Principled

https://feed.podbean.com/principled/feed.xml

31.2K

Downloads

188

Episodes

LRN’s Principled brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership and inspiring workplace culture. Listen in to learn valuable strategies and receive actionable advice from our community of business leaders and workplace change-makers.

Episodes

Friday Nov 04, 2022

S8E9 | Making performance management meaningful and aligned with DOJ policy

Friday Nov 04, 2022

In September, the Department of Justice Fraud Section announced a new policy direction on corporate misconduct, clearly stating that personal accountability for employees, executives, and directors was their number one priority. The revised DOJ policy clearly states that an organization’s compensation and benefits program must be aligned to its values and ethical culture. So, what does this mean for compliance? In this episode of the Principled Podcast, host Susan Divers discusses how to implement a meaningful performance management system that meets DOJ objectives with Stephanie Ragan, a Certified Compliance and Ethics Professional (recently of SOFEC) and now solo practitioner after 14 years as a compliance specialist and manager in the oil and gas industry.

Featured guest: Stephanie Ragan

As an experienced, well-rounded compliance and ethics specialist, Stephanie has recently struck out on her own by launching Ragan Export Compliance, a consulting company focused on providing services and guidance for regulatory compliance. A subject matter expert in trade compliance for the past 10 years, she holds both a Masters of Science in Regulatory Trade Compliance and a degree in International Trade Management. Her credentials include special certifications as a Certified United States Export Compliance Officer (CUSECO), a Certified Compliance & Ethics Professional (CCEP) and an FCPA Expert (FCPA Blog).With a passion for developing efficient, integrated and automated compliance systems and programs, Stephanie’s philosophy is that the intentional integration of compliance and ethics elements within an organization is at the core of every successful business model; and through making compliance accessible and approachable to all stakeholders, the value of a company’s culture is significantly increased.

Featured host: Susan Divers

Susan Divers is the director of thought leadership and best practices with LRN Corporation. She brings 30+ years’ accomplishments and experience in the ethics and compliance arena to LRN clients and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance, and sharing substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics.

Principled Podcast Transcript

Intro: Welcome to the Principled Podcast, brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Susan Divers: Last September, the Department of Justice Fraud Section announced a new policy direction on corporate misconduct. And they clearly stated that personal accountability for employees, executives, and directors was the department's number one priority.

And as part of that, the revised policy that DAG, Lisa Monaco put out that day makes clear that an organization's compensation and benefits program must be aligned to its values and ethical culture. That means that positive behavior, for example, turning down a tainted business opportunity should be an essential factor in evaluating performance.

And that there should be financial penalties, real financial penalties for misconduct. So what does that mean for compliance professionals? Hello, and welcome to another episode of LRN's DAG, Lisa Monaco. I'm your host, Susan Divers, director of thought leadership and best practices at LRN.

Today I'm joined by Stephanie Ragan, a certified compliance and ethics professional, and most recently of Sofec, an oil and gas provider that's global in its operations. Stephanie has just left Sofec and is now consulting on her own after 14 years of a compliance specialist and a manager in the oil and gas industry.

We're going to be talking about implementing a meaningful performance management system that meets DOJ objectives and how you go about that. Stephanie, thanks for joining me on Principled Podcast.

Stephanie Ragan: Thanks for having me, Susan.

Susan Divers: It's my pleasure. Interestingly, one of the questions we ask in LRN's annual program effectiveness survey is about organizations using ethical behavior as a significant factor in compensation, bonuses, hiring and promotion. And last year 69% of the over, I think it was about 1200 ENC programs that we surveyed, indicated that they required that an employee's ethical behavior be evaluated as part of their annual performance review.

And we found that top rated programs were much more likely with 88% including such criteria. But Stephanie, as you know, with all things compliance, the devil is in the details. So I'd really like to hear about how you implemented your program that does just that at Sofec. And I'm sure our listeners would love to profit from your experience and your wisdom on this subject. So let's start at the beginning, how did you start this initiative or how did it start and how did you get support for it?

Stephanie Ragan: Well, sure. So coming from a company like Sofec, we just celebrated our 50th year and we have a lot of mature programs and some that are still coming along. And our compliance program was one of our newer initiatives. We started it in about 2011.

And it was interesting to see that when we formalized that department and all of our programs, policies, everything that helped sustain it, there was a need to measure it against other overhead type departments like HR, HSE and quality. So looking toward those types of departments for direction to see how we could measure effectiveness of programs and tie that back to our professional performance goal setting efforts that we do on an annual basis was a challenge for us.

And we decided that as the new kid on the block, we could look at what worked for everybody and what didn't. And we decided that it would be necessary to look at what weight we needed to hold within the organization for each of our compliance initiatives.

So for a starting point for our listeners, I would suggest that you look at the way your organizations measure performance. And if there is already an existing HSSEQ component or HR component, that you should also be including a compliance and ethics representation. And that should be a key area of focus for your personnel to align with your company culture and your company code and business operations.

Susan Divers: That makes a great deal of sense. And I want to pick up on one thing you said in particular, which is that the ENC program needs to have equal status and weight with other similar programs, whether it's HR or audit or security or health and safety. And that's actually in the 2020 guidance from the Department of Justice as well.

Because one of the questions prosecutors will ask or are told to ask companies accused of misconduct is, "Does your ENC program have equal status and resources?" So the approach you took fits very nicely with that. Let's talk about how you actually went about it. How did you enlist support? How long did it take? And what did you do in the end to get it up and running?

Stephanie Ragan: Well, you know it takes a village to have any kind of success. And our compliance and ethics global team really took on this call to bring compliance and ethics to the forefront, it having an equal say in the performance measurements that we do in the company.

And we were able to within the last few years, convince our management that along with performance measurement, which was a key area of concern, we needed to have regular meetings, at least an annual meeting, to be able to confer as a team globally and to discuss ideas, work on program development and get training initiatives ironed out.

Kind of plan out our year as a whole so that globally we could have a cohesive plan that aligned everyone, didn't leave anyone behind from a planning standpoint for all of our entities, and made sure all personnel were covered by local compliance and ethics designees that could administrate and cover those programs as we rolled them out.

So this was very well taken on. And again, we leaned back into HR and HSE were having these types of annual meetings and conferences internally in the company. So we wanted to say, again, we need to make sure compliance and ethics is represented. It was well received and management was very supportive.

So in 2019, we had our first global gathering. And at that point, we all discussed how we measured and where we had gaps in measuring those compliance and ethics performance areas. And we figured that the global initiative of tying it into your bonus, your compensation that's measured annually by HR, that we needed to partner with them as well.

So we were able to utilize the great guidelines that were out by the Department of Justice that came out in 2018, 2020. And then similarly, we had more guidelines come out again this September. These types of guidelines were helpful in getting the highest levels of buy-in. So using that as leverage, we were able to place value on measuring those individual participation to show evidence of a effective compliance program. And we were able to also work with legal.

And I think that that's something that anyone who's struggling with finding a way to tie their individual performance metrics for users to compliance and ethics, that having your legal team work with you, if that's not already part of your compliance and ethics team and working with HR to jointly explain to senior management why the Department of Justice guidelines are so helpful and necessary to pay attention to.

No one wants to have those types of individual penalties pointed back toward them. And letting them know what the enforcement and penalty details could entail, it can be a little scary and overwhelming for them, but it lets them know the weight of importance. So moving on, our CNE team wanted to then, after we had our senior buy-in, determine specific ways to quantify a compliance and ethics participation that was acceptable.

So we developed a way to be able to measure and do a cumulative total for each employee throughout the year. And with the help and guidance of our compliance council, our general compliance council, which oversees all of our compliance and ethics initiatives from a senior level, and our chief compliance officer who's over our entire group, performance matrix was developed.

So we determined what KPIs and metrics were most valuable to our company and also how participating in training and completing mandatory training assigned on time or early would be a key indicator that our personnel were engaged in in meeting their CNE goals.

Now that was our initial concern that the training and focusing on training, on time training completion wouldn't be enough, but that's a great baseline. So if you are not measuring that, start there. And we also decided though that's a minimum expectation, that other avenues of participation engagement could then be easily added.

This was a chance also for our CNE team to promote all of the tools and the outreach that we had been developing to engage individuals in our annual Compliance Week program, our local newsletters, which we could insert quizzes and different activities for them to complete, optional live and virtual training sessions, surveys, quizzes, and use of compliance videos and slides in their operational meetings and team meetings.

And then it gave us an opportunity also for people that really went above and beyond to be recognized and have that tied back into their performance goals as a metric to, so our compliance champions who always went above and beyond, or personnel who brought forward potential compliance and ethics issues that were helping make formative changes to our program could also be recognized.

That sounds like a lot to keep track of and could be really overwhelming for our listeners that have a new compliance program, limited resources, budget constraints, but there are a lot of great tools and support out there like LRN that is a great content provider and provides support with measuring that on time participation and a lot of other value that you can add into your program.

Let's face it, at a minimum, any functioning compliance program is at least checking the box with mandatory compliance and ethics training like anti-corruption or your company code training, general CNE program awareness. So if you start with training as your first building block to measurement, it'll be less of a shock and easily accepted because your population and your personnel are already participating in those training initiatives.

