lives of children and AIDSaffected communities.
World Vision does not just stop with relief
work. We know that by helping to build resilJune 2008
26
ience and self-sustainability, we are equipping
communities to handle disasters themselves,
meaning reduced long-term impact and fewer
lost lives.
MR: World Vision has six core values that
are central to its identity. How do these affect
your work in Audit and Risk Management
Services?
Carol: Where other organizations have
codes of conduct or ethics, World Vision has
a statement of core values. These basic values
guide our behavior and require us to demonstrate we are Christian, we are committed to
the poor, we value people, we are stewards,
we are partners, and we are responsive. As an
individual and an employee of World Vision,
I am responsible to uphold the core values,
honor them in my decision-making, express
them in my relationships, and put them into
practice consistently in my work ethos.
MR: It must make you feel good to know
that you are working for an organization that
has such a strong purpose and truly makes
a difference in so many lives each day. But,
I can also see that your position as Vice
President of Audit and Risk Management
Services could be a very important job,
because you have to ensure that proper values
are enforced and justice is served to accomplish their mission. How do you see the
Audit department supporting an ethics and
compliance program?
Carol: I am humbled by the passion
and dedication displayed by my colleagues.
They work directly with donors and the poor
we are committed to serving. Although Audit
does not always have the opportunity to participate in these invaluable relationships, our
role is truly considered by the organization
as a value-added effort. Just as a for-profit
businesses are heavily regulated, so too is the
world of fundraising. World Vision is a taxexempt organization under Section 501(c)
(3) of the US Internal Revenue Code. This
may limit our compliance with SarbanesOxley, but because we receive government
grants, we are bound to comply with the
Office of Management and Budget (OMB)
Circular regulations. Add to that the fact that
each state has specific regulations relevant to
conducting fundraising activities within their
borders, and your compliance burden has just
become heavier. Because we are a faith-based
organization and also work with children, we
have elected to abide by governing bodies,
such as the Evangelical Council for Financial
Accountability (ECFA), which sets standards
for fund-raising practices, and InterAction,
a coalition of non-government organizations
(NGOs) that self-review and evaluate controls
over the protection of children and the most
vulnerable populations. We also receive large
qualities of surplus goods from manufacturers
and pharmaceutical companies. These items
must be valued and recorded in a consistent and reasonable manner. Consequently,
we add another level of compliance with
the Association of Evangelical Relief and
Development Organizations (AERDO) to
guide practices for organizations handling
gifts-in-kind. As we perform each audit effort,
we look to these standards as benchmarks and
educational opportunities.
MR: Sharing the fruits of your labors,
both of you attended SCCE Academies and
received your CCEPs this past year. What
influenced your decision to take time out
of your already busy schedules to attend an
academy and to become CCEP certified?
Carol: In November 2007, language
was added to the Federal Acquisition
Regulations (FAR) requiring contractors
(those receiving federal funds under government contacts) to have in place a formal
compliance program. It has been my past
observations that whatever is added to the
FAR filters down to the OMB Circular in
some form. I wanted to be prepared with
information from an authority source on
what a formal program looks like. I also
believe it is a sign of commitment to excellence for an individual to seek certification
in a body of knowledge to be accepted as
a technical expert. I believe World Vision
has all the building blocks. We just need to
pull them all together. It is very much like a
jigsaw puzzle with the straight outer edges in
place. We hope to fill in the middle gaps over
the next year using the tools provided at the
SCCE Academy.
Bob: I agree with Carol that pursuing
professional certifications relevant to your
field of expertise is part of being a consummate professional. Professionals should possess a commitment to excellence in order
to be recognized as a subject matter expert.
Attending the SCCE Compliance Academy
this year was a very good decision for me personally and professionally.
MR: Do you think it was time well spent?
What are your expectations and goals now
that you are certified, and what benefits do
you think you have gained from this experience? How do you think that being certified
will enhance your personal and professional
growth?
Carol: I truly believe that the time I
spent at the academy was very beneficial. It
provided a networking forum that cut across
business lines and time zones. I intend to keep
in contact with many of the other attendees
whom I was fortunate to meet and exchange
ideas with during our short week together. As
I delve into this process, I am sure attendance
at additional conferences will be required
to reinforce what I initially learned. As to
attaining the certification, I believe education should be a constant in everyone’s life
and completion of a certification requirement
strengthens this commitment.
Bob: Attending the SCCE Compliance
Academy this year was time well spent and
very worthwhile. It was the most relevant
training that I have taken so far, relating to
what I do on a daily basis at Microsoft. The
training set forth in simple and understandable terms what constitutes an effective compliance program for any organization. A bonus
for attending the academy was being able to
meet and network with the other compliance
practitioners who deal with the same issues
that I do. I look forward to maintaining the
contacts that I made at the academy, as well
as attending future conferences to sustain my
personal and professional growth.
MR: Why did you become involved with
SCCE and have you worked with other associations in ethics and compliance?
Carol: Because I hold the Certified
Fraud Examiners (CFE) certification, I was
in attendance at the Association of Certified
Fraud Examiners conference in July 2007,
and it was there that I first became aware of
your organization. This coincided with an
individual goal to begin to look at compliance at a more detailed level within World
Vision. I stopped by the exhibit booth and
requested information to be sent to my
home. What a surprise when Bob opened the
envelope because he thought it was for him.
We were both on the same journey, unaware
that each of us had targeted the same goal.
Did I mention that Bob also holds the CFE
designation as well?
Bob: SCCE complements my membership and participation in the Association of
Certified Fraud Examiners (ACFE). I joined
the SCCE and pursued the CCEP designation to expand my knowledge of the corporate compliance discipline. I have also learned
and expanded my knowledge by being able
to meet and speak with others who have a
common interest and mutual concerns in this
discipline.
MR: As SCCE continues to grow, we
want to add more membership benefits.
What do you think would be an additional
benefit that SCCE could add?
Carol: I would like to see a more extensive library of source references. It would also
be great to begin to have self-study guides or
Web-based training events.
Bob: I agree with Carol. I would like to
see some Web-based training and a library
of resource material. You might also want to
consider posting a job bank for resumes and
a blog for communicating and exchanging
ideas on compliance issues of mutual concern. [Editor’s note: Job postings are available
on our Web site. Click on “Careers” on the
far right side of the top menu bar on the
home page.]
MR: What are the biggest compliance
risks that your organization faces today?
Carol: Our core activities around
fundraising will always carry a compliance
burden. As compliance requirements increase,
the cost to meet these requirements escalates.
This develops a decision tension between
meeting a compliance need that will most
likely reduce the amount of resources we can
forward to the field in our continuing efforts
to reach our mission goals. In addition, the
added cost to meet these compliance requirements may increase our overhead rate that is
viewed by many members of the public as an
unnecessary burden.
Bob: My biggest concern is the possibility that we are not receiving all the compliance and ethics issues that we should, because
employees are reluctant to report them.
There are many reasons for this, some of
which may be cultural, because Microsoft is a
multi-national company with offices in over a
100 countries where reporting issues may not
be culturally acceptable or may even violate
local laws. According to research conducted
27
June 2008
Your Compliance and Ethics
C o n n ec t i o n
SCCE is the premier provider
of compliance & ethics
education and certification
J o i n U s T oday !
Connect with an organization
dedicated to improving
the quality of corporate
governance, compliance,
and ethics
+1 952 933 4977 or 888 277 4977
SCCE Membership Application | Fax to +1 952 988 0146
Please print:
 Mr.  Ms.  Dr.  Other
First Name
MI Credentials Last Name
Title(s)
Organization
Street Address
City
State
Telephone
Zip Country
Fax
E-mail Address
What year did you start in the compliance and ethics field?
What is your industry?
How did you hear about SCCE?  Booth at meeting  Magazine ad  Colleague  Mailing  Conference brochure  Other
(If you check “Other,” please list on the line above the publication, meeting, or colleague name)
What is your primary function? Please check only one. (If you check “Other,” please list above)
 Legal
 Risk management
 IT
 Education
 Environmental
 Safety
 Privacy
 Auditing
 Investigations
 Banking
 Fraud examiners
 HR
YES, please
 SOX
 Security
 Corporate secretary
 Other (please list above)
accept my application for membership:
Individual Membership. . . . . . . . . . . . . . . . $295
 Check enclosed (payable to SCCE)
Group Employee Membership. . . . . . . . . . $250
 Invoice me
(four or more from same company: fill out one form for each applicant)
Corporate Membership. . . . . . . . . . . . . . $2,500
(includes four individual memberships plus corporate publicity benefits)
Student Membership. . . . . . . . . . . . . . . . . . $150
 Purchase Order #
Charge my Credit Card:  MasterCard  Visa  AmEx
Credit Card Number
(full- or part-time students enrolled in a program related to compliance
that leads to a baccalaureate degree, or a graduate student who is not
employed in a full-time compliance position)
Exp. Date
Academic Membership. . . . . . . . . . . . . . . . $150
Name of Cardholder
Signature of Cardholder
(must be a full-time faculty member working for a college or university)
Total Enclosed
$
Federal Tax Identification Number 23-2882664
Society of Corporate Compliance & Ethics
Minneapolis, MN 55435, United States
+1 952 933 4977 or 888 277 4977 • Fax +1 952 988 0146
FAX OR MAIL TO:
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
Fax +1 952 988 0146
29
June 2008
by the Compliance and Ethics Leadership
Council in 2007, the number one indicator
for misconduct in organizations is a culture
of retaliation and discomfort of employees to
speak up. Employees must have the ability to
report unethical behavior or practices without fear of retaliation. Although Microsoft
embraces openness and honesty as two of its
core values and has a strong anti-retaliation
policy, I believe it is only normal human
nature that makes employees reluctant to
seek advice about ethical dilemmas or challenge current practices.
audit function of the future will move
from an internal control focus to an enterprise risk-management centric framework.
Compliance is a critical building block of
this framework. I tend to be an early adopter.
Consequently, I will be molding our audit
team with an eye to this future.
Bob: Effective risk assessment is a
fundamental ingredient to any compliance
program. More training in this area will be
required to make compliance professionals
more proficient in this skill.
MR: What compliance issues are you see- MR: Clearly, couples must learn to adjust
ing with global companies who operate in
different countries?
Carol: This is a real issue for organizations working in countries where laws and
cultures are so different than those here in
the U.S. For examples, we just need to look
at the difficulties with the implementation of
a hotline reporting mechanism or compliance
with the US Patriot Act. All these compliance
frameworks are US driven and are not welcomed in some foreign countries. It is important to be in tune with your legal department
and to work within your sphere of influence.
It is important to find that common thread
that unites our government-imposed requirements with non-US counterparts.
Bob: In addition to compliance with the
Patriot Act that Carol mentioned, I believe
multi-national companies need to provide
training and establish controls to prevent violations of the Foreign Corrupt Practices Act
(FCPA). Violations of the FCPA could have
far-reaching repercussions, such as loss of
reputation, fines, and other severe penalties
like disbarment from government contracts.
MR: How is the compliance profession
changing, and how do you see it changing in
the future?
Carol: It is evident that the internal
June 2008
30
when you both have high powered jobs and
very busy travel and work schedules. There
has been a definite shift in the workplace and
home. Many of our readers are in the same
situation. Can you tell us if you have found
a workable solution to managing your career,
family, friends, stress, and relaxation? Do you
have special hobbies? Is there anything that
you think would be helpful to other corporate professionals?
