Principled

Abstract:

How are data privacy laws like GDPR impacting business? What can we learn from Amazon’s $850M fine last year, and Facebook’s recent posture about leaving Europe altogether? In this episode of Principled Podcast, LRN Chief Legal Officer Aitken Thompson, talks about data privacy regulation with Donovan Burke, Partner at VGC LLP and General Counsel at DWELLoptimal Inc. Listen in as the two discuss what’s happening now in the regulatory space when it comes to data privacy and protection, and what steps organizations can take to stay ahead.

What You’ll Learn on This Episode:

• [1:16] The current stance of GDPR, CCPA and developing regulations in the U.S. and Europe.
• [2:24] What trends in data privacy and security should CCOs, GCs and CTOs be considering in 2022 and beyond?
• [3:33] What actions can be taken to protect a company and educate employees?
• [4:45] Other laws and regulations aside from GDPR and CCPA.
• [5:55] How seriously are organizations taking these regulations?
• [8:49] How are companies handling this multiple geographic and jurisdiction?
• [12:08] Are there actually conflicting requirements?
• [13:58] What are the positives of complying to these regulations?

Featured guest:

Donovan Burke is a dynamic and visionary legal advisor and thought leader focusing in Emerging Companies, Corporate Structure and Governance, Mergers & Acquisitions, Seed and Venture Capital, Initial Public Offerings, Corporate & Securities, and an expertise in Data Privacy. He is a proven legal counselor and executive as a Partner in premier global law firms and General Counsel of major technology ventures.

Featured Host: 

Aitken Thompson became interested in the then-nascent field of educational technology after starting his legal career at Kirkland & Ellis. He left law firm life and co-founded Thompson Educational Consultants and, subsequently, Taskstream, LLC. Taskstream quickly became a leading company in assessment and accreditation for higher education. Aitken served as Chief Operating Officer, leading the legal, human resources and finance functions of the business.   Beginning in 2016, Taskstream underwent a rapid expansion, merging with five other ed-tech companies in a span on 18 months and, in the process, becoming Watermark, LLC, and creating the “Educational Information System” category of ed-tech. During this period, Aitken’s legal and HR focus expanded to encompass private equity investment and the transition between primary sponsors, cultural and process integration amongst the various merged entities, and the management and harmonization of legacy client and vendor contracts.
Aitken is a graduate of Columbia College and Columbia Law School. He is a life-long New Yorker, but spends as much time as he can sailing off the East End of Long Island.

Transcript: 

Intro:

Welcome to the Principled Podcast brought to you by LRN. The Principled podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Aitken Thompson:          

How are data privacy laws like GDPR impacting business? What can we learn from Amazon's $850 million fine last year, and Facebook's recent posture about leaving Europe altogether?

Hello and welcome to another episode of LRN's Principled Podcast. I'm your host Aitken Thompson, chief legal officer at LRN. And today I'm joined by Donovan Burke partner at VGC LLP and general counsel at Dwell Optimal incorporated. We're going to be talking about data privacy regulation, what's happening now, and how organizations can stay ahead. Donovan Burke is a real expert in this space. He's also proven legal counselor and executive as a partner in premier global law firms and general counsel of major technology ventures. Donovan thanks for joining me on the Principled podcast.

Donovan Burke:              

Oh, thanks for having me Aitken, pleasure to be here.

Aitken Thompson:          

Great. Let's just jump right in by this time I think it's safe to say that most, if not all, CCO's and GC's are at least aware of GDPR and the California equivalent CCPA, they are also aware it's a very fast developing area of regulation here and in Europe. Can you just give us a lay of the land for those who don't know, or not as aware as they would want to be about these privacy and data regulations?

Donovan Burke: Absolutely. In the United States, these regulations were more of a secular variety in the recent history, laws applying to health or financial services. All had elements of them that are data privacy elements. But for several decades, Europe in particular has developed very sophisticated, comprehensive data privacy laws. The most well known of which is the GDPR and GDPR like laws are the laws that are proliferating presently, and they're comprehensive privacy laws that govern specifically information relating to an identifiable person, and protect that person's rights with respect to that information.

Aitken Thompson:          

So what are the trends in data privacy and security that you think that CCO's and GC's and CTO's for that matter should be thinking about in 22 and beyond?

Donovan Burke:              

Well, as I mentioned before, these laws are proliferating. Not only is the GDPR itself becoming more complex, there's more guidance coming out on it every day. GDPR laws are being exported and adopted in a lot of other jurisdictions, Brazil, China, India, and in the United States, starting with California and the CCPA, which will soon become the CPRA and Colorado and Virginia, and there's a handful of other states that this year are expected to adopt GDPR like laws. So, I think this is not a trend that's going away anytime soon. These laws all have extra territorial jurisdiction, meaning it only requires usually a fairly tenuous nexus in order to be covered by these laws, and as more jurisdictions adopt them, the more likely it is that any given venture is going to run into data privacy issues, that are consistent with the GDPR like law.

Aitken Thompson:          

So what can GC's and CCO's do as sort of action items for protecting their companies and educating their employees on GDPR and CCPA?

Donovan Burke:

Yeah, well, just taking a step back, these laws, training employees is not only a means to complying with the substantive, or the other substantive aspects of the law, because of course you need to do that. The employees are the ones that are where the rubber meets the road. They're the ones that really need to be able to identify when a privacy issue potentially arises. The average employee is not, nor could they possibly devote the time to having the expertise to solve these problems, but they need to be able to elevate them. But apart from that very critical function of knowing when to alert someone who's an expert in this area, in order to properly assess a potential privacy issue, these laws actually require the training and documentation of the training as part of the accountability and showing that they're in compliance with the law. So it's a critical, critical aspect.

Aitken Thompson:          

[inaudible 00:04:44] people who are aware of GDPR and CCPA, which as you mentioned, is now going to be known as CPRA. Are there other jurisdictions, nations, and for that matter inside The United States that are also promulgating similar laws that people have to be aware of and follow the action vis-a-vis those laws and regulations promulgated underneath them?

Donovan Burke:

Yeah. Oh for sure. And that's obvious. Brazil came out a year or so ago. I believe it became effective with a GDPR law, very close to the GDPR. China has a law that is derived in large part from the GDPR and India also. Obviously these are huge markets and that is going to continue to be the trend. And as we mentioned the CCPA has already, after just having been effective for a couple of years, is becoming the CPRA, and what that really is move even closer of the GDPR, adding some special considerations for sensitive data and other key GDPR concepts.

Aitken Thompson:          

So it's my impression that people are aware that these laws do carry some potential stiff penalties and enforcement actions are available by governments potentially, and also potentially by individual people who had their data exposed. But I get the feeling that a lot of CCO's and GC's are still not taking the enforcement mechanisms as seriously as they should. Has that been your impression, or am I off on that?

Donovan Burke:              

I think that has been true, although I think given that enforcement has, I believe it's trebled in the case of the European union enforcement actions and, really expensive ones like the Amazon that you mentioned that was $800 million or so ultimate hit to Amazon. So I think they're waking up and I think they should be. Let's take this in a couple of pieces. Private rights of action can get extraordinarily expensive in the United States where these GDPR like laws have been implemented, the private rights of actions are fairly limited today. They're not nearly as limited in the European Union. Although recent court cases have made it a little more difficult for folks to bring private rights of action. But I think there's been a lot of forbearance on the part of authorities that bring the enforcement actions apart from being sued by a person, the actual agencies that enforce these laws.

I think they've given people a break, because they realize that these are new laws, they've been changing so rapidly. It's really hard to figure out how to comply even the authorities themselves aren't sure how to enforce the laws until there's some more guidance from the promulgating authorities. And that's certainly been the case in California, and also been the case in the European Union, where until recently most of the enforcement actions were where there was kind of an obvious and urgent issue, a breach, where there was a data breach. That would be where the authorities would step in, but now in all jurisdictions, it seems like that break is over and there's enough guidance to know how to enforce, and so you're seeing a lot more actions in the European Union, for example, where there for failure to have a proper legal purpose or a lot of other more subtle aspects, apart from there just being a massive data breach, which is an obvious problem.

Aitken Thompson:          

And when you say legal purpose, you mean legal purpose to have, and to share the data?

Donovan Burke:              

Exactly, under the GDPR you have to have a legal basis for processing the data, and there are a number of bases that you can have, including a legitimate purpose or consent. And some form of that generally finds its way into the laws of any jurisdiction that has a GDPR like law. But the point I'm making is there are a lot of, for example, there are disclosure requirements, very specific kind of what you need to cover and disclose, and what you need to do in order to get the right kind of consent. And I think all of those types of more technical issues that the authorities have been willing to overlook because they've been in a state of flux. And what does that mean, and how do you do it? But I think they're getting to a point where they feel like people ought to know it enough at this point, and there's enough guidance to where these laws are going to be enforced.

Aitken Thompson:          

Right. And you sort of getting into sort of the aspect of best practices, or the topic of best practices, certainly as CCO's and GC's, how we react to regulatory risk is in the main reaction, prospectively is to put in some best practices in place. Make sure you're following the correct procedures. But in the complicated regulatory situation, like data privacy is. How are companies handling these multiple geographies and jurisdictions and certainly slightly different requirements in each one, although they're sort of related? Is the answer just to apply the most restrictive rules globally, or do you create redundant systems and regionalize those systems in conjunction with where you are, where your data sits? Ultimately, what are the factors that go into the decision on how to, how to handle data?

Donovan Burke:              

Well, the answer, is it going with the most onerous laws, the most demanding jurisdiction, or is it to really try to be more compartmental in terms of compliance? The answer to that is yes, it's both depending on your resources, and how the laws impact transacting your business. Really large scale enterprises that have a particularly heavy personal data component where it drives their revenues is critical core to their business. If the most onerous laws are antithetical to collecting and using the data that in a way that's most profitable for them, then obviously they're incentivized to try and have a different user experience for different jurisdictions, so that they can maximize the use of the data jurisdiction by jurisdiction.

Whereas other enterprises where the personal data component, isn't so important and where the data that they have to collect isn't really impacted over jurisdictions and there's less an incentive to behave differently, and to have a different experience jurisdiction by jurisdiction. And at the top level of all this, is money. No matter how large the organization, there are only so many resources that can be thrown at this particular aspect of doing business. And certainly you want to try and achieve an optimal level of compliance, but at the end of the day, for a lot of people in charge of these programs and enterprises, it's figuring out how best to leverage the resources that they have.

Aitken Thompson:          

Absolutely. I believe that's more or less true of all compliance efforts, but certainly one as complex as this one. One follow up question on that obviously a short podcast is a textual analysis of these very complicated laws, are sort of well beyond our scope here, but it had occurred to me, and I wanted to ask you. As between the GDPR CCPA, are there actually conflicting requirements, with either, or that we have to think there may not be? But I'd love to ask the question.

Donovan Burke:              

Yeah, there can be, the privacy laws themselves don't tend to be in conflict, but for example, the privacy requirements, as we mentioned at the beginning, these data privacy laws have an extended jurisdiction. So just because it's the GDPR and it's the European Union, it extends to really anyone who establishes a nexus with the European Union, which most large US corporations, for example have that nexus. And so often the conflict will come up in personal data, that's required to be disclosed in litigation and other administrative matters here, where our rules of litigation and our laws, rules, regulations, require disclosure of information that the similar laws in the European Union do not require. And so you may be required to disclose information pursuant to laws here, and disclosure of that information is in conflict with your obligations under the GDPR.

Aitken Thompson:          

Got it, it's interesting, we've been talking mostly in the last couple minutes about sort of the compliance end of things, but CCO's are called chief ethics and compliance officers first for a reason. And so beyond compliance and beyond the sort of fear of enforcement actions, and balance saying compliance with business objectives, what are the positive, obviously these laws were created and are being enforced to protect people, and protect their data and their identity, and all sorts of other things. So there should be some positive in terms of compliance and following these laws. What do you see as a positive for that the CCO or GC you can point to, and sort of animate the discussion with, regarding these privacy laws regarding what's to gain from complying with GDPR and CCPA and the other regulations?

Donovan Burke:              

Yeah, well the debate over whether data privacy and privacy generally is a good thing, was settled thousands of years ago, all these laws derived originally out of some of the original texts of the world's religions and then evolved into charters of the European Commission and the United Nations, and have found their way. So certainly there is a huge ethical component and a human rights component, to providing people with protection of their data, in addition to being perceived as a true ethical issue that it is a substantial, competitive advantage.

It's a market differentiator, consumers definitely will tend to gravitate towards a company that is perceived as taking the privacy of its data seriously. And surveys have identified it as the top ESG category for consumers. And it's also regarded by investors as a key ESG concern. And it's not just in the context of being attractive to the customers of a business, but as you well know, companies are looking at and buying and joint venturing and doing all kinds of business combination arrangements with other companies. And that is increasingly becoming a matter for diligence, and real consideration in terms of value and compatibility in doing these corporate transactions.

Aitken Thompson:          

Absolutely. And certainly LRN has done a fair amount of research on this, and all our research points to the fact that data privacy along with other ESG issues are becoming more and more, very, very important issue for corporate boards, both public and private boards. Well clearly this is the conversation we could be having all day, but we're out of time now, Donovan. So thank you so much for joining me for this episode.

Donovan Burke:              

Oh, I really appreciate you having me, the time flew.

Aitken Thompson:          

Great. Thank you. My name is Aitken Thompson, and I want to thank you all for listening to the principled podcast by LRN.

