(Excerpted from Building a Career in Compliance and Ethics, by Joseph E. Murphy and Joshua H. Leet; Minneapolis: Society of Corporate Compliance and Ethics, 2007.)
You are always selling in this field. It is a necessary skill. By this I do not mean anything cynical such as misleading companies into buying something they do not need. Rather, this means the ability to convince others of the need for a good compliance and ethics program and the need for their support. Selling is part of being in an organization; it goes with the territory.
When attempting to start a program, selling begins with management and the board. In the beginning, the compliance advocate has to convince management and the board of the need for a program, and the seriousness of the commitment. But even after the initial sale, you have to continue selling, to keep compliance a priority and get daily buy in. It is important not to think of this effort as a one-time project. You will need to earn the ongoing support of management and the board to bring the program up to an effective level, and then to keep it energized over the long term. You will also need to deal with employees in their everyday work. In your training and other communications you need to reach all those who work for the company so they understand the value of the program and the need to do the right thing, every day in every part of the business.
I offer here a number of tools—12 “sales tips”—to help in your task. These sales tips have been organized for ease of reference, but you may want to mix and match those things that will work for you and your organization. To use these effectively, you need to know your audience. Certain points will appeal more to some audiences than to others. So pick and choose, but do not overwhelm or dilute key messages. In Appendix 3-F, I have provided a quick list of some of the benefits of an effective program; this list is also useful if you are asked to do a cost-benefit analysis of the program.
The 12 Sales Tips
1) Avoiding the Big Legal Stick
The parade of horribles can be an effective tool for selling a compliance and ethics program to any organization. When most managers think of compliance, this is one of the things they probably picture first—all the bad things that can happen because of a violation. It is generally what initially gets people’s attention, and the most common reason used for programs. You should recognize that fear has limits as a motivator; I do not recommend relying on fear as the sole reason for a program. However, there is no denying that, for many, it does get attention. In the legal world of today, there are many frightening things out there.
Avoiding violations—preventing trouble from happening—is a powerful motivator in organizations. For someone contemplating a compliance and ethics program, the most basic expectation would be that a program would prevent problems. This benefit is an important point to make, but be careful not to over promise. No organization with large numbers of people can expect to prevent everything. Consider, for example, that a company with tens of thousands of employees may be the size of an entire city. Who would expect a city to have all its residents avoid all offenses all the time? Similarly, while a company should strive for perfection, the compliance person must be careful never to promise this outcome. Still, even with that caveat, prevention is an important reason.
One starting point in raising compliance and ethics-consciousness is to discuss the increase in criminal risks. Any businessperson will know that there are more laws and rules with each passing year, and the legal environment grows ever more complex. Along with this trend is the fact of increasing criminal enforcement and the appearance of more enforcement officials. Civil and administrative violations, by themselves, can be serious with potentially astronomical costs. But the government is not content with this. Especially in the United States, we tend to use criminal law more as a regulatory tool. Each new scandal seems to push the enforcement line from the civil side to the criminal side.
Along with this shift toward criminalization is the reality that the accompanying penalties are severe and increasing: prison terms are becoming longer and fines seem to be taking on the role of a major revenue source for government. One example that illustrates this concept is the 2004 amendments to American antitrust law. Antitrust corporate fines had previously been capped at $10 million (although a separate law covering alternative minimum fines provided for much larger amounts). Congress increased this ten-fold to $100 million. Individuals’ fines were increased from $350,000 to $1 million. Prison terms increased from 3 to 10 years, to keep up with so many other increased prison terms for other offenses (it seems enforcers compete with one another to see who can get the most bang for the buck!). Many times predicting the future can be risky, but there is probably no risk in the prediction that there will be more of this rise in penalties as time passes. In making this point to management it can be useful to present a “rogues gallery,” illustrating these trends by listing some of the top fines and the companies hit with them.
How the government finds out
There are those who are engaged in violations or are aware of misconduct, but are lulled into thinking that the matters will never see the light of day. Experience shows, however, that a company’s misdeeds may surface in a surprising variety of ways, including through the government’s use of sophisticated detection devices. The biggest surprise, however, may be that in some areas the most likely source of exposure is the violator’s partners in crime who turn them in. This is because of the increased emphasis among enforcers on voluntary disclosure programs. The best example is the antitrust leniency program, started by the U.S. Department of Justice, but now duplicated by numerous other governments around the world.