Susan Divers: That's a great story. And the way that you worked with other people in the company to identify where you were going to start with the criteria I think is very powerful for people who are grappling with this subject.

And I know it's not just companies that are new or small, it's an area that I think a lot of people are still trying to chart their way. And also using the Department of Justice guidance strategically to help management understand why this is a risk that really needs to be managed.

I think there is emphasis when you look at the guidance, it's important to realize that it's out there in part to help people like you and your team actually implement it by putting it under an official seal, if you will. So well done. Hey, tell us now, how is it working and are there any tweaks that you would make at this stage?

Stephanie Ragan: Well, the great news is we've certainly seen improvement. So we've seen results of greater participation across the board in all of our areas. So whether it's people participating in Compliance Week because they know it ties back to their performance or they attend training that they would've otherwise blown off or not considered taking because it wasn't mandatory.

And that is really energizing us to continue to grow the program and continue to find ways to reach people. And we've seen a lot of participation because of this initiative of tying it to performance goals in areas and regions where maybe culturally it wasn't important before to participate in compliance and ethics initiatives.

But now they understand because they have something that's tangible material that ties back to their actual individual performance and they want to succeed in that area. So in general, it's helped us create different types of communications. We've been able to go and create management reports to provide managers live specific data on how each of their team members are performing throughout the year.

Some managers reach out for that quarterly or semi-annually, but everyone reaches out for it toward the end of the year when they're wrapping up their performance evaluations. And it's great to have that kind of tool. So I do recommend that you work on creating something as simple as an Excel spreadsheet that can start capturing data to keep good records regarding the performance of your personnel.

And also, if ever you are audited by a government authority, it's a great tool to provide your training records and say, "We're not just checking the box, we are going above and beyond by tracking every engagement with compliance and ethics." So also following that, we're able to use those participation records to quantify a score for each person.

Now, it doesn't necessarily have to be a numeric score. Some companies may want to do it that way. We aligned with what our HR teams were already using, which is kind of a scale one to five, either unsatisfactory and then failed to meet expectations. You either met expectations, exceeded expectations, or you did outstanding work.

So because that was already in use in our system, it was a language everybody understood and we created what fell into each category for our measurements on the compliance and ethics side. And again, we don't have to reinvent the wheel, you can use what you have and work smarter, not harder. But tracking the progress is really important.

So if you can assign something that you can put a value against, then you can develop statistics over time and track trends within the organization. We did have a lot of discussion across the board about how much weight should be given to compliance and ethics performance compared to HSE or HR.

So again, we fought to have equal footing because we preach in our company code of, we have a culture of compliance, we have our compliance code that gives guidelines on how to operate in every aspect and provides best business practices for everyone. So there was no reason to sell ourselves short or give ourselves a discount and say, "We don't want to be considered equally."

Even though some companies may need to tweak that based on what their own business practices are, it should have some alignment with your culture and your code. And that way people understand it and can buy into it on an individual basis and an organizational basis.

So looking forward in 2023, and this is largely in response to the new DOJ guidelines that you mentioned earlier, which came out September 15th, that does focus a lot on enforcement. So again, we have that leverage to push and say, "This is important. You don't want to be in trouble because this is how it can affect you as an individual."

And that does garner a lot of attention and response from senior management, which is great. We don't want to scare anyone, but we want to make sure they understand the weight of their actions or inactions. But our tweaks moving forward would include tiered measurements, and that aligns with the Department of Justice newest guidelines so that you have different measurements and expectations for managers and supervisors and executives.

And I think you should really look at that as three different categories, general personnel, people who have an influence over them, managers and supervisors, and then the people at the top. So your executives are going to be viewed differently if enforcement actions are ever taken. So you might as well prepare and have your program mirror that type of focus internally.

We also have a lot of questions that come up then from managers that say, "What are my roles? What do I need to do to earn my points or to get a good rating?" And we always encourage them to infuse and integrate compliance and ethics into their team talks, their safety minutes that they have at a beginning of a meeting, replace some of those with compliance moments.

And we make those tools available easily so that they can download it from our [inaudible 00:19:23] and they have full access to short videos, to content that we can pull from different training providers or that we've developed internally. That just makes it easier if they have one stop shopping, they can go to your compliance site.

And if you don't have that type of setup, don't worry. Companies can always make it available by emailing that out to managers and just having kind of the library available to them. And as you develop and tweak your offerings, let people know.

It's good to self-advertise within the organization so that send an email out to all of your managers and say, "Hey, we have a new video available if you want to share it with your teams." And let those managers come back to you and let you know how they used them and what the feedback is, because that's just going to help build the program and continue your process improvement.

As the DOJ recommendations indicate, effective compliance program always points to individual emphasis for that compliance and ethics participation and compensation. And I think we can agree that those personnel who embrace and make an effort to incorporate compliance and ethics into their work are more likely to report potential issues, be less likely to become bad actors by breaking rules intentionally or unintentionally. And generally, they're going to support the best practices and the compliance and ethics program in the organization.

Susan Divers: Well, we would certainly agree with that. And our research at LRN shows overwhelmingly over the years that I've been here, which are now six, that a culture of compliance that involves employees at as many levels as possible and helps them by giving them materials, you mentioned making it easy for managers to talk about ENC, that that is the best defense to misconduct and it's not how many times you reinvent in your code of conduct.

But I do want to mention one other thing that you talked about early on, which is data points and having something that shows exactly where a particular individual is in their ENC journey, whether it's training or touchpoints. We've actually just redone major parts of our platform and we're very excited about it because there's a part that we're rolling out this month called Reveal, which is advanced data metrics from the training experience.

And it shows what courses, what subjects people struggle with the most, how much time employees spend on a given subject and a lot of other very relevant data. It's very powerful and it allows you to benchmark against yourself and against other companies in your area. That's something everybody is very focused on.

And using that in conjunction with your performance review system can really drive change. And then I'd also mention managing that data is important. We also are including a tool that we've had for some time called Disclosures where we're asking people to tell us when they attest to the code of conduct or when they roll out. You can use it to track how many times they roll out an ethical moment or other times when they talk about ethics and compliance.

So the idea is to make it as easy as possible for the compliance team to track that. But we're starting to run out of time, so I want to talk quickly about what are the pitfalls. Because obviously this is a terrific program that has gained traction and is broadening and improving as you go along. But what are the pitfalls to avoid? And then I want to talk about your new company and your new initiative too.

Stephanie Ragan: Well, first of all, the biggest pitfall that you can have is to not do anything or to be stymied and overwhelmed. So don't overthink or over design any initial measuring system. Remember that look to the offerings and tools that are made available to your personnel already. So start with finding the easiest way to measure what you're already doing.

And you can always scale up as part of your continuous process improvement efforts. And then again, as you saw for development of our program, we could not have done this if we had worked in a silo. You have to engage and partner with HR and other stakeholders in the organization to find a way to infuse that measurement of your ethics and compliance participation.

And be sure to include that there is a way to acknowledge excellent contributors. Because that drives people and excites them to participate more. So it can be an incentive for good behavior and make it specific to a task or event that's not evergreen. You can change this around and continue to improve it as years go on and set goals for your compliance and ethics team to be able to continue to develop every year something different to bring more users on board.

Susan Divers: That makes a great deal of sense. And again, congratulations. That's a major accomplishment. And it sounds like the program was very well designed for your business and your particular culture and your risks. So let's turn to the future now with your own business, Ragan Export Compliance.

What kinds of clients will you be aiding in the development of their ENC programs? I know you have deep experience in the oil and gas industry and are a certified FCPA expert and have the export control function as well. What are you going be focusing on and what risks do you see developing for exporters in particular as they seek to adhere to the DOJ guidance?

Stephanie Ragan: Well, thank you for asking about that, Susan. At Ragan Export Compliance, I'll be providing trade compliance support and guidance focused on export or import compliance plans. And large focus now is technology. So we'll be helping develop technology control plans.

And also because I do have a background coming from the last five years of doing the certified compliance and ethics professional from SCCE, I also can help develop the corporate compliance program enhancements for any industry, which can include developing training programs, conducting training, auditing, risk manages, strategies, due diligence and screening ,vendor management systems.

And if a system needs overhaul, that's something that people sometimes forget. They develop a compliance program and then put it on the shelf, but it really does need continuous review, especially in the light of recent and constant regulatory changes and updates.

To get back to your question about what risks do I see developing from an export angle, I do see two areas where exporters can pay additional attention, especially considering the current international policies and issues that are going on in the world. The enhanced due diligence is needed now as part of your program to identify military end users or MEUs.

And this is primarily in China, Russia, Venezuela, and Burma. But it's a good habit to get into looking at that and incorporating, identifying military end users and uses as part of your, know your customer and screening system for your full supply chain. And then the second area where there can be some additional attention paid would be that your program includes a really strong level of control for not just your physical shipments, but technology.

That's a blindside for a lot of exporters, importers, and just USPPIs in general because they don't realize how wide the definition for technology is when you look at the regulations. So for example, the EAR definition of technology for Department of Commerce for controlled technology is any specific information that relates to development, use or production of controlled items, those technologies would also be controlled.