Carol: Work-life balance is tricky for
everyone today. There are times when it cannot be helped where travel will interfere with
that special day or planned event. We do try
to minimize this whenever possible. However,
for this to work, not only do mom and dad
need to be in tune, but the rest of family has
to contribute grace and understanding as
well. Our daughters were almost always quick
to understand. However, there are always
those little sacrifices we all must make, but
until now, I think we have weathered this
rather well. It does help that both Bob and I
have a good understanding of our work-related responsibilities. Having a common focus
removes that pain-point misconception that
work is more important than family. Most
important, we have come to understand our
limitations as to time and talent.
As to hobbies, I tend to like a bit of quiet
time where Bob needs his exercise routine.
Outside of this, we tend to do most things
together and oftentimes include the rest of
the family. And now that we are empty nesters, we have discussed beginning to make
time to golf together.
Bob: We all know there is a delicate balance between satisfying the commitments of
work and home. I am fortunate that I have
enjoyed a wife and two daughters who always
supported me throughout my career. Their
understanding and consideration made it
easier for me to do my job, especially during
extremely sensitive and critical criminal investigations that took me from home for considerable periods of time as a federal agent.
That is why it is most important that the
time that you do spend with your family is
quality time that everyone will remember. It’s
all about making fond “memories” which we
are now trying to do with our grandchildren.
As for my personal time, I enjoy exercising at
the gym and working around the house.
MR: From the tone-at-the-top to the tone
at home, how do you keep a healthy balance
in your daily lives?
Carol: I like to stay connected to our
daughters and their families. I do try to
carve out some time on the weekend to be
with them. A rule hard learned is not to take
on more than you can manage. There is no
shame in realizing you should not be spreading the peanut butter too thin.
Bob: I try to keep the weekends free so
I can devote time to my family and personal
commitments. I use the time to unwind,
exercise, and be with my daughters and their
families. Carol and I have had this common
goal forever, and it seems to have worked well
for keeping our peace of mind and family
harmony. n
Society of Corporate Compliance and Ethics
Compliance & Ethics Magazine Advertising Order Form
Compliance & Ethics Magazine
The Society of Corporate Compliance and
Ethics (SCCE) publishes Compliance &
Ethics Magazine bimonthly. SCCE is an
organization dedicated to enhancing the role
of compliance professionals and advancing
corporate governance,
compliance, and ethics.
Purpose
Compliance & Ethics
Magazine provides current
compliance regulations,
topics, and issues that
affect today’s compliance
industry.
Professionals in the
compliance field are attracted to Compliance & Ethics Magazine
because it is the ultimate source of compliance and ethics
information, providing organizations with the most current views
on the corporate regulatory environment. National and global
experts provide informative articles, sharing their knowledge and
providing professional support so readers can make informed legal
and cultural corporate decisions.
Please fill out the following information for your advertisement:
Audience Profile
Compliance & Ethics Magazine has grown to become one of the leading
publications for compliance professionals. Compliance & Ethics Magazine
has a current distribution of over 2,500 readers and is distributed at
all SCCE conferences, academies, and workshops. Recipients of this
national magazine are executives and others responsible for compliance:
chief compliance officers, risk/ethics officers, corporate CEOs and board
members, chief financial officers, auditors, controllers, legal executives,
general counsel, corporate secretaries, government agencies, and
entrepreneurs in various industries.
Why Advertise With SCCE?
The wealth of news and resources provided by SCCE attracts
a desirable business market of compliance professionals. We
believe public relations are a great way to build your business, and
Compliance & Ethics Magazine offers you the opportunity to create
awareness and access a targeted audience.
Rapid Growth
SCCE has grown significantly over the past 5 years, and we look
forward to continuing our expansion with your support.
visit www.corporatecompliance.org/CE
for a rate sheet and insertion order form
Contact Person:
Name of Company Placing Advertisement
Dates of Insertion (please check all insertions on the line below):
First Name
AD DEADLINES 45 days before publication date
Title
M.I.
Last Name
State
Zip
Place of Employment
publication dates
 February
 June
 April
 August
 October
 December
Size of Advertisement (please check one):
 Full-page: trim size 8.5" x 11" (include additional ⅛" bleed)
 ½ page horizontal: 7" wide x 4.5" high (no bleed)
 ½ page vertical: 3.5" wide x 9.5" high (no bleed)
 ¼ page: 4.625" wide x 3.5" high (no bleed)
*Note: all ads are black-and-white except for cover ads, which are full-color.
If purchasing a color cover, please check below:
 Inside front cover  Back cover  Inside back cover
Compliance & Ethics Ad Prices
Full-Page Black-&-White Ad
Cost Per Insertion
1-2 insertions………$605.00
¼ Page Black & White Ad
Cost per insertion
1-2 insertions…… $250.00
½ Page Black & White Ad
Cost Per Insertion
1-2 insertions ……..$420.00
3-4 insertions ……..$355.00
5-6 insertions ……..$305.00
Full-Page Full-Color Ad:
Cost Per Insertion
1 insertion …………$1,150
3 insertions……….. $1,050
Address
City
Phone
Fax
E-mail
Total Cost
Check enclosed (please make your check payable to SCCE).
Invoice me
PO #
Charge my credit card:
Visa MasterCard AmEx
Account No.
Exp. Date
Name on Card
Signature
Fax to: +1 952 988 0146 (ATTN: Marlene Robinson)
Mail to: SCCE | 6500 Barrie Road, Suite 250 | Minneapolis, MN 55435, USA
31
June 2008
Federal agency compliance:
Applying corporate lessons
in government settings
Editor’s Note: Emil Moschella has more than
28 years of experience as an FBI agent-attorney.
He retired in 1996 as Chief of the General
Counsel’s Legal Advice and Training Section. In
1997 he became Director of Corporate Compliance for Horizon Blue Cross Blue Shield of New
Jersey. He is currently assisting the FBI in the
implementation of its compliance program. He
may be reached at emoschella@gmail.com.
I
n March 2007, the Department of
Justice (DOJ), Office of Inspector
General (OIG) issued a highly critical report regarding the Federal Bureau of
Investigation’s (FBI) use of “National Security
Letters (NSL).” This resulted in congressional
oversight committee hearings1 and numerous
editorials critical of the FBI and calling for
change.2 The FBI moved quickly to fix the
problems identified by the OIG, and was
properly lauded for that effort in a March 26,
2008 Washington Post editorial.3 However,
the larger story is still unfolding. FBI
Director Robert S. Mueller, III authorized
the adoption of corporate-style compliance
program to prevent similar shortfalls from
occurring in the future.
The corporate rationale
Corporations have adopted the discipline of
the integrity and compliance program methodology for a number of reasons. For many
companies, it is the prudent thing to do,
because it is effectively required by a number
of federal enactments. The 1991 Federal
Sentencing Guidelines for Organizations
(FSG), various guidance issued by regulators, and specific legal requirements (Health
Insurance Portability and Accountability Act
June 2008
32
in the medical area, Bank Secrecy Act in the
financial area, Sarbanes Oxley for all publicly
traded corporations). In 1986, a substantial
number of major defense contractors, in
response to a series of prosecutions and other
reported irregularities, established the Defense
Industry Initiative on Business Ethics and
Conduct. In doing so, they agreed to have a
written code of ethics, establish appropriate
ethics training programs for their employees,
establish monitoring mechanisms to detect
improper activity, share their best practices,
and be accountable to the public. This organization remains viable to this day.
In January, 2003 Deputy Attorney General
Larry Thompson issued a memorandum
to all United States Attorneys captioned
“Principles of Federal Prosecution of Business
Organizations.”4 In what is now known as the
Thompson Memorandum, he stated that one
of the factors to be considered in determining whether to bring federal criminal charges
against an organization and negotiate a plea
agreement is “the existence and adequacy of
the corporation’s compliance program.”5
Having a corporate compliance program
became a matter of the corporate director’s duty of care. In December, 1996, the
Delaware Chancery Court, In re Caremark
International Inc. Derivative Litigation6
identified a type of directorial behavior that
would breach the fiduciary duty of care. The
court in dicta7 stated: “I am of the view that
a director’s obligation includes a duty to attempt in good faith to assure that a corporate
information and reporting system, which the
board concludes is adequate, exists, and that
Emil Moschella
By Emil Moschella, Attorney-at-Law
failure to do so under some circumstances
may … render a director liable for losses
caused by non-compliance with applicable
legal standards.” The ruling created a fiduciary
obligation to assure that a legal compliance
mechanism existed within the organization.
The FSG, as amended in November 2004,
anticipated the full involvement of the governing body by requiring it to be “knowledgeable about the content and operation of
the compliance and ethics program” and to
exercise reasonable oversight with respect to
the implementation and effectiveness of the
compliance and ethics program.8
This has been an evolutionary process, but it
seems to be the case that corporate ethics and
compliance programs are well entrenched in
the way that modern corporations operate.
The question presented here is, “Should
government agencies also establish formalized programs that are geared to prevent
and detect agency non-compliance with
laws, regulations, policies, directives, orders,
memoranda of understanding, and similar
requirements?”
The federal agency rationale
The FBI has as strong tradition of personal
and institutional integrity and those concepts
Earning your certification,
keeping your certification current,
and applying for advanced
certification just got easier!
Beginning with this issue, SCCE will offer continuing education credits (CEUs) for completing the quiz that accompanies selected articles
in Compliance & Ethics. Receive one (1) CEU for each quiz* you
successfully complete. You could receive up to six (6) CEUs per year.
To apply for credit: read the articles
and answer the questions on the insert
in the envelope with this magazine.
Fax your answer form to us at 952/988-0146
or mail it to us at:
Attn: Liz Hergert
* The quiz is inserted in the envelope with
this issue of Compliance & Ethics
33
June 2008
are part of the FBI value system and imbedded in its motto of Fidelity, Bravery, and
Integrity. In addition, the FBI leadership is
constantly aware that it walks the fine line of
protecting the country from the next terrorist
attack and protecting the individual rights of
the very citizens it is guarding. It is with this
organizational cultural background that the
FBI decided to adopt the corporate compliance methodology in the face of the systemic
failure. The larger question presented here
is, “What should be the impetus for other
agencies of government, to adopt a similar
methodology?”
Unlike many corporate codes of business
conduct, I have found no positively stated
government-wide policy to comply with the
letter and spirit of the law. But, it can be
found, at least inferentially, in the federal
employee oath of office. Federal employees
take an oath on commencement of service
to “well and faithfully discharge the duties of
the office” they are entering and to support
and defend the Constitution of the United
States.9 Especially in a country that rightfully
takes enormous pride in being governed by
law and not by men, if the oath means anything, it certainly has to mean that the duties
of the office are discharged in compliance
with law.
Accepting that premise, it seems that it would
give rise to an obligation to the American
people and to reciprocal obligations between
the government as an employer and the
government employee. The first obligation
is that government executives, as custodians
and defenders of the public trust, have an
affirmative responsibility to assure the American people that the agencies responsible for
enforcing the law are doing that in compliance with the law. To carry out that obligation, the government as the employer has the
job of ensuring that personnel responsible
June 2008
34
for discharging the law governing the agency
have been given appropriate guidance, usually
in the form of policy, have been trained, and
are appropriately monitored (See below: the
Compliance Control Environment). On the
other hand, government employees must
know the rules that guide their official activities, act in accordance with the rules, and
report to their supervisors on perceived weaknesses in the policies, training, or monitoring.
The compliance control environment
A compliance program’s aspirational goal
is to prevent non-compliance with the law.