In the antitrust field, all criminal cases entail conspiracies, i.e., crimes involving more than one participant. Taking advantage of this, the government offers offenders a deal. As long as the offender meets certain conditions, such as not being the ringleader, the government will offer immunity to the first, but only the first, offender to tell the government the whole story. The deal appears to be a good one; a company admitted into this program avoids criminal prosecution, and so do that company’s employees who also cooperate. The arrangement is a guaranteed pass, unless the entity that entered the program fails to live up to its part of the bargain. In 2004, Congress upped the stakes, establishing that those who disclose also escape treble damages and are thus only responsible for single damages in private litigation. The program has been so successful that it has brought in hundreds of millions of dollars in fines from companies who were not first in the door. This program adds an urgent reason for having a compliance and ethics program. If there is a violation, you want to be the first to find it, so you can beat your competitors to the government’s door.
How else does the government find out? Violators should never count out the honest (or angry) co-worker. Even in the absence of calculating co-conspirators, sometimes a co-worker who believes in compliance, who is not just afraid of prosecution, will report the violator for the good of the company. It may be someone who is worried about losing his or her job if a major violation occurs, or someone who is angered by abuses occurring. It may also be a subordinate who receives a bad evaluation, or an agent who has been terminated. It can even be a spouse of a co-worker who is now in the middle of a bitter divorce.
Ultimately, the government finds out. Voluntary disclosure is just one example of how that happens. If you have an audience that is cynical, or is nave about how criminal conduct surfaces, then it can be worthwhile covering some of the details about how the government cracks these cases. Your listeners may find it eye opening (and entertaining) when you discuss the examples.
“Thanks for not wearing a wire!”
Most people picture the government using advanced detection techniques in cases like those involving drug dealing, but may not know that the same methods are used in white-collar crime. Perhaps one of the most dramatic examples was the Archer Daniels Midland lysine antitrust case. In this case the government had an ADM senior executive agree to wear a wire and help them eavesdrop on actual conspiracy discussions. The Department has made publicly available excerpts from its videotapes, so you can show the actual video the government took of the conspiracy meetings. (You can get many more examples from this case in the book, The Informant, by Kurt Eichenwald.) Another case, involving bribes to a purchasing person, was unearthed because the purchasing manager’s spouse kept detailed records of all the gifts he received. When the marriage hit the rocks, the purchasing manager ended up breaking rocks, thanks to an angry spouse!
Then there is the cautionary tale of the qui tam law and unhappy employees. For those who do business with the government, the False Claims Act provides a special incentive for employees to look for dishonest treatment of the government. If an employee believes the company is cheating the government, they can sue on behalf of the government in a qui tam action. If successful, the employee gets a large percentage of the recovery. This can be millions of dollars, especially since, for these cases, the damages due the government are doubled or trebled.
Cases also come to light because of unhappy competitors. A big contract lost in Indonesia can cause a competitor’s salesperson to complain to the home office that something suspicious must have happened. If a government official has solicited bribes and your competitor said “no,” what do you think the assumption will be when your company wins that same contract? What happens when your employee, who was part of the scheme, takes a better offer next month at that competitor?
Speaking of employees with big mouths, you really never know what you (or the government) might hear. Most of us know it can be difficult to keep a secret. When you engage in misconduct you are completely dependent on the discretion of those who are also involved. As an example, in one case it was reported that the government broke a bid-rigging scheme by stationing an enforcement person in a tavern across the street from where the bids were submitted. The government person just had to sit in the bar and hear the conspirators plot out their scheme!
What will they write down next? If people are sometimes careless in what they say in public, this is small potatoes compared to what they write down. One person was given a taxi cab receipt that contained, on the reverse side, a note among the taxi drivers calling for a boycott of hotels to “win back the long distance business from the limos.” That, of course, would be an illegal boycott. The recipient of the receipt happened to be an antitrust lawyer!