So pretty much any information that relates to those items, because the development use or production is so broad. And the ownness of that comes back to the exporter. Whenever regulations are vague, it puts more pressure on the exporter to understand and have systems in place to be able to address potential violations.

And then because of regulatory changes, a lot of stagnant compliance programs can be a real risk for companies because they may not realize it's something that they have always been able to export. For example, certain valves or stainless steel items, things that were pretty innocuous for a large part, didn't need licenses up until recently when regulations changed.

And now they fall into this large basket categories like 2B999 ECCN numbers, which I know might sound scary and very technical to people listening that don't have a real firm grasp on the ECCN, but there's a lot of guidance out there, and that's what we hope to provide and be able to help navigate at Ragan Export Compliance.

So finally, just in general, I would say that my advice to our listeners today is just to continually evaluate your compliance program and make sure that your CNE engagement measurement that we've discussed today become truly effective ways to ensure that your organization is on the path to executing best practices and avoiding any regulatory infractions. If you follow the guidelines and reach out for help when needed, you won't go wrong.

Susan Divers: Well, thanks Stephanie. I certainly agree with everything you've said and want to emphasize your point about don't fall into the trap of stagnant compliance. A lot of times I think it's easy to rely on backward looking metrics and saying, "Well, last year we trained 340 people, and this year we hope to do more."

It's important to really keep evaluating what are the new risks that we're facing, and are the procedures that we have in place adequate for those new risks? And certainly that's consistent with the guidance too. So unfortunately, we've run out of time, but I want to thank you very much for spending these minutes with us and giving us the benefit of your insights. I hope you'll come back and speak to us again soon. Maybe we can do a session on export control. And we wish you all the best in your new venture.

Stephanie Ragan: Thank you, Susan.

Susan Divers: My name is Susan Divers and I want to thank you all for tuning in to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning, ethical cultures, rooted and sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Friday Oct 28, 2022

S8E8 | Compliance benchmarking: Benefits, limitations, and best practices

Friday Oct 28, 2022

What you'll learn in this podcast episode

Guidance from the US Department of Justice, particularly the recent 2020 memorandum, stresses that a company’s compliance program must reflect and evolve with its risks—and should not be a snapshot or on cruise control. But in assessing those risks, it’s helpful to see what other companies in the same area or circumstances have done to meet them. Collective action and coordination can be very useful in dealing with common risks. So, when is benchmarking and a collective approach to risk helpful? And when can it backfire? In this episode of the Principled Podcast, LRN Director of Advisory Services Emily Miner continues the conversation from Episode 6 about benchmarking with her colleague Susan Divers. Listen in as the two discuss the benefits and limitations of benchmarking, and how organizations can ensure they benchmark their E&C programs effectively.

Featured guest: Susan Divers

Featured Host: Emily Miner

Emily Miner is a director of LRN’s Ethics & Compliance Advisory services. She counsels executive leadership teams on how to actively shape and manage their ethical culture through deep quantitative and qualitative understanding and engagement. A skilled facilitator, Emily emphasizes co-creative, bottom-up, and data-driven approaches to foster ethical behavior and inform program strategy. Emily has led engagements with organizations in the healthcare, technology, manufacturing, energy, professional services, and education industries. Emily co-leads LRN’s ongoing flagship research on E&C program effectiveness and is a thought leader in the areas of organizational culture, leadership, and E&C program impact. Prior to joining LRN, Emily applied her behavioral science expertise in the environmental sustainability sector, working with non-profits and several New England municipalities; facilitated earth science research in academia; and contributed to drafting and advancing international climate policy goals. Emily has a Master of Public Administration in Environmental Science and Policy from Columbia University and graduated summa cum laude from the University of Florida with a degree in Anthropology.

Principled Podcast Transcript

Emily Miner: Guidance from the US Department of Justice, particularly the recent 2020 memorandum, stresses that a company's compliance program must reflect and evolve with its risks and should not be a snapshot or on cruise control. But in assessing those risks, it's helpful to see what other companies in the same area or circumstances have done to meet them. Collective action and coordination can be very useful in dealing with common risks. So when is benchmarking and a collective approach to risk helpful, and when can it backfire?

Hello, and welcome to another episode of LRN's Principled podcast. I'm your host, Emily Miner, director of Advisory Services at LRN. Today I'm continuing my conversation from episode six about benchmarking with my colleague Susan Divers, our director of Thought Leadership and Best practices. We're going to be talking about the benefits and the limitations of benchmarking and how organizations can ensure they benchmark their E&C programs effectively.

Susan brings more than 30 years experience in both the legal and E&C spaces to this topic area with subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance. Susan, thanks for coming on the Principled podcast.

Susan Divers: Oh, Emily, it's always nice to talk with you.

Emily Miner: So Susan, before we get started, let's kind of define benchmarking and summarize the conversation that I had in our last podcast with our colleague Derek. So benchmarking means comparing what you do as an organization in this case to a usually large number of comparable organizations or individuals. And most often, this is done in a quantitative way, although there are also opportunities to benchmark qualitatively.

And at LRN, we've been using benchmarks for a number of years now through our research reports. We've conducted major panel research on the role of ethical culture in an organization and in organization's risk of misconduct. So looking at how that varies across countries, across industries. We conduct every year research into ethics and compliance program effectiveness research that you lead and that you and I collaborate on. And we've been doing that for, oh gosh, coming up on, I don't know, maybe eight years now. That's been given us a insightful look into Ethics & Compliance Program best practices, and how they've evolved over time. We've also conducted research on codes of conduct, analyzing nearly 150 publicly listed codes of conduct from the top listed companies around the world and looking at similarities and differences and best practices in that space.

But we have a brand new product at LRN that we're launching later this month that I know we're all really excited about called Catalyst Reveal, which is a platform that will, as it's name suggests, reveal insights to our clients about their ethics and compliance program, things like course level data training, data, employee sentiment, ethical culture. It will also give our clients the ability to see how their results along these metrics compare with other organizations in the LRN client universe. So looking at by industry, by company size, and a few other comparable filters.

So with that exciting launch as our backdrop, I wanted to talk to you as an expert and a thought leader in this space about benchmarking compliance programs, when to do it, when not to do it, et cetera. So let me turn it over to you, Susan, and let's start with the benefits. What are the benefits of benchmarking in ethics and compliance program?

Susan Divers: Sure, Emily, I'd be happy to talk about that. In thinking about this topic, there are really three really good functions that benchmarking is appropriate for. And then there are some where it's not so appropriate and we can talk about all of that. But starting with what it's very appropriate for, the first is if you're setting up a program, you need to figure out kind of what are the basics that you need to do at the outset. And it can be very helpful particularly if it's a new program, and it usually is if it's setting it up to be able to say your management, "We have to have a code. We have to have policies. We have to have audit. And we have to have training" and those are kind of the four basic pillars and being able to make that case. That's very basic, but it can be very helpful in terms of people who are struggling to get started in what we all know is a really complicated area.

So that's kind of the first setting where benchmarking I think can be very helpful. And then the second is you've got your program and you're up and going. Now, no two companies are alike, no two industries are alike, and I can get into that a little bit later, but it's helpful to know if you're mainstream or not. Like for example, our Ethical Pulse Culture check lets you sort of get an idea from a short questionnaire embedded in our platform in Reveal whether your culture is really out of whack or pretty much along the same lines as mainstream. And again, that's really helpful because it can show you an area where you're maybe excelling and it's good to take credit for that and scale it, or it can show you an area where you're deficient and it's good to know about that too.

And then the last is, and this is where for example Ethisphere has done a lot of really good work, best practices. People are constantly innovating. I'm always amazed at how ethics and compliance programs are changing and getting better. And we can talk about that a little bit, and Reveal's going to be very helpful there. But benchmarking can give you ideas that can be very valuable for enhancing your program. So those are sort of the three big areas where I think benchmarking can be extremely helpful.

Emily Miner: Yeah, thanks Susan. And on that last point that you shared, that's really resonating because if nothing else, benchmarking or surveying what other companies are doing out there with respect to ethics and compliance and different facets of that, it gives you as an ethics and compliance professional just an idea of what's possible. Maybe there's a new approach to communicating with your employees that you haven't thought of that might work for your organization.

I'm at the SCCE's Compliance & Ethics Institute right now, and there was a session yesterday about one particular organization's sort of their evolution of their compliance program following some significant trust that was lost in the organization to senior leader misconduct. One of the things that they talked about was having employees around the globe put on skits that they turned into videos that dealt with ethics moments and how the actors, which were the employees of the organizations, would kind of get famous around the world for their skits. It was a very lighthearted way of communicating very serious topics that resonated for this particular organization. But a lot of people in the room were asking questions, "Oh, well, how could I put together a skit like that? Did you write the script or did the employees come up with it and this and that?" Just that it's a way of sharing ideas and fostering innovation across the industry that can be really exciting and powerful.

Susan Divers: Yeah, that's a great example, but maybe it's time to talk a little bit about the limits of benchmarking too because that's a good illustration of the point that benchmarking's good for the three things we just talked about. Setting up, making sure that you're in the mainstream and not at either end, or maybe you want to be excelling and then getting ideas and best practices. What it's not good for is saying, "Hey, we met the criteria." And the reason is there isn't a criteria. In fact, there was a quote two days ago or so from the CEO of Advanced Micro Devices, and she said, I quote, "It's like running a different company every two years."

