Preview Mode Links will not work in preview mode

Prison Professors

  1. All Episodes
  2. 163. Strengthening Compliance Programs

163. Strengthening Compliance Programs

Dec 23, 2020

Companies primarily adopt compliance programs because they recognize the need to mitigate risk. Leaders want to get the end result of a safer workplace with less legal exposure. Merely adopting a compliance program, however, without comprehensive implementation, may not yield the return on investment that a leader wants.

On any given day, we can turn to the Department of Justice website to read press releases of criminal indictments for white collar crime. Many of the defendants in those cases began without any intention to break laws. Yet a lack of a clearly defined business model, or well-engineered compliance system, put those people into the cross hairs of a government investigation. High legal costs and criminal proceedings followed.

All businesses stand vulnerable to the dangers of a government investigation. For these reasons, leaders should take steps to minimize their exposure. That means they should put plans in place to show a commitment to transparency, compliance, and good corporate citizenship.

Our team at Compliance Mitigation has identified 10 reasons that compliance programs may fail in businesses:

 

  1. A Failure to Appreciate Risk

Leader should begin with an honest assessment of the risks the company may face. To get the right answers, they may ask Socratic questions. Rather than starting from the perspective of the company leader, questions should come from the mindset of an investigator. Those people will be cynical. If company leaders do not anticipate such questions, they may fail to appreciate their exposure to risk.

Company leaders frequently strive to:

  • Provide products or services to satisfy customer needs,
  • Create jobs and paychecks for employees,
  • Contribute to the building of stronger, more vibrant communities, and
  • Earn an acceptable return on investment for shareholders.

A company may not have the luxury of hiring an entire team or department to contemplate risk exposure. Yet if they do not understand the risk, they may not see value in a compliance program. If leaders do not see how a compliance program can strengthen the overall health of the organization, they may undermine its effectiveness. Without a good compliance program, the company and its team leaders may face harsher scrutiny from regulators and investigators. For these reasons, proper training should highlight failures and the accompanying costs of a bad compliance program.

  

  1. Lack of Leadership Buy-In

When it comes to compliance, leaders should recognize that the company’s commitment to ethics starts at the top. If leaders do not embrace the principles of good conduct, team members will not take compliance seriously.

Compliance programs that send mixed or inconsistent messaging leave the company vulnerable to liability. That liability can include exposure to internal fraud, lawsuits from customers, investigations by government regulators or law enforcement.

Good training should profile examples of the fallout that has come from such failures in compliance.

 

  1. A Paucity of Resources Devoted to Compliance:

Failing to devote financial resources to support compliance training exposes a company to more risk. If an investigation begins, and the company cannot show a deliberate, consistent investment in the pursuit of excellence, authorities will be less likely to see the business or its leaders as good actors. On the contrary, investigators may accuse the business and the responsible parties of operating from a state of “willful blindness,” a term we heard a lot about while our team members were in prison.

Compliance training does not have to be a drain on the company’s resources. In fact, when leaders design compliance programs to demonstrate a commitment to transparency, they may be simultaneously investing in corporate messaging. That better messaging can lead to better efficiencies, helping every team member get a full grasp of how the company operates and achieves excellence.

With such a commitment, every team member may work collaboratively, in accordance with corporate goals. When leaders view compliance as an essential part of the corporate mission, they devote the appropriate resources. Those resources may advance corporate success, while simultaneously mitigating risks.

 

  1. Demoralizing Compliance Departments

When company leaders view compliance programs as being wasteful expenses, team members won’t take the program seriously. Unfortunately, if anything should ever happen that brings the company to the attention of government investigators, leaders should expect to pay a heavy price.

Clearly, a company succeeds by devoting resources to sales teams, marketing teams, and operational teams that build thriving businesses. Yet leaders should model themselves after athletic coaches that require players to train on fundamentals. Coaches invest in defense and offense, not just offense. Likewise, business leaders should invest in defensive measures that will protect all team members.

If a government investigation begins, the value of an effective compliance program will become readily apparent. On the other hand, a demoralized or feeble compliance program will only hurt the organization. Government attorneys will use flawed policies as evidence of the company’s devotion to willful blindness.

Indeed, the Harvard Business Review published an article describing how the Department of Justice tasks prosecutors “to determine whether a corporation’s compliance programs is merely a ‘paper program’ or whether it was designed, implemented, reviewed, and revised, as appropriate, in an effective manner.”