Anyone who reads the reports in the newspapers about white-collar cases will see daily examples of these types of careless documents—paper and electronic. It is tough, if not impossible, to commit a serious business crime without leaving a trail of emails, papers and computer records.
Reducing criminal sentences
Criminal prosecutions have been increasing, and the sentences for federal crimes have been on a continuing upward climb. But there is good news on the sentencing front—the federal sentencing guidelines offer a significant break to companies with compliance and ethics programs. How large is this benefit? If a company had an effective program before the offense happened, and it takes other positive steps (voluntarily disclosing the violation, cooperating with the government), its fine will be reduced by up to 95 percent.
Convincing the government not to shoot
Management may hope that a strong compliance and ethics program can reduce the risks of violations, but the reality is that offenses can still occur. A reduction in sentence may have surface appeal, but that benefit only comes after the awful experience of being prosecuted and convicted. A vastly more important benefit is the ability to avoid criminal charges even though your company knows it is guilty of the offense. Convincing the government not to prosecute is a benefit that can make the cost and effort of a compliance and ethics program seem like the best possible investment a company could make. The government has publicly recognized that it is not always in its best interests to prosecute and impose heavy fines on all business offenders. Sometimes, the government may show leniency if it believes a company is not bad at its core, and has a diligent compliance and ethics program in place. Individual offenders may still face charges, but the company as a whole can safeguard itself and its innocent employees with the appropriate preventive measures in place.
In January of 2003, Deputy Attorney General Larry Thompson updated an earlier Department of Justice letter to U.S. Attorneys around the country. His memo, “Federal Prosecution of Business Organizations,” recognized a corporation’s cooperation and its compliance and ethics program as factors that needed to be considered when it came to prosecution. This memo reflected and formalized a trend among government officials to recognize that the company that has taken on part of the government’s law enforcement mantle deserves to be treated differently from companies that ignored compliance. Since then this policy has been incorporated into the Justice Department's Justice Manual, applicable to all DOJ criminal enforcers.
This author has even been part of an engagement by a federal prosecutor’s office to help assess a company’s compliance and ethics program as a factor in the decision whether to prosecute the company. For the company general counsel or other executive who wants to survive a crisis, having an effective, credible program in place can transform that executive from a likely scapegoat into a corporate hero.
Avoiding “probation” and imposed compliance and ethics programs
If a company commits a violation, corporate fines and prison for officials are not the only nightmares that can occur. At least those more conventional punishments, once suffered, can be put behind the company. But the government has another set of tools, such as probation and monitors, which can extend the pain. When a company is being investigated, the government may offer to settle on terms that impose continuing obligations. These obligations may include a consent decree, a corporate integrity agreement, a deferred prosecution, or some other form of settlement. One of the conditions may be the government’s own ideas on what should be in a compliance and ethics program. In the worst cases, the government may place its own monitor inside the company.
An instructive and eye-opening example occurred in a case involving Consolidated Edison in New York. In this environmental criminal case the company was required to accept an environmental monitor who had free access to all its locations, documents, and people. The monitor even had his own hotline so employees could report any environmental offenses they witnessed. The monitor then filed his own, very detailed reports with the government and the court, laying out for public consumption all the inner workings of the company. Every mistake, every embarrassing statement, every matter the monitor disliked was there in full public view. There are few things more humiliating than the public exposure of what employees and managers say within the walls of the company’s inner sanctum.
The basic point for companies to consider is this: They can create their own compliance and ethics program, designed and implemented the way they think best within the framework of the sentencing guidelines. Or they can wait for the inevitable misstep, and have the program designed by the government the way an enforcement official thinks things should be done. One thing that you can count on, is that if the government has to design the program, the company will have to report everything that goes wrong to the government.
It should also be remembered that this intrusive remedy is not something limited to criminal cases. Even the much more common civil cases will typically end in settlements. The ongoing, government-imposed compliance regime can be part of the price for any legal mistake.
Getting the boot as a government contractor
Companies that cross the government may find themselves facing suspension, debarment and loss of other privileges. If your company does business with the government, or with government contractors, the government can bar you from doing that work. It can suspend the ability to deal with the government, or completely debar a contractor. For health care companies that depend on funding from Medicare or Medicaid, and government contractors who depend on government funds, this step can be a death sentence.