So the point I'm trying to make here is that your program has to be based on your risks, and those risks can change dramatically, I mean, certainly in the semiconductor area, and that's what she was talking about. The risks have changed, they basically changed radically with all the changes with China and the export sanctions and the war in the Ukraine. So it's not enough to say, "Hey, I'm doing what everybody else is doing in that area."

And secondly, the other big problem is comparing apples to apples. I picked three consumer companies to sort of illustrate this. One is Walmart, which obviously is a big consumer company. Another is PepsiCo, another is Mondelez. And if you look at all three, they all have really different risk profiles. They may be in the same area generally, but Walmart's much bigger than the other two. Walmart had a major scandal a number of years ago where they wound up paying, I think it was 137 million in 2019 because in order to get permits for their stores in Latin America, particularly Mexico, their lawyers were actually paying bribes. When you think about it, that should have been something that they were sensitive to on their risk profile and both training and auditing the local lawyers. Also, there was some lawyers on their teams internally. That was a risk and they failed to mitigate it.

PepsiCo is bottling, and so do Mondelez has plants, but it's not quite the same level of regulatory intensity as setting up a store, hiring people, environmental health. So I use that example because I'm trying to pick an industry and say, "Well, if you compared yourself to one, you might miss some of the particular risks that you have."

One of the also things to bear in mind, and you alluded to it when we started, is that DOJ has never recommended benchmarking in all of the guidance. In fact, they've said things that kind of contradict benchmarking if you were using it to say, "Hey, we met the norm." They've said, "You don't want to be on cruise control," and that's because things change. And they've also said, "You don't want to just take a snapshot of your program at a given time." And that's kind of what the CEO of Advanced Micro Devices was saying too. And that's because any time you're looking backwards rather than forwards, you could miss the iceberg that's looming up ahead and going to sink the Titanic. So at any rate, I think benchmarking can be very useful, but you have to use it for the right purposes and you have to bear in mind the limitations.

Emily Miner: Right. Absolutely. It's never the be all end all. It's one data point that we should be collecting and looking at in some situations and not others. And in those situations, it's one of many that we should be considering when we're thinking about program effectiveness.

Susan Divers: Yeah, it's an element. Yep, absolutely.

Emily Miner: So let's kind of tease this out a little bit more. Where do you see benchmarking being helpful? I know that you gave those three scenarios, but maybe if you could pick out a concrete example to share against any of those three scenarios to illustrate how it can be helpful or when it can backfire.

Susan Divers: Sure. Well, let's pick another consumer company, Anheuser-Busch. This is a great example because it illustrates how benchmarking can be used very effectively to drive a best practice. Anheuser-Busch had a very prominent CECO who has very recently left to go to the Department of Justice in the last couple of months. When he was there, he set up an internal data analytics program that was able to pull data from their own systems, payments, SAP of course, onboarding and pick out red flags without, if you will, human intervention. In other words, he was able to take a number of data streams from various parts of the company and meld them together. And because he was very good CECO, he was able to figure out what some of the risk signs were or the red flags.

What it did is it enabled Anheuser to manage its third parties, which if you think about it, beer distribute, beer companies have a lot of third parties. And then they could focus in on those companies, those third parties where there were red flags. They didn't have to audit everybody to the same degree of intensity. And that approach of internal data analytics was a best practice that was gathering steam, sorry. But once Matt really took it to the next level and showed how it could be done, then it really became mainstream in the E&C area. And Matt's now at DOJ. So if you're going to go in and have tense talks with regulators, being able to talk about what you're doing in benchmarking is important. And it takes us back to Reveal where Reveal is a really powerful tool that we've developed that will enable you to see red flags or predictive factors. And again, remember looking backwards doesn't really help you because it doesn't tell you if there's a big iceberg about to sink the Titanic.

But looking forward and saying, gosh, the data that's coming in from Asia on attempts to pass courses or on our Ethical Pulse Culture check or other features is worrying. It's nothing specific that we know about at this point, but it indicates that, I'm just picking on Asia randomly, it indicates that we need to spend some time in Asia figuring out what's going on.

So that's really an excellent use of benchmarking and that's a good story as to how understanding what best practices are emerging and adapting them then for you, because nobody could simply take Matt's system of third party analytics and plug it into their company and come up with the same results. It has to be tailored and it has to be specific. But that's a really good example of what DOJ is talking about in this area where they say you have to tailor it to your risks. So does that make sense?

Emily Miner: Yeah, absolutely. It's a great example with Anheuser-Busch and the system that they set up. I want to kind of talk about specific types of data that we collect in ethics and compliance or can collect, because I feel like the kind of two most common ones that organizations want to benchmark are training completion rates, that's a metric that is easy to collect and is often one that is shared, and hotline. "Oh, my hotline reports. How does this compare?" And the hotline providers will publish annual benchmarking reports on hotline.

So we've got course completions, we've got hotline data, but we also collect other data points, or there are other places where we could to think about program effectiveness. I'd love to hear from you, as you think about the universe of ethics and compliance data, where do you think kind of benchmarking holds water and where does it not?

Susan Divers: That's a great question, Emily, and I'm glad you asked it. Let's start with the hotline because that's a really good example in a lot of ways of two of the pitfalls. One of the major pitfalls that we touched on is are you comparing apples to apples or apples to potatoes? A company, let's take Starbucks for example, they have 300,000, relatively young, many of them first job employees. And are they going to call the hotline if they see something or worried about something? The odds are probably no even though they've got a big kind of young and engaged workforce because they're inexperienced. Most of their employees, I was talking to their CECO last week, and most of their employees really haven't worked extensively in the workplace. So Starbucks might have really low hotline numbers.

Another company that's largely unionized, on the other hand, because unionized workers generally know about the hotline and they know about formal complaint processes, they'll have high hotline usage compared to other companies. Let's just pick a slightly ridiculous example, but a big manufacturer of clothing like the Gap or something. You'll have unionized workers in the plants, but Booz Allen is a consulting company. Are you going to compare hotlines between Booz Allen and the Gap? That really is an apples to potatoes comparison.

So I think hotline benchmarking, and I know most of my colleagues in the E&C area would agree is very, very difficult because you'd have to really know what the workforces are to try to get an idea. And then secondly, it can be driven by other factors such as when I was at AECOM, we deployed a lot of people in the Middle East and the conditions were harsh. So our hotline complaints would go up when people were under stress, but another company might not have that circumstance.

Emily Miner: Yeah, that's such a great point about when you're using benchmarking and you're considering using benchmarking, you have to be really thoughtful about what that benchmark pool is made up of. The union example is such a great one because even within the same industry, you compared the Gap to Booz Allen, but even within the manufacturing industry, for example, not all manufacturing company has a unionized workforce. So you can think, "Oh, well it's manufacturing, so it's comparable," but it might not be depending on the workforce dynamics. That level of insight isn't always available when we're benchmark data sources.

Susan Divers: We forgot one thing that both of us know, which is I think the last stat I saw was more than 90% of meaningful issues are not raised through the hotline, they're raised in conversations with managers. So I've never been a fan of hotline benchmarking.

Emily Miner: Yes, absolutely.

Susan Divers: But to turn to training completions, that's an interesting one too. Again, it really depends. If you're using an old fashioned training provider whose library consists of 45 minute or even longer lectures, sort of Soviet style on the evils of sexual harassment, first, it's probably not very effective. And secondly, a lot of people won't complete a 45 minute course just because it's long. If the training is repetitive and hectoring, they'll drop out. Whereas the kinds of courses that we have and that we emphasize are very engaging, they tend to be shorter, they tend to be more microburst learning.

So again, what are you comparing? Do you have a lot of employees on the shop floor? Well, it's hard for them. They can't really just take a break, sit down at their laptop and open up a course on antitrust. So again, I think training completions can be tricky. It doesn't mean it isn't interesting to see that data, but figuring out, again, whether you're making an apples to apples or an apples to potato comparison, I think is really important. And then secondly, remember, it's retrospective looking. It's not telling you anything about what's coming around the corner.

Emily Miner: Mm-hmm. One thing that we've focused on in this discussion is comparing ourselves to other organizations. I mean, that was how I even defined benchmarking at the outset, but there's also internal benchmarking, comparing your own performance year over year or whatever the period of time is. When you were just talking about training completion, it made me think about that internal comparison, less so with training completion because I think it tends to be high, a lot of companies mandate it so there can be penalties for not completing training. So if it's high for that reason alone whether or not it's good or relevant to employees or they liked it or whatever.

But thinking about metrics like pass/fail rates or number of attempts or test outs or some of those more nuanced training related data points and comparing against yourself year over year and seeing what has changed and what might be the result of that. I mean, maybe you noticed in year one that it was taking the majority of your employees or a significant minority of your employees more attempts than you wanted to answer certain questions correctly related to a certain risk topic. And so then as a result, you rolled out some focused communication and maybe you targeted specific groups of people where you noticed were particularly struggling for additional manager led conversations or whatever. And then in year two, does that pass rate or attempt rate improve? That's a helpful metric because you're comparing apples to apples, you're comparing yourself and you're able to connect it back directly to specific interventions that you may have need to make improvements in that area.