Outro:  

We hope you enjoyed this episode. The Principled podcast is brought to you by LRN at LRN. Our mission is to inspire principled performance and global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple podcasts, Stitcher, Google podcasts, or wherever you listen. And don't forget to leave us a review.

Abstract:

Mobile devices influence nearly every aspect of our lives, including how we learn and process information. So, it’s no surprise that mobile is only becoming more important to ethics and compliance programs—especially when it comes to meeting employees where they are. LRN’s 2022 Ethics & Compliance Program Effectiveness Report confirms this. But how can organizations ensure that they are integrating effective mobile E&C solutions? In this episode of the Principled Podcast, host Carolyn Grace, content writer and podcast co-producer, talks with de Guise Vaillancourt, a lead project manager at LRN who specializes in mobile app development. Listen in as the two discuss how mobile solutions enhance E&C program effectiveness and what mobile considerations E&C professionals should take for the year ahead.

To learn more, download the 2022 E&C Program Effectiveness Report.

What You’ll Learn on This Episode:

[2:33] - Why does it matter to have mobile as part of a corporate ethics and compliance program?

[3:39]-  Key special features of the mobile app.

[7:21] - The challenges around going mobile driving slow adoption.

[12:02] - Recommendations and encouragement for people who are just starting out.

[17:17] - The differences and similarities in mobile app development between the U.S. and Europe.

[20:07] - Key insights de Guise has learned from doing this type of work and how these insights can inform the way professionals approach mobile in 2022.

Featured guest:

de Guise Vaillancourt is a lead project manager at LRN who specializes in mobile app development. In this role, he serves as the main contact between clients and product developers throughout the entire mobile project lifecycle—including design, content, user experience, customization, technical requirements and troubleshooting.  de Guise has helped LRN launch over 20 apps for client partners in the last three years alone, thereby playing a significant role in shaping LRN’s mobile offering and its evolution.

Prior to LRN, de Guise worked on apps as vice president of international marketing for 20th Century Fox, where he contributed to development from predominantly the end-user perspective. Before that, de Guise was the executive director of global marketing at Avon Products. There, he managed and led the strategic planning, marketing, and product development for Avon's global product portfolio and built partnerships across 15 key international markets, helping transform Avon’s image into a modern beauty resource. de Guise earned his Master’s in I/O Psychology at New York University as well as a Master’s and B.A. in Macroeconomics and Finance from McGill University.

Featured Host: 

Carolyn Grace is a content writer on LRN's global marketing team and co-producer of the Principled Podcast. She specializes in writing compelling stories about ethics and compliance that resonate across business segments, industries, and personas while hitting critical KPIs for traffic and engagement. Topics she frequently covers include ESG, data privacy and protection, DEI, the role of boards of directors and leadership, corporate training and e-learning, and ethical corporate culture.

Prior to joining LRN, Carolyn was a writer and content strategist at Thinkso Creative, a boutique creative agency in New York City. At Thinkso, she wrote internal and external communications for clients in technology, nonprofit, law, logistics, and financial services sectors. Before that, Carolyn conducted trend research and cultural strategy at Horizon Media, specializing in entertainment, travel, media and technology, health and wellness, and food and beverage categories. Carolyn graduated magna cum laude from the University of Pennsylvania with a B.A. in American History and French Studies and a minor in Journalism.

Transcript: 

Intro:                                    

Welcome to the Principled podcast, brought to you by LRN. The Principled podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change-makers.

Carolyn Grace:                 

In 1946, the first mobile phone call was made. Fast forward 75 years, and there are more mobile phone subscriptions than there are people on the planet. Mobile devices influence nearly every aspect of our lives, including how we learn and process information. So it's no surprise that mobile is only becoming more important to ethics and compliance programs. LRN's 2022 ethics and compliance program effectiveness report, which came out earlier this month, confirms this. But how can organizations ensure that they are integrating effective mobile E&C solutions?

Hello, and welcome to another episode of LRN's Principled podcast. I'm your host, Carolyn Grace, content writer and co-producer of the podcast at LRN. Today I'm joined by de Guise Vaillancourt, a lead project manager at LRN who specializes in mobile app development. We're going to be talking about how mobile solutions enhance E&C program effectiveness and what mobile considerations E&C professionals should take for the year ahead. de Guise is a real expert in this space, having helped launch over 20 apps in the last three years at LRN, thereby playing a significant role in shaping its offering and evolution. Prior to LRN, de Guise also worked on apps for 20th Century Fox and Garage Stores, most contributing from the end-user perspective, which makes a good countervail for the tech perspective. de Guise, thanks so much for coming on the Principled podcast.

de Guise Vaillancourt:    

Oh, thanks for having me Carolyn, glad to be here.

Carolyn Grace:             

I am so excited to dive into the world of mobile with you, considering how frequently you and I have collaborated on case studies and other LRN content that focuses on mobile-driven E&C solutions. I'd like to start with a broader question that I'm sure many of our listeners are asking themselves. Why does it matter to have mobile as part of a corporate ethics and compliance program?

de Guise Vaillancourt:    

Well, I think it matters because basically, mobile apps put information directly in your hand and it travels with you wherever you may go, in a world we're increasingly globalizing. And when we're not globalizing, we're staying at home offsite. This is a really good tool to have. It greatly improves, I think access to thorny topics like ethics and compliance, bribery, data privacy and harassment aren't topics that you can easily raise with just about anyone, and sometimes could be delicate. So in that sense, the app is pretty discreet. So it's wide reaching, but discreet at the same time. So the app could reach employees who are a little hesitant about disclosing information to a live person, but then travels everywhere, everywhere an internet or a cell service is present. So I personally think that there's some handy features that E&C people should consider. I don't know, do you want me to mention a few?

Carolyn Grace:                

Yeah, absolutely. Tell us.

de Guise Vaillancourt:     

Well typically, most apps have a code of conduct section the code of conduct. So you can access the code of conduct quickly and it's broken down in sections and it's also searchable. We have much the same for policies, company policies that are segmented by topic areas and with direct links to their website with more information. We have helpline information. So if you're stuck in Santiago, Chile or something, and you need a helpline, you just get the app, go to the helpline, plugin Chile and up comes the number, press it, and presto you are connected. We have another cool feature I like is microcards. Micro cards are pretty versatile. Micro cards sometimes are referred to as quick learning topics and can include things like the modern-day infographics, which is kind of like a digital poster really. You can do text and charts.

There are responsive Q&As, so whenever you can get interaction, that's a good thing. And the feature I like the most are MP4 videos, because you want to make the app entertaining as well. Training, we usually can connect you to your LMS. Some companies have offered declaration forms or disclosures that work. A key feature are notifications, and notifications can be either direct or geo-based. So if you're a direct notification, you just send a partner or an admin could send an important note to their user base and it could be something like, "Hey, check out our new policy on data privacy.", or, "Hey, we're starting our new campaign a week earlier sort of thing, press here to learn more." So that's the idea of a direct notification. There are also geo-based notifications and they're kind of interesting because they only work when your phone goes from one cell tower to another cell tower that's an entirely different region or country.

So if I'm in New York and I'm taking off from JFK and then I land in Tokyo, your admin could pre-program a notification telling you once you land in Tokyo, "Hey, check out our meal limits in Tokyo that did you know they're 50,000 yen or something like that?" So there are a whole bunch of other things like who's who with avatars and GIFs, funding sources, bulletins, report a concern. There are tons of things that you could take and use and leverage sort of thing. But I will point out that despite the notifications, and I'm thinking that maybe some of your listeners will say, "Well, are you collecting PII or personal identifiable information?" And I want to assure you that we are not collecting PII in any way, shape or form.

Carolyn Grace:              

Yeah, an important distinction to make for sure. I think all of those features that you have mentioned really bring it back to what you said at the beginning of your response that an app can be both so far-reaching and also so intimate and discreet when it needs to be, because you're totally right. I mean, these are very heavy topics and important ones to know, and to have the ability to not only put the frankly almost entirety of an ethics and compliance program into the palm of a person's hand but to do so on such a personalized basis. I mean, we experience that in every other app that we use, right? So it's almost a no-brainer. And that kind brings me to my next question, actually.

So as you know, LRN recently released the 2022 ethics and compliance program effectiveness report, which had some pretty interesting survey findings about mobile apps and mobile solutions. Most respondents shared that their organizations are making their E&C training platforms more accessible, in light of COVID and ongoing remote work conditions, but only 25% reported that they're using mobile devices to deliver training. That's just a five percentage point increase over for last year's data. What in your opinion could be some of the challenges around going mobile that are driving frankly what sounds a little bit like a slow adoption?

de Guise Vaillancourt:    

Mm-hmm (affirmative). Yeah, that is an excellent question, that report, the 2022 E&C program effectiveness report is a very thorough report and really well done. However, having said that, it hurts all the more, but I have to agree, 25%, that's a pretty surprisingly low number. I could offer a few hypotheses. One, I could say something that younger people tend to spend a lot more time on their phones and download many more apps than they actively use. That's the key thing. If you can have an app, but if you're not using it, who cares? So I'm wondering whether it could be a generational thing, where the numbers will evolve as the younger generation gets older overtime in lieu of a sudden shift, kind of like a movement along a demand curve as opposed to a shift of a demand curve to borrow economic theory.

So that could be one reason. And then truthfully, E&C apps, Carolyn, they're rare and they're relatively new on the market. So adoption rates could be related to just sheer awareness, and even people's association with what a phone can and cannot do. People just may not associate ethics and compliance with their phone as much as they would their desktop. Human psychology could sometimes be strange in that way that they compartmentalize and they think, "Oh, okay, this type of topic, I go to an iPad to answer or I go to a desktop sort of thing, maybe not a phone." So I think it could be an awareness issue. And then if you look at socioeconomic factors, less developed countries, they're just getting a phone and cell service in which to install and use apps can be challenging, but numbers are showing that this segment or the users in less development countries are growing steadily.

It's not like an avalanche, but it is growing steadily. In more developed markets. One could argue that there are way too many apps out there already, making the app space extremely competitive. Even if there are not many apps in the E&C space, it doesn't matter. There are tons of apps. So when a user sees another app offering, they're kind of reluctant to download and go, "Oh Jesus, this is like my 200th app kind of thing." So that could be a reason as well. I think that we've looked at some adoption rates from some of the partners that we've had, and we're hovering above 10%. And I think that's a pretty good, that's a very good and strong adoption rate. So I'm not really worried about that. But I think unless something radical happens in the phone world or the app world, I think we are going to see a steady climb.

I mean, it could be at an increasing rate, but everything kind of points to a solid but steady climb. And then we can also help matters by thinking of different new ways of making our app more useful. And that's why we just release things like the iPad version of the app, which nicely caters to many salespeople that are in the field all the time or their ordering system is through an iPad. So it's just an easy dance over to the Connect app. So I think eventually, maybe the game-changer will be the app to LRN's other products, like maybe Console. I don't expect like a, as I said before, a shift in demand. I do expect a continuing growth, but a strong, healthy growth in demand.

Carolyn Grace:          

Absolutely. And I think that's a really good level setting of the data and contextualizing of the data because you do make a great point that the idea of an ethics and compliance app is in of itself a very new concept in addition to just access to mobile devices in general. It's newer than say, Western audiences or even just our own company, tend to think about it. And so I think you mentioned the adoption rate within LRN's own product as an encouraging sign. I think another encouraging sign from the program effectiveness report is that the majority of respondents, 56% in fact did say that integrating major ethics and compliance program elements into a mobile app is a high priority for their program in the near future. What I'd like to know is what recommendations would you give to those folks who are just starting out?

de Guise Vaillancourt:   

I think that the first thing is who you have on your team. I would try to make it as cross-functional, cross-generational, as representative of your company as possible. That being said, you can't have 50 people on a team to develop an app, no, but you could at least have some sort of consulting mechanism where you test out certain features or certain concepts. So that would be the first thing that I would say is even before you get going, make sure you're evaluating it from multiple perspectives, not just the human resource perspective or the ethics and compliance perspective. Do it from the 22-year-old temp that's been there for two years sort of thing. Maybe they have something to say that you never thought of. So that's one thing I would do. The other thing is I always like, whether it's an app or other things, especially when it comes to usage, I always like to keep things simple. Make your app easy to use if you can.

I realize that there is sometimes a lot of pressure to put everything in the kitchen sink in the app, but I think you need to start being choosy. You need to think, "Okay, well what kind of content makes sense to go in an app?" Does it need to become a repository of the bank of policies that you guys, that a partner keeps, or is it stuff that people are going to look at within 20 seconds? What do they need to know in 20 seconds? So that's the other thing I would keep in mind is understand how people use their phones and how they use an app. And you don't have the time that a desktop would afford you. So that's the other thing I would say. We have some apps. They have become these repositories for endless and detailed policies, often in 25 languages.

This makes the app a challenge to navigate for the end-user. But from our business perspective, it's also a nightmare for the admin person to manage such a thing. If you have like 100 different policies, 25 different languages and something changes in the policy, you're going to have to upload a lot of documents just to keep your app current. That's a turnoff, especially if you're spending way too much time on these things. So if the admin is turned off, well, he or she's going to be less of a champion for the app within the company. And you need that admin to be your champ in the company. So for multiple reasons, I would say just please try to keep it simple. Accept the idea that you are going to have to make choices and saying yes is easy. Saying no is hard because you have to kind of evaluate, okay, why can I let this person into the party kind of thing, or this policy into the app?