Unlike situations involving fines and civil penalties, however, the government does not have to prove that a company is guilty of an offense. In theory, the government, like any other purchaser, has the right to determine whom it will deal with. So if the government decides that a supplier is not responsible enough to merit government business, it may cut off the business. Similar results can occur with other “privileges” granted by the government. For example, in certain categories of offense, the government can take away a company’s ability to export its products outside the U.S. Recalling the major defense contractors and the procurement scandals of the 1980s, the government contracting folks are likely to have no sympathy for a supplier who has not taken steps to prevent violations.
Despite the surge in criminal cases against businesses, there are likely still many in business who view criminal prosecution as a remote risk. (Even otherwise cynical business people can be naive in legal matters). On the other hand, these same businesspeople have likely had exposure to civil litigation as a normal part of business experience. For these people, the increasingly important role of compliance and ethics programs in determining civil liability can be a convincing factor.
In harassment cases, which except for instances of physical assaults are civil matters, compliance efforts can act as a defense against liability. The U.S. Supreme Court, in the Ellerth and Farragher cases, has concluded that in certain kinds of harassment cases, the fact that the company has attempted to prevent harassment and has reacted properly to an allegation, can mean that the company faces no liability.
While companies worry about the risk of damage awards in civil cases, the biggest threat in these cases is probably the risk of punitive damages. These are damages awarded beyond the actual harm caused, to teach the offender a lesson. This is, however, another area where compliance efforts may make a difference. Again, the U.S. Supreme Court has weighed in, this time in a ruling that applies to all discrimination cases, not just those involving harassment. In the Kolstad case, the Court held that taking steps to prevent violations, and reacting appropriately to allegations, is a basis for avoiding any claim of punitive damages.
Nor was Kolstad an isolated development. Even before these discrimination cases, there had been case law considering compliance efforts as a basis for avoiding punitive damages. So a compliance and ethics program may serve your company even in the more run-of-the-mill civil cases that are common to corporate life.
2) Protect the Board
Protecting the company from prosecution and other litigation is a compelling reason for having a compliance and ethics program. But another reason that may serve as a potent factor in corporations: The highest authority in a company—its board of directors—may face individual liability if a problem could have been prevented had the board ensured that an effective program was in place. This was the message of the Delaware Chancery Court in the Caremark case (In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996)). This court, which is highly influential in American corporate law because of Delaware’s central role as a corporate home, advised corporate directors that they should be aware of the Sentencing Guidelines standards. While the court hedged its statements, the threat was unmistakable. The directors who are oblivious to the need for compliance efforts are setting themselves up as defendants when a violation occurs in the absence of preventive efforts.
The Caremark case was merely the opening salvo in this campaign, however. After infamous cases like Enron and WorldCom, Congress changed the legal landscape through the Sarbanes-Oxley Act; following this, the stock exchanges also issued rules designed to prevent new corporate scandals. In all of these developments, the finger of blame and responsibility was increasingly being pointed toward the board. Then, in 2004, the Sentencing Commission issued its revised standards for compliance and ethics programs. Here, again, the board had moved to center stage. Under the revised Guidelines, boards are expected to oversee their companies’ compliance and ethics programs. The board members are even expected to participate in the company’s compliance training.
One of the messages for you to bring to management is that they do not want their board to hear about this from someone other than the management. Although compliance measures may require more attention from the board, they stand to gain by avoiding litigation, and maybe even criminal prosecution, personally. The fact that the company has a diligent program is good news, and management should be bringing this positive message to the board.
3) Protect the Brand and Company Reputation
The legal system is not the only source of damage to a company that is caught in improper conduct. Even if a company has not broken the law, if the public sees conduct it does not like, it can hammer a company through the marketplace. One need only recall the cases of prominent brands being attacked by consumer boycotts.