So I just wanted to point out that benchmarking can be done internally as well. It's not always an external exercise even though that does tend to be how we talk about it.

Susan Divers: Well, and you're exactly right, and that's where it gets really valuable because first you can make sure that you're comparing apples to apples. For example, if you've just done a merger and suddenly your population of employees has doubled, well obviously then you know that you've got a much different comparison year over year, but you can break that down and you can make those comparisons by manipulating the data.

Secondly, your Ethical Culture pulse survey is a really good tool year over year adjusted for employee population size. And if we've got new people coming in the company, a merger for example. And it can be proactive. It can, again, spot trends as you were just saying that indicate that you may need to spend more time with people. But the beauty of internal benchmarking, particularly the way Reveal has set that up for our clients and made it easy is that you can get genuine insights looking at what happened last year, what happened this year and you know some of the reasons why there may have been a change. Whereas if you're comparing yourself to, I don't know, Ernst & Young, you don't. You don't have visibility in terms of their numbers. So internal benchmarking, I think you're right to stress that. And it's a very, very valuable tool.

Emily Miner: I've done, as you know, a lot of work with organizations evaluating and assessing their ethical culture. The trend that I've noticed with those clients that we've done this type of work year over year over year is that the benchmark, the external benchmark just grows. It's important kind of in year one and maybe year two, but after that it ceases to be relevant and the companies don't really care what it is anymore because it's also they're not shooting for the benchmark. The benchmark is often the average and they want to be above average. And so it's more about competing with yourselves and how did we improve against our own performance last year?

And so that's just been interesting to observe. I think as companies get more robust in their use of data and their tools and how it informs their strategy in some areas like ethical culture for example, that external comparison just becomes less relevant over time.

Susan Divers: That's a really good point too. And that gets back to the Department of Justice saying, "Don't put your program on cruise control." And I do remember, I think it was 15 years ago when benchmarking was much more trendy and before people really thought through the limitations, someone was bragging that they had benchmarked their program against Boeing. Boeing then subsequently had major meltdowns left, right, and center most specifically and tragically the 737 MAX where people died. And so running around saying, "Hey, my program benchmarks well against Boeing" may not have been really a compliment to the program in the end. But it also misses the point which you're making, which is you have to look at your program and what's gaining traction with your people and where the proactive red flags are emerging because that's what enables you not to be Boeing, not to pick on Boeing, but it's a good example.

Emily Miner: So Susan, let's wrap up by offering some recommendations to organizations that are thinking about program effectiveness, how they measure that. They want to have those benchmarks. Maybe they fall into those three scenarios that you outlined at the beginning. What recommendations or best practices would you offer to those organizations, to your peers?

Susan Divers: Well, the first one is be really smart about it and avoid comparing apples to potatoes. And to do that, you have to really think it through. What are we comparing to whom and how similar are they? I really, again, think that's most useful for kind of like, "Are we in the mainstream? Or is there something maybe we forgot?" If it turns out that everybody in your industry has suddenly amended their training curriculum to train about trade controls in the wake of the Ukraine war and you haven't, well, that's a helpful benchmark.

But I think the main ones that are valuable are what we were talking about with best practices and data analytics and the creative use of data analytics that are tailored to that particular company is a great example of that. And then the second one as you pointed out which I think is equally valuable and really essential too, is internal benchmarking up to a point where you're able to see what direction things are going in. And again, it's more in the nature of red flags rather than a way of saying, "Hey, we met the requirement, we're good." It's, "How are people doing this year compared to last? What does that tell me about where I need to focus my resources?"

Emily Miner: Mm-hmm. Mm-hmm. Yeah, Susan, thank you so much. And thank you for joining me on this episode. We are out of time for today. So to everyone out there listening, thank you for listening to the Principled Podcast by LRN. It was a pleasure to talk with you, Susan.

Susan Divers: Oh, it's always a pleasure to talk to you, Emily.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen and don't forget to leave us a review.

Friday Oct 21, 2022

S8E7 | How does DOJ policy and guidance affect E&C programs?

Friday Oct 21, 2022

What you'll learn in this podcast episode

Over the last few years, federal regulators have provided detailed guidance on what they expect to see in E&C programs when it comes to misconduct inquiries or investigations. What do these recent reports, policies, and guidance mean for compliance professionals? In this episode of the Principled Podcast, LRN Director of Thought Leadership and Best Practices Susan Divers is joined by Jon Drimmer, a partner at the law firm Paul Hastings. Listen in as the two discuss the recent guidance from the US Department of Justice as well as DOJ policy impacting corporate compliance programs and ethical culture.

Featured guest: Jon Drimmer

Jonathan C. Drimmer is a partner in the Investigations and White Collar Defense practice and is based in the Washington, D.C. office of Paul Hastings. He resolves complex cross-border problems with the benefit of having sat in every chair at the table: senior legal officer for a global 500 company, federal prosecutor, and seasoned advocate. He is a recognized international expert on anticorruption and business and human rights, and is a frequent speaker, author, and commentator on issues related to both topics.

Before joining Paul Hastings, he was Deputy General Counsel and Chief Compliance Officer of Barrick Gold, one of the world’s largest mining companies, with operations on five continents. The compliance program he built at Barrick has served as an industry standard, and elements of it have largely been duplicated by numerous other companies inside and outside of the extractive sector.

Mr. Drimmer has directed hundreds of investigations around the world related to anti-corruption, human rights, AML and export controls, tax controversies, environmental incidents, public disclosures, fatalities and health and safety injuries, sexual harassment and discrimination, and other areas. He has represented companies and individuals in numerous government enforcement proceedings in the U.S. and overseas, in relation to FCPA and bribery claims, human rights issues, and a wide array of other matters. He has participated in dozens of major disputes in the U.S., Canada, and abroad, including transnational torts, anti-corruption claims, environmental cases, international arbitrations, tax disputes, construction claims, and land controversies.

He previously served in the Justice Department as Deputy Director of the Criminal Division’s Office of Special Investigations, where he led cross-border investigations, first-chaired numerous prosecutions, and argued federal appeals. He was a partner at an Am Law 100 law firm in Washington, D.C., a former Bristow Fellow in the Office of the U.S. Solicitor General, and a judicial clerk on the U.S. Court of Appeals for the Ninth Circuit. Mr. Drimmer served on the board of directors of the Voluntary Principles on Security and Human Rights Initiative from 2012-2014, and again from 2015-2017. He served on the board of TRACE International from 2012 until 2018, and currently sits on the board of the TRACE Foundation. He has also taught international law courses at Georgetown University Law Center for nearly 20 years.

Featured Host: Susan Divers

Principled Podcast Transcript

Susan Divers: Good afternoon. From time to time, but particularly in the last few years, federal regulators have provided detailed guidance on what they expect to see in ethics and compliance programs when companies present them as a defense to misconduct inquiries or investigations. What do the recent flurry of reports, policies and guidance mean for compliance professionals? How should they be applied to improve E and C programs?

Hello, and welcome to another episode of LRN's Principled Podcast. I'm your host, Susan Divers, director of thought leadership and best practices at LRN. And today, I'm joined by Jon Drimmer, a partner at the international law firm of Paul Hastings. We're going to talk about the recent DOJ guidance and policy impacting corporate compliance programs and ethical culture, and hopefully help everyone understand what it is and how they should apply it to their programs. Jon is a real expert, as well as a friend in this space. He has the unusual distinction of serving in three of the principal seats that affect ethics and compliance, once as a federal prosecutor at DOJ, another time as a chief ethics and compliance officer and deputy general council for a large mining company, and now as an ethics and compliance advocate with a leading law firm. Jon, thanks so much for joining me at Principled Podcast.

Jon Drimmer: Thanks, Susan. It's great to be with you.

Susan Divers: Super. Well, let's jump right in. Last week, we saw a new policy come out of the Department of Justice that both Lisa Monaco and also Ken Polite have talked about with great emphasis. We've also seen the report come out of the sentencing commission about their 30 years of accomplishments. And we've also seen some major guidance in the last two years. Can you put it in perspective for us and talk about how it fits together, and how they interplay. And then we can jump in and start figuring out what they mean.

Jon Drimmer: Yeah. No, happy to do it. So let me take each one in sequence. So what we saw come down from the deputy attorney general was a new policy memo. And in essence, what that means is policies are, they are the rules that apply to federal prosecutors and prosecuting entities around the country. They are the standards that are going to be applied. Guidance, which is something that we see come out in a number of different ways through formal guidance as well as through statements and speeches and other informal approaches, this is basically how those rules are interpreted, how prosecutors should be thinking about the application of those policies as they're applied to any given circumstance. And then finally, reports, and you mentioned the sentencing commission's 30 year look back, those are more general. And they do tend to come out for transparency purpose, they're often retrospective, like the sentencing commission report. But they generally talk about how these rules have been applied. So policies are the rules, the guidance effectively aids in their interpretation, and the reports generally are a bit of a look back as to how they have been applied to date.