 

  1. The Policies Lack Clear Instruction and do not Relate to the Business

A good compliance training program engages team members. If leaders do not supplement off-the-shelf compliance programs with additional instruction that teach or inspire team members, they miss an opportunity.

Neither boilerplate language, nor dense legal jargon, will help. An option would include supplementing training exercises with human case studies. Leaders may profile the story of a person convicted of a white-collar crime. Task participants with identifying what went wrong. Perhaps encourage them to come up with strategies that may have lessened the risk. Use the feedback as a resource to strengthen corporate processes and procedures. Another option would be to create cloud-based, on-demand video training that encourages the development of critical-thinking skills.

 

  1. Misplaced Incentives

A company can doom a compliance program by failing to align compensation with good corporate behavior. If a company incentivizes people to get sales by any means necessary, they may simultaneously create a culture of non-compliance. Many people serve prison sentences for violating laws related to:

  • Foreign Corrupt Practices Act
  • Sherman Antitrust Laws
  • Money Laundering
  • Identity Theft
  • Bribery
  • Mail Fraud
  • Wire Fraud
  • Honest Services Fraud
  • Securities Fraud

While in prison, many of those people complain that they only did what their companies wanted them to do. The employees lost, and in many cases, the companies lost as well—paying enormous financial penalties. Good compliance programs will incentivize excellence in every area, providing training that shows a commitment to good corporate citizenship.

 

  1. Inadequate Communication and Training

Corporate leadership requires clear and consistent messaging that shows how leaders define excellence. Leaders that do not communicate the company’s commitment to integrity give license for other people to violate rules. The training should show that the company places a high value on excellence—and placing a high value on excellence means training for excellence in communications, from the top down.

The communication channels should flow both ways. People at every level in the organization should have an opportunity to ask questions or express concerns. If an employee sees something wrong, the person should have some mechanism to speak up without fear of retaliation. Without that two-way communications and training, the company may weaken a compliance program.

 

  1. Outsourced Noncompliance

A company cannot escape punishment from law enforcement, or escape liability from regulators, by outsourcing noncompliance. Both the Department of Justice and regulatory agencies have launched government investigations that punished entities for contracting with outside contractors or third parties that facilitate illegal behavior. Further, when leaders look for plausible deniability by using the “it’s-not-my-fault” defense, they expose themselves to accusations of being willfully blind to illegal or corrupt behavior. Bad and inconsistent messaging threatens the entire the organization.

 

  1. Failing to Monitor or Audit Compliance

If the company doesn’t show a commitment to maintaining compliance, the team members will ignore the training. They may do what is necessary to pass an internal quiz on what they have learned. As soon as they leave the training session, however, many of those people go about business in a manner that shows a total disregard for what the compliance program ostensibly teaches.

In contrast, a company with a true commitment to compliance will show team members how the company’s leadership invests heavily in corporate excellence. Besides ongoing training, they may show a commitment to monitoring by sponsoring a private “hotline” that encourages people to report noncompliance. They may conduct internal audits or perform phantom calls to see how people will respond. Then, the company may announce its findings regularly.

When team members understand that the business’s leaders monitor and audit compliance, people will show more commitment to operating in harmony with what they’ve learned through compliance training.

 

  1. Inconsistent Enforcement and Discipline

If a company is harsh on low-level employees, but it allows rainmakers or leaders to get away with noncompliance, the compliance program will fail as a resource to protect against government investigations. As the above-quoted Harvard Business Review article noted, prosecutors will deal harshly with companies that do not treat the compliance program as an integral part of the organization

To grant a non-prosecution agreement, prosecutors will assess the company’s policies—including records the company keeps on disciplinary or corrective measures for noncompliance.

The following 20-page report that the Department of Justice published will help leaders grasp the “critical factors” prosecutors will use when assessing “the comprehensiveness of the compliance programs.”

https://www.justice.gov/criminal-fraud/page/file/937501/download

That document shows a compliance program should provide a clear message that leadership will not tolerate misconduct. The program cannot succeed if prosecutors determine that policies do not apply to people in senior leadership positions. According to the document:

“The company’s top leaders set the tone for the rest of the company. Prosecutors should examine the extent to which senior management have clearly articulated the company’s ethical standards, conveyed and disseminated them in clear and unambiguous terms, and demonstrated rigorous adherence by example. Prosecutors should also examine how middle management, in turn, have reinforced those standards and encouraged employees to abide by them.”