Bad news about a company can dramatically affect consumer appeal. The state of the environment including the risks from climate change, for example, is a popular cause among citizens. News that a company is polluting excessively, or has caused a major ecological disaster, can kill its image and cost a fortune in future revenue and PR-costs. Harassment and discrimination cases can alienate important customer groups. With the internet, the entire customer base is capable of hearing any allegation within minutes; even a small-town exposé can break into market-affecting news. Of course, issues of product or service safety offer the clearest examples. One dangerous product can wipe out a company’s market; the horror stories in this arena are legendary.
Furthermore, such bad news typically batters the stock and can destroy the company. Consider the value today of names like Enron, Andersen, and WorldCom. Suffice it is to say, they have no value, other than as warnings. The loss in market value in such cases is startling. And, of course, immediately behind such losses is the plaintiffs’ bar.
4) It’s Not Optional
There may have been a day, not so long ago, when a company could just decide to take its chances with any compliance efforts, perhaps on the faith that all their employees were good folks who would never go astray. But it now appears that the government and others are not as inclined to depend on the good faith of companies and their employees. Increasingly, compliance efforts are moving from the voluntary category to the mandatory. Consider, for example, Sarbanes-Oxley, which imposes (or pressures companies to adopt) certain compliance and ethics program elements. SOX, as it is unaffectionately known, applies to any publicly traded company in the U.S. Under this law, any company listed on a stock exchange must have a system for anonymous and confidential internal reporting of financial fraud. Every company affected by SOX must either have a code of conduct for its CEO and CFO, or explain why it does not. Lawyers who work for such companies on SEC matters have a compliance-reporting obligation. And the law provides protection for whistleblowers, including those who use internal reporting systems.
Following this cue, the New York Stock Exchange (NYSE) and the Nasdaq now require their listed companies to have codes of conduct and to post them on their websites. Boards are now charged with greater diligence.
In certain specific industries and/or risk areas, companies are being required to take compliance steps or to adopt full programs. For example, California, Connecticut, New York, and Maine, among others, require employee training on sexual harassment. The state of California has mandated that pharmaceutical companies adopt compliance and ethics programs following the standards of the HHS OIG’s guidance document on compliance and ethics programs. The SEC has imposed compliance requirements on the mutual funds industry in response to scandals in that sector. Under the EU's GDPR companies in the EU now need to have someone responsible for privacy. The pattern from the government is becoming clearer. Compliance steps are seen less as an option, and more as a requirement.
But the mandate does not stop there. More companies are seeing the risk of dealing with suppliers and other business partners who may get them in trouble by their misconduct. Even companies, therefore, are starting to require compliance steps through their contracts with suppliers and other business partners. We are approaching the point where some customers will not do business with a company unless it has a compliance and ethics program, given that liability can extend to those who do business with law-breakers.
Finally, in those cases where a violation occurs, the government requires compliance and ethics programs as a condition of settlement. It is now quite common to find compliance and ethics program requirements in consent decrees, settlements and corporate integrity agreements. Of course, at that point the issue of how best to develop a compliance and ethics program becomes somewhat moot—the issue then shifts to how to meet the demands of the government.
The point for managers to understand is that there is just no sense in pretending that this is something that does not apply to your company. With each new corporate scandal and each new legislative session, it becomes more likely that these things will be required. Given all the risks associated with not having a program, and all the other benefits available from an effective program, it makes no sense to wait to have one artificially forced on the company. Better to get the benefits and at the same time accept reality.
5) It Can’t Happen Here
In a company that has seen no problems itself, managers may think there is no reason to worry. Trouble may have hit other companies, but management will often dismiss those stories as something that only happens to other companies or other industries. The reality, however, can be quite different. For any company employing human beings, the odds are very high that there will be at least a few disturbing examples within the company. To bring this point home, consider doing a compliance audit to see what you can find. This can involve a limited number of interviews and employee file reviews. With any luck (or bad luck), you will find examples that can help convince management that they need to take a more pro-active approach to preventing misconduct. After all, if you can find it, investigative agencies or the government can find it.
Consider some of the examples of internal documents that have appeared before. In an infamous case involving Montgomery Ward, a Sears executive encouraged colleagues to recruit key Ward employees. The executive went so far as to send an email including the now-classic line, “Let’s be predatory about it!” Eventually, that line was used in court against Sears. If you know where to look, it often does not take too much digging to find equally scary examples in your own backyard. Nothing is quite so convincing as an example from a company’s own files.