So base it on the fact that people will look at an app in a much shorter time period than a desktop. That could be a helpful guide into what kind of content you include or exclude from your app. I would get, in the idea of making entertaining, sure put some stuff in there like Q&As. Make contests out of it, make your own leaderboards sort of thing. That always helps. Get senior management to guest star in the app. Interview them. Film a video. We did have one CEO who welcomed his company to their annual campaign kickoff, but I haven't seen that enough. And of course, the higher up you go in the hierarchy, the more eyeballs or users it's likely to attract. So I would definitely get senior managers, not just the CEO. There are lots of other people that could get involved. It could be the country head of the Philippines. It could be the head of IT. It could be the head of anything, marketing even, God forbid, Carolyn, no just kidding, but yeah, so I would do that. I would use the notification feature a lot. That's a pretty unique feature that we do have is interact with your user base by using notifications, whether they be direct or geographic-based notifications. So those would be a few things I would think of.

Carolyn Grace:                   

Yeah, absolutely. And I think you make such a great point here that simplicity is so key, especially when you are thinking about the folks who are actually using the app, but you make a great point that getting to simplicity can be quite complicated, but there is clearly such a value in bringing multiple perspectives together in order to figure out what makes sense to our specific company, how are we going to get our specific employee base engaged and really trying to whittle that down to the need to know elements. I completely agree. Speaking of perspectives, actually, I know that you have worked on mobile app developments with both U.S.-based and Europe-based companies. What stands out most to you about the differences or similarities in these types of projects?

de Guise Vaillancourt:   

Well, this last year, we developed apps actually for two European partners and they're now deployed and we have a new one that will be onboarding very soon, i.e. kicking off pretty soon. I guess the big thing, there are obviously cultural differences, but from a regulation point of view, straightforward, the GDPR data privacy rules and directives are definitely a big concern for our European partners, particularly because of the fact that our servers are based here in the United States. But we overcame this with these two partners. We adapted a few features to suit their rules and with legal and corporate IT's help, we were able to sign a data privacy agreement that assured the partners and made them a lot more comfortable that we were GDPR compliant. So that's one thing. I think with our European partners or our non-U.S. based partners, the translations tend to be very important because you basically get, everybody wants English, that's for sure, but they also want the home country or where they're operating in.

And they're not just content translations, they're user interface or UI translations as well. So that's a much bigger deal at least with our two European partners that we worked with over this past year. So our translation team in Mumbai, thank you very much. They've helped us streamline the process incredibly. So it's made our job on the app team a lot easier. I think the Europeans, just based on the size of their countries, Europeans tend to travel a little bit more internationally, whether within the EU or beyond the EU. So travel-related content like meal limits in specific countries, those things tend to be a little bit more important, but in the end, I think the app, it's a good tool and it really depends on the content you feed it. We can adapt it to a certain point, but at the end of the day, the important thing is that you have to, or the partner has to really think of ways of attracting users and usage that they need to view the app, not just as a tool, but an active tool.

Carolyn Grace:               

That makes a ton of sense. I really resonate with the idea that the app is only as good as the content you feed it in the simplest of terms. But that piece is so important. With that in mind, I can only imagine that developing mobile solutions is a highly iterative process, especially for ethics and compliance programs, given everything that we've talked about so far. What are some key insights that you have learned from doing this type of work and how can those insights inform the way E&C professionals should approach mobile in 2022?

de Guise Vaillancourt:   

Okay. Now you're going to think I'm contradicting myself, Carolyn. If you have a core team that's representing the partner, that's as small as could possibly be, that's a good thing. But then what that core team should do is that they should go back to a consulting group or a group that's representative of the whole company like I mentioned before and bounce ideas off of. Maybe it's wishful thinking, but it's nice when you can consolidate the decisions, the main decisions, not approval, but decisions in the hands of a fewer core team. Does that make sense or does that sound like I'm completely contradicting myself?

Carolyn Grace:              

No, I think it makes sense if only because it highlights this duality that clearly, ethics and compliance professionals are experiencing when it comes to mobile solutions. There's the fact that this space is by nature, highly complex. And then there is the reality of the experience with a mobile app, whereas you said earlier, simplicity is key. So trying to figure out how those two realities can work in tandem is I can only imagine an ongoing problem to solve by ethics and compliance professionals and team members like yourself.

de Guise Vaillancourt:   

Okay. So I'd also recommend upfront that colleagues in information security, IT departments and communications departments, especially if they're involved in branding, get involved before we even have a kickoff meeting. So there's certain parameters that are already set. There are no surprises as we develop the app.

Carolyn Grace:                  

Yeah. That makes a ton of sense and goes back to, I think what you said at the beginning, that there is definitely a lot of power in multiple perspectives. And at the same time, as you mentioned in your first response, the importance of keeping it simple and pared-down can still work to your advantage, but that doesn't mean you have to stay within that bubble. I completely, completely agree. de Guise, this has been such an insightful conversation. We could be talking about mobile and its impact on ethics and compliance for hours. And we have, outside of the recording studio and our other projects but it is time for us to wrap up, or I guess I should say hang up this episode. So thank you so much again for joining me today.

de Guise Vaillancourt:   

Well, thanks for having me, Carolyn, it's been fun and it's always, I always get a kick out of promoting the app because I truly believe it's a great product.

Carolyn Grace:                 

Absolutely. And thank you all to our audience for listening. You can learn more about the importance of mobile solutions and LRN's mobile solutions by downloading a copy of the 2022 ethics and compliance program effectiveness report at lrn.com or by clicking the link in our show notes. I'm Carolyn Grace, and we'll see you next week on the Principled podcast.

Outro:                                  

We hope you enjoyed this episode. The principled podcast is brought to you by LRN. At LRN, our mission is to inspire principled perform in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Abstract:

Most ethics and compliance professionals have heard of the “seven hallmarks” of an effective E&C program that is enshrined in the U.S. Sentencing Commission’s Federal Sentencing Guidelines:

• Implementing written standards of conduct, policies, and procedures.
• Designating a compliance officer and compliance committee.
• Conducting effective training and education.
• Developing effective lines of communication.
• Conducting internal monitoring and auditing.
• Enforcing standards through well-publicized disciplinary guidelines.
• Responded promptly to problems and undertaking corrective action.

But where did these guidelines come from, and who is involved in the process of deciding these standards? In this episode of the Principled Podcast, host Eric Morehead of LRN’s Advisory group talks about the evolving role of the U.S. Sentencing Commission with Kathleen Grilli, the commission’s General Counsel. Listen in as the two discuss the history of compliance—going back more than 30 years—and unpack what sentencing data can tell us about E&C today.

Read the full Federal Sentencing Guidelines for an effective E&C program.

What You’ll Learn on This Episode:

[1:19] - The history of the sentencing commission and the different roles of the organization.

[2:36] - How did the sentencing commission become such an integral part of corporate compliance?

[6:40] - With whom does the sentencing commission consult with to find collaboration when considering revisions to guidelines?

[12:35] - The 2004 amendments and incorporating ethics into the criteria for an effective program and examples of how changes to the organizational guidelines can come about.

[15:36] - Does public comment have to come from advocacy organizations?

[17:01] - Trends seen in organizational data over the years.

[21:26] - Potential future changes to the organizational sentencing guidelines. 

Featured guest:

Kathleen Cooper Grilli is the General Counsel for the United States Sentencing Commission, having been appointed to the position on October 7, 2013. Ms. Grilli has been on the staff of the Commission since 2003, serving as an assistant general counsel from 2003-2007 and deputy general counsel from 2007-2013. As the General Counsel, Ms. Grill provides legal advice to the Commissioners on sentencing issues and other matters relating to the operation of the Commission. Ms. Grilli is the agency’s Ethics Officer and has conducted training on white collar crime and the organizational guidelines at numerous training events.

Prior to working for the Sentencing Commission, Ms. Grilli was with the Office of Staff Counsel for the Fourth Circuit Court of Appeals. Before relocating to Virginia, Ms. Grilli was a partner in a small firm in Fort Lauderdale, Florida, handling civil and criminal litigation. Her previous work experience includes serving as an Assistant Federal Public Defender in the Southern District of Florida and as an associate at Akerman, Senterfitt and Edison, handling commercial litigation. Ms. Grilli is a member of the Bars of Florida and Virginia. She received a Bachelor of Arts in International Relations, with honors, from Florida International University. She graduated cum laude from the University of Miami School of Law.

Featured Host: 

Eric Morehead is a member of LRN’s Advisory Services team and has over 20 years of experience working with organizations seeking to address compliance issues and build effective compliance and ethics programs. Eric conducts program assessments and examines specific compliance risks. He drafts compliance policies and codes of conduct, works with organizations to build and improve their compliance processes and tools, and provides live training for Boards of Directors, executives, managers, and employees.

Eric ran his own consultancy for six years where he advised clients on compliance program enhancements and assisted in creating effective compliance solutions. He was formally the Head of Advisory Services for NYSE Governance Services, a leading compliance training organization, where he was responsible for all aspects of NYSE Governance Services’ compliance consulting arm. Prior to joining NYSE, Eric was an Assistant General Counsel of the United States Sentencing Commission in Washington, DC. Eric served as the chair of the policy team that amended the Organizational Sentencing Guidelines in 2010.

Eric also spent nearly a decade as a litigation attorney in Houston, Texas where he focused on white-collar and regulatory cases and represented clients at trial and before various agencies including SEC, OSHA and CFTC.

Transcription: 

Intro:                                    

Welcome to The Principled Podcast, brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business, and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change-makers.

Eric Morehead:                

Why is the US Sentencing Commission involved in compliance and ethics? It's a question that both new compliance officers, as well as seasoned professionals, often ask. We've all heard of the seven hallmarks of an effective compliance program that are enshrined in the sentencing guidelines, but where did they come from and who is involved in the process of deciding these standards?

Hello, and welcome to another episode of LRN's Principled Podcast. I'm your host, Eric Morehead with LRN's advisory services team. And today, I'm joined by Kathleen Grilli, the General Counsel for US Sentencing Commission. We're going to be talking about the Sentencing Commission, discussing a little compliance history going back more than 30 years, covering what the Commission's role is and was, and talking about what sentencing data might tell us about compliance today. Kathleen, thanks for coming on The Principled Podcast.

Kathleen Grilli:                  

Eric, thanks for inviting me.

Eric Morehead:                

Can you tell us a little bit about the history of the Sentencing Commission itself and the different roles of the organization?

Kathleen Grilli:                  

Certainly. The Commission is an independent agency in the judicial branch of the federal government. It was established in 1984 by a bipartisan act of Congress called the Sentencing Reform Act of 1984. Congress tasked the Commission with the responsibility of developing federal sentencing policy. So the Commission's principle purposes are to establish sentencing policies and practices for the federal courts, including issuing guidelines regarding the appropriate form and severity of punishment for offenders convicted of federal crimes, to advise and assist Congress, the federal judiciary, and the executive branch in the development of effective and efficient crime policy, and to collect, analyze, research, and distribute a broad array of information on federal crime and sentencing issues. The Commission effectuates this mission in various ways through the guideline amendment process, our data collection research on the issuance of publications, and by providing training to judges, lawyers, and probation officers on federal sentencing issues.

Eric Morehead:                

And historically, why and how is it that this Sentencing Commission became such an integral part of corporate compliance?

Kathleen Grilli:                  

Well, in 1984, when the Sentencing Reform Act was enacted white-collar crime scandals abounded, and the prevailing view was that corporate crime was a cost of doing business, Congress was concerned about inequities and sentencing and created the Commission to ensure that similarly situated defendants convicted of similar crimes received similar punishments. One of the perceived inequities was that affluent defendants were treated more leniently than indigent defendants.

Although the primary focus of the Sentencing Reform Act was individual defendants and not organizational defendants or companies, the Act did make changes to the law that impacted companies. It authorized courts to impose a sentence of probation, or fine, or both on companies, and further permitted companies to be subject to orders of forfeiture notice to victims and restitution orders. The Commission understood these changes to mandate that it developed guidelines for sentencing organizations in addition to developing guidelines for sentencing individual defendants.

This was quite controversial at the time and many in the business community openly opposed the Commission as it engaged in the process of developing the organizational guidelines. Back then, as I understand the historical record, there were no professional ethics and compliance officers, no professional organizations focused on ethics and compliance, no professional field of study, no business certifications in the topic. There was at least one voluntary association of defense contractors seeking to promote business ethics, and compliance programs in some form were recognized in the antitrust field but were not a prevalent part of corporate America.

So the Commission wanted to find a way to deter corporate crime. Because it arises when an employee or an agent commits a crime while acting within the scope of his employment, the Commission thought that self-policing by corporations was the most effective tool to accomplish the goal of deterring corporate crime. Corporate criminal sanctions are a monetary payment to the court and/or restitution to the victims. Since corporations are in the business of making money, the Commission came to the realization that financial incentives would probably be the best way to incentivize corporations to self-police.

The implementation of ethics and compliance programs was an outgrowth of the notion of self-policing. Under the chapter 8 guideline fine provisions, an organization has the ability to significantly reduce its fines by having an effective compliance and ethics program, reporting its crime to authorities, and cooperating with those authorities. The Commission thought that this punishment scheme would promote crime deterrence in this area of the law.

Chapter 8 was the product of years of work with input from a wide variety of sources. The Commission started work on it in 1986 and held several public hearings featuring witnesses from federal and state agencies, probation officers, academics, the corporate sector, and special interest groups. After publishing several drafts of the organizational guidelines and about five years' worth of study, the Sentencing Commission received and considered a broad array of public comment, including proposals for incorporating affirmative governance factors into the guidelines. These efforts were informed by staff and outside working groups, and the seven elements for an effective ethics and compliance program grew out of this collaborative process.