Compliance is a management process that
provides a reasonable level of assurance to
line managers, executives, and those charged
with oversight responsibility (including the
Congress and the American people) that
there is compliance with the rules. Invariably,
when going through this process (i.e., risk
analysis, receiving information directly from
employees, etc.), actual non-compliance with
the rules may be detected and of course will
have to be addressed promptly. Compliance
and integrity go hand in hand. Compliance is
a business process. Integrity represents an institutional commitment to a set of values, and
in this context, the values are stated in terms
of honoring the rule of law through a commitment to compliance with the law. For ease
of discussion, the term “Compliance Control
Environment” is used throughout this article
to describe the policies and procedures, training, monitoring, and auditing that define
how an organization controls its business to
affect compliance with the law.
Other compliance program elements
For corporations, in addition to a well conceived and executed compliance control environment, due diligence in preventing and
detecting violations of law includes:
nhigh level buy-in into the compliance
program;
nboards of directors being knowledgeable
about the compliance processes in place
and monitoring those;
ntraining appropriate personnel, including
the board;
nsystematic risk assessment;
npromotion of the compliance program
through human resource policies that
are consistently enforced throughout the
organization;
nanonymous and confidential reporting of
compliance concerns; and
nmonitoring and auditing.
“Compliance is the business of the
business”
Corporate compliance programs operate on
the underlying premise that “Compliance
is the business of business.” In essence, this
means that the business units, in addition
to managing other internal risks, including
operational efficiency and effectiveness and
all-around profitability, are also accountable
for the risks associated with non-compliance
with legal and regulatory requirements.
Under the corporate compliance paradigm,
federal program managers would be required
to identify potential compliance risks evident
from weaknesses in the compliance control
environment before actual non-compliant
behavior is detected.
Oversight mechanisms are not enough
Government agencies are under tremendous
scrutiny from the oversight community,
including agency inspector generals, internal
auditors, the Government Accounting Office
(GAO), congressional staffs, and committees.
The press, public policy groups, the general public, and their access to government
records through the Freedom of Information
Act provide another layer of oversight. This
oversight is absolutely necessary, but it is not
enough, because it represents only one piece
H\Y>cbYg8Um#G779]DcXBUbc;]jYUkUm
>I@M% &$$,H<FCI;<>IB9'$ &$$7cbhf]VihYUWcad`]UbWY!fYÙhYXXcWiaYbhhch\YG779AYaVYf@]VfUfmUbXVYUihcaUh]!
WU``mfY[]ghYfYXZcfUW\UbWYhck]bUb]DcXBUbc":cfYUW\XcWiaYbhh\UhmciUXXhch\Y
`]VfUfm mci k]`` ]bWfYUgY mcif W\UbWYg hc k]b cbY cZ %& ]DcX BUbcg @c[ cb hc h\Y G779
kYVg]hYkkk"WcfdcfUhYWcad`]UbWY"cf[UbX[chcÅFYgcifWYgÆUbXh\YbÅ@]VfUfmÆZcfacfY
XYhU]`gUVcihh\Y>cbYg8Um#G779]DcX;]jYUkUm
G\UfYmcif_bck`YX[YUbX]XYUgÄWcbhf]VihYWcad`]UbWY!fYÙhYXXcWiaYbhghch\YG779
AYaVYf@]VfUfmVmYaU]`]b[h\Yahc7Ufc`]bY@YY6]jcbUUhWUfc`]bY"`YYV]jcbU4WcfdcfUhY!
Wcad`]UbWY"cf["
5Vcih>cbYg8Um"""
9jYfmXUm UfcibXh\Ykcf`X h\Y>cbYg8Um7cfdcfUhY7cad`]UbWYhYUaUXj]gYgW`]Ybhg]bU
VfcUXfUb[YcZ]bXighf]Ygcbh\YXYjY`cdaYbh ]ad`YaYbhUh]cb UbXcdYfUh]cbcZf]g_!VUgYX
Wcad`]UbWY UbX Vig]bYgg Yh\]Wg dfc[fUag XYg][bYX hc dfYjYbh UbX XYhYWh j]cÙh]cbg cZ
WcfdcfUhYdc`]WmUbXÙk"@YUfbacfYUVcih>cbYg8UmUhkkk"^cbYgXUm"Wca"
MciWUbcb`mk]bcbY]DcX"<775#G779UbX>cbYg8UmghUZZUfYbchY`][]V`YZcfh\Y;]jYUkUm"
2300 lawyers in 30 locations. www.jonesday.com
of the compliance control environment - the
audit function. The question that an adverse
audit result should raise, in addition to “Here
is a problem – fix it,” is: “What else is out
there?” A viable compliance program will
be instrumental in answering that question.
Indeed, much oversight is issue-specific. In
addition to addressing specific issues, oversight might be effectively directed to testing
the processes and procedures that an agency
has, to provide a level of confidence that the
agency is carrying out its responsibilities in
compliance with the law.
the government is in a runaway mode from a
legal compliance standpoint or that government employees are intentionally violating
the law.11 In fact, the proposal is premised on
proposition that a corporate-style compliance
programs will work well in the government,
because they will fully leverage the integrity and desire of the agency officials and
individual employees to do the right thing.
The focus of ethics and compliance programs
is not on employee personal conduct, but on
the agency business processes controlling legal
compliance.
An agency compliance program does not wait
for the internal audit, inspector general, or a
congressional committee action to identify
and address issues. It is a process driven by
an ongoing analysis of the risk of non-compliance that is prioritized on the basis of the
impact and probability of non-compliance.
This process does not present short term
fixes. It is long term. It looks to the causes of
non-compliance and not the effects. It looks
to management processes and not individual
short-comings. It looks to cease reliance on
the inspection process and to achieve quality
by building quality into the process in the
first place. It is a process of constant improvement.
In its simplest form, the current state of
traditional agency oversight is “quality
control” which comes at the end of the
business process cycle. In effect, a compliance program would close the circle that
was started with the creation of the inspector general corps more than 30 years ago. A
compliance program would further enhance
agency awareness of weaknesses in their
compliance control environment, so that they
can address compliance issues while they are
inchoate. The compliance control environment represents the first line of defense
against non-compliant activities. This process
will not assure perfection from a compliance
standpoint. In fact, perfection is not expected
under the FSG10 where it is stated that “the
failure to prevent or detect the instant offense
does not necessarily mean that the program
is not generally effective in preventing and
detecting criminal conduct.”
The starting point for this proposal is not that
June 2008
36
Benefits of a corporate-style
compliance program
The benefits of a corporate styled compliance
program for the government agency are that:
nIt will demonstrate to agency constituencies (i.e., the public and established
oversight mechanisms) a concrete process
by which its commitment to the execution
of the law in compliance with the law is
carried out in a holistic, structured, and
disciplined way.
nIt will demonstrate that the agency, in a
collaborative but structured framework,
will help employees fulfill their oath to
faithfully discharge their duties.
nIt will help agencies detect internal management control weaknesses.
nIt will give life to agency values of individual and organizational integrity.
nIt will allow agencies to solve issues across
functional lines and in the process gain
effectiveness and efficiency of operations.
nIt will be cost effective by creating stream-
lined process that will get the job done
right the first time and avoid the costly
fixes.
Initial steps
In order to achieve a reasonable assurance
that the agency has done what it can to provide for a robust system of internal controls
to achieve legal compliance, it should take
the following steps:
nRequire agency executives who are responsible for the operations and activities of
the agency to identify and resolve weaknesses in the compliance control environment (i.e., the policies, employee training,
and monitoring that guide employees in
their day-to-day activities) and to work
in a methodical and disciplined way to
address those weaknesses.
nExecutives will need to actively solicit
information from employees at all levels,
in an environment of confidentiality/anonymity (if requested), and always backed
by a non-reprisal policy, rather than waiting for the “whistleblower.”
nEstablish a code of conduct that includes
compliance with all legal/policy requirements. The Office of Government Ethics
regulations state12 that public service is
a public trust and that: “Each employee
has a responsibility to the United States
Government and its citizens to place
loyalty to the Constitution, laws and
ethical principles above private gain.” This
is an extremely important concept, but it
addresses only personal financial conflicts.
There must be an institutional commitment to carrying out agency business in
compliance with the law that goes beyond
addressing personal conflicts of interest.
nEstablish high-level buy-in and active support by agency executives. As mentioned
Compliance Audio/Web conferences from SCCE
Tone At The Middle – June 10 Leading Integrity: Is Your
Speakers:
Compliance and Ethics
Jeffrey Kaplan, Partner, Kaplan & Walker LLP
Cherie Raven, Manager Corporate Compliance
Function Positioned for
Programs, ITT
In many ways, mid-level managers are on the “front lines” of
Success? 2 part series Part 1: June 5 –
their companies’ compliance and ethics challenges. This Web
conference will explore practical measures that organizations
can take – through training/communications, auditing and
monitoring, performance evaluations, and other steps – to
promote the right “tone at the middle.”
All conferences begin at 12:00 pm Central
for 90 minutes and qualify for 1.2 CEUs
Also upcoming:
Foreign Corrupt Practices Act
Part II (fall 2008)
Past Web/Audio Conferences
nCompliance
Week - April 25, 2008
& Compliance: State and Local Government Compliance
& Ethics Programs - March 05, 2008
nLaw
Part 2: June 24
Speakers:
Joe Murphy, CCEP, Of Counsel, Compliance
Systems Legal Group, Co‑Editor, ethikos
Donna Boehme, Principal, Compliance Strategists,
LLC Special Advisor, Compliance Systems Legal Group
Next to strong management commitment, the positioning
of the compliance and ethics function is probably the
single most critical barometer of whether a program will
ultimately achieve its twin goals of driving an ethical culture
and detecting/ preventing wrongdoing. This is because
you can have all the bells and whistles of a “best practice”
program, but if the people responsible for its day-to-day
operation and oversight are not empowered to effectively
“drive the car”, it won’t make it out of the garage. Is your
compliance and ethics team empowered, with clearly
defined rule and mandate, and positioned for success? If
not, what are the strategies for making this happen within
your company?
Learned from the Student Financial Aid Scandals:
Where Do We Go from Here? - January 29, 2008
nLessons
Rules for Federal Contractors: How to Develop an
Ethics and Compliance Program - January 10, 2008
nNew
nHuman
nCode
nCCA
Resources Compliance - December 06, 2007
of Ethics - November 16, 2007
vs. CIA - November 15, 2007
CDs are available at www.corporatecompliance.org
37
June 2008
above, the FSG requires both board level
and high-executive level involvement in
this process. Similarly, the spirit of this
concept must be carried through in the
federal agency.
nAdopt the underlying philosophy that
“Compliance is the business of the business.” Although a “Compliance Office”
with a compliance officer who has the
mission of being the facilitator, compliance program standard-setter, and overall
compliance program advisor and monitor
must be established, the responsibility for
compliance must remain with the business
units that own the governmental activity.
Who better knows where the weaknesses
are in the compliance control environment, if any, than the personnel who are
performing the functions on a daily basis?
nRecognize that the program must be risk
driven. Whether you are operating in a
corporate or governmental arena, funding
and personnel resources are not unlimited.
Therefore, there must be an analysis of
agency activities, prioritization of the risks,
review of the compliance control environment, and mitigation of any deficiencies
detected in an orderly but ongoing and
disciplined manner.13
nEstablish a compliance committee structure that is organized along the established
lines of agency business. The committee
will have regularly scheduled meetings
(quarterly at a minimum), be chaired
by the highest level official in that line,
and will receive regular reports on the
identification of possible weakness in the
compliance control environment and the
status of efforts to mitigate those concerns.
nAddress all aspects of agency business
processes and decision making. The
compliance program should encompass all
aspects of the agency activities, from the
mission-specific to the support functions
common to all agencies – personnel,
June 2008
38
finance, facilities, information, and
security to name a few. This program
requires a change in organizational
culture. This cannot be done by simply
addressing the mission-specific activities.
nInvolve all employees in the process by requiring them to know the rules governing
their activity, act in accordance with those
rules, and report (without reprisal) when
they express a concern about compliance.