6) Everyone Else Is Doing It
People naturally feel safety in numbers. If others are doing the same things, and something does not work out as planned, no one person or company will be left looking the fool. People also do not like to be left behind. No one wants to miss out on an opportunity, or be left sitting on the dock when everyone else is sailing off in a new direction. There are a variety of sources for numbers and examples to show management that a compliance bandwagon exists. For example, the Society of Corporate Compliance and Ethics has grown to nearly 6,000 members since its inception in 2004. The Health Care Compliance Association has reached nearly 10,000 members and shows no signs of stopping.
You can also use available information about who else has compliance and ethics programs and even published examples of specific steps that you might want your company to take. Because of Sarbanes-Oxley and the stock exchange rules, companies are posting their codes of conduct online, and some have provided even more program detail than that. You can also communicate directly with compliance people at peer companies as part of your benchmarking.
Industry practice groups are good for this, as well. These groups exist in different industries and geographic areas and will often leap at the opportunity to bring more companies into the field. You can also attend conferences on compliance and ethics by groups such as SCCE and HCCA, where companies will talk about all they are doing in their programs. Through your outreach efforts, you can find other people who have pioneered programs in their own companies. They can give you tips on how to convince your management and perhaps even come to speak with the officers or board at your company.
7) It’s a Global Trend
One source of resistance, especially at multinational companies, is the opinion that this is just some peculiar American thing, part of a litigation obsession. Whether it is convincing a Paris headquarters or a Mexican field office, being able to show that this trend is global helps soften such resistance. To convince a multinational audience, it is important not to make your sales focus American. The discussion should not focus on the Sentencing Guidelines, but should reference its standards carefully in the discussion. It is best to emphasize that the seven steps in the Sentencing Guidelines are good, universal management steps. The average person will not understand why these steps would come from something related to sentencing (not every system is as punitive as the American one). Even in the U.S., the Guidelines standards are really not, in fact, as important at sentencing as they are at the prosecution point.
Depending on who your audience is in a global business, lead with some of the overseas compliance examples. For example, in the area of privacy protection, it is not the U.S. that has taken the lead in setting rules or establishing compliance standards. In this area companies around the world are struggling with how to meet European, not American, legal requirements. In addressing an audience in Europe, there is no need to lead with stories about Enron and WorldCom when they have had their own tales of woe in Wirecard and Siemens. In the area of antitrust enforcement, both the U.S. and the EU have imposed enormous penalties for violations, with the EU having the ability to impose fines equal to 10 percent of a company’s world turnover. The American anti-bribery law, the FCPA, may have been the first, but an international treaty accepted by OECD members and other major trading nations has made this a global restriction. For example, in one case of alleged bribery in Kazakhstan, it was the Swiss bankers who broke news of suspicious activity. So if you are called upon to convince a headquarters in Amsterdam, or address sales people in Japan, do your research and come prepared to talk about examples in the countries where they do business, and not just the United States.
Once you have convinced your audience that the enforcement risks are universal, you can then explain to them that compliance and ethics programs are also part of the global scene. One of the most firmly established examples is in Australia. There the Australian Standards organization has promulgated a detailed standard on compliance and ethics programs, AS 3806. The Australasian Compliance Institute, a membership organization dedicated to the promotion of effective compliance and ethics programs, has more than 2,000 members in a country with only 19 million people. These compliance initiatives are strongly supported by the government, particularly by the ACCC, the competition law and consumer protection enforcement arm. Other examples stand out in places like Canada, the EU, and South Africa.
In Canada, the Canadian Competition Bureau has issued standards it will look to in assessing the bona fides of a company’s compliance and ethics program. In South Africa, a prominent report on corporate governance, the King II report, has embraced compliance and ethics programs. Subsequently the Johannesburg Stock Exchange adopted King II, with its compliance and ethics program standards, as part of its listing requirements.
