The purpose of this article is to consider how a corporation can create and maintain an anti-corruption “culture of compliance.” This is an interesting question to me because prior to joining Baker & McKenzie two years ago, I worked for a corporation that had developed a strong anti-corruption compliance culture. Since leaving the in-house world, I have thought about the circumstances or key elements that give rise to such a strong compliance culture in hopes of being able to help other companies develop a similar “culture of compliance.”
While every company is different and each company has its own unique corporate culture, I believe that the most important element in developing a “culture of compliance” is leadership that is strongly committed to doing business in an honest, ethical and legally compliant manner and which is willing to walk away from all business that does not meet that standard. As discussed below, I believe that a “culture of compliance” is built over time through developing effective standards and controls, including risk-based policies and procedures that are diligently followed and enforced, frequent communications from senior management on the importance and value of anti-corruption law compliance and ethical business practices, regular training for the corporation’s employees and appropriate third parties, and ongoing monitoring and auditing to ensure strict compliance and to detect and address any issues or problems. The good news is that any company is able to develop a “culture of compliance,” regardless of its size, industry or location, depending on the commitment of its leadership and the willingness to devote the sustained effort and resources over time to doing business only in a lawful and ethical manner, even at the cost of losing certain sales.
1. Senior Management Commitment
The central importance of a company’s senior management in establishing a culture of compliance is highlighted in “A Resource Guide to the Foreign Corrupt Practices Act, issued by the U.S. Department of Justice and the U.S. Securities and Exchange Commission, which observes that:
Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company. Managers and employees take their cues from these corporate leaders. Thus, DOJ and SEC consider the commitment of corporate leaders to a “culture of compliance” and look to see if this high-level of commitment is also reinforced and implemented by middle managers and employees at all levels of a business. A well-designed compliance program that is not enforced in good faith, such as when corporate management explicitly or implicitly encourages employees to engage in misconduct to achieve business objectives will be ineffective. DOJ and SEC have often encountered companies with compliance programs that are strong on paper but that nevertheless have significant FCPA violations because management has failed to effectively implement the program even in the face of obvious signs of corruption.
Resource Guide at page 57. (Emphasis added.)
In my experience, both as in-house and outside counsel, if senior management is genuinely committed to compliance and avoiding and preventing corruption, the middle management and personnel throughout the company will pay close attention to potential corruption risks and will seek to avoid them. An example of such senior management commitment that I experienced firsthand involved the CEO of a major aerospace and defense corporation walking away from a proposed $1.8 billion acquisition because our due diligence had revealed significant FCPA concerns. That same CEO began most large corporate gatherings with a reminder about the corporation’s high ethical standards and the necessity of conducting all business with honesty and integrity in compliance with the corporation’s code of ethics and business conduct and with U.S. and applicable foreign law. The CEO tied this message to the corporation’s critical national security role and made honesty and integrity in performing this vital function part of the corporation’s identity and brand.
The vice president of business development of this corporation reinforced this message from the CEO by regularly reminding all of his international business development personnel in the United States and offices around the world that there would be “no sleaze” in any transaction engaged in by the corporation. This vice president gave out pens and laminated cards to all members of his team with his “laws” on them, which included honesty, integrity, good citizenship, teamwork, and “nobody goes to jail.”
This vice president of business development, along with the corporation’s general counsel, declined to proceed with a number of proposed sales where due diligence made it clear that there were significant FCPA concerns. Under their leadership, for example, the corporation walked away from a possible satellite sale to Kazakhstan, a large aviation-related sale to a distributor in China, and a military aircraft-related sale in Thailand. The corporation clearly was not happy to lose these significant sales opportunities, but there was no consideration by its senior management of choosing profit over compliance.
2. Effective Standards and Controls
Another key element in building a “culture of compliance” is having effective standards and controls, including policies and procedures which have been designed to address the risks that the company is facing in the real world, which are diligently implemented, followed, and enforced because of the genuine strong commitment of senior management. The good-faith implementation of such standards and controls throughout the corporation has the effect of making all employees and agents aware of the corporation’s requirements and draws them into a circle of compliance through their involvement and participation. For example, in the company described above, the corporation’s rules for providing gifts and hospitality to foreign officials were broadly disseminated to all employees involved in international business through annual training, both live and online, as part of the corporation’s annual anti-corruption law compliance training and annual live ethics training for all employees and international consultants.