In addition, the Commission purposely drafted the elements in broad terms so that they could be individually tailored by a vastly different types of organizations to which they would apply.

Eric Morehead:                

One of the things that I think comes up when you start talking about the role and the process of the Commission is this collaborative effort you mentioned. And the organizational sentencing guidelines have evolved since that first promulgation back in 1991, now, over 30 years. Can you talk a little more specifically about where the Sentencing Commission looks for that collaboration? Whom does it consult with when considering revisions to, not broadly speaking the guidelines, but maybe more specifically, the organizational sentencing guidelines?

Kathleen Grilli:                  

Sure, Eric. So I've already briefly described the multi-year pro that led to the creation of chapter 8. I would note that while the Commission has made over 800 amendments to the guideline manual, only two of those in the last 30 years have made substantive changes to chapter 8, where you find the organizational guidelines. The 2004 amendment and the 2010 amendment, both of which changes to the criteria for an effective ethics and compliance program.

Each of those changes became part of the Commission's amendment cycle in a different way. So let me just briefly describe how that cycle works. The amendment cycle is annual, it's scheduled around certain deadlines set by Congress in the Sentencing Reform Act, our organic statute. For example, the earliest that the Commission can deliver amendments to Congress is at the start of a congressional session in January. And the latest date for delivery is May the 1st. The Act requires the Commission to comply with a notice and comment provisions of the Administrative Procedures Act, which means the Commission has to publicize proposals for Commission action and receive and consider public input about those proposals.

So there are various opportunities for solicitation for public comment throughout the amendment cycle. The cycles typically starts in May or June when the Commission holds a planning session. At that session, they consider written materials that detail the work completed on priorities from the prior year and identifying any work that remained to be completed, and includes possible ideas for Commission action from a variety of outside sources. Correspondence, possibly received from judges and/or other members of the public. If we receive those suggestions outside of common period, what we do is we save them and we deliver them to the Commission during an open common period.

We look at case law, particularly focusing on opinions from circuit court of appeals that arrive at conflicting decisions on issues surrounding the guidelines. We look at other scholarly materials that suggest changes to the guidelines. Crime legislation is considered. Our helpline database is looked at to find frequently occurring questions that we receive on guideline issues. And our training staff provides input on questions that they receive while training on the guidelines around the country.

Sometimes, individual commissioners receive notes from judges or their other acquaintances containing similar suggestions. And the commissioners themselves often have ideas on policy issues that they want to address an amendment cycle. So they discuss these materials and they decide on a tentative list of priorities for the upcoming amendment cycle. We publish that in The Federal Register and on the Commission's website with a deadline for submission of public comment. And the Commission considers that public comment prior to deciding on its final priorities.

Certain organizations send a letter to the Commission every year, like the Department of Justice who provides the executive branch a suggestion, for Commission action, the federal public defenders who represent indigent defendants. They also offer suggestions. The Commission has standing advisory groups that represent specific interest groups. Privately retained criminal defense lawyers, probation officers, victims, and Native American tribes who also submit public comments.

And then we have certain advocacy groups that are regular submitters to the Commission. But in any given year, the Commission receives a variety of public comment letters from any number of organized groups and individual members of the public. The Commission reads that, decides on final priorities, votes on that at a public meeting, and then we begin our work. Work on these priorities is assigned to the staff of the Commission, which includes lawyers, social scientists, and training staff. And we assist the Commission in developing a robust administrative record on the issues under consideration. So we review case law, legislation, legislative history, Commission historical documents, and other scholarly or scientific literature. We also conduct data analysis using the sentencing data regularly compiled by the Commission. We meet with interested stakeholders to obtain additional information designed to inform the Commission's policy discussion.

The staff working groups or the teams report their findings to the Commission in written materials and in oral presentations at the Commission's regular monthly business meetings. Ultimately, these teams develop proposed guideline amendments for the Commissioner's consideration. Draft amendments are published in The Federal Register for a 60-day comment period after the Commission votes to publish those amendments at a public meeting. Those are usually held in December, January. And during the public common period, the Commission holds at least one public hearing, which invited witnesses testify on the policy changes under consideration.

After the hearing and review of all public comments, the Commission votes to promulgate amendments at a public meeting in April. The Commission delivers those amendments to Congress no later than May the 1st, at which point Congress has 180 days to review the amendments. Unless Congress enacts legislation, affirmatively disapproving the amendments, the guidelines automatically take effect at the end of the 180-day review period. So the 2004 amendment initially grew out of comments made to a group of seven new commissioners who were appointed in 1999. And they began hearing from these commenters that the organizational sentencing guidelines had been successful in inducing many organizations, both and indirectly, to focus on compliance and to create programs to prevent and detect violations of the law.

But these commenters also suggested that changes could and should be made to chapter 8, to give organizations greater guidance regarding the factors that are likely to result in effective programs. Among other things, the Commission was urged to expressly incorporate ethics into the criteria for an effective program. In light of this feedback, the Commission decided to create an ad hoc advisory group to examine the issue and develop proposals for its consideration. Among the members of that group were the current Inspector General for the Department of Justice, Mike Horowitz, the former Attorney General, Eric Holder, and many ethics and compliance professionals from both small and large organizations.

Not long after the formation of that group, Congress enacted the Sarbanes–Oxley Act, which directed the Commission to examine penalties for organizations. So the ad hoc groups work tied in very nicely to help the Commission respond to that directive. The ad hoc group did its due diligence, reviewing literature, public comment, soliciting feedback, conducting a hearing. And its work resulted in a draft proposal for changes to chapter 8 for the Commission to consider.

The Commission then went through the regular amendment cycle that I just described to you, which resulted in the 2004 changes. As you well know, Eric, since you were at the Commission in 2010 and worked on this policy issue, that amendment grew out of the Commission's catch-all priority for the miscellaneous guideline amendment issues. Then Commissioner, now Chief Judge for the United States District Court in DC, Beryl Howell, believed that chapter eight could be approved upon. And she was able to convince her colleagues to consider this issue. Because the Commission believed that the issue would be very important to the ethics and compliance community, the Commission, through its staff, Eric, made concerted efforts to bring the matter under consideration to the attention of the actors in that community, soliciting comment, and inviting witnesses from the ethics and compliance community to testify at a public hearing.

I must say, I have been on the staff of the Commission for 18 plus years, and that was the only hearing at which a miscellaneous amendment garnered two panels of witnesses at a hearing and more public comment than any other amendment under consideration during the amendment cycle. So that's a different example of how changes to the organizational guidelines can come about.

Eric Morehead:                

And just to clarify one thing, you talked about advocacy groups, and earlier on mentioned that with the original promulgation in 1991, the Defense Initiative was involved. But does public comment have to come from advocacy organizations? Can it come from anyone?

Kathleen Grilli:                  

Public comment can come from anyone, and it can come in any form. Folks can email it to our Public Affairs Office. They can send a letter to a Commissioner saying, "Commissioner, I think you need to make this change to the guidelines." They can send it to a member of staff and we compile it, and keep it, and present it to the Commission, no matter who it comes from. In the past, in some of our other guideline amendments, the Commission has received and considered a huge amount of public comment that came from individuals out in the community who were not necessarily active at all in the criminal justice arena.

Eric Morehead:                

Yeah. And I think that's an important point as that this process is very well documented and transparent. We see guidance on compliance coming from other regulators out there, but the process that goes on at the Sentencing Commission is something that really is public-focused. And I think that's an important distinction. One of the other key components of the Commission that you mentioned when you were talking about the role is data gathering, and that's gathering data on all the individuals and organizations who have either pled guilty, or been found guilty, and are now being sentenced in front of a federal court. What are some of the trends that we see when we look at organizational sentencing data over the years?

Kathleen Grilli:                  

Well, I'm glad you asked me about trends, Eric, because one of the things that we're working on right now is a publication to sort of commemorate the 30th anniversary of the organizational guidelines. And we're actually going to be taking a deeper dive into looking at trends. Because normally, when we report out data on the organizational guidelines, it's on an annual basis using our fiscal year data.

Well, let me give you some information about a couple of things that I do know about. And I have seen in the years that I've been working on this. First of all, in the 30 years since the adoption of the organizational guidelines, only 11 organizations have received a culpability score reduction for having an effective ethics and compliance program. I view this as a very positive statistic because the Department of Justice tells the business world that it considers ethics and compliance program when evaluating whether to prosecute an organization criminally.

Now, I know that there are other ways that organizations get sanctioned by regulatory authorities. Civil fines, non-prosecution agreements, and deferred prosecution agreements. But the bottom line is that Commission data reflects that very few organizations with an effective ethics and compliance program have been prosecuted and criminally sentenced. And I think that's a very big deal. I can tell you that the majority of organizations sentenced in recent years have fewer than 50 employees. And as I mentioned, the publication will be able to report whether that trend holds true over the almost three decades that we've been collecting data on organizational offenders.                                               

In the last 20 years, we've seen a steady increase in the percentage of cases in which courts have ordered the development of an ethics and compliance program as a condition of probation. In FY 2000, only 14% of cases involve such a condition compared to nearly that 27% in FY 2020, our fiscal year. Likewise, we have observed an increase in the percentage of cases involving co-defendant individual offenders who were not high-level officials of the organization. In the fiscal year 2000, we observed only 31% of the cases involving a co-defendant who is not a high-level official compared to almost 60% in FY 20.

Eric Morehead:                

I think that's a real key data point that can be helpful to organizations when they're talking to their employees about the potential risks involved in misconduct and compliance failures, that doubling basically, of the percentage of individual actual humans that might find themselves facing a federal criminal sanction.

Kathleen Grilli:                  

Yes. But it's also important to note that they are not high level officials, which might contribute to the fact that you haven't seen so many organizations sentenced in our dataset. That and the culpability score reduction.

Eric Morehead:                

Yeah. There's a lot of conventional wisdom. I think that can get debunked by looking at the Sentencing Commission's data. There's that point that it's not all the high level officials, but also that it's smaller organizations because we the headlines that involve the Enrons and other major corporations all the time. That's what gets the ink publications about corporate misconduct. But when we look at the data, it tells a different story.

Kathleen Grilli:                  

Yes, it does.

Eric Morehead:                

And then one other thing that I think is helpful when we're looking at this data is it gives a proper context to the organizations that are facing the most significant punishment, if you will. Because you mentioned before, non-prosecution agreements and deferred prosecution agreements and other regulatory settlements, but there are other consequences out there for organizations that take a federal conviction, including debarment from doing future federal work. And I think the most famous case also is Arthur Anderson, that ceased to exist because they could no longer audit public corporations after they took a federal conviction. So there's other consequences out there when organizations face this ultimate consequence. Last area I wanted to spend just a couple minutes talking about, Kathleen, is what we might see down the road. What are some potential future changes to the organizational sentencing guidelines? What might be over the horizon for people that are paying attention to this?

Kathleen Grilli:                  

Well, Eric, let me get out my crystal ball and see what I can tell you. First of all, let me just say that I need Commissioners.

Eric Morehead:                

Yes. That's true.

Kathleen Grilli:                 

This lack of voting quorum of Commissioners for three years now, and I'm quite hopeful that sometime in the very near future, the president will be nominating a slate of seven to replace the terms of the Commissioners that have expired. And the one last man standing are acting here, judge Brier. So I don't know what the potential future is. What I can say is that the guidelines were purposely drafted. The organizational guidelines that is were purposely drafted to broadly apply to all types of organizations.                                               

And the Commission has been loathed to make changes to those guidelines in the absence of a real hue and cry from either enforcement officials like the Department of Justice, or from the ethics and compliance community identifying a real need for changes. We are well aware of the fact that the two times that the Commission has made substantive changes to the chapter 8 guidelines, that it caused quite a ripple in the stream. And we're hearing a lot about the impact whether intended or not of the chapter eight guideline changes. So I think a new Commission would be loathed to take on consideration of policy changes in this area, absent that hue and cry. But I am not a presidential appointee. I'm simply the general Counsel of the agency. And I will go where my bosses tell me to go. So if they want to work on it, I say, Let's do it.:

Eric Morehead:                

Wow. I hope that our audiences got a sense that there's a little bit more to the Sentencing Commission than just the seven hallmarks of the sentencing guidelines that they learned about when they first came into this area. But I'm afraid we're out of time for today. But Kathleen, thank you so much for joining me on this episode.

Kathleen Grilli:                  

Eric, thank you so much for inviting me. I really had a good time.

Eric Morehead:                

Well, my name is Eric Moorhead, and I want to thank all of you for listening to The Principled Podcast by LRN.

Outro:                                  

We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning, ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google podcasts, or wherever you listen. And don't forget to leave us a review.

Abstract:

The most crucial factor LRN has identified in our years of research is that a values-based approach to governance is essential to ethics and compliance. It builds and sustains ethical culture, which is the essential element of effective E&C programs. But what does that look like today, as our world continues to be disrupted by the COVID-19 crisis and the aftermath of racial and political unrest? In this episode of the Principled Podcast, host Susan Divers, Director of Thought Leadership and Best Practices with LRN’s Advisory group, talks about how values can sustain ethical performance—and even excel—in the face of change and adversity with Forrest Deegan, Vice President of Ethics and Compliance for Victoria's Secret. Listen in as the two draw insights from the 2022 edition of LRN’s annual Ethics & Compliance Program Effectiveness Report—available now to download.

What You’ll Learn on This Episode:

[2:17] - Reflections on the findings of LRN’s 2022 Ethics and Compliance Report.