In the privacy field the EU has taken the lead, with governmental authorities expecting companies to have someone assigned privacy compliance responsibility. Perhaps Italy deserves credit for taking one of the most innovative steps, however. In 2001, when it enacted legislation prohibiting corporate bribery (individual bribery was already illegal), it provided, by statute, a specific defense based on having a corporate compliance and ethics program. So in Italy, you do not have to be sentenced for compliance to matter; if you meet the standard you can escape conviction completely.
For those dealing with environmental compliance, the global point of reference is not U.S. standards, but the International Standards Organization’s environmental management system standards.
Ultimately, you can remind your audience of the underlying and compelling logic of why this development is inevitable and international. Society simply cannot allow large organizations to cause widespread and devastating harm. The fallout of corporate blunders can destroy lives and disrupt economies. Realistically, there will never be enough police to control organizations’ misconduct before it happens. Some organizations have tens of thousands or hundreds of thousands of employees, often spread out all over the world. No one government is in position to control these organizations, even if one were inclined to commit the necessary resources. So there is no real choice than to pressure and incent organizations to police themselves.
8) Protect the Company from Waste, Fraud and Abuse
One of the greatest potential benefits of a vigorous compliance and ethics program is the ability to protect the company from being a victim of waste, fraud and abuse. The very same techniques that help prevent your company from harming others will also help protect your company from being victimized. Such compliance fundamentals as helplines, investigations, auditing, internal control systems, monitoring, and risk profiling all can lead to prevention and detection of misconduct targeting the company.
What are the potential savings involved in this? The Association of Certified Fraud Examiners estimates companies lose the equivalent of 6 percent of their revenues to fraud. Frank & Newman-Limata, “A New Audience for COSO—SEC & PCAOB Requirements for Anti-Fraud Programs & Control,” Prevention of Corporate Liability Current Report 36, 32 (BNA, April 19, 2004). This is an enormous toll, and considerably greater than the cost of even an extraordinarily ambitious compliance effort.
Companies have lost billions in unauthorized trading schemes that have made the financial headlines. For example, between 1994 and 2004, there were at least 6 major cases with a range of losses from $175 million (Codelco) to $2.6 billion (Sumitomo). The other major cases in that period were Barings, Daiwa Bank, Princeton Economics and Allied Irish Banks. But even the small cases add up. The savings from catching or deterring even some internal theft and abuse alone can cover the entire cost of the program. This is one of the arguments you can make that can show a real financial return. You can develop this argument with the help of your company’s risk management, loss management, security and insurance folks. They may be able to provide useful examples and support you if they think you are championing their cause.
Always keep in mind a point of caution, however, whenever you are arguing specific financial benefits from compliance and ethics programs. If the program is very effective you may actually suppress the worst abuses and ironically have smaller numbers to prove the program’s benefit. You also do not want to appear to be suggesting that compliance and ethics efforts should only be undertaken if they produce specific financial results; this can come across as cynically mercenary. So when you use these types of specific savings as an argument, always include some of the other benefits as well.
9) We’re Already Part Way There
Managers may complain about the cost and perceived disruption of starting a new program. They often believe they have nothing and would have to start from scratch, but in fact, companies will typically have much in place. This can come as quite a surprise to management. Their first reaction may be “we have nothing and we just don’t have the time or resources to get into this.” You will quickly see that the reality is quite different, and typically much better than the initial reaction (although, without deliberate work to establish a program there is no chance you will find a full-blown program already in place). The company may well have full compliance efforts in some risk areas, such as environment, workplace safety and discrimination/harassment, due to the longer history of compliance efforts in these areas. Some of the same tools that are dedicated to these select risks can be modified for use in a broader corporate compliance and ethics program. Other compliance steps may already have emerged because people in the field are often creative in addressing needs that are not otherwise being met, see Murphy, “When Starting Your Compliance Program, Survey What’s Already in Place—and in Practice,” 16 ethikos 5 (Mar/Apr 2003). In one case, for example, a field business unit had created its own code of conduct because the headquarters materials did not meet their needs.
Much can also be accomplished just by piggybacking on what is already there. For example, if the internal audit organization already does reviews, you can tack compliance elements onto existing audits. The human resources department may be able to make modest additions to its existing processes that will meet the Sentencing Guidelines standards with very little additional effort. For example, small changes in existing disciplinary procedures, employee assessment programs, and background checking may take the company far toward having a credible program.