Susan Divers: That's really helpful. It really helps me put all of those in perspective. Talk a little bit more than about the policies and the guidance. Are they mandatory? Are they voluntary?

Jon Drimmer: Well, for prosecutors, they're mandatory. So when you look at the policies, this is effectively how prosecutors are to approach any given situation. It is a directive to them in terms of how it is they should go about doing their jobs. And I'll tell you it's critical. It's critical for chief compliance officers to understand those types of initiatives, those types of emphases. It's critical to prosecutors as well, as they get that direction in terms of what they should be focusing on. So really, it's a very important part of the process and helping to shape how investigations are run and scoped from the government's end, and what can be expected on the company side as well for chief compliance officers.

Susan Divers: But it's not technically a rule, if I'm correct. But it sounds like you strongly recommend that ethics and compliance professionals pay great attention to it.

Jon Drimmer: Yeah, yeah. No, that's fair. It's not a regulation. It isn't something that goes through a formal regulatory process. It's not the equivalent of a law. It's a direction. It's a directive that's basically given. And so it doesn't have the force of law, but it is a very important set of instruments to understand the relevant DOJ policies, the justice manual. So yeah, that's a fair assessment. I do strongly recommend understanding it in detail, but it isn't technically a law or regulation.

Susan Divers: And if I understand correctly, and I've been in this situation myself too as a chief ethics compliance officer, if there's a misconduct inquiry or investigation, and 95% of those are resolved without prosecution or probably more, basically, you'll be asked to come in and meet with the Department of Justice prosecutors, possibly the SEC too, and part of that is talking about your ethics and compliance program. Can you put that in context and explain why they want you to do that, and how you should do it?

Jon Drimmer: Yeah, absolutely. So what they're really looking for is a discussion of A, what the compliance program was at the time of the incident in question, and where it is today at the time of charging. It's really both time periods are really quite important to them. And they want to understand how with a compliance program the issue or event might have occurred. But they also want to understand what changes have been made to improve its effectiveness since that time period. And often, given the way that investigations go and timelines, there may be a good bit of time between the original incident and the time a formal compliance program presentation is ultimately made. And in making that presentation, the guidance, the policies, these are incredibly important in shaping the factors that you're ultimately going to present on.

But the real tip is not just presenting on the formal approach, the formal program, the policies, procedures. But how do you know they are working in practice? And that has been a huge emphasis from the government in the last couple of years, and one that ethics and compliance professionals should take heed of. It's not just a matter of rolling out the program, but with the rollout, including those steps to validate its effectiveness in mitigating the relevant risks it's designed to address.

Susan Divers: I want to get into that in more depth in just a second. But before we leave sort of setting the scene for why this is so important. So if you go in and you meet with the Department of Justice and its prosecutors, and you do a good job, a credible job, of presenting your ethics and compliance program, and it's clear that it's a strong program, and you've got hopefully evidence of effectiveness, what's the consequence of that?

Jon Drimmer: Well, at the end of the day, I mean, the most significant issue is monitors. And if you've been involved in an issue that violates a federal law, federal criminal law, and the question is: Are you sufficiently capable of addressing your compliance issues going forward without day to day regular oversight from a monitor? That is a critical inquiry, and so number one, an effective compliance program and design and implementation is really important for a monitor. It's also important in charging decisions. It can be important in terms of disgorgement and fines and penalties as well. It's taken into account in the federal sentencing guidelines. So in the end, an effective compliance program really is a critically important part of a resolution process for a DOJ investigation.

Susan Divers: So that's basically why ethics and compliance programs, if I understand correctly, came into being. It's really to mitigate the impact of misconduct investigations, and hopefully allow the company to go forward with it's E and C program. We won't talk about monitors today. That can be another podcast. But that's something that you want to avoid, generally.

Jon Drimmer: Yeah. You generally want to avoid that, yeah. I mean, look, there's another element we probably won't get into today as well, that you and I have talked about extensively, and that is how programs ultimately help shape the values and culture of a company, so aside entirely from proactively mitigating relevant risks, affirmatively driving a culture that does increase productivity, increase retention, increase morale, that's a critical component of a compliance, an ethics and compliance program as well. It does dovetail a bit with culture of compliance, which is something that is important to demonstrate when you're in front of the government. It's something the government is increasingly emphasizing. There's a positive aspect that isn't just preventing potential problems from happening that are associated with ethics and compliance programs, as you've written about quite persuasively.

Susan Divers: Well, you too. And I'm glad you reminded everybody of that because that is a critical reason for having an effective ethics and compliance programs. So let's leave the sort of rewards and penalties side and start talking about: What are the prosecutors and the Department of Justice leadership really saying in this plethora of policies, guidance that's come out in the last couple of years? What are the key messages?

Jon Drimmer: Yeah. I would say in reading through the recent speeches, the policies, coupled with the guidance, I think we can take away several messages. And two of them are, number one, there is this enormous focus on program effectiveness, and I can't say that enough. And as I read the memo from the deputy attorney general colloquially calling the Monaco memo, I see as a major sub theme, and as a former chief compliance officer, this absolute drive towards the effectiveness of programs. And just to take a step back for a minute, in some ways, this is how the sentencing commission's report actually becomes relevant in this discussion, and the 30 year look back report was issued roughly at the same time as the DAG memo.

And if you look at the report, a few interesting statistics jump out. And these again, this is focusing on companies that actually went through a court sentencing, so it isn't settlements, which is typically how corporate resolutions are resolved. But 2021 was the first year that more than half of the companies sentenced under the guidelines had a compliance and ethics program. And the previous high was 2018, when it was about 28%. But in 30 years, since 1992, only 11 companies have had a reduction by a court because their compliance program was effective. That's .5% of all of the companies sentenced, and most of those are actually small companies. So most of the time, for those companies that are going through the process, they aren't getting credit for having an effective program.

And with the Monaco Memo, if you actually look at a lot of what policies are ultimately looking to drive, it does center around effectiveness, driving performance, driving commitment through a focus on individuals. And so it talks about producing information in a timely way, focusing on individuals because that is what incentivizes effective performance. For chief compliance officers, it might mean if you're going to do an investigation, a thorough investigation, you do have to include that within your scope, the focus on individual culpability to a degree that you might not have before.

The same is true with ephemeral messaging, which is a big emphasis in the recent memo. Ephemeral messaging has been part of their calculus for several years now. But here, they do want to focus on whether the company policies regarding ephemeral messaging are effective. Is the company capturing messaging that's occurring on company related devices? Are we allowing personal devices? If so, are they limited to certain apps that are capturing company business related discussions? Is there training? Is there auditing? Are there other steps on ephemeral messaging? So they really want to see not just: Are there policies? But are they effective? And those are just two examples. But if you do dig into what's behind a lot of these policy announcements in the memo, it really is looking to drive effective programs.

Susan Divers: Well, I want to dig in a little bit. And just to clarify by ephemeral messaging, you mean that if we have senior execs using What's App to communicate, rather than company systems that are subject to discovery, then we might have a problem.

Jon Drimmer: Yeah. It can be company, it can be teams messaging, it can be What's App on company issued devices or personal devices. It's any of the messaging systems that are used to communicate that ultimately may not ordinarily be retained by the company in the way that email is.

Susan Divers: So that's an area that the policy makes clear, compliance officers ought to really take a hard look at and may need to make some changes, or at least provide some clarity. I want to get information effectiveness more in a minute too. But just to deal with the other very specific granular recommendation that I saw in the Monaco Memo, it was that you really have to have an incentive system that's aligned to ethics and compliance. And by that, it's both positive and negative. In other words, you have to reward ethical behavior as part of your system of incentives, whether it's bonuses, compensation, promotions. And you have to penalize misbehavior, whether it's bonuses, compensation, promotions, but also claw backs. Can you talk about that a little bit?

Jon Drimmer: Yeah, yeah. It really was fairly prescriptive, as you say, in terms of, in ways that I think should make chief compliance officers happy. That's the stuff that we always advocate for with human resources and with executives. Hey, we want ethics. We want ethics and compliance included in hiring decisions and promotions and bonus frameworks and performance commitments. And that's really what helps integrate ethics and compliance into business operations and prioritize it along with operational considerations, so that should be welcome news for chief compliance officers.

The claw back aspect, which is the stick, that's the carrot, this is the stick, it's interesting. They really emphasize it's not good enough just to have claw back provisions that are theoretically applicable, that are present in policies and are never applied. They want to see them applied in cases where there is appropriate individual culpability. And that may mean applied in different ways. They're clearer that there is no uniform approach to a claw back provision, but it isn't good enough just to have it as a policy. You need to talk about it. You need to train on it. And you need to actually implement it in appropriate situations, which is part of the focus on the individual responsibility and again, driving effectiveness.

Susan Divers: That's a very good segue into effectiveness. I do want to emphasize what you said, which is this is something that ethics and compliance professionals need to pay attention to. And it should be a welcome development to have that kind of accountability and importance placed on ethics and compliance considerations. But it's: What do you do about it, as you said, if you've got claw back? I think the SEC says that about 50% of publicly traded companies have claw back, but you have to use it. Otherwise, you're probably worse off if you have it as a tool and then you don't use it if you've got senior level misconduct.