By being required to strictly comply with the corporation’s gift and hospitality rules, employees became sensitized to the issue of FCPA compliance and the giving of meals, gifts, entertainment or anything else to foreign officials. Because even minor violations of the corporation’s anti-corruption policy were reported up through management and annually reported by the chief financial officer and general counsel to the audit committee of the board of directors, a great deal of attention was paid to complying with the gift and hospitality rules by employees at all levels. Over time, their focus on the need to comply with these requirements, given the constant ongoing management attention to compliance and the strong desire to avoid policy violations which would be reported to the audit committee, led to a heightened awareness of the need for FCPA compliance in areas besides gifts and hospitality. This helped to create and maintain a “culture of compliance” within the corporation.
3. Frequent Communications From Senior Management
Another key element in building a “culture of compliance” involves frequent communications from senior management reminding the company’s employees of the importance they attach personally to anti-corruption compliance and the corporation’s zero tolerance for noncompliance. As noted above, examples that I witnessed included frequent statements made by the CEO at large corporate meetings that honesty, integrity, and legal compliance were key corporate values and part of the corporation’s identity and brand and constant reminders by the vice president of business development to his staff that “sleaze” would not be tolerated and “nobody goes to jail.”
4. Regular Compliance Training
Another vital element to building a “culture of compliance” is regular anti-corruption compliance training. At the company described above, such training was conducted on an annual basis for all employees involved in international business or who might have contact with foreign government officials. This training was conducted online and supplemented with live and targeted training for employees in high-risk areas like international business development. It also was supplemented by live annual ethics training which typically contained an FCPA compliance-related example. The corporation’s international consultants, sales representatives, distributors, resellers and offset brokers also received annually either live ethics training, which included an FCPA compliance component, or a live FCPA due diligence interview conducted by a member of the corporation’s legal department.
5. Ongoing Monitoring and Auditing
A final element to building a corporate “culture of compliance” is the ongoing monitoring and auditing of anti-corruption compliance throughout the corporation to make sure that the company’s standards (policies and procedures) and system of internal controls are being properly implemented, followed and enforced. Any problems or issues that are identified must be promptly addressed. Without such monitoring. auditing and response, there is no assurance that the compliance program is working and that employees and third parties are following its requirements.
Because third parties such as international consultants, sales representatives, distributors, resellers and offset brokers are a key danger area, the company described above appointed an employee to serve as the agreement monitor for each of these third parties. The monitor was responsible for monitoring both the third party’s substantive performance and compliance with the agreement’s provisions designed to ensure FCPA compliance. Failure to perform this monitorship effectively would lead to removal of the employee as a monitor and could lead to disciplinary action against the employee. Failure to comply with the agreement’s compliance requirements would lead to termination of the third party’s agreement.
The monitoring and auditing of anti-corruption compliance throughout a company should be conducted by a number of corporate functions and departments working cooperatively. At the company discussed above, this included finance, legal, internal audit, and ethics. The concerted and coordinated effort to monitor and ensure anti-corruption compliance throughout the corporation sends a powerful signal to all employees and third parties that the corporation is serious about compliance and will not tolerate lax or corrupt behavior.
The creation of an anti-corruption “culture of compliance” involves a number of elements — senior management commitment, clearly articulated standards (policies and procedures tailored to the real-world risks the company is facing) and a system of internal controls that are diligently implemented, followed, and enforced, frequent communications from senior management reinforcing their commitment and involvement, regular compliance training for employees and third parties, and ongoing monitoring and auditing of compliance with appropriate corrective actions. I believe the key, however, is the first element, the commitment and personal involvement of the company’s senior leadership to establish a “tone at the top” that is serious about legal and ethical compliance, honesty and integrity in all of the company’s dealings as a matter of the company’s brand and identity. Human nature being what it is, this senior leadership commitment must be evidenced and supported on an ongoing basis through an effective system of internal controls designed to monitor compliance and detect any instances of concern or non-compliance.
This level of commitment will lead to the company walking away from business that is tainted by corruption and terminating or not hiring employees or third parties that do not live up to the company’s legal and ethical standards. When this level of commitment exists and is demonstrated, monitored and enforced in an ongoing way by a company’s senior management, the development of a “culture of compliance” over time is a natural consequence. I believe that any company can develop such a “culture of compliance,” regardless of its size, industry or location.
This article was first published on Law360