You can explain to management that they might be able to get credit from the government with just some additional steps. The point is that they already have made much of the investment without realizing it. Why waste the opportunity to get the benefits an effective program can bring when much of the hard work has already been done? And you, of course, are just the person to bring it all together.
10) It’s the Right Thing to Do
This might be surprising to some, but many people in business do believe in doing the right thing. It is a simple, straightforward point; there is not always an ulterior motive. This ethical motive has intrinsic appeal to many audiences. For example, in an informal survey of the sales tips conducted by one of the authors at a seminar on compliance that was predominantly for lawyers, “doing the right thing” was rated as the best reason. As you meet with employees and officers you will find that this approach offers a powerful force for many.
From a practical perspective, including this reason also helps keep the whole project less mercenary and thus more credible to internal and external audiences. Remember that the public expects companies to do the right thing, even if they are typically cynical concerning that motive.
11) It Fits Our Corporate Strategy
Managers will often be focused on a management technique or strategy that they think will help the business. There are always trends in organizational theory that capture the attention of leading companies.
Often you will be able to tie a compliance initiative into management’s strategy. This is typically so, because good compliance really calls for good management techniques. If a new technique is useful for getting results in organizations, then it likely will fit well into the compliance effort. For example, quality has been, and remains with many, a focus of great attention. Yet a good compliance and ethics program is, in fact, a good quality program. The essence of compliance and ethics is preventing, rather than just fixing, problems, and doing root cause analyses when problems occur. So too, in quality, the focus is on how to prevent problems, and how to avoid their recurrence when they do occur.
While you can use the trends in management strategies to your advantage, you also need to be careful how tightly you tie compliance to any single management trend. Trends in management come and go and you do not want this to happen to the compliance and ethics program. Compliance is not just a trend or technique; an effective program must extend to all areas of the organization and culture, and must be a permanent feature. On the other hand, management trends change. You need to be independent enough so that you endure and fit in with the next management focus.
12) Taking the Offensive
Seizing the initiative can be one of the best and most appealing advantages of having a good program. The idea is that compliance is not just a cost, but an opportunity to add value to the business. This approach offers a more positive and exciting reason for endorsing a compliance and ethics program. It puts the compliance advocates in the position of sharing the quest for the company’s success.
There can be a real marketing benefit today from having an effective program. Blue chip companies may look for this in prospective business partners. In one recent example a salesperson for a company happened to mention their newly enhanced program to a major corporate customer. The customer’s people immediately wanted to know all about it. It turned out that the customer had a longstanding commitment to compliance and was excited to see a similar effort in a supplier. The sales person then reported back to headquarters on how helpful it was to be able to tell customers about the company’s program.
Business customers may have this interest in your company’s program because of the standards of the Sentencing Guidelines. The Guidelines speak of training “agents, as appropriate,” on compliance matters. The supplier who is a step ahead and already provides relevant training to its employees who deal with that customer will have an advantage in the marketplace.
Having an effective program can also help in recruiting and retaining good people—both employees and board members. The existence of a compliance and ethics program is something that increasingly matters more to employees, having seen what happened to employees at Enron and Andersen. A compliance and ethics program protects and serves everyone, from the hourly employees to the senior officers and board members. No one wants to lose their retirement nest egg like the Enron employees, or have on their resume that they worked for a company now seen as a criminal enterprise. No one wants the embarrassment of being the target of friends’ and neighbors’ taunts and criticisms because of where they work.
There is also a benefit to companies when they educate employees on the legal environment. Employees who learn and understand the company’s legal rights can help protect the company. This approach is not just about avoiding losses from compliance errors: the same educational effort used for preventive purposes can also serve a competitive purpose. Employees can learn that the law is not just a list of restrictions on the company; for smart companies it is also a tool to help compete more effectively.
There are, then, tangible commercial benefits for taking an aggressive approach to compliance. But, you need to be careful that you do not come across as too mercenary, or too calculating. You want management to support this effort for many reasons, not just the financial impact it offers. But it is always good to have a positive side to your presentation when trying to win people over to your way of thinking.