Issue human resource policies in support
of that involvement.
It should be noted that what is advanced
here, in many ways, is analogous to the
requirements placed on government agencies
in the management of financial systems by
the GAO Standards for Internal Controls,
and OMB circular A-123, dealing with the
assessment of those controls.
Conclusion
Executive branch executives are guardians of
the public trust. That guardianship comes
with a fiduciary duty to assure the citizens
that existing internal controls are sufficient
to prevent agency non-compliance with legal
requirements. Our legal system effectively requires this of our corporate leaders. It should
be no less for the government agencies that
enforce the law.
One agency, the FBI, has done just that.
Under Director Mueller’s leadership, the
FBI has taken the first steps in advancing
the management of legal risk by establishing
a corporate-style compliance program that
covers all aspects of its operations. The initial
results will not be as dramatic as the headlines
that prompted the change, but the change
is, in fact, dramatic and meaningful. This is
not a one-time effort, and results will not be
overnight. If the corporate experience is any
measure, it may take years to see the actual
benefits. n
Note: The views expressed are those of the author
and do not reflect those of the FBI.
1 See, “Senators Cite F.B.I. Failures as Chief Promises Change” by Scott
Shane, NY Times, 3/28/07.
2 See, “Make the FBI Follow the Law”, Boston Globe, 3/13/2007; “Break
up the FBI”, LA Times, Opinion by John Yoo (former DOJ official),
3/21/2007; “Revise the Patriot (sic) Act”, Editorial, LA Times, 3/26/07.
3 See, Oversight Results – The FBI tightens it procedures for using
national security letters, Editorial, Washington Post, 03/26/2008, p.
A-18.
4 Available at http://www.usdoj.gov/dag/cftf/corporate_guidelines.htm
5 This was updated in December, 2006 by Deputy Attorney General Paul
J. McNulty. (See http://www.corporatecompliance.org/Content/NavigationMenu/Resources/ComplianceBasics/mcnulty_memo.pdf)
6 In re Caremark Int’l Derivative Litig., 698 A.2d 959 (Del. Ch. 1996).
7 See also, Stone v. Ritter, 911 A.2d 362 (Del. 2006) where the Court
confirmed that the Caremark dictum is the law of Delaware, holding
that “Caremark articulates the necessary conditions for assessing director oversight liability.”
8 Federal Sentencing Guidelines § 8B2.1.(b)(2)
9 http://www.opm.gov/constitution_initiative/oath.asp
10 FSG at 8B2.1(a)2
11 The Associated Press reported on an Ethics Resource Center report
stating: “Overall, three out five government workers acknowledge
witnessing violations of ethical standards, policy or law over the past
year. . .” (See, http://ap.google.com/article/ALeqM5ivPvlvc-f0uGdm7zkd5jBjTr8rMQD8UFKS8G0). Also see, http://www.ethics.org/
12 At 5 C.F.R. § 2635.101
13 The FSG at § 8B2.1.c requires organizations to engage in a risk analysis
process.
Be Sure to Get
Your CHC CEUs
Inserted in this issue of Compliance &
Ethics is a quiz related to the article:
nSo, What’s Your Compliance Strat-
egy? — By Henry Klehm III, David
Schweiger, and Andrew Schweiger on
page 6.
nWhat are Boards to do when Investors Call? — By Lou Thompson on
page 40
nGlobal Compliance: China — By
Scott Lane and Robert Leffel, page 44
To obtain your CEUs, take the quiz
and print your name at the top of
the form. Fax it to Liz Hergert at
952/988-0146, or mail it to Liz’s attention at SCCE, 6500 Barrie Road,
Suite 250, Minneapolis, MN 55435.
Questions? Please call Liz Hergert at
888/277-4977.
Compliance & Ethics readers taking
the CEU quiz have one year from
the published date of the CEU article to
submit their completed quiz.
Call For Audio/Web Conference
P r e s e n tat i o n s
Audio/Web Conferences are SCCE’s way to communicate important
“issues and challenges” that affect today’s corporate professional. If you
are a compliance professional/legal/consultant, we are looking for your
expertise to help us develop new programs. These programs are 90-minute sessions, with 60 minutes for presentation and 30 minutes for Q&A.
Audio/Web Conferences are a new way to do business. They are an excellent opportunity to bring people together and to share your professional
knowledge.
If you or your organization are interested in presenting an Audio/Web
Conference for SCCE please contact:
marlene.robinson@corporatecompliance.org | 1-888-277-4977
39
June 2008
What Are Boards to Do
When Investors Call?
By Lou Thompson
A
wake-up call for directors and
senior management came recently
from this country’s oldest nonprofit
organization devoted to the advancement of
high ethical standards in organizations. The
Ethics Resource Center reported that while
progress has been made on the compliance
front, few advances have occurred in creating
an ethical business culture.1 Its study found
that the risk of ethical misconduct in corporate America has risen to pre-Enron levels.
The Center found that more than half of employees have seen ethical misconduct in their
companies, but most do not use the hotlines
or other means to report misconduct out of
fear of retaliation. Yet, companies with strong
ethical cultures have reduced their ethics risk
by a very significant measure.
It therefore behooves boards to take the appropriate preventive measures to better protect themselves, given the heightened liability
that directors face in today’s environment.
Some may argue that passage of the SarbanesOxley Act (SOX) was an overreaction to
the debacles at Enron, WorldCom, Tyco,
and others, but the devastation wrought on
investors, employees, and other stakeholders
was catastrophic. As a result of SOX, serving
June 2008
40
as a director today places one in the glare of
public scrutiny like no other time in the history of corporate America.
Commensurate with SOX, came a wave
of shareholder activism that has increased
significantly each proxy year, and the appetite
on the part of the activists has been whetted
by the growing number of successes when
challenging boards of directors and senior
managers on proxy issues. In 2007, activist
investors scored better than an 80% success
rate in achieving a majority vote for short
slates of their director candidates.
Add hedge funds to the activist mix whose
battles with management and boards are not
so much timed with the proxy season, but
can occur anytime they believe that a company is not living up to their expectations of
its valuation potential.
The two key proxy issues for 2008 were related
to executive pay and proxy access for nominating directors. A record 135 new activist
campaigns were announced during the fourth
quarter of 2007 for the 2008 proxy season.
According to RiskMetrics Group, Inc. activist
shareholders submitted say-on-pay proposals at
more than 90 US companies this year – a 73%
increase over 2006.2 Even though these are
non-binding, given the current environment,
it would be difficult for boards to ignore sayon-pay proposals that receive a majority vote.
Aflac, Inc. this year and Verizon Communications in 2009 will be giving shareholders an
opportunity to cast a non-binding vote on the
companies’ executive compensation plans.
The Securities and Exchange Commission
(SEC) stirred the hornets’ nest at the end of
Lou Thompson
Editor’s Note: Lou Thompson is Managing Director for Kalorama Partners, LLC and a Compliance Week columnist. Lou is the former CEO,
President, and board member of the National
Investor Relations Institute, and an internationally recognized expert on corporate disclosure,
governance and other strategic management issues. He was also the Assistant White House Press
Secretary to President Ford. He may be contacted
by e-mail at lou@kaloramapartners.com.
November when it maintained the status quo
on proxy access for director nominations. SEC
Chairman Christopher Cox recognized that
the commissioners were sharply divided over
the issue and were not going to reach agreement on an access proposal in time for the
2008 proxy season. So, in a three-to-one vote,
the Commission adopted an amendment to
Rule 14a-8 that allowed companies to exclude
proposals pertaining to the election of directors. This issue is not likely to go away and will
probably be addressed again this year.
In the meantime, the American Federation
of State, County and Municipal Employees
(AFSCME), planned to submit binding proposals that called for reimbursement of proxy-fight
solicitation expenses in connection with nominating one or more candidates in a contested director election. Charles Elson of the University
of Delaware’s Weinberg Center for Corporate
Governance said, “If the reimbursement proposals do well, they may, in the end, supplant
access. I think it’s the ultimate solution.”
The inability to nominate directors could
result in activist investors marshalling support to withhold votes for specific directors,
particularly in companies that have adopted
majority voting. And, we could see an increase
in activist hedge funds and other major invesContinued on page 41
tors attempting to pressure boards to nominate
specific individuals to the board. Boards should
have in place a policy on how they will handle
investor requests to meet with the board.
In my Compliance Week column “Barbarians
At the Gate: Do You Open Up?”3 I suggested
that boards consider:
nThe investor’s track record in communicating with the company. An investor who
has made no attempt to talk with management, but goes straight to the board for
the first time, does not deserve the same
access as one who has made a number of
attempts to communicate with management, even though they may not have
achieved their desired results.
nWhether the investor is offering short-
term solutions to perceived problems for
short-term gains or has come forth with
recommendations that could bring longterm increases in shareholder value.
One guiding principle, with respect to board
members meeting with investors, is that
directors must be accompanied by an officer
who is intimately familiar with the company’s
disclosure record. This is a measure to guard
against violating Regulation Fair Disclosure
by unknowingly discussing material, nonpublic information.
In general, ignoring or deciding not to meet
with major investors can be a zero-sum game
leading to a loss of good will and, very likely,
negative publicity for doing so. Besides, it
doesn’t hurt to listen. You don’t have to accept
what they say, and someone might even come
up with a good idea.
For several years after the SEC created the
rules called for by the Sarbanes-Oxley Act,
there was heavy emphasis on the role of the
board audit committee until internal audit
controls were in place. Then, as executive
compensation became a hot issue, particularly
as the SEC instituted its new rules on disclosing executive compensation, the board emphasis shifted to the compensation committee. Now, with heightened emphasis on the
director nominating process, the nominating
and governance committee is in the spotlight.
One of the most progressive efforts on the
part of a board reaching out to major investors
occurred recently when Doug Leatherdale, as
chairman of UnitedHealth Group’s nominating
and governance committee, created an advisory
committee comprised of some of the company’s
major investors and members of the medical
profession. The corporation is a leader in managed care programs. Leatherdale, who had been
chairman and CEO of the St. Paul Companies
for 11 years, asked the advisory group to describe
what characteristics they were looking for in
directors. He also invited them to submit names
for consideration. There was actually a match
between a person the nominating committee
was considering and who the investors recommended. While companies may be reluctant to
voluntarily engage their major investors in the
board nominating process, the success of the
UnitedHealth Group’s model should serve as a
positive example for others to consider following. The company also included in its proxy an
extensive “plain English” discussion of how it addressed its options backdating issue and the steps
it has taken to resolve its issues with investors.
The SEC made another decision last November
in which it urged companies and others to establish electronic shareholder forums that would
facilitate discussion among investors of proxy issues, but could not be used for proxy solicitation
purposes. There is some evidence that companies
will monitor forums created by others, as they do
the blogs, but they are unlikely to establish their
own corporate sponsored forums. Many view
these forums as “the devil’s playground.”
The board should be kept apprised of significant information discussed in these forums,
who the key players are, and whether the
company should respond. Under the theory
of “keep your friends close and your enemies
closer,” companies might want to consider
creating a shareholder e-forum to have a
better handle on what’s going on among
their activist investors. Moreover, they might
even derive some benefit by demonstrating
that they are taking the initiative to listen to
investors’ ideas and engage in a discussion of
what is best for the long-term future of the
company and its shareholders.