[7:20] - The impact of core values vs. rules.

[9:02] - The surprising data and how access to data can drive improvements in collaboration.

[12:00] - The curse of compliance.

[13:22] - The two driving factors in demystifying your values and how boards discuss value.

[17:15] - What is causing ethics and compliance to lag behind in innovations compared to other departments?

[22:30] - The innovations of customized, remote-accessible training.

Additional Resources:

• Get the 2022 Ethics & Compliance Program Effectiveness Report.
• Subscribe to E&C Pulse, the LRN newsletter offering weekly insights on ethics, compliance, corporate culture, and reputation.
• Visit us for more information at lrn.com.

Featured guest:

As of July 2021, Forrest is the VP of Ethics and Compliance for Victoria’s Secret & Co., responsible for overseeing the global ethics and compliance program. Forrest spent the prior six years as the first Chief Ethics and Compliance Officer for Abercrombie & Fitch Co., where he built A&F’s corporate compliance and third-party risk management programs. Forrest serves on the Editorial Advisory Board for Compliance Week and has served on the Leadership Team for the Retail Industry Leaders Association (RILA) Compliance Council. Forrest regularly speaks at national compliance conferences and international events, including those sponsored by RILA, Compliance Week and the Association of Corporate Counsel. Forrest was selected by Compliance Week as a “Top Mind" for 2018.

Forrest previously served as the Director and Senior Director of Compliance at A&F, where his responsibilities included a wide range of compliance program assessment, training and enhancement projects as well as international business development via joint venture and franchise.

Prior to moving in-house, Forrest worked for nine years at Arnold & Porter in Washington D.C., representing multinational pharmaceutical, financial and consumer products companies in advocacy and consulting capacities. Forrest clerked for Judge Kazen on the U.S. District Court for the Southern District of Texas, after receiving his J.D. with honors from Duke Law School and his B.A. from the University of Texas at Austin.

Featured Host: 

Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years’ accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Mrs. Divers’ background includes more than thirty years’ experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008.

She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. Mrs. Divers’ most recent publication is “Balancing Best Practices and Reality in Compliance,” published by Compliance Week in February 2015. In her spare time, she mentors veteran and university students and enjoys outdoor activities.

Transcript: 

Intro:

Welcome to the Principled Podcast brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change-makers.

Susan Frank Divers:

At LRN, the most crucial factor we've identified in our years of research and work with thousands of organizations worldwide, is that a values-based approach to governance is crucial. Being values-based builds and sustains ethical culture, which is the essential element of an effective ethics and compliance program. But what does this look like in a world that continues to be disrupted by the COVID crisis and the aftermath of racial and political unrest?

Susan Frank Divers:

Hello, and welcome to the first episode of season seven of LRN's Principled Podcast. I'm your host, Susan Frank Divers, Director of Thought, Leadership and Best Practices within LRN's Advisory Group.

Today, I'm joined by Forrest Deegan, Vice President of Ethics and Compliance for Victoria's Secret, and lecturer in law at the University of Chicago Law School. We're going to be talking about how values can sustain ethical performance and even allow organizations to excel in the face of change and adversity, during On Insights, from our 2022 edition of LRN's annual Ethics and Compliance Program Effectiveness report. And on Forrest's experience in the retail industry in particular.

Susan Frank Divers:

Before coming to Victoria's Secret, Forrest has spent two decades in ethics and compliance, including Chief Ethics and Compliance Officer for Abercrombie and Fitch. So Forrest, thanks very much for coming on the Principled Podcast, and let's jump right in.

Forrest Deegan:

Thank you, Susan. It's a pleasure to connect with you again.

Susan Frank Divers:

The same. We've had some interesting discussions preparing for this podcast about the 2022 Ethics and Compliance Program Effectiveness report. What surprised you, and what resonated the most, particularly with your experience in the retail industry throughout the ongoing crisis?

Forrest Deegan:

I'll start with what resonated the most. Preliminary matter, really enjoyed reading through the insights that were collected here. Reading through it I start with the resonation because there are a number of charts that go through the concerns that folks identified in the early days of the pandemic about the challenges of transitioning to a hybrid or remote model with respect to their controls, with respect to their ability to audit, and to support the programs. This comes across in both some of the stats around the activities they thought would be of concern and then what they actually worked on. And then looking at how training actually was supported, where obviously, people weren't able to travel. People weren't able to use all of their old tricks in this new time. And so starting off seeing the fears and the concerns that folks were raising in 2020, and that list itself was pretty fulsome and reminded me what it was like in the retail space with all of the uncertainty that came in the spring of 2020.

Forrest Deegan:

With the closure of the majority of all stores, at least temporarily in the US. I remember the day we were kicked out of our home office, I'm sure everybody has a similar recollection to mid-March, walking out with your computer in your bag and not knowing when you'd be back. This brought back some of that uncertainty. That resonated with me, but what also resonated with me was the introduction around values and how that programs that leaned in to their values did well. And this idea that kind of everybody took on new and different obligations with the pandemic, with a time of crisis. A time of crisis can be a time of unification. I certainly saw that to be the case. I remember that leaders at my company were voluntary take pay cuts, to make sure that folks and the staff could stay on so that we could avoid layoffs. There was an insistence on treating folks equitably within, right? So really living your values in those moments of crisis. This report speaks to both those fears and some of the solutions that came out of it.

Susan Frank Divers:

That's such an impactful example, because there's no rule that said that executives had to give up pay or benefits to keep other people employed. And we saw a lot of that last year in our report, and what's very heartening from LRN's point of view is, we've been saying for years, that values work better than rules as the basis for a program. And last year's report and this year's report, really proved that, I think in a lot of ways, and I look at stats like on page seven, that 82% of the programs we surveyed this year, that their ethical culture is stronger as a result of their experience during the pandemic. And you just opened it to that too, that people come together in a crisis, but relying on values was clearly the way to get through it.

Forrest Deegan:

The second part of your question was around things that might have surprised me in here. And honestly, the stat you just pulled about the 82% feeling ethical culture was stronger. That wouldn't surprise me a bit because it was 2021, not a 2020 stat. In fact the number went up, it seems like from the prior year's version of the report where it was 79%, the prior year, this year was 82%, that their ethical culture was stronger as a result of experiences coping with the crisis. So that was something that surprised me, that sentiment not only continued, but seemed to increase a bit because we've all heard about it and all have felt the fatigue in the past year as the uncertainty has continued as we've continued to have to be flexible in our approach. Yes.

Susan Frank Divers:

Forrest what you said was very impactful because one of the key findings, obviously in the report, that’s actually on page seven is that 82% of our nearly 1200 respondents worldwide reported that their ethical culture became stronger during the pandemic rather than weaker. And at LRN we've said for years, that values make an impact much more than rules and that's living proof that that's true. So I'd like your thoughts on that.

Forrest Deegan:

With respect to the second part of your prior question on what surprised me with respect to the study, I would have to say that that very stat, that 82% of the respondents last time felt that ethical culture was strong longer as a result of the experiences. That rose, that sentiment was an increase, improvement, from the prior year. That surprised me a bit because we've heard so much about and felt so much of the fatigue as the uncertainty has continued as the need to adjust our approach and our responses has just continued onward. I was pleasantly surprised to see that the prior version of this report had shown 79% felt that the crisis was a bringing folks to their ethics and compliance program in a stronger way to see that go from 79 to 82, a small improvement, but you're already really high to begin with. I was pleasantly surprised to see that in here. And honestly it does make sense with respect to that ongoing uncertainty that you do need to lean upon those core values to continue to navigate. You really have to love the question, not the answer when it comes to a challenge of this size and that is constantly evolving.

Susan Frank Divers:

That's putting it so well, that you have to love the question, not the answer. And we were frankly surprised last year, and then pleasantly surprised this year that this year's results confirmed what we saw last year. And I was just looking at the chart on 33 that talks about E&C resources and standing. And you had mentioned that people were understandably anxious at the outset as to how the programs would do and whether they would have resources or whether there would be widespread misconduct or circumventing of processes. And that didn't happen. And then E&C programs have come out strong and well resourced.

Forrest Deegan:

Just those stats on 33, surprised me a lot of different ways. The first chart talking about: do ethics compliance functions feel they have the sufficient resources and authority. Some of your respondents are at the 95% level, 92% level, even for your medium impact programs. And even the lowest impact were at 67%. Those are really high scores. Those are really high scores. And I think that's right. I think that is a reason for optimism right now with respect to our ability to respond as companies, right? If there is that availability of resources, but also the buy-in with leadership.

Forrest Deegan:

And there's another stat there that I also was surprised by how strong the respond were around access to data, right? The highest impact programs were 89% of them felt that they had appropriate access to data sources in the org, whether it was HR audit it InfoSec in order to do their work.

I think data component there is so critical and reflects buy-in from not just leadership, your tone at the top portion, but also from your cross-functional partners, right. Access to the data can really help drive improvements, yes, in the day to day operation of the program, but all also in your ability to support and inform cross-functionally. And so I think those things are married together, right? The access to information. It's a great example of something where it's not just resources, right? It's not just dollars and cents. It's also that buy-in as reflected through real collaboration and through real partnership.

Susan Frank Divers:

I agree with you. And also it's affirmation that programs have gone from being something the legal department does, or maybe the legal and ethics and compliance department does to something that the whole company does. And that's a really positive development.

Forrest Deegan:

I think, right. I've been in house for a decade now, I was in private practice for a decade before that dealing with a corporate compliance space and really seeing an evolution in terms of scope and approach during that time. And so things were ... we already had increasing expectations and an accelerating space when it came to this field, both due to our internal stakeholders, our boards, obviously regulators like DOJ, but also customers and NGOs. They keep ratcheting up the expectations and corporate compliance has proven to be a responsive and reliable partner. And so this is when you get into what I call the curse of competence, right? If you execute effectively, you're going to be asked to do more. I do think this is been a real opportunity and awakening to the valuation of controls and monitoring and our ability, as professionals, to not just focus on the have tos, right, those rules that we talked about at the top, but also the want tos, right, that corporate purpose, the values associated with it. I believe corporate compliance offers the opportunity to marry the want to and the have to, and frankly, that's the only way it works really well is if people understand how those rules, how those requirements tie back to why they want to be at the company, what they're hoping to accomplish with respect to company values.

Susan Frank Divers:

Forrest, That was very insightful what you just said. And I want to talk a bit more about the connection between values and making programs more accessible and employee focused. That's another theme in the report and we see progress and we see best practices emerging, but I would argue that they need to emerge much more strongly and quickly, but take us back a little bit to board's values and talk about how values, when you demystify them, involve really bringing people into the program with the want tos, as well as the must haves.

Forrest Deegan:

For me, the stats around accessibility, they make a ton of sense in terms of your high performing programs are going to be focused on making the documents available, making them searchable, simplifying where possible, translating into the languages that you're employees leverage, right? To me, those actions are, are really table stakes with respect to an effective program and the thoughtfulness and the idea of keeping the end user in mind, that sentiment, which, which drives accessibility, I think, is communicated to your employees, right? When they see that when they have the access to it, where the information is in a logical place, where it's stored where the other corporate documents or the other FAQs guidance they look for from the company for an IT issue or for a T and E report. If the guidance documents around your compliance program are as accessible, if not more accessible I think that alone sends a message.

I do think that the percentages around those that are for focusing on accessibility they were still right around the 50% mark. I think those numbers need to go up. I also think that to really drive home your value system and to demystify a program and what it means to act with integrity, not only do you have to make the documents accessible, you've also got to work on making them actionable, right? You need guidance that is relevant and actionable. You can have a clear rule that is simple to understand, but if it is unclear how to operationalize that, or how it deals how it is imported into the day to day running of the business, then it's just words on a page. Maybe they can get to the page easier now, but they still can't use it effectively. So I think that those two concepts, accessibility and utility are really what drive an ability to demystify what your program is about.

Susan Frank Divers:

If I hear you correctly too, you are also saying that it reflects respect for employees.

Forrest Deegan:

Yes. I think that's so important. I'm just passionate about that idea that you can send messages, right? How you present your information can tell a lot about what the company values and making it accessible, including in your language, from your corporate purpose, your value statements, how your CEO talks on a day to day basis. If those hooks are appropriately cascaded through your ethics and compliance messaging, it's clear to everyone in the organization that these are priorities, consistent with how we talk about hitting our numbers for the year, or consistent with talking about our expansion for the year, if we're using the same language and if it rolls up in the same way, that's how you ensure it is embedded.

Susan Frank Divers:

Yeah. I completely agree with you. It's tempting to want to spend more time in this area, cause we're both passionate about it. I will just close it out by saying that only 25% of the organizations this year reported that they're using mobile apps. And when you think back on the pandemic and how people were fighting for bandwidth and may have had children at home using bandwidth and computers, we've seen some stirring examples of companies like Dell, really putting big components of their program on mobile apps. And I hope we see more of that.

But just to look forward now, as we draw to the end, we saw a lot of innovation and pivoting, and yet we also saw some areas that lag behind where people haven't, perhaps, revised their training curriculum as quickly as you might expect or made some of these other innovations like mobile apps. First, why do you think that it is? And secondly, what do you see happening in the next couple of years in terms of best practices for programs?