Jon Drimmer: Yeah, I think that's right. But better to have it than not have it, and if you've got it, you've actually got to apply it, is kind of what they're signaling. But look, this is hard. I mean, it is really hard when you are doing investigations of your own people. As a chief compliance officer, this was the least favorite part of my job is doing investigations into people I work with, people I knew, people who in other aspects of my job, I had to trust. I had to trust them in terms of implementing or overseeing certain aspects of the program. And when you have to do an investigation into them, it feels lousy. It screams out for why independence is important. And those particular instances is just a matter of investigative integrity, but it's a lousy part of the job. And applying a claw back provision to senior executives who you have worked with, who you have traveled with, whatever it is, it's a lousy part of the job, but they are saying it is an important part and a part that has to be applied in practice.

Susan Divers: Yeah. I agree with you. That is really the worst part of being a chief ethics and compliance officer, for sure. Let's dive deeper into effectiveness. As I've gotten to know you and worked with you on thought leadership, I've always been extremely impressed with you focus when you're a chief ethics and compliance officer on effectiveness. And I remember some of the things you did, even including short pulse surveys in your investigations to get feedback from employees, so that's just one example. But can you talk about what do we really mean by effectiveness in terms of ethics and compliance programs? What should we be measuring? What should we be looking at? And where should the focus be?

Jon Drimmer: Yeah. I mean, really what effectiveness means is: Are the goals of any particular element of your program being achieved? Are you meeting the goals that you have set out for that particular element of the program? So for instance, your goal might be to roll out a new training, and to roll it out to 90% of everybody on a mapped basis. That isn't going to get into effectiveness. Effectiveness is: How well do they retain the critical aspects of the content that is being conveyed? And that can be done through surveys, that can be done through tests, et cetera. But when we're talking about effectiveness here, again, it isn't just about roll out, it isn't just about robustness and good faith commitment to implementing a program. But is it working in practice? How do you know it? How do you test it? How do you validate it? Often, that's done through KPIs and through metrics. I personally like surveys, sentiment survey, I've always liked surveys as a way of getting information.

And beyond that, it brings employees into the program when they are talking to you, providing information about their own experiences. I think that's a very effective way to do it. I think 360s in terms of reviews that include ethics compliance is another important part, so you do again get perspectives of employees on individual performance, particularly for supervisors, from an ethics and compliance standpoint. I think you need to look at audit results. I think you need to look at investigations. I think you need to look at a number of different factors that all indicate on a lag indicating basis, what is working and what isn't working. But I think that should be a relentless focus, personally. And I think for every element of your program, you should be looking at multiple ways to try to assess. Is what I'm doing actually working to the degree that I want it to, and in the way that I want it to? And if not, you have to make an adjustment. That's what effectiveness is about.

Susan Divers: That's a really good definition. I think one of the traps people can fall into easily is to focus on activities rather than impact. And I like your phrasing of it as a relentless focus on effectiveness. I mean, one of the things we're just doing is rolling out a short, I think it's 10 question ethical culture pulse survey that comes up at the end of a code of conduct course. And it asks questions about respect and trust and organizational justice, which as you know are key elements of an ethical culture. So always trying to get at perceptions and concerns and to the degree that you can measure how that's playing out, I think is really essential to effectiveness.

I want to talk about in a minute how non US companies are affected by all this, and also the most common mistakes you've seen people make in your long and in depth, varied career. But before we get there, I was just looking at some of the DOJ material, and I see that Matt Galvin has joined the team. And now I think there's at least three or four former chief ethics and compliance officers. And Matt came for Anheuser, and he has a particular focus on data analytics. What are you seeing in terms of using data analytics for effectiveness? And what do you recommend in that area?

Jon Drimmer: I think that's a great hire. I think it'll be great for Matt, and I think that's a great hire for the government, really bringing in somebody who ran a compliance program and who has had a very substantial focus on data analytics. And at AB InBev, the Brew Right program that he put together is one that's usually been held up as an industry leader. I mean, I do think data analytics is critically important. One of the challenges with data analytics that you have to always get around is making sure that your data is good, that things are being recorded and described in like manners that allows for apples to apples comparison. And you have to understand what to do with that information. And so it's not enough to run the analytics, but when you get the analytics back, you have to have a program in place, resources in place, to act on it.

And so thinking through holistically what the data is, where it's coming from, how you're going to act on it, depending on what you get is all a really important part of the equation to think about ahead of time before you just start collecting and running. Look, it's critically important. It's been something that's been emphasized for years as a key way of identifying effectiveness, as well as potential risks that you might not otherwise see, and trends, and patterns. So it really is a very important part of a program with the caveat that you've got to make sure that your data is really good and that you know what you're going to do with it on the back end. But that's a great hire, and I'm sure it's really going to advance compliance thinking in the government around the use of data.

Susan Divers: I think that's a good way to characterize the importance of data metrics and particularly stressing that it's not enough to have them and get the insights, you have to act on them. It's similar to risk analysis and risk assessment. It's great that you're running a yearly risk assessment, but are you factoring those results into your training or your policies? So that's part of that focus on effectiveness. Talk to me a little bit, Jon, if you would, about we've been talking about the Department of Justice. It does seem to me that what DOJ does in areas like this has a lot of impact on international companies. It's not limited to the US. And you're in a great position to discuss that a bit, if you would.

Jon Drimmer: Yeah, sure. Of course. No, absolutely. Look, and to be clear, when the government emphasizes things like data and benchmarking and metrics and KPIs, I can't applaud them enough for bringing in someone like Matt, who has seen it on the ground, has put into place a great program to really help educate. And that's going to be true for US and non US companies. The government focuses on violations of the law, where there is jurisdiction, where there's something that will touch the US, or you have US companies or US issuers. But if you're a foreign company and you're doing business in the United States, or you're listed on a US exchange, the US laws very well may apply to you. The FCPA certainly very well may apply to you. And some of the biggest settlements, again just sticking with the FCPA, have been with non US companies in the last two years.

And I don't want to limit this to the FCPA because the memo from Lisa Monaco, it's not limited to the FCPA, but it will extend to throughout the criminal division. And so whether it's antitrust, or healthcare fraud, or other areas that the criminal division might oversee, this is going to apply to companies regardless of whether they're US or non US, depending on the jurisdictional components, so it's a very important part for all companies doing business in the United States, not just US companies.

Susan Divers: And I think sometimes people forget how broad that actually is. People sort of think, "Okay, there's US companies, there's French companies, there's Indian companies," but if you're doing business here, or you're using the banking system, then you are basically within the ambit of US jurisdiction if you commit bribery violations, or antitrust, or sanctions violations, or whatever they happen to be. So it really is a very broad net. And I think for that reason, I think the guidance has driven the evolution of ethics and compliance programs globally, not just in the US. Is that your sense too?

Jon Drimmer: Yeah. Yeah. No question about it. I think if you look around the world, whether it's the UK, or France, or throughout Latin America, for those governments that have formally put out either guidances, or they've integrated into their laws what compliance programs ought to look like, I mean, it really looks a lot like what the Department of Justice and the SEC have put out, which of course is premised on a sentencing guidelines foundation. But really, it is driving global compliance processes and programs around the world, even for those companies that don't touch the US, even in their home jurisdictions. It's driving very similar approaches and ways of thinking about compliance.

Susan Divers: Yes. And I think if anybody needs proof of that, they should read the Glencore CPA settlement, which I was just looking at, which is a huge fine for anti bribery for basically a non US company. But we're starting to run out of time. I could do this all day, as you know. But let's wrap up with: Given your unique perspective, having sat in all of the key positions, what are the most common mistakes you see people make in ethics and compliance programs? And if you can relate some of those to the guidance, that would be great.

Jon Drimmer: Yeah, sure. Look, I mean, I think first and foremost, it isn't really understanding and looking to integrate into programs what drives an ethical culture. And we talked before about the absolute importance of organizational justice as one of the key drivers in thinking about how that should get integrated into your program. And another is managerial modeling. And truthfully, what people seem to often forget is that most employees look at their supervisors, and maybe their supervisors' supervisors as the company. They look at them as management. And so focusing on, quote, unquote, tone from the top, and the most senior leaders of a company, to the exclusion of direct supervisors, middle managers, I think is often a mistake. And so driving behaviors expected of managers is critically important. I think people also ignore the absolute singular importance of confidence in internal reporting mechanisms and hotlines, which is often a proxy for whether your culture of compliance is strong, and whether organizational justice exists, whether managerial modeling is occurring.

But I think beyond that, we've talked about the focus on effectiveness. And I think too often, you do see compliance programs that really are driving towards activities and robustness and metrics and numbers that don't take into account. Is it really working in practice? And I do think that has to be, especially in light of the guidance, which talks about culture, it talks about effectiveness, it focuses on effectiveness, I think that's got to be a critical emphasis for any program. And I think a lot of programs aren't sufficiently mature in that particular aspect, which may be why this guidance or this policy is coming out now.

Susan Divers: So it sounds like if you were advising let's say a startup, or a relatively small company that's program is just getting underway, you would advise them to focus very much on the value side on getting organizational justice right, on getting speak up culture going and creating that atmosphere of trust, and also on making sure that managers know what the ethical and compliance considerations that affect them are, and what that means in practice.