Yahoo and Motley Fool have already established these forums where investors – mostly
institutional – communicate with one another
all the time. Imagine a shareholder-activist like
Eric Jackson, chief executive of Jackson Leadership Systems, using one of these electronic
forums to marshal support behind a withholdvote campaign for specific directors. Jackson
used his blog and videos posted on YouTube
to band together some 100 shareholders with a
combined stake of $60 million in Yahoo. That
resulted in a 33% “against” vote for seven of 10
Yahoo directors at the company’s annual meeting in June 2007. CEO Terry Semel quickly
became Yahoo’s former CEO.
Moving now to what board members should
expect from their investor relations officers
(IROs). According to a National Investor
Relations Institute survey,4 some 80% of IROs
provide written reports to the board on their
activities and various aspects of the company’s
stock performance. But, fewer than half are actually in the boardroom where directors can ask
questions about what the investors are thinking,
whether the investors understand the company’s
strategy, and if so, are they buying it?
Given the liability that directors shoulder,
41
June 2008
What Are Boards to Do When Investors Call?
they should want the best possible information from the IRO so they can avoid surprises. IROs should not review their written
reports before the board, but should use their
time to provide strategic insight as to the
key issues investors are concerned with, and
respond to the board’s questions.
Lastly, there are five areas where the IRO and
the corporate secretary should provide assistance to the board:
1. Participation in a periodic discussion on
the issue of earnings guidance and whether
the company’s policy with respect to guidance should be continued or revised.
2. Along with the general counsel and the
corporate secretary, the IRO should work
with the board in developing guidelines
for shareholder access to the board.
3. The IRO and the corporate secretary
should be proactive in talking with investors, prior to the start of the proxy season,
on potentially contested issues to see if
there are areas of compromise before they
become proxy proposals.
4. Companies should be proactive in meeting
with the proxy advisory services, prior to
the proxy season, to explain the company’s
position on various issues before being
rolled into the advisory service’s blanket
recommendations.
5. The IRO and corporate secretary should
also be meeting with the people in the
major investor firms who actually vote the
proxies, and these are generally not the
same people. CEOs, CFOs and IROs normally meet with the people who manage
the funds.
How directors relate to the IRO varies
considerably. For example, the vice president
for investor relations at Nike has confidential
meetings with her board members. Some
directors are calling the IRO directly to ask
questions about investors. Obviously, IROs
June 2008
42
don’t enjoy being the messenger when it
comes to giving the board bad news, but
CEOs should avoid killing the messenger.
Some companies retain an outside third party
to conduct periodic perception surveys of
the company’s major investors and analysts,
and these reports are provided to the board.
This way the IRO doesn’t have to serve as the
intermediary. No IRO wants to be in the position of telling the board, for example, that
the “street” lacks confidence in the CEO.
In closing, as the shareholder democracy
movement takes on greater momentum,
boards of directors need to be prepared to
work with management in dealing with the
various issues before them. As a close friend,
who was a career McKinsey partner, a chairman, and CEO who now serves on three
boards recently told me, “We came away
from Sarbanes-Oxley spending too much
time looking over our shoulders at compliance issues, rather than looking ahead and
doing the things directors are supposed to do
in helping management chart the strategic
direction of the corporation.”
Directors want to make sure their house is
in order by establishing best practices for
the board and to take advantage of their
corporate resources – including the IRO – in
executing their duties to the company and its
shareholders. In this current environment, if
one follows the old axiom that an ounce of
prevention is worth a pound of cure, it could
make life as a director more predictable and
allow one to breathe more easily. n
1
2
3
4
Available at http://ethics.org/research/nbes.asp. Accessed May 1, 2008.
Available at http://www.riskmetrics.com. Accessed May 1, 2008.
Compliance Week magazine, published March 20, 2007.
National Investors Relations Institute, Executive Alert “NIRI Releases
2004 Trend Survey Report.” January 21, 2005.
2nd Annual SCCE
Volunteer Project
SCCE’s 7th Annual
Compliance & Ethics Institute
September 14-17, 2008
Greater Chicago Food Depository
Saturday, September 13, 2008,
12:00 – 4:00 p.m.
We had a great experience with our First
Annual volunteer project last year working
with Habitat for Humanity! This year, join
us for another unforgettable event in Chicago with the Greater Chicago Food Depository (GCFD). As Cook County’s food
bank, the Greater Chicago Food Depository
distributes more than 40 million pounds
of food each year. A large portion of this
food must be inspected or sorted and then
packaged before it can be safely distributed
through a network of 600 member agencies
(food pantries, kitchens, shelters, etc.).
Volunteers complete much of this work.
We will be repacking food in the warehouse
and getting it ready for distribution.
Your volunteer experience includes:
nTransportation to and from the facility
nLunch
nBeverages and snacks
nA rewarding community service and
networking experience
This is just a part of a great
experience in Chicago. Be
sure to register for this event
when you’re completing your
conference registration. Visit
www.complianceethicsinstitute.
org or please contact Lizza
Catalano at lizza.catalano@
corporatecompliance.org for more
information.
SCCE C ompliance A cademies
Become a Certified
Compliance & Ethics Professional (CCEP)
Attend one of the SCCE 2008 Academies
and sit for the exam on the fifth day
following a four-day intensive training session
“This four-day course was the most robust theoretical support on the compliance & ethics discipline I could ever attend.
And the caliber of the invited speakers was impressive, as well. The feedback to my colleagues was very short: a firstclass course. I strongly recommend this course.” — Zaur Ahmadov, Compliance & Ethics Advisor, Group Compliance
& Ethics, BP (British Petroleum)
August 4–7, 2008
Chicago, IL
CCEP Exam August 8, 2008
November 17–20, 2008
San Francisco, CA
CCEP Exam November 21, 2008
September 22–25, 2008
Zurich Switzerland
CCEP Exam September 26, 2008
The Compliance Academy is a four-day intensive training course
designed for participants with a basic knowledge of compliance concepts. The Academy
covers specific subject matter in depth and is a great preparation course for the CCEP
exam. (The course provides you with sufficient credits required to sit for the exam.)
Becoming CCEP certified demonstrates sufficient knowledge of government regulations
and compliance processes to understand and address legal obligations and promote
organizational integrity through the operation of effective compliance programs.
June 2008
Questions?
Call
+1
952
933
4977
or
888
277
4977
43
Global Compliance:
China
By Scott Lane and Robert Leffel
Editor’s note: We’d like to thank Ethisphere
Magazine for allowing us to reprint a series
of articles featuring compliance and ethics in
selected foreign countries. This article about
China is the first in this series.
H
istorically a nation opposed to
foreign investment, the Chinese
economy has recently shifted into
a modern, market-oriented system that caters
heavily to international business. Today, the
country is a major player in several important industries, such as manufacturing, food
processing, petroleum and textiles. (see table
& graph on page 45)
Now, business leaders across the world eagerly
turn their eyes towards China and notice a
country that relishes its new-found power
and the attention that comes with it. Such
change doesn’t come without its share of
obstacles–with thousands of years of history
come deep-rooted traditions, some of which
test the boundary of moral principles as they
are understood in the western world. Bribery
and corruption, for example, are not just
common, but each runs rampant throughout
the nation’s business practices. In order for
Western companies to enter China’s booming
market, it is first necessary to understand the
unique cultural and legal processes involved
in conducting business in the country.
The ethical climate for foreign enterprises
When international business managers and
chief executives open dialog about expanding their business to China, they discuss
topics such as intellectual property protection, stifling government bureaucracy, lack
June 2008
44
of product quality standards, discrimination
issues, and rampant corruption in business
dealings. While the government is making
attempts at improving these categories, many
concerns remain unaddressed.
Although China has significantly strengthened its intellectual property laws since joining the World Trade Organization (WTO) in
2001, the country still has the highest piracy
rate in the world–an estimated $1 billion is
lost each year to Chinese piracy alone. Even
though the Chinese government formed the
State Intellectual Property Office in 1998 to
help enforce patent, trademark, and copyright laws, this organization is considered
relatively ineffective by outside sources.
The government was also forced to reexamine
its quality standard regulations after a series
of scandals involving contaminated or harmful toothpaste, pet food, and most recently,
toys. New committees were formed to tackle
these issues but it remains to be seen how
productive they will be.
Discrimination issues run rampant
throughout the country. Gender
discrimination against women has been
documented for years. More complicated are
the discrimination issues involving migrant
workers moving from rural farmlands to cities
and towns. There have even been reports
of height and other physical requirements
neccessary for obtaining certain Chinese
government positions.
Business dealings with the government are
notoriously strewn with unethical practices,
both under-the-table and overt. A strong
sense of family and loyalty to ones friends
leads to a very nepotistic business environment. Some Chinese refer to the famous
philosopher Confucius who surmises in
Analects, “The father conceals the wrongs of
his son, and the son conceals the wrongs of
his father. This is justice.” Foreign businesses
entering the market with no significant political connections have a considerably more
difficult task of integrating than those who do
have connections.
Corruption isn’t limited to government
dealings, however. It’s common for Chinese
business deals to include various perks and
benefits for the buyer, including lavish vacations and expensive electronics, in addition to
any negotiated price to help secure important contracts. While the Organization for
Economic Cooperation and Development
(OECD), whose members include the United
States, Japan and the European Union, has
helped curb corruption in international business dealings in recent years, China has been
and remains notably absent from the group.
Ultimately, experts believe that China is
proactively working to fix its ethical problems. Shanghai is a positive example of a city
leading the way in this regard. One theory
for the improvements points to the increasing
standard of living for many Chinese who no
longer rely on shady benefits or under-thetable bribes for their livelihood. As Chinese
businesses increase their presence throughout
the world, they will consequently bring their
ethics with them, good or bad. Politicians
and business leaders in China are aware that
ethical policies are demanded by consumers
in a free-market economy nowadays. If the
country and its businesses want to compete
with other economically successful nations,
the improvements will have to continue.
Etiquette tips you should know before
you go
Greetings
In China, it is a sign of respect to greet a person using his or her family name only, such
Overview of China
TOP EXPORT PARTNERS 2006:
MAJOR INDUSTRIES:
n Mining and ore production
n Machine building
n Textile and Apparel
n Petroleum
n Cement
n Chemicals and fertilizers
n Food processing
n Transportation equipment
n Telecommunications equipment
TOP IMPORT PARTNERS 2005:
Japan 14.6%
USA 21%
Other
44.7%
Other
50.9%
Hong Kong 16%
Japan 9.5%
S. Korea 4.6%
Germany 4.2%
S. Korea 11.3%
Taiwan 10.9%
USA 7.5%
Germany 4.8%
2006 COUNTRY STATISTICS
POPULATION:
MEDIAN AGE:
LIFE EXPECTANCY:
LANGUAGES:
CAPITAL:
LITERACY RATE:
1,321.8 million people
32.7 years (men)
33.7 years (women)
71.13 years (men)
74.87 years (women)
Standard Chinese or Mandarin (Putonghua, based on
Bejing dialect), Yue (Cantonese), Wu (Shanghainese),
Minbel (Fuzhou), Minnan (Hokkien-Taiwanese)
Bejing (15 million people)
90.9%
GDP per capita (PPP) $7,700
GDP (Purchasing Power Parity) $10.7T
GDP (Official Exchange Rate) $2.518T
GDP (Real Growth Rate) 10.7%
INFLATION: 1.5%
Get started today on your career
making powerful organizations safer and more ethical
Enron. WorldCom. Arthur Andersen. Tyco. If you’re wondering how a system fraught with criminal
and ethical misbehavior could possibly be right for you, authors Joseph E. Murphy and Joshua H. Leet
have the answer: Join what smartmoney.com calls one of America’s top ten fastest growing fields.