Forrest Deegan:

To use mobile devices and investing in making your program documents, your governance materials accessible and your training included there in, I was surprised at that 25% number. But as I thought about that particular number and kind of what's next, it made sense because I'm reminded of my own mindset in 2020 and the idea that we didn't know how long this is going to last. And so I'm confident when it comes to some of training activities, some of the new technology investments, the answers that you've got for the most recent running of the survey, I think they reflect everybody's hope, and their investment in that, that first year, year and a half the pandemic that we can ride this out, right. We don't, don't have to start over again with the entirety of our program here. And I think that folks, by now, will have come to the realization that, look, we're not going to get back to a place where everybody is in the office on the same system during the same hours of the day.

How does our program have to in this, whether it's remote or hybrid, certainly transitional time, how do we meet our people where they are and where they're likely going to be for the time being? So I do think your answers will change going forward when it comes to investments in mobile, when it comes to investments in audit processes and controls that take into account the lack of that ability to look over the shoulder, the lack of the ability to rely on tribal knowledge. I think that's going to be the future for all of us. The other thing that looking at kind of where the investments were and they'll go next, what really spoke to me was the idea there was value in having a system in place, right? I think back again to 2020 and those folks that did not have systems in place that relied upon those in-person trainings or audits or what have you, they did have to start from scratch when it came to, how do I do this job, or demonstrate this control in a remote way.

Whereas if you had an up and running third party risk management system, you would have to make changes, you'd have to make tweaks to your risks and what they counted for based upon financial instability, operational constraints, but you were working from something. You were able to make adjustments and not start over. And so I think that contrast also, I think, will serve programs well, because the utility of these systems, I think has been revalued by companies because they see how capable they were of pivoting in ways that some of the more informal methods just were not.

Susan Frank Divers:

To take an example of what I think you're saying. It's interesting to me that a lot of top programs still relied on a tremendous amount of in-person training. Yes, in-person, training's more effective in a lot of ways. It makes those connections, but they may have neglected a bit, their online training and I'm reminded of one, CECO who described it as sheep dip training. As you point out we are where we are and we're not going back two years ago. And so I think the level of innovation we're going to see in areas like training, making it shorter, more video, mobile friendly, more tailored to employees roles in the company. It sounds like that will happen because people have come to realize that they have to rely on their system, that the systems have to be good.

Forrest Deegan:

I'm glad you brought up the idea of training and the different types that are available in an online way. A stat that isn't in here is, is the idea of shorter training, right? And I think that as we need to put more arrows in the quiver of online training of remote accessible training, that innovation is going to continue and that not only will training get shorter and more customized, but the location of it, the availability of the rule or the lesson, right where the potential action could be. You've got to approve the invoice, the guidance for that should be baked into the system. Same thing with, if you have to approve the use of a new vendor, right? The expectations of the company, they need to be right there. They need to be tied directly to the process itself. I think, again, that works towards the idea of embedding the rules and the system into your actual day to day activity.

Susan Frank Divers:

Very well put, more of a just in time approach and again, that emphasis on accessibility for people. Well, I could have this conversation all day and there are so many areas in the current Program Effectiveness Report that we haven't had a chance to talk about, but I know you have other things to do. And I really appreciate you spending the time with us today Forrest.

Forrest Deegan:

It's my pleasure. I appreciate the opportunity to do a deep dive into the report. I love a quote from page six about the idea of having a cut of core values translated into understood behaviors can be more potent and powerful than a thousand rules. I love that cascade down because I think that is the approach that works. And when you couple that approach, which requires consistent communication, when you couple that with the ability to measure response, the ability to track change behavior, that's how you win with respect to these clear communication and standards that are transparent and that people are held accountable to.

Susan Frank Divers:

Thank you, Forrest. Talking with you about the program effectiveness report is truly a pleasure. Before we leave the podcast and I close it out. Was there anything else that you wanted to talk about or any other insight that you wanted to share?

Forrest Deegan:

It's always dangerous to ask me that question, but if you don't mind, there was one other kind of collection of stats that really me just because I think that they inform one another. I think it was on page 11, there's a number of stats around what top rank programs are doing. One was almost three times anticipate greater engagement by the boards of directors and almost two times expect more regular engagement by leadership, right? So there's an expectation that the board and leadership are engaged with the program and on that same spit page, it talks about having policies that are simplified and streamlined and having training that is interactive and web based. And to me one leads to the other. If you have a program that is simpler to understand and has been streamlined and has been built in a way to make it interactive, it is going to be easier to support leadership engagement and the board of director buy-in, if you are giving leaders simpler rules that resonate and reflect the reality of the business, you're going to obtain that buy-in in a natural manner.

Forrest Deegan:

And if you're able to talk about the program and if they're able to talk about that program and have that engagement, then that drives that next level with the board of directors. And so I think you pat have to develop a virtuous cycle here of building a program that's based in the reality of your business that resonates with the values of the company and what the company's priorities are, which will allow your business leaders in talking about those business priorities, to use the same language, to pull the same levers when it comes to their engagement with your ethics and compliance program, it really has to be considered part of that whole in order to work.

Susan Frank Divers:

Oh, I love how you've articulated that virtuous circle between the values focus, the simplified employee-facing messages and mechanisms, and then leadership becoming more natural.

Forrest Deegan:

That really is the heart of demystifying your program, right? You've got to make it based in your reality. And you've got to use the language of leadership in order to get there. And if you're doing that, you will have your buy-in at the top and in the middle and it can drive all the way down.

Susan Frank Divers:

Well, that's a great note to end on. Forrest, thank you so much for spending time with us today and thank you to our listeners for joining us for another insightful conversation. My name is Susan Frank Divers, and we'll see you next time on the Principled Podcast by LRN.

Outro:

We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on apple podcasts, Stitcher, Google podcasts, or wherever you listen. And don't forget to leave us a review.

Abstract:

“You don’t want to wait until you already know that there is a culture problem to really understand the culture of your organization. You should constantly be a student of the culture of your company, because we all know nothing can destroy an organization faster than a toxic culture.”

- Dottie Schindlinger

Culture is top-of-mind in the boardroom. How do you manage it and measure it? What does it look like to act decisively on culture, and what ethical implications come from those decisions? In this episode of the Principled Podcast, host David Greenberg talks about the critical role of boards in shaping ethical corporate culture with Dottie Schindlinger, Executive Director of the Diligent Institute and co-host of The Corporate Director Podcast for Diligent Corporation. Listen in as the two dig into the relationship between boards and ethics and compliance teams and discuss how that can inspire good governance. The key to success? Empathy.

Additional Resources:

Report: LRN Benchmark of Ethical Culture

Featured guest:

Dottie Schindlinger is Executive Director of Diligent Institute, the global corporate governance research arm of Diligent - the largest SaaS software company in the Governance, Risk and Compliance (GRC) space.  She co-authored the book, “Governance in the Digital Age: A Guide for the Modern Corporate Board Director,” and co-hosts, “The Corporate Director Podcast.” Dottie was a founding team member of the tech start-up BoardEffect, acquired by Diligent in 2016. She is the Board Vice Chair of Alice Paul Institute and is a Fellow of the Salzburg Global Seminar.  She graduated from the University of Pennsylvania, and lives in suburban Philadelphia.

Dottie Schindlinger is Executive Director of Diligent Institute, the global governance research arm of Diligent Corporation. She co-authored the book, Governance in the Digital Age: A Guide for the Modern Corporate Board Director and co-hosts The Corporate Director Podcast. She helped launch and grow the start-up BoardEffect, acquired by Diligent in 2016. Dottie is Vice Chair of the Alice Paul Institute and is a Fellow of the Salzburg Global Seminar, and she is a graduate of the University of Pennsylvania.

Featured Host: 

David Greenberg serves as Chair of the Governance and Risk Assessment Committee and a member of the Audit Committee of International Seaways (NYSE: INSW), one of the largest global crude oil and petroleum tanker companies.  Mr. Greenberg’s previous board experience (2006 to 2016) was as the independent director – and member of both the Audit and Compensation Committees --of APCO Worldwide, a private communications and government affairs consultancy and as a director (2013 to 2016) of Clean Tech Group, which creates opportunities for industrial companies to invest in innovative, clean technology.  He also served for 5 years as Chairman of the Board of Trustees of The Keystone Center, a Colorado non-profit that brings together oil, chemical and pharmaceutical companies with leading NGOs to find solutions to complex public policy challenges at the federal and state levels.

Greenberg is currently Managing Director of Cortina Partners LLC, a private equity firm that owns companies in the air medical, addiction treatment, bedding, textile and outdoor recreation industries and is CEO of Acqua Recovery, a residential drug and alcohol addiction center.  He also advises boards and executive teams on strategy, compliance, leadership and culture as a Special Advisor for LRN Corporation, and from 2008 through the end of 2016 was a member of LRN’s Executive Committee. For 20 years prior to 2008, Mr. Greenberg served in various senior positions overseeing government affairs, corporate affairs, communications and strategy at Altria Group, Inc. – then the parent company of Philip Morris USA, Philip Morris International, Kraft Foods and Miller Brewing – culminating in his role as Senior Vice President, Chief Compliance Officer and a member of the Executive Committee.  As one of five senior vice presidents of the corporation, he served on the Management Committee, which oversaw all strategy and company operations.  He was also a principal architect of the company’s very successful efforts to end the ‘tobacco wars’ which threatened the company’s very existence.  Earlier in his career, Mr. Greenberg was a partner in the Washington D.C. law firm of Arnold & Porter and also served as Legislative Director and General Counsel of the Consumer Federation of America.  He attended Williams College and has JD/MBA degrees from the University of Chicago. 

Greenberg has testified before the U.S. Congress, the European Union, the Israeli Knesset and other governmental bodies over two dozen times and has appeared on ABC Nightline, the CBS Morning News, BBC Morning, and the PBS News Hour, and has spoken at leading events for CEOs and boards.

Abstract:

Gone are the days of writing codes of conduct with pages of unreadable text, legalistic language, and corporate jargon. Today, codes are being designed visually and verbally to better develop ethical, values-based cultures. But how do you transform your code into a useful tool that helps people do the right thing?

In this episode of LRN’s Principled Podcast, we another favorite past conversation between Senior E&C Advisor Jim Walton and Mary Fair-Matthews, Senior Corporate Counsel and experienced E&C expert at Kellogg Company about how to create a code of conduct that inspires ethical behavior. 

Listen in as the two discuss how Kellogg reinvented their code to further deepen their commitment to ethical conduct through a combination of reimagining code structure, developing a mobile app, and administering training.

Additional resources:

https://www.kelloggcompany.com/en_US/about-ethics.html

Featured guest:

Mary Fair-Matthews has been with Kellogg’s Labor and Employment (“People”) team since June 2005.  She has served in several capacities including providing legal advice and counsel in HR related matters, managing employment litigation and EEO cases, and supporting the Ethics and Compliance function. 

In 2017, Mary began leading the global Ethics and Compliance function with the goal of continuing the legacy of driving a strategic vision for compliance.   Mary reviews, evaluates, communicates and manages compliance concerns and policies.  She also implements best practices in training and communication. Mary  manages the global investigation function which is made up of a team of investigators around the world who are dedicated to maintaining confidential reporting mechanisms and a consistent investigation process to  resolve employee concerns. 

Prior to joining Kellogg, Ms. Fair-Matthews was a senior associate in Dykema Gossett where she represented corporations in various labor and employment matters. She was a judicial law clerk in the United States District Court for the Eastern District of Michigan.  She also worked as an associate for Plunkett & Cooney.

Featured Host: 

Jim Walton is a member of LRN’s Ethics & Compliance Advisory Services Team – with over 25 years of professional experience in corporate, institutional and government settings, spanning the fields of ethics and compliance; environment, health and safety; and energy management.

Since 2002, Jim has been passionately dedicated to corporate ethics and compliance – designing, developing, implementing and enhancing constantly-evolving, comprehensive, best-in-class, global ethics and compliance programs. Jim has extensive experience in writing, producing and communicating codes of conduct and corporate policies; designing, managing and implementing ethics & compliance risk assessments; implementing anti-compliance and bribery initiatives; conducting third party due diligence reviews; and helping managers at all levels become better ethical leaders. 

Jim is a Certified Compliance and Ethics Professional. 

Abstract:

In this episode of the Principled Podcast, we share a past conversation between Senior Ethics & Compliance Advisor, Emily Miner and her colleague Susan Divers, Senior Ethics & Compliance Advisor. The two talk about how values have the power to guide behavior, shape culture, and strengthen businesses—empowering them to outperform. But what exactly does it mean to take a “values-based approach” to ethics and compliance? Listen in and learn how companies can leverage core values to build effective ethics and compliance practices that drive better business outcomes.

Featured guest:

Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years’ accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Mrs. Divers’ background includes more than thirty years’ experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative. 

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. 

She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. Mrs. Divers’ most recent publication is “Balancing Best Practices and Reality in Compliance,” published by Compliance Week in February 2015. In her spare time, she mentors veteran and university students and enjoys outdoor activities.

Featured Host: 

Emily Miner is a Senior Advisor in LRN’s Ethics & Compliance Advisory practice. She counsels executive leadership teams on how to actively shape and manage their ethical culture through deep quantitative and qualitative understanding and engagement. A skilled facilitator, Emily emphasizes co-creative, bottom-up, and data-driven approaches to foster ethical behavior and inform program strategy. Emily has led engagements with organizations in the healthcare, technology, manufacturing, energy, professional services, and education industries. Emily co-leads LRN’s ongoing flagship research on E&C program effectiveness and is a thought leader in the areas of organizational culture, leadership, and E&C program impact. Prior to joining LRN, Emily applied her behavioral science expertise in the environmental sustainability sector, working with non-profits and several New England municipalities; facilitated earth science research in academia; and contributed to drafting and advancing international climate policy goals. Emily has a Master of Public Administration in Environmental Science and Policy from Columbia University and graduated summa cum laude from the University of Florida with a degree in Anthropology.