Jon Drimmer: Yeah. Yeah, that's exactly right. And look, that relates directly to the guidance as we look at rewards, in terms of pay, of performance commitments, presumably of bonuses, of promotions. So setting those expectations for management, along with organizational justice and speak up, I think are really vital components. And so if you are just starting out, the sooner you look to embed that within the company, the more effective it's going to be hopefully as the company grows.

Susan Divers: Wow, this has been such a terrific, insightful conversation. And I really feel like I've benefited a lot personally just from hearing the way you've wove together the policy, the guidance. And just for one point of clarification before we sign off, I've been looking at the guidance since I think 2013. I've seen an evolution, actually. It's gotten stronger and it's gotten smarter in focusing on the right things like culture. I don't see it really weakening or changing, even during the Trump administration, interestingly. Is that your perception as well? Is that your expectation for the future?

Jon Drimmer: Yeah, yeah, absolutely. Look, they are clearly sharpening the guidance. They are sharpening their policies in a way that is actually quite healthy. And I completely applaud the degree of transparency that we've seen in terms of talking about how these are applied, in terms of talking about how these are to be interpreted. So I applaud the transparency and I completely agree. It is getting much sharper, particularly around those aspects that really impact compliance professionals, like culture, like incentivization, like trying to establish commitments, like integrating compliance into employment processes. So I think it is getting smarter. And again, I think the transparency is really helpful, and particularly for chief ethics and compliance officers.

Susan Divers: Great. And I agree. I mean, it's actually making people's jobs easier if they take the key messages in the guidance and are able to use the guidance to drive change in their organizations. So Jon, thanks so much for joining me on this episode. Just to wrap up, I'm Susan Frank Divers, and I want to thank everyone for listening to Principled Podcast by LRN.

Jon Drimmer: Thank you.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Friday Oct 14, 2022

S8E6 | How to bring compliance benchmarking to life

Friday Oct 14, 2022

What you'll learn in this podcast episode

How do you know if your ethics and compliance program is successful? How are you capturing data and comparing it to industry benchmarks, or tracking your own company’s trends over time? In this episode of LRN’s Principled Podcast host Emily Miner, director of Advisory Services at LRN, talks about benchmarking E&C data with her colleague Derek Clune, product manager of Data & Analytics. Listen in as the two explore how benchmarking practices come to life and the role AI plays in LRN's new Catalyst Reveal solution.

Featured guest: Derek Clune

Derek Clune has been working in the ethics and compliance space for over 5 years with an emphasis on data and analytics. As a Product Manager at LRN, Derek is responsible for the vision of LRN’s new data and analytics platform; Catalyst Reveal. His main goal is to provide E&C professionals with more actionable data to understand their E&C program effectiveness better. Derek’s team works to create products that offer best-in-class prescriptive interventions to improve E&C programs and ease the administrative burden.

Featured Host: Emily Miner

Principled Podcast Transcript

Emily Miner: Gone are the days of checklists, ethics, and compliance programs where one simply goes down a list of program features and elements. Now, regulators, employees, customers, leaders are asking, are our ethics and compliance programs effective? Are they successful? Well, how do you know? Hello, and welcome to another episode of LRNs Principled Podcast. I'm your host, Emily Miner, director at LRN. And today I'm joined by my colleague Derek Clune, product manager of Data and Analytics at LRN. We are going to be talking about ethics and compliance benchmarking and how organizations can track their own trends over time, as well as compare themselves to industry peers. We're going to talk about how all of this data comes together in technology environments like LRNs new Catalyst Reveal Solution which is launching soon. Derek is a real expert in this space. He's been working in that data and analytics vertical at LRN for a number of years, and is a key architect behind our product innovation and incorporating the insights of our industry collaborators at major corporations around the world. Derek, thanks so much for joining me on the Principled Podcast.

Derek Clune: Absolutely, Emily. Pleasure to be here.

Emily Miner: So before we get in, maybe just some definitions and level setting. So what is benchmarking? The way that we think about it, it typically means comparing what you do as an organization to a number of comparable organizations or individuals. And usually this is done in a quantitative way, so a more kind of a numeric databased way as opposed to a qualitative way. And benchmarking is helpful just for comparative purposes. And it can also help to identify best practices in the industry. And best practices referring to those behaviors, those practices systems, which some sort of research shows that the very top firms use in a way maybe beyond or to a greater degree than other organizations. So why do organizations benchmark or want to benchmark? Derek, I know that you have a lot of conversations with our client partners around their benchmarking requests and their needs. But sort of as an overarching point, why are companies interested in benchmarking? What's the value to them?

Derek Clune: Yeah, I think there's a number of reasons why we see it. In my conversations with our partners, obviously regulators are looking at ethics and compliance programs with much higher scrutiny than they ever have. And so organizations want better visibility into the wider space, whether that's how their ethics and compliance program measures against others within their industry, whether that's how it measures against others from an employee size or geographic footprint. So organizations use really two sets of benchmarks, internal company benchmarks. Their own data and organizational assessments and benchmarking those quarterly year over year to measure their own program. But also they want a broader audience to compare themselves to, to really see where they... For lack of a better term, rank within the pack so to speak. And so a lot of this we see is all around measuring ethics and compliance program effectiveness.

How do I know my program's effective? I have the parts and the components, the codes of conduct, the policies, the disclosure certifications, but how do I know that those are effective? And we're seeing more and more that data is being used as a key component in that measurement of program effectiveness.

Emily Miner: Yeah, I'm reflecting on some conversations that I've had with our partners where they've said, our calls to our hotline are X percent. Is that good? When we look at our... We can collect data on ourselves and measure it and certainly that's sort of where organizations have been heading for a while. This increased data collection and analysis. But sometimes doing that in a vacuum, you're sort of left wondering, okay, well, the number is four, is that good? Should it be five? Should it be one? Should it be 20? What does this mean? And I think that's where that comparison is helpful because you used the term kind of broadening the pool or broadening the lens. I don't remember exactly what you said, but that idea of broadening your view finder. And that's where I think the strive for this desire for being able to benchmark and compare a large place of where it comes from. And just also as humans, we like to compare ourselves to others in so many parts of our life. So there's maybe a human nature component to it too.

Derek Clune: Yeah. No, absolutely, you took the words right out of my mouth. None of these organizations while they all are unique operate in a vacuum. And so they need to have some sort of comparison just to know that they're below, above or equal to a number because we know the regulators don't give specifics. So the next best thing that we have really is this benchmarking tool of, in our case all of the LRN partners, which over 2000 partners in a number of different industries, Fortune 500, et cetera.

Emily Miner: Yeah. And so Derek, I know that you partake in a lot of voice of the customer type conversations, and you are the recipient of a lot of requests for information from others within our organization. What are some of the top requests or data questions that you hear from our partners? You talked about wanting to measure program effectiveness, how are people thinking about program effectiveness? What do they want to measure? What do they currently have versus what don't they have but they want it? What are some of the general themes?

Derek Clune: At a high level we know that all of these questions typically start with a risk assessment. A company will do a risk assessment from a third party to get at maybe their blind spots or to tell them some things that they already know. And so in most cases that serves as the initial roadmap of different topics to consider around benchmarking around these data questions. And so from there we see organizations typically focused on the course data. That's the most popular one. We're rolling out mandatory training, how are my employees performing on that training? It has some sort of test in it, are my employees performing better or worse than I expected or right on par with what the requirements are? And within that there's a lot of different sub context. So is a particular business unit outperforming or underperforming based on the average or the median?

Is there a regional confusion around a question? So I would say the initial focus that people immediately go to is the mandatory training that is being assigned and the course performance metrics I'll say, how employees are performing within those courses. There are a lot of tertiary components that are critical to measuring program effectiveness. What we see also is culture being a critical component of ethics and compliance. And larger initiatives at an organization at measuring that overall learner sentiment of the communications and the courses that are being rolled out to the learners. So not only are we looking at the performance aspect of those but also the sentiment and learner feedback of what they think. All of those kind of surveys where you're getting additional feedback from employees is another great metric. Overall investment. Of course, senior leaders and maybe chief ethics and compliance officers, they want to see the return on investment in the ethics and compliance program.

So what metrics can we look at to demonstrate that there is an ROI there? And then another piece that we see is the communication strategy and how do we take those metrics to identify the best time to roll out a campaign. Frequency of reminders, those types of things is another point at which we can look at and also improve upon year over year.

Emily Miner: Yeah, that's interesting. I actually don't know the answer to this, do we do any type of AB testing? I'm kind of fascinated by that idea that you were just describing of what's the optimal time to roll out a training and the frequency of reminders. And I was actually just having a discussion with one of our colleagues about is she the type of person that kind of takes her training right away as she is. Or does she wait till the last minute, which I confess I am that type of person. So we were just talking about kind of different type of people and how their personality, their characteristics kind of inform their behavior with respect to taking training. But anyway, so I'm just sort of thinking about like okay, we have these two types of people and how can we optimize attention and what's the right cadence of reminders to get the laggards like me or the right time of year?

So with that, how do we know? Do we do any type