Their book, Building a Career in Compliance and Ethics, is the first ever to give step-by-step
instructions on how to establish a career making powerful organizations safer and more ethical.
You’ll discover:






The wide range of compliance and ethics jobs
The skills and temperament needed for this field
Practical ways to prepare for and get ahead in your career
Steps for conducting an effective job search
Advice from seasoned compliance and ethics professionals in the field
Tips for “selling” your compliance and ethics program to upper management
Building a Career in Compliance and Ethics is your guide to doing well by doing good!
SCCE
Phone +1 952 933 4977, 888 277 4977
FAX +1 952 988 0146
Only $29.95. Visit www.corporatecompliance.org to order.
45
June 2008
Global Compliance: China
as Mr. Fong or Ms. Li. Unlike in a western
environment, the Chinese family name comes
first and is usually one syllable. In some cases,
multiple names follow the family name which
can be difficult for some Westerners. In some
cases, Chinese people also insert an English
name. It is always a good idea to ask a native
speaker which name is the family name if you
are confused. To be on the safe side, simply
assume the first name is the surname.
Business meetings
In China, it is assumed that the first person
who enters the room is the head of the group.
Try and keep to this approach so as not to
confuse everyone. For business purposes,
formality is a sign of respect; do not try to
become too friendly too soon. Never tell
jokes to start a meeting. Meetings in China
tend to start slow, don’t rush the meeting
and talk business right away. Pace yourself.
Dress formally in China. Men should wear
a suit and tie at all times, despite what can
be harsh temperatures. Women should dress
conservatively and stick to plain colors. Negotiating in China can be quite interesting.
Always remember that negotiations are rarely
sequential. It is perfectly possible to “go over
old ground time after time. No deal is closed,
until it is “signed and chopped.”
Business cards
Business cards, or name cards as they are
known in Asia, are extremely important.
Always have plenty of them with you, in your
pockets, your jacket, and your briefcase. Treat
your own business cards with respect, place
them in a small leather wallet and protect
them. When exchanging business cards, never
toss or “deal” your business card across the
table. Always hold the card out with both
hands with the writing facing the receiver.
When you receive a card, don’t slap it into
your wallet or in your pocket. Look at the
card, treat it with respect, check it over, ask
June 2008
46
any questions about the card i.e. (You are
based here in Beijing, I see.) This is always a
sign of respect and interest in the person you
are meeting. At the table, it is acceptable to
lay the card in front of you on the table.
Gift giving
Gift giving is becoming less common,
particularly as Western companies enforce
their gift-giving policies. In addition, many
Chinese government officials will not accept
gifts after recent crackdowns on corruption.
If you have to give a gift, it should be small,
customary, thoughtful, and always wrapped.
Dinner and social events
Always be prepared for a very long dinner or
lunch engagement. Food is an important part
of doing business in China. Be prepared to
give a brief and friendly speech in response to
the hosts speech at a banquet. When invited
for a meal, never just “dig in” as in many
Western environments. Always wait either
to be served first by your host, or for you
to serve your host the food from the shared
dishes. It is considered poor etiquette to look
after yourself despite others.
Make sure you sample every dish. Sometimes
this is hard, but it will greatly impress your host.
Always leave something on your plate at the
end of the meal or your host might think that
you are still hungry.
If a Chinese person gives you a compliment,
it is polite to deny it graciously. Modesty
is highly valued in China. Keep the above
guidelines in mind, but above all, be yourself.
Five compliance and ethics issues to
consider
1. Corruption, bribery, and kickbacks
It is often said that doing business in China
is an ethics and compliance mine field, with
bribery and corruption standing in the way of
a successful operation. While there has been
some progress in the last few years, in part
thanks to new government efforts to fight
corruption resulting in some serious sentences for corrupt government officials, the
situation is still far from ideal. Corruption is
said to be closely related to the “guanxi,” or a
network of business relations or connections
that creates a basis for social interaction and
the development of trust and cooperation.
Deal with it
To minimize bribery, begin with an understanding of how the Chinese power system,
guanxi, works and how you can actually use it
to help you. Take time to develop a corporate
guanxi; its quite possible to create and sustain
relationships with high-level government
officials without resorting to bribery. Create
a policy that, while reflecting the company
global values and principles, takes into
account and specifically speaks to local traditions. Put gifts and entertainment into context and perspective. Find allies among local
management and capitalize on the desire of
Chinese technocrats and managerial class to
adopt US and European business standards,
best practices and “rule of law.” Be polite and
firm, but not patronizing.
2.Trade secrets and confidential
information
Chinas booming economy has encouraged
many foreign high-tech companies to open
R&D, design, or manufacturing centers
in the mainland. As a result, more local
employees have access to trade secrets, which
creates a significant risk of loss and intellectual property infringement. Chinese laws
do offer some protection of trade secrets, but
they also require the aggrieved party to show
evidence of actual damage before pursuing
legal remedies.
Congratulations to CCEP designees!
The Society of Corporate Compliance and Ethics (SCCE) offers
you the opportunity to take the Certified Compliance and Ethics
Professional (CCEP) certification exam.
Achieving certification
has required a diligent
effort by these individuals.
CCEP certification
denotes a professional with
sufficient knowledge of
relevant regulations and
expertise in compliance
processes to assist corporate
industries in understanding
and addressing legal
obligations. CCEPs promote
organizational integrity
through the development
and operation of effective
compliance programs.
Jennifer A. Allison
Robert J. Kantor
Kate R. Otto
Robert G. Anderson
Mary Helen Peters
Eduardo N.T. Andrade
Darrell Glenn
Kennemer
Virginia Rae Bly
Arlene D. Knighten
Cathi Bowman
Nickie F. Kubasak
Lizza Sue Catalano
Rachel Deonna Kurtz
Carrie Susan Cloud
Latour Rey Lafferty
Jane Hummel
Simmons
Karen J. Coleman
Kari Alene Lidbeck
John D. Springer
Denise M. Dechiaro
Marco Loures
Stanley D. Stemkoski
Jill Ustane Edmondson
Carolyn R. Marks
Angelle S Stuart
Barry Joe Elmore
Karen Kisiolek Matz
Leah M. Fitzgerald
Carol M. Mcginnis
Mauri Michelle
Thornton
Terry D. Goatley
Betsey Mcgrail
Mark D. Goodman
Michelle L. Miller
Lisa V. Gressel
Jo F. Molock
Charles W. Hagen
Mary Sue Moore
Keith Randall Hawley
Linda Joy Moore
Erik Allen Hennings
Robert Thomas
Morgan
Cynthia Louise
Johnston
James Paul Jones
Anthony Reeves
Wanda Renee Robins
Paula F. Saddler
Dorothy Vedvick
Marilyn J. Williams
Cheryl Ann Wilson
Caveni Y. Wong
Mark F. Wood
Kathleen P. Woods
Rachel L. Yaron
Mark Neu
Joseph M. Yonek
Maryellen O’Neill
John Robert Zander
Questions? Please contact:
Liz Hergert at +1 952 933 4977, 888 277 4977 or CCEP@corporatecompliance.org.
6500 Barrie Road, Suite 250, Minneapolis, MN 55435
47
June 2008
Global Compliance: China ...continued from page 46
Deal with it
The passive and reactive approach to protecting trade secrets by the Chinese law, the lack
of preventative remedies, and inefficient enforcement create some serious complications.
Take strong proactive steps including: 1) Create a strong and unambiguous confidentiality
policy; 2) Require all employees to sign confidentiality and non-compete agreements; 3)
Introduce the disclosure procedure to identify
conflicts of interest and concurrent employment; and 4) Conduct periodic audits.
3.Conflicts of interest
Chinese culture offers a somewhat different
perspective on conflicts of interest. Favoritism
is fairly common. Favoring family and cronies
has roots in Chinese Confucian tradition,
although some counter arguments exist as
well. The system of guanxi may also be a
contributing factor.
Deal with it
Evaluate how big the problem is and what
the costs and consequences are. If you tackle
it, tread carefully; imposing US policies in
this area will likely be met with resistance and
will not achieve much. Introduce transparent
hiring and purchasing processes and criteria.
Reward employees for recommending a successful job candidate or a vendor, but remove
that employee from the decision-making process. Introduce other ways of favoring family
and friends, such as offering discounts and
events. Try to make guanxi your ally rather
than your enemy.
4.Workplace discrimination
Although there is a ban on discrimination
for government posts, Chinese companies
routinely refuse to employ people because of
their sexual orientation, medical condition,
or gender. Discrimination lawsuits against
Western companies in China are relatively
rare, but not unheard of. Nokia China is
June 2008
48
facing legal action for allegedly turning away
a successful applicant in Guangdong because
he is a carrier of Hepatitis B (HBV). In a
recent case involving giant Chinese appliance
maker Galanz, a man hanged himself just
days after he was denied employment because
of HBV. Not only can discrimination result
in costly lawsuits and settlements, the damage
to a companies reputation can be significant.
Deal with it
Zero tolerance, active policy enforcement,
and training are the best and probably the
most cost-effective solutions. Apply the same
standards you would apply at home. Make
sure your local HR and hiring managers
understand the importance of an antidiscrimination policy, the benefits of diversity, and
the consequences for discriminatory conduct.
This is a good example of when a Western
company can and should apply a higher
standard than local business practice.
5.Product liability
In the wake of product recalls and safety
scares in the United States and Europe, ranging from dog food to seafood and from tires
to toys, product liability risk is suddenly at
the top of the agenda for many companies
that have their products made in China. The
root causes of the problem are multiple, the
most obvious being long and often complex
supply chains in China, but also include
an extremely fragmented manufacturing
industry, weak manufacturing and quality
standards, often inefficient or non-existent
quality controls both by the Chinese and by
the foreign importers who sometimes put too
much trust in their suppliers, and differing
business cultures.
pany may take some of the following steps:
1) Make an effort to understand your supply
chain in China;
2) Know your risks by conducting a proper
periodic risk assessment on a proactive
basis;
3) Insist that your prime vendors inform you
when they change subcontractors or make
other product substitutions and pass this
requirement along the line;
4) Introduce quality control standards that
your vendors will need to adhere to as the
condition of doing business with you and
make sure these requirements are passed
along the supply chain;
5) Educate your vendors and help them do
things right; most Chinese companies are
reputable and care about their reputation
and product quality as much as you do;
6) Trust but verify: Implement audit and inspection programs for the vendor facilities
and introduce your own quality control
for all imports with a proper evaluation
for design and manufacturing defects; and
7) Create a comprehensive quality control
program. It may not prevent all risks, but
it may serve as an affirmative defense. n
Reprinted with permission from Ethisphere
Magazine September 19, 2007.
Deal with it
Depending on the severity and the nature of
risk and the scope and extent of the involvement with Chinese manufacturing, a com-
Get great exposure for
your employment ads!
200 words
90 days
only $400!
The Complete
Compliance
and Ethics Manual
An accurate, comprehensive, and
authoritative reference source!
Save time by improving the efficiency
of your compliance program.
The manual comes with the full-version CD.
Member rate $315.00
Non-Member rate $349.00
The Complete Compliance and Ethics Manual
includes more than 400 double-sided pages filled
with up-to-date, valuable information on current
compliance issues. Large, attractive three-ring
binder with color front, spine, and back cover.