We’ve officially wrapped season six of the Principled Podcast and taking a break for the holidays. Stay tuned for more conversations on culture, ethics, and compliance in the coming calendar year. Happy holidays!

Abstract:

CEOs and former CEOs are a dominant force on the boards of major companies. They are also the most sought-after candidates when boards search for new directors. How do these company leaders, so accustomed to being the principal decision-makers in their companies, adapt to the more limited strategic oversight and advisory role that boards play? In our last episode of season six on the Principled Podcast, host David Greenberg explores the lessons that CEOs and former CEOs can bring to boards about purpose, culture, and values. Listen in to his conversation with Walt Rakowich, the former CEO of global real estate organization Prologis and current board director and audit committee chair for organizations including Host Hotels and Resorts, Ventas, and Iron Mountain, Inc.

Featured guest:

Walter C. Rakowich is the former CEO of Prologis, a leading provider of distribution facilities and services with over $50 billion in assets and operations in the Americas, Europe and Asia. He joined Prologis in 1994 and was the Senior Vice President/Director of the company’s Mid-Atlantic region where he was responsible for expanding the reach of Prologis to the leading logistics markets in the Midwest and Atlantic states. From December 1998 to January 2005, he served as Managing Director and Chief Financial Officer and served as the President and Chief Operating Officer from January 2005 through November 2008. 

Walt currently serves on the board of directors of Host Hotels & Resorts, where he is the company's audit committee chair and member of the governance committee; Iron Mountain Inc., where he is chairman of the audit committee and member of the governance and investment committees; and Ventas Inc., where he is chairman of the audit committee. He also serves on the advisory council of Gender Fair. He has served as a member of the executive committee and the board of governors for the National Association of Real Estate Investment Trusts (NAREIT), the primary industry group for REITs in the United States.

Walt earned his MBA from Harvard Business School and his BS, with distinction, in Accounting from The Pennsylvania State University.

Featured Host: 

David Greenberg serves as Chair of the Governance and Risk Assessment Committee and a member of the Audit Committee of International Seaways (NYSE: INSW), one of the largest global crude oil and petroleum tanker companies.  Mr. Greenberg’s previous board experience (2006 to 2016) was as the independent director – and member of both the Audit and Compensation Committees --of APCO Worldwide, a private communications and government affairs consultancy and as a director (2013 to 2016) of Clean Tech Group, which creates opportunities for industrial companies to invest in innovative, clean technology.  He also served for 5 years as Chairman of the Board of Trustees of The Keystone Center, a Colorado non-profit that brings together oil, chemical and pharmaceutical companies with leading NGOs to find solutions to complex public policy challenges at the federal and state levels.

Greenberg is currently Managing Director of Cortina Partners LLC, a private equity firm that owns companies in the air medical, addiction treatment, bedding, textile and outdoor recreation industries and is CEO of Acqua Recovery, a residential drug and alcohol addiction center.  He also advises boards and executive teams on strategy, compliance, leadership and culture as a Special Advisor for LRN Corporation, and from 2008 through the end of 2016 was a member of LRN’s Executive Committee. For 20 years prior to 2008, Mr. Greenberg served in various senior positions overseeing government affairs, corporate affairs, communications and strategy at Altria Group, Inc. – then the parent company of Philip Morris USA, Philip Morris International, Kraft Foods and Miller Brewing – culminating in his role as Senior Vice President, Chief Compliance Officer and a member of the Executive Committee.  As one of five senior vice presidents of the corporation, he served on the Management Committee, which oversaw all strategy and company operations.  He was also a principal architect of the company’s very successful efforts to end the ‘tobacco wars’ which threatened the company’s very existence.  Earlier in his career, Mr. Greenberg was a partner in the Washington D.C. law firm of Arnold & Porter and also served as Legislative Director and General Counsel of the Consumer Federation of America.  He attended Williams College and has JD/MBA degrees from the University of Chicago. 

Greenberg has testified before the U.S. Congress, the European Union, the Israeli Knesset and other governmental bodies over two dozen times and has appeared on ABC Nightline, the CBS Morning News, BBC Morning, and the PBS News Hour, and has spoken at leading events for CEOs and boards.

Abstract:

“To ensure adequate diversity of thought, gender and ethnicity, it’s critical that companies look beyond the traditional experience to recruit board members.”

- Kim Williams

To what extent has there been progress around inclusivity, diversity, and gender parity at the leadership level and in the corporate world in general? How do boards and oversight practices need to evolve to further progress and meet the challenges facing global companies today? In this episode of the Principled Podcast, Marsha Ershaghi Hames, Partner at Tapestry Networks, guest hosts a conversation about board diversity and how directors can ensure their companies do business the right way with Kim Williams, board member of Weyerhaeuser, Xcel Energy, MicroVest, and the E.W. Scripps Company. Listen in as Marsha and Kim discuss the critical role of boards in shaping ethical corporate culture, and how Kim’s experience as the only woman in the room shaped her roles as a corporate leader and board director.

What you'll learn on this episode:

[1:45] Kim’s background, education and career.

[4:45] - How being a woman has impacted Kim’s career path.

[8:20] - The responsibility held by corporations in shaping progress and change. 

[12:02] - Instrumental figures and mentors who impacted the trajectory of Kim’s career.

[13:54] - How Kim landed her first board role and how the recruitment landscape has changed.

[17:03]  - Emerging challenges boards of large global companies are facing today.

[20:23] - What role do boards play in influencing the shape of culture?

[25:25] - Cultivating society to support authenticity.

[28:16] - Board oversight of safety culture in cultivation ethical culture.

Featured guest:

A 26-year career in the Investment Management business allowed Kim Williams to develop important skills which included strong analytical abilities, significant financial and strategic awareness, leadership and communication capabilities, which are always reflected in a professional and proactive attitude. This extensive business and analytical experience has translated into an active participant in the boardroom. As a corporate board member, Kim has been required to address important issues including challenging business conditions, changing business models, corporate restructuring, asset divestitures, management succession, activist shareholders and proxy battles. 

Kim is currently a director of Xcel Energy, EW Scripps, and Weyerhaeuser Company. At Xcel, she serves on the Governance, Compensation and Nominating Committee and Chairs the Finance Committee. At E.W.Scripps, she serves as Lead Director, Chair of the Audit Committee and a member of the Governance and Nominating Committee. At Weyerhaeuser, she serves as a member of the Audit Committee and the Governance and Nominating Committee.

Featured Host: 

Marsha is a partner with Tapestry Networks and a leader of our corporate governance practice. She advises non-executive directors, C-suite executives, and in-house counsel on issues related to governance, culture transformation, board leadership, and stakeholder engagement.

Prior to joining Tapestry, Marsha was a managing director of strategy and development at LRN, Inc. a global governance, risk and compliance firm. She specialized in the alignment of leaders and organizations for effective corporate governance and organizational culture transformation. Her view is that compliance is no longer merely a legal matter but a strategic and reputational priority. 

Marsha has been interviewed and cited by the media including CNBC, CNN, Ethisphere, HR Magazine, Compliance Week, The FCPA Report, Entrepreneur.com, Chief Learning Officer, ATD Talent & Development, Corporate Counsel Magazine, the Society of Corporate Compliance and Ethics and more. She hosted the “PRINCIPLED” Podcast, profiling the stories of some of the top transformational leaders in business.

Marsha serves as an expert fellow on USC’s Neely Center for Ethical Leadership and Decision Making and on the advisory boards of LMH Strategies, Inc. an integrative supply chain advisory firm and Compliance.ai, a regulatory change management firm.

Marsha holds an Ed.D. and MA from Pepperdine University. Her research was on the role of ethical leadership as an enabler of organizational culture change. Her BA is from the University of Southern California. She is a certified compliance and ethics professional.

Transcript:

Intro: Welcome to the principal podcast brought to you by LRN. The Principle Podcast brings together the collective wisdom on ethics, business, and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change-makers.

Marsha Ershaghi Hames: How are boards of directors of major companies coping in 2021 with the increasing expectations from so many stakeholders? How can directors ensure that their companies are doing the right things and doing business in the right way? Hello, and welcome to another episode of LRN's Principle Podcast, where we continue our conversations about the critical role of boards in shaping ethical corporate culture. I'm your guest host Marsha Ershaghi Hames, a partner at Tapestry Networks. And today, I am joined by Kim Williams, an accomplished corporate leader, who currently sits on the boards of Weyerhaeuser, Excel Energy, where she chairs the finance committee, Micro Best, and the EW Scripps Company, where she chairs the board and is also chair of the audit committee. Kim is also involved in nonprofits that focus on women's issues. Kim, thank you for coming on today's Principle Podcast.

Kim Williams: Marsha, thank you for the opportunity to share something of my experience and my thoughts on board service with your audience.

Marsha Ershaghi Hames: Excellent. So let's jump right into it. I mean, you've had such an accomplished career in investment management. You retired as senior vice president, partner, and associate director of global industry research at Wellington Management Company, and then turned to a distinguished career of service on both corporate and nonprofit boards. Can you tell us a little bit more about your story, your background, and career?

Kim Williams: Thank you, Marsha. I grew up and was educated in the UK, where I graduated with a master's degree in economics. I had fully expected to find a position as an economist, as I assume that that's what my master's degree had prepared me for. But serendipity introduced me to the investment management business, a relatively underdeveloped industry at that time in the UK. I still can't remember how I discovered the opportunity. I only know it wasn't through the internet, as I grew up at a time before the internet, but the attractions of the industry was that they provided me with the opportunity to employ my analytical skills, work independently, and be judged on my own performance. I worked, initially, as an analyst for a pension fund, which at the time, was one of the largest internally-managed funds in the UK. And then when my husband and I moved to the US, I continued my career as an analyst, first for Luma Sales, and then for Wellington Management, where I completed a successful 20-year career, initially as an analyst, and subsequently, assuming a broader management role in the firm.

But then following 25 years of commitment to the investment management business, I chose to retire at what could be described as the pinnacle of my professional career. I was a partner of one of the largest investment management firms in the world. I'd been featured in Barons, and I had been repeatedly recognized as one of the best in my field. It was therefore with some trepidation that I embarked on a new adventure and left the comfort of my established career to apply my professional expertise in a different way and that, as a corporate board member. And as you mentioned, today, I currently sit on the board of three public companies.

Marsha Ershaghi Hames: Kim, what an illustrious story. And I'm so moved because one of the things that really has captured me is that when you began your career, pre-internet and all of that, in investment management, you were one of the relatively few women in that industry. I've read an article, as we were preparing for our conversation, profiling some of your intense dedication and commitment to women's issues, where you described your career start as one steeped in tradition but entrenched in misogyny. Can you share more with our listeners about how the sexism you faced, and even the experience of being and walking and taking your steps as the only woman in a room, shaped the early steps in your career?

Kim Williams: Yes, Marsha. I suppose I've never thought of myself as a trailblazer or as a role model during my career. But, as you mentioned, it was not uncommon for me to walk into a meeting 200 people and then to realize that I was the only woman in the room. And yes, this did bring some uncomfortable moments. I had portfolio managers tell me that women had no business in the investment management industry, that, as a woman, I was not equipped to follow engineering companies as an analyst, that my talents were better served focusing on consumer companies on two occasions, I discovered, after the fact, that had I not worked out, they would never have hired another woman.

And two particularly uncomfortable moments come to mind when I was still working in London and early in my career. A doorman directed me to the kitchen when I asked for the luncheon that I was due to attend. And if that wasn't bad enough, he was very unapologetic when I returned and informed him that I was actually a guest and not the help. In fact, he placed the blame squarely on me. I was a woman, so how was he expected to know that I was other than the help? And, on another occasion, a senior partner at an investment bank asked me if I had come to serve the drinks. These incidents were early in my career, but I think allowed me to develop an inner strength and fortitude and forced me to be more assertive and courageous than my personality might suggest. Further, it really made me more determined to demonstrate that I should be judged by my performance. But that said, I would also acknowledge that there is an advantage to being the only woman in the room. Management seldom forgot me, for better or worse. And, in spite of the challenges, I thrived in the environment. I love the daily stimulation, the constantly changing schedule, the need to respond to the immediate nature of events, and I grew to relish the challenge.

Marsha Ershaghi Hames: Kim, just the stories you're sharing, give me goosebumps. And what pains me is you were experiencing this as a pioneer at a time where you simply didn't even have the open forums to share your experience more publicly or more privately, as we do today. And I think as a mother of a daughter who's also in college right now pursuing her next chapter in life, our young women cannot be what they do not see. So if that doorman simply couldn't process or relate to how you had such a position of impact and influence in leadership, it's not just our daughters. It's our sons and it's our communities that just really need more role models like you. So if I take a step back and really reflect on the courage of this experience, when you look at progress today around inclusivity, around diversity, gender parity, if anything, in not only your industry and journey but, generally, in the corporate world, has there been progress? I mean, what is the responsibility of the corporation to be more, shall I say, intentional about supporting and shaping change and progress?