Mail to: SCCE
6500 Barrie Road
Suite 250
Three ways to order:
Visit: www.corporatecompliance.org
Fax: +1 952 988 0146
For more details call
+1 952 933 4977, or 888
277 on4977
Continued
page 49
Compliance and ethics professionals
belong to a highly specialized field. SCCE can
match qualified individuals with your staffing
needs. Take advantage of SCCE’s Web site to
advertise your unique career opportunities.
It’s easy and cost effective. List up to 200 words for
90 days for only $400. Get worldwide exposure for
your classified ad to a targeted audience!
To post a job:
Visit www.corporatecompliance.org
and click on Advertising: Career
Opportunities in the left-hand menu
+1 952 933 4977 or 888 277 4977
49
June 2008
Statute Gone Wild?
Editor’s note: Guy Aulabaugh is the Custodian of
Records and Compliance Officer for Mantra Films,
Inc. in Santa Monica, California. He may be
contacted by e-mail at guyaulabaugh@yahoo.com.
Following a brief description of the legal issues
this company has faced, Guy explains how their
Compliance department was designed to prevent
future problems. This article addresses compliance with child pornography laws. Other charges
against Mantra and Joe Francis are beyond the
scope of this article.
M
antra Films, Inc. (Mantra) makes
the ever-controversial reality-based
shows under the brand name “Girls
Gone Wild.” Mantra is owned and run by
the inimitable Joe Francis, whose high-profile
successes and tribulations are known by many
who watch the various cable television news
programs and talk shows. This article attempts
to describe, in brief, Mantra’s creation of its
Compliance department and implementation
of policies and procedures created to maintain
compliance pursuant to Title 18, Section 2257
of the United States Code (18 U.S.C. § 2257)
and all of the underlying regulations incumbent
thereto. Title 18, Section 2257 governs the
record keeping requirements for the production of any book, magazine, periodical, film,
videotape, or other matter that contains sexually
explicit material that is intended to be mailed
or shipped interstate or in foreign commerce.
The statute also requires that a disclosure notice
appears on the packaging of this material.
On Dec. 13, 2006, Mantra pled guilty to the
charges of failing to keep sufficient records as
required by 18 U.S.C. § 2257, as well as various labeling violations regarding some DVD
sleeves that were improperly printed. The
record keeping violations stem from content
that was shot in 2002 involving two women
June 2008
50
who had misrepresented their ages to the
cameraman, and filled out false written release
forms in order to get on a Girls Gone Wild
show. They were 17 years old, rather than 18
years old as they represented. As a side note,
Joe Francis had never met these two individuals, nor was he even in the country when
these women were filmed. Camerapersons are
independent contractors and remain personally liable for all of the content which they
shoot. However, Title 18, Section 2257 attaches a form of strict liability on behalf of the
custodian of records for any company that fails
to maintain the required records. Under the
statute, the custodian of records is liable, per
se, for any record keeping violations regarding
Title 18 content. The statute further allows the
US Department of Justice to conduct periodic
warrantless inspections of such records for any
company who produces Title 18 content.
Congress passed the Child Protection and Obscenity Enforcement Act of 1988 to further support its laws against child pornography. Among
other things, it requires producers of certain
kinds of content to maintain records regarding
the individuals depicted. Congress subsequently
modified the recordkeeping provisions at least
twice, with the Child Protection Restoration
and Penalties Enhancement Act of 1990, and
the Prosecutorial Remedies and Tools Against
the Exploitation of Children Today Act of 2003
(PROTECT Act). All the various amendments
have made the reach of the recordkeeping requirements of 18 U.S.C. § 2257 fairly extensive.
The requirements apply only to producers, but
that term is defined broadly. Producers include
all those who create a visual representation
of actual sexually explicit conduct, through
videotaping, photographing, or computer
manipulation. These kinds of producers are
defined as “primary producers” under the
Guy Aulabaugh
By Guy Aulabaugh
regulations issued by the Attorney General.
Those who use such images for “assembling,
manufacturing, publishing, duplicating, reproducing, or reissuing” any material containing
that image for a commercial purpose, from
a photograph to a magazine or film, are also
producers. Finally, those who upload such
images to a Website or otherwise manage the
content of a Website are considered producers.
These last two types of producers are considered “secondary producers” under the applicable regulations. On the other hand, those
who process images and have no commercial
interest in such images, those who merely distribute the images, those who provide Internet
or telecommunications services, or who store,
retrieve, host, format, or translate the communication without selecting or altering its
content are not producers. They are, however,
required to verify that the required records
have been kept by the creator and that disclosure statements are attached to the images.
Pursuant to a Deferred Prosecution Agreement, Mantra’s compliance is confirmed
through a federal monitoring program,
wherein we submit quarterly reports including
all the necessary compliance documentation
and information for all of our products. The
documentation is audited by a federal monitor,
whose reports are conveyed to the Obscenity
SCCE Corporate Members
AIG
Contact: Christine Mullen
Chief Compliance Officer
Christine.mullen@aig.com
www.aig.com
IFCO Systems NA Inc.
Alfaro-Abogados
Contact: Steve Worster
VP Compliance
steve.worster@ifcosystems.com
www.ifcosystems.com/america/na/en/
index.php
Allstate Insurance Company
Contact: Michael R. Levin, Esq
Dir Compliance & Ethics Services
melvin@i2c.com
www.integrity-interactive.com
Amgen Inc
Contact: Robert C. Cook
Partner
ccook@jonesday.com
www.jonesday.com
Contact: Liliana Alfaro
Partner
lilianaarauz@alfarolaw.com
www.alfarolaw.com
Contact: Lyn A. Scrine-Filipovic
Director of Integration
Iscrine@allstate.com
www.allstate.com
Integrity Interactive Corporation
Jones Day
Contact: Kathleen Schump
Executive Assistant
kschump@amgen.com
www.amgen.com
LRN
Compliance Spectrum
Medtronic
Dell
Metro Water District of Southern CA
Contact: Chrisan Herrod
VP Marketing & Business Dev (IND)
chrisan.herrod@compliancespectrum.com
Contact: Jeannie McCarter
Jeannie_mccarter@dell.com
Epcor
Contact: Cindy McCracken
Executive Assistant
cmccracken@epcor.ca
Ernest & Young
Chris Ideker
Global Solutions Leader
chris.ideker@ey.com
Foley & Lardner LLP
Contact: Cheryl Wagonhurst
Partner
cwagonhurst@foley.com
www.foley.com
Genentech
Summar Davidow
Sr. Admin Associate
davidow.summar@gene.com
Georgia System Operations
Contact: Andrea Barclay, CCEP
Corporate Compliance Admin
andrea.barclay@gasoc.com
www.gasoc.com
Global Compliance
Karen Kistenmacher
Director Marketing Communications
karen.kistenmacherf@globalcompliance.com
Holland & Knight LLP
Contact: Christopher A. Myers,
Partner
chris.myers@hklaw.com
www.hklaw.com
Contact: Adam Turtletaub
aturtletaub@lrn.com
www.lrn.com
Contact: Amy Patterson
amy.j.patterson@medtronic.com
www.medtronic.com
Contact: Edith Yamasaki
Sr. Administrative Analyst
eyamasaki@mwdh2o.com
www.mwdh2o.com
Contact: Odell Guyton
Senior Corporate Attorney
& Director of Compliance
odellg@microsoft.org
www.microsoft.com
Nortel
Contact: Robert J. Bartzokas
Chief Compliance Officer
rbartzok@nortel.com
Qwest Communications
Contact: Dave Heller
Chief Ethics & Compliance Officer
dave.heller@qwest.com
www.qwest.com
RedHawk Communications, Inc.
Antoinette Taylor
Director of Marketing
ataylor@redhawkethics.com
Shook, Hardy & Bacon LLP
Contact: Carol A. Poindexter
Partner
cpoindexter@shb.com
www.shb.comcom
The Network
Contact: Angella Davis
Marketing Manager
angelladavis@tnwinc.com
www.tnwinc.com
Tozzini, Freire, Teixeira, E Silva
Shin Jae Kim Hong
Partner
shin@tozzinifreire.com.br
TSYS, Inc.
Contact: Daniel J. Priban
Director Risk & Compliance
dpriban@tsys.com
www.tsys.com
United Parcel Service
Contact: Ruth Ward
Comp & Ethics Supervisor
rmward@ups.com
www.ups.com
Wal-Mart Stores
Contact: Gary Hill
Dir International Ethics
gary.hill@wal-mart.com
www.walmart.com
Parson Consulting
Contact: James Clendenen
Dir West Region
Parson Consulting
jclendenen@parsonconsulting.com
www.parsonconsulting.com
PNM Resources
Contact: Sarah Smith
Director Ethics & Compliance
sarah.smith@pnmresources.com
PotashCorp
Contact: Ann M. Baltys
Legal Assistant
ambaltys@potashcorp.com
www.potashcorp.com
PricewaterhouseCoopers LLP
Contact: Christopher Michaelson
Director
christopher.michaelson@us.pwc.com
www.pwc.com
51
June 2008
New SCCE Members
The Society of Corporate Compliance
and Ethics welcomes the following new
members and organizations. All member
contact information is available on the
SCCE Web-site in the Members-Only
section: www.corporatecompliance.org.
Arizona
nKaren Ansell, Apollo Group Inc
Florida
nSusan A. Blair, University of FL
nMaria A. Casablanca, Nortel
nDena M. Coelho, Fidelity National Info
Services
nKaren A. Hancock, First Coast Service
Options
nCylina M. Sides, First Coast Service
Options Inc
California
nSadia Ali
nMichael Barthe, Hythiam, Inc.
nDoug Beeuwsaert, Lyndon Group LLC
Georgia
nChristian R. Cooper
nThomas J. Kelleher, Jr., Smith, Currie &
Hancock LLP
nGustavo De La Torre, Santa Clara Valley
Water District
nSuzanne Dotzler, Amgen Inc
nWendy Blair Fields, Amgen Inc
nLaurie Hanvey, Methodist Hospital
nLynda Hilliard, Univ of California
nAnthony Jackson, Methodist Hospital
nMusic M. McCall, City Of San Diego/
Office of Ethics & Integrity
nMark Neu, CCEP, Tenet
nJim Passey, Huntington Hospital
nJo Anne SawyerKnoll, City of San Diego/
Office of Ethics & Integrity
nDeborah Tolomeo, King & Spalding
nVinca Weatherly, Amgen Inc
nJanice E. Williams, Pechanga Development
Corp
Colorado
nDoris Blyth, University of Colorado
nGreg Pachner, Noble Energy, Inc.