Kim Williams: On balance, I'd have to acknowledge Marsha that there has been progress, but still, I think we would all accept, remains a work in progress. Investors, interestingly, are demanding increasing diversity on corporate boards and in the C-suite, which may accelerate this process, because it's been clearly demonstrated that increased diversity contributes to enhanced financial performance. And I think this further reinforces the imperative of enhanced diversity, as we're not taking full advantage of valuable assets, but increased participation has been achieved by women in corporate board rooms. At the end of the first quarter of 2021, 24% of all board seats, in the Russell 3000, were occupied by women. And this is versus 15% in 2016. So some progress you can see, but I was somewhat shocked to see that there are still 5% of the Russell 3000 that have all-male boards and no female representation, and only 4% of S&P 500 companies have a female chair. And, in fact, an interesting fact, there are more male chairs called John in the S&P 500 than there are female chairs.

And I think looking to the C-suite, there, less than 10% of the S&P 500 have a female CEO. I'm actually proud to share and report that Jean Hynes assumed the position of CEO of Wellington management earlier this year, the first woman in that role. And Jean Hynes was previously the only second female managing partner. So some progress in the investment management industry, too. I do believe, to your point, Marsha, it's the responsibility of boards and management to be more intentional in ensuring increased diversity. I acknowledge that this requires boldness to accomplish diversity goals, and you have to overcome potential resistance or reluctance based on that unfounded belief that pursuing diversity goals requires a lowering of standards.

Increasingly, the next generation of talent is demanding a diverse workplace. And if you don't embrace diversity, you will not be seen as the employer of choice. I'm just speaking to my board experience. I'm proud to know that the boards on which I serve have broad diversity, thought, gender, and ethnic diversity, and each company has an emphasis and a commitment to achieving further diversity at all levels of the workforce. I would note, as you did earlier, that I chair the Scrips board, as well as its audit committee, and I chair the finance committee at Excel. And at Weyerhaeuser, two of the three committees are chaired by women.

Marsha Ershaghi Hames: Mm-hmm (affirmative). So while there is some progress, there's always a particular mentor or instrumental figure in all of our lives that either allows us to find the courage or see the examples of the how, the pathway forward. Were there any significant mentors or sponsors, in your journey, that really had an impact on the trajectory of your career path?

Kim Williams: Yes, indeed. And I'm grateful to those individuals who served as important mentors to me during my career and provided me with guidance and encouragement at critical points in my career. And this is not just in the investment management business, but also through my corporate board experience but not surprisingly, given the nature of and the challenges of both the industry and more moving into the corporate board world, they were all men, but they allowed me to seize the opportunities afforded me and capitalize on my abilities and develop new skills. They also provided me with important opportunities, but this has really encouraged me to seek out opportunities to support other women to realize their full potential. And I work actively, wherever possible, to advance and promote women.

Marsha Ershaghi Hames: Well, and building on that, when we talk about the board's own diversity, reflecting on its own culture and diversity, there's been a lot of conversation around the need to bring in other types of experiences and perspectives, more cognitive diversity into the boardroom. And a career like yours, in investment management, was not a typical background for a director when you joined your first board. Could you tell our listeners a little bit around the journey, too? How did you land that first board role? How have things maybe changed with CEOs and boards becoming a little more open to considering different skills and backgrounds for board seats?

Kim Williams: Yes, Marsha, indeed, you are correct. I had a very unconventional background for seeking a corporate board position. And when I embarked on my search, which was now some time ago, the majority of board members were either sitting CEOs or retired CEOs or other C-suite executives. But I was fortunate to encounter companies with a willingness to consider more diverse experience as they look to recruit board members. This was bolstered by the reputation that I enjoyed and the relationships and credentials that I had established during my career. When I was an analyst, I had covered both Weyerhaeuser and EW Scrips. And the company had a first-hand glimpse into the type of experience that I could contribute to the boardroom. Unless, anybody think that these CEOs were expecting a pass if I went into the boardroom, I enjoyed a particular reputation as a tough questioner. And there was actually a cell site analyst who wrote a report about my election to the Weyerhaeuser board, saying how courageous the company was in inviting me into the boardroom.

But I think it's increasingly clear that to ensure adequate diversity of thought, gender, and ethnicity, it's critical that companies look beyond the traditional experience to recruit board members. I would highlight potential areas of recruitment, such as executives with HR experience, given the heightened focus and scrutiny on talent management and human capital management. I'd also look to the role of the chief information officer to strengthen the oversight of cybersecurity risk. And then a word about financial analysts, who bring both analytical skills but also investor perspectives, which I think are increasingly important, into the boardroom. And I'm seeing that happen. And many of my former investment colleagues and partners, both male and female, currently sit on corporate boards.

Marsha Ershaghi Hames: Well, I like that you've really also highlighted that there is, at times... And I think the pandemic revealed this quite a bit. There is an importance to break the groupthink, to have the courage to ask, or to be a little more investigative around some of the uncomfortable issues, because we saw, with risk, talent, all of these matters unfolding over the last 18 months, it takes those skills and experiences to be able to step in and courageously ask what may be an unpopular question to move the organization forward. So turning to some of your current board service, what are some of the more challenging or emerging challenges that boards of large global companies are starting to face today as we sort of... I don't even know if we could say we're coming out of the pandemic, but we learned a lot. And how do boards and oversight practices need to really start to evolve to meet these challenges?

Kim Williams: Well, before I answer that question, Marsha, I'd like to just reflect on that previous comment that you made. When I think about diversity, I think about it in its many facets. And indeed, when I think about recruiting and look to who we should bring onto the corporate boards I currently sit, I really think about "What do I not know, and what expertise do I need in the boardroom in order to unearth those issues that somebody else has the ability to define?" I think diversity, in thought, is just as important as all the other areas of diversity in order to make sure that we're getting the best questions asked and the best results for a corporation, absolutely.

But thinking about this question that you've posed to me now, I think the simple thing would be, where to begin? The last 18 months have been unprecedented for many people, obviously not just corporate boards. We've been dealing with the challenges of COVID, a virtual work environment. And the companies I'm involved with, employees had to continue to operate, either to deliver TB news or provide wood products or to simply keep the lights on in our service territories. And the challenge to during this period was really keeping those employees safe and adapting to a work environment which was often from home and making sure that the necessary technology was available to employees and that the appropriate control environment was there. And, on a number of boards, we were meeting weekly, of course, remotely, but given the uncertainty of the time and the lack of visibility, this became necessary.

But now, the issues that we face, while, as you mentioned, we continue to deal with COVID, we have the issues of the return to the office and the implication of vaccine mandates and how they affect the companies. We have cybersecurity and increased ransomware threats and attacks. And also, we're dealing with the issue of the Great Resignation. Demographics were really already presenting a challenge with baby boomers retiring at unprecedented levels. We are having additional pressures as employees are reassessing their priorities and leaving the workforce or moving to different opportunities. So this is forcing us to address the future of work and the role of technology and how technology might play a role in providing solutions.

And then, of course, there's the topic of ESG and EDI, talent management, and the reporting requirements around those and which committees should be addressing each of these individual topics. And then, of course, climate change. These are in no particular order and doesn't reflect how I, or any of my board, set priorities. But I would also just reiterate that, coincidentally, we, as a board, are also charged with the regular work of the board, with the oversight of strategic direction, the review of management succession, management talent and performance, capital deployment, and the review of the appropriate capital structures, holding management accountable for delivering financial results, and ensuring the integrity of the financial results. So I'm sure I've left something out, but as you can see, this is a very full plate that we have.

Marsha Ershaghi Hames: And with this very full plate, I mean, it's overflowing, from cyber to talent to capital matters. You've been a part of our conversations with the Ethics Culture Compliance Network focused on oversight of culture. How can a board really... I mean, culture itself isn't a standalone topic on an agenda. And as you've mentioned, as we're transforming how we work, how we recruit talent, how we develop the next generation of leaders, in this new digital world, how can boards potentially approach thinking differently around oversight of culture, or what role can the board play, if any, in influencing the shape of culture in this new world?

Kim Williams: Well, I think boards have an important role, Marsha, in ensuring that managements are overseeing culture. And, in fact, boards themselves should be ensuring that the mission, vision, and values of a corporation are really reflected in the culture of the enterprise and then holding managements accountable for this. I think that, to the extent everything begins with tone at the top, but it's then also important for boards to really understand and appreciate if that tone at the top and that mission statement really translates into other levels in the organization. I think that's been one of the things that I have found a challenge in over the last 18 months, with everything being done remotely, because I enjoy spending time in the divisions with employees below the C-suite, where you have the opportunity to really understand and appreciate if what is being articulated by senior management is really being embraced and incorporated into the enterprise writ large.

I, particularly, also really rely on internal audit to be an auditor of corporate culture. And again, they have been challenged with being able to go out into the operations and into the day to day of the employees. So I think that's something that, really, I look forward to getting back on the road and traveling to see people. But I think that there just are many opportunities that boards have in order to really encourage management to act boldly, to be held accountable, and to make sure that the appropriate KPIs are included in compensation metrics to understand how managements are approaching talent management, particularly differently, if they have not achieve the desired diversity objectives. And I think it's, it's also important to focus on strategies to foster inclusion within an organization be because it's not just sufficient to attract a diverse workforce, you then have to retain them.

And so we also own need to recognize that this perhaps comes back to know some of the challenges around this. I think we need to recognize that there will be those in an organization who do not embrace the fact that we need a more diverse, inclusive workforce and may even feel threatened and believe will be at risk as the company pursues additional diversity. So I think it's the challenge of management and the board to really reinforce this as a priority, why it's a priority and that it will contribute to a better performing organization as a whole, not just will better some members of the community at the expense of others. And then just, finally, boards really do have an important oversight role. And I, particularly, have been involved with interactions with identified high performers in organizations to demonstrate the type of opportunities that are available, particularly to young women, and to provide guidance in how they might view their upcoming challenge and overcoming those challenges. But I do think, finally, it's that importance of reinforcing this as a priority of the board.

Marsha Ershaghi Hames: So you really are touching on a number of points. And one thing that pops in my mind as you describe this opportunity of intentionality and the potential of some individuals feeling threatened or fearing some of the diversity, as I think of authentic leadership and how can we cultivate societies and communities and corporate work horses and cultures that really support that sense of authenticity, I know that, in a lot of the research we're seeing around the new generation that's in the workforce, they desire to work and be aligned. And you mentioned this, values-oriented organizations and authentic and committed and intentional organizations. So it's not just recruiting diversity, but it's identifying ways to retain and support those voices, so...

Kim Williams: I think, Marsha, that you raise a very good point there. I am fortunate, in my board service, to be involved with three companies who have very well-articulated mission, vision, and values, which frankly, we are finding as a competitive advantage as recruit people. And I think it's important... Again to highlight something that you said, it's important to think about all of the stakeholders that are involved with that, because it not just about one particular group, but you have to include whether it's viewers of the television stations that watch our programming, whether it's the communities that are taking electrical service in our service territories, or whether it's what we're doing in terms of environmental stewardship at Weyerhaeuser. These things are all very important in really speaking to being able to attract and retain talent, to make sure that people actually feel proud when they work for you.

Marsha Ershaghi Hames: It's so true. It's so true how much we are connecting purpose and commitment with organizations to impact. And we're seeing more and more that, with gen Z especially, they want to work for organizations that not only fulfill what they're passionate about but are contributing to the communities that they serve and that they work in. But we're reaching in near the end of our time together, Kim, and I want to touch on one point, which I think is really crucial for us to discuss and that is safety. You serve on the boards of companies, where safety is critical, and it serves actually as a key performance indicator. It's really a part of the value and mission and purpose of the organization. What lessons can you share with listeners around board oversight of safety culture, and how can this help apply to our listeners thinking about cultivating ethical cultures across an organization?

Kim Williams: So when we were initially having those conversations about ethics and the ethical value of companies and how you monitor that, it really made me think about what we're doing both at Excel and at Weyerhaeuser on safety and creating a safety culture. And those two organizations have very dangerous occupations, and it's of utmost importance that we ensure that our workforce returns to their families safe every night. And, in order to do that at, and to foster a culture of safety, it has to... Again, tone at the top, making sure that this is something that is embraced by everyone, not just the senior leadership but the board and all members of the community and employees. And I think where the board has a role to play is that conveying to the employees that it is a priority for us.

On both those boards, we begin every board meeting with either a safety moment or an update on safety to just reinforce the notion that to create a culture, you really need to continue to do it because culture is something that can be very fragile. If you don't continue to reinforce it, it might not survive. And so, again, I think it just has to be something that's ingrained in the culture and is part of what you do on a day to day. I notice that, in my own actions, when I'm at home, I don't do anything that could be considered unsafe. And I'm always encouraging those around me to make sure that they are operating and working in safe conditions. But again, it's really about tone at the top, board engagement with the broader workforce to convey that safety really is a key principle. And I think you can do that with culture. And the notion that establishing a strong tone with respect to an ethical culture... And while you might have a performance-driven culture, that doesn't preclude you from also having an ethical culture, because it has to be demonstrated that financial results cannot be when you jeopardize ethical standards.

Marsha Ershaghi Hames: That is a great way to end. Ethics is non-negotiable, and performance shall be achieved and pursued but not at the expense of how we get there. So, Kim, clearly this is a conversation we could be having all day. I've really enjoyed learning. I've learned so much from you, and I hope that we have the opportunity to continue the dialogue in a future podcast, but we're out of time for now, so thank you for joining me on this podcast.

Kim Williams: Thank you, Marsha. It was a delight, and I really enjoyed it, so thank you for allowing me to share my story.

Marsha Ershaghi Hames: Absolutely. And to all of our listeners, I'm Marsha Ershaghi Hames, with gratitude for tuning in to The Principle Podcast from LRN. And I'm going to sign off. Thank you.

Outro: We hope you enjoyed this episode. The Principle Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures, rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.