nSharon L. Thompson, MA MFCT, MWH
Global Inc
nChristine S. White, Molson Coors Brewing Co
Conneticut
nLawrence Plutko, Yale New Haven Health
Washington, DC
nDan I. Stoll, US Agency for Intl Development
nShawn Wright, Blank Rome LLP
June 2008
52
Hawaii
nH David Burge, Kamehameha Schools
Idaho
nStacy Pearson, CPA, Boise State University
nJulian R. Rush, Policy Technologies
International Inc
Illinois
nMargaret F. Brown, Coram Inc
nChristine J. Efantis, Molex Inc
nElena A. Lovoy, Law Offices of Elena A
Lovoy
nJulie Palles, FirstGroup America
nScott M. Permentier, DePaul University
nMary Jo Rizzo, Depaul University
nVictoria Ruder, Community Counseling
Centers of Chicago
Indiana
nWilliam Mark Brooks, Eli Lilly and
Company
nKira A. Cooper, MED Institute Inc
nSteven Guymon, Eli Lilly & Company
Kentucky
nRachel D. Green, Toyota
nJohn E. Steiner, Univ of KY
Massachusetts
nTyler Hart, Iron Mountain
nKara L. Hill
nKevin J. Kelley, JD, MPA, CHC, The
Kelley Law Office
nBethany M. Machacek, CCEP, Integrity
Interactive Corporation
Maine
nMary Edith St Jean, St Joseph Hospital
Michigan
nMindy Willis, DTE Energy
Missouri
nJan Jackson, MCHCP
North Carolina
nAlice A. Burkholder, City of Greensboro
nEdward P. Paitsel, Nortel Networks
nChandrika Raghavan, Talecris Biotherapeutics
nTina Tyson, Duke Univ School of Medicine
nChristian E. Whicker, Duke Energy
Nebraska
nLisa M. Matya, ACI Worldwide
New Jersey
nDouglas Horr, CIA CBA EDM, Stevens
Institute of Technology
New York
nDiane Delaney-Sheehan, New York University
nWilliam J. Dimmig, People Inc
nBarbara DiTata, Esq, NYC School Const
Authority
nTerry Dylewski, Binghamton University State University of New York
nValerie Haliburton, Colgate-Palmolive
Company
nS. Rebecca Holland, New York University
nMarcia Isaacson, State University of New York
nRobert Jinnett, AIG
nMonique Phillips, NYU Medical Center
nElena Rossano, Taro Pharmaceuticals USA Inc
nDonna Scuto, State Univ of NY At Buffalo
nGwen N. Shannon, Federal Reserve Bank
of New York
nSteve Stabile, The New School
nC Veronica Williams, Metropolitan
Transportation Authority
Ohio
nJill Springer, The Ohio State University
Oregon
nPatty A. Bragg, Providence Health &
Services
nEarl A. Curtis, Portland General Electric
nThom W. Disco, Providence Health &
Services
nJulie Ebner, Providence Health & Services
nMonique Lamirault, Schnitzer Steel
nSally Rhys, Coaching for Perspective
Pennsylvania
nJulie Agris, Vantage Holding Company,
LLC
nBessie G. Jordan, GlaxoSmithKline
nColleen P. Lyons, The Lyons Trust
nMaria M. Perez, McNeil Consumer
Healthcare
Puerto Rico
nAntonio Aponte-Sanchez, FHC HS of
Puerto Rico
Tennessee
nWilliam A. Moles, II, CIA, University of
Tennessee
Texas
nDouglas Arrington, UT Southwestern
nMichael Blanda, Texas State University
nCathy Jones, Shell Oil
nTimothy B. Morris, Nortel
nElaine Pearson, Univ of Houston Downtown
nK Royal, Sandra Day O’Connor College
of Law
nAlan R. Woods, Baker Hughes Incorporated
Virginia
nRhonda Bishop, Virginia Commonwealth
University
nRobert C. Brown, CFE, Capital One
Financial Corp
nJennifer L. Burruss, VA Commonwealth
University
nJaycee L. Dempsey, VA Commonwealth
University
Call for Statistical Surveys
SCCE is looking for informational studies/surveys that
offer statistics designed to gauge the state of corporate
compliance, integrity, governance, and ethics. This
information would be made available on the SCCE Web
site’s Resources page. If you are aware of any studies/
surveys that would benefit your colleagues in making
better and more informed decisions, please e-mail Marlene
Robinson at marlene.robinson @corporatecompliance.org.
Thank you for your help!
nPeggy L. Fischer, PhD CFE, OIG
National Science Foundation
nChristiana Franchet, L-3 Communications
nBrian E. Hess, CFE, OIG National
Science Foundation
nCathy S. Kilcoyne, VSE Corporation
Washington
nMartin T. Biegelman, CFE, Microsoft
Corp
nEd A. Bourassa, T-Mobile
nRich Cohan, FACHE CCP, Providence
Health & Services
nSean C. Delich, T-Mobile
nMeg Grimaldi, Providence Health &
Services
nBrock RJ Phillips, CPA CFE, Microsoft
Corp
nMarc Stepper, Puget Sound Energy
Wisconsin
nLisa Martinez, Manpower, Inc
Ontario, Canada
nKevin B. Coon, Baker & McKenzie
Sweden
nAnnika Ohlsson, Amgen AB
SCCE’S
MISSION
SCCE exists to champion
ethical practice and
compliance standards
in all organizations and
to provide the necessary
resources for compliance
professionals and
others who share these
principles.
53
June 2008
Statute Gone Wild? ...continued from page 50
Prosecution Task Force, which in turn submits
its findings to the federal judge under whose
jurisdiction our performance is judged.
The monitoring program includes a work
plan involving the implementation of improved compliance policies and procedures.
This includes the establishment of a robust
training program for all Mantra employees,
independent contractors, and third-party
agents. Mantra has implemented an internal
audit mechanism in order to track labeling requirements and age verification. Its
technology has been upgraded and expanded,
allowing it to obtain better images of the age
verification documentation. Further, Mantra
employs the services of independent private
investigators to verify performers’ identities.
The whole process is quite extensive and
most likely sets the standard in the adult
entertainment industry. Mantra is proud that
the Department of Justice has been rather
supportive in this process and applauds our
efforts as being a model in compliance initiatives for the adult entertainment industry.
The way that Mantra complies with the
statute is actually quite simple, because the
requirements of the statute are fairly simple.
For each and every performer who appears
in Title18 content, we have to obtain a clear
image of a state or federally issued picture
identification card, verifying that, in fact, the
performer is of majority age.
I try to look at the compliance process in a
holistic light; discovering, creating, implementing, and finally developing, being one organic process. This process is a single-minded
function – there is no room for mistakes. We
must maintain absolute perfection and be —
COMPLIANT...such a nice sounding word.
As the custodian of records, I bear the responsibility and, [hard swallow] criminal liability
of making sure that we have the necessary
June 2008
54
documentation for all Title 18, Section 2257
content. This requires Mantra’s Compliance
Department to identify all Title 18 content,
obtain and record all required images and
documentation, and finally, build the database
containing all of the information, documentation, and images accessible, according to the
regulations underlying 18 U.S.C. § 2257.
Otherwise, Mantra’s Compliance department
performs the same functions as any other
Compliance department. It trains all of Mantra’s employees, independent contractors, and
third-party agents in its compliance policies
and procedures. It tracks any and all content
produced by Mantra, all of which must be
logged into the database, retaining all necessary compliance documentation and rights
information for each individual performer.
Before any content is distributed, it must first
be cross-referenced with the database and
verified as being compliant.
Ironically, Mantra is more of a reality-based
content provider than an adult-entertainment
industry provider. I estimate that less than 5%
of our content qualifies as content regulated
under 18 U.S.C. § 2257. However, I would
speculate that the more explicit content, which
qualifies as Title 18-governed content, does help
drive the market for our products. Despite our
shows being relatively tame as compared with
much adult content, Mantra and its founder
Joe Francis remain popular targets for many talk
show hosts and special interest groups. Let’s face
it; our product is controversial. However, critics
often make false assumptions about the content
produced by Mantra.
Although everyone can agree with the purpose
behind the statute, as one who daily strives to
maintain perfect compliance under 18 U.S.C.
§ 2257, it can be a struggle to determine what
the statute requires. For example, the regulations fail to adequately define what acceptable
government-issued picture identification is.
Because Mantra’s policies are to maintain
strict compliance with all laws and regulations, it often is prevented from producing
content that would otherwise be legal. In
other words, even if a potential performer is
clearly over the age of 18, if she does not have
a state driver’s license, we do not produce the
content. This includes content that may or
may not be regulated by 18 U.S.C. § 2257.
The consequences are too high to even take a
remote chance that the Department of Justice
would construe the content as being noncompliant with 18 U.S.C. § 2257. Through this
vetting process, I submit that much constitutionally protected speech is chilled.
Recently, the Sixth Circuit Court of Appeals
has overruled 18 U.S.C. § 2257 as being
unconstitutional in its entirely. However, the
Department of Justice has obtained an en
banc hearing, providing further review of the
court’s decision. Therefore, without stating
anything more specific about the constitutionality of the statute, rest assured that the
debate continues, with no clear solution on
the horizon. Obviously, companies such as
Mantra have no interest in filming underage
performers, and the government does reasonably need an enforcement mechanism in
place to prosecute and convict the producers
and purveyors of child pornography. However, as it currently stands, individuals could
be criminally convicted of a serious crime
for producing content that, in reality, does
not portray any underage performers (even
if it could be proven as such) resulting from
the failure to maintain the particular records
required by 18 U.S.C. § 2257. Hopefully, the
legislature and courts will be able to resolve
these issues, so that the legislative purpose
– the protection of children – is furthered
as much as possible, without unnecessarily
chilling an unreasonable amount of constitutionally protected speech. n
ENTERPRISE RISK MANAGEMENT
Your plan is only strategic
if you know what your risks are.
SOFTWARE FROM PAISLEY ENABLES A SUSTAINABLE, DISCIPLINED APPROACH
TO ENTERPRISE RISK MANAGEMENT. By linking strategic risks with other governance,
risk and compliance business processes, Paisley provides structure, visibility and
transparency to your enterprise risk program.
PAISLEY ENTERPRISE GRC™ AND GRC ON DEMAND™ — Software for operational
risk management, integrated audit, financial controls management, IT governance,
and compliance. Call 888-288-0283 or visit www.paisley.com
55
June 2008
...is Your Company’s
Once-A-Year
Code of Conduct Training Enough to
Make
the
Grade?
FACT: “To have an effective com-
pliance and ethics program…an
organization shall…promote an organizational culture that encourages ethical conduct and a
commitment to compliance with
the law.” – U.S. Sentencing Guidelines, §8B2.1 (a), (a1), (a2)
Think of your own experience.
Have you ever really learned
something from a course presented only once-a-year? In most
cases, it just isn’t possible. To be
effective, your ethics program
needs to deliver ongoing communication and training throughout
the year.
Best Practices
Ethics Programs
for the Worlds’ Corporations
Why are RedHawk’s Programs
EFFECTIVE?
More than simply once-a-year online modules, our programs reinforce
ethical issues throughout the entire
year through an ongoing communication and training strategy.
• Customized, interactive Online
Code of Conduct course
• The Ethics Communication
Coach: a library of over 1,000
supporting ethics communication
and training tools
• Online Ethics Training Library covering over 50 topics
• Discussion-based training
solutions
• Instructor-led training tools
• Multi-year training plans
Let us build an effective ethics program for your company. Our custom-designed solutions, combined
with 15+ years of unmatched experience and affordable prices,
have helped leading corporations
create ethical culture and meet
U.S. Federal Sentencing Guidelines requirements.
Find out how you can make the
grade today – visit us at
www.RedHawkEthics.com to take
a quick tour, schedule a full product demonstration, and receive
your FREE white paper entitled
WHAT’S IN IT FOR ME? Creating
Ethical Culture through Behavior
Change Strategies, presented to
the American Management
Association.
REDHAWK
RedHawk Communications, Inc. | 615 Hope Road | Eatontown, New Jersey 07724 | T: 732-440-1600 | www.RedHawkEthics.com
Experience. Knowledge. Commitment.

Robert T. Morgan and Carol A. Morgan Global Compliance: China

Transcription

Similar documents

Weaving a Moral Ecology

Ethics and Compliance Training from A to Z

..J New York-Presbyterian

Ethics

outline

SNC-Lavalin: Journey to Ethics Excellence

DON`T GET CAUGHT WITH YOUR PANTS DOWN

Dr. Ilex Lam Chairman iEnterprise Foundation

Good Value Judgement - Malaysian Institute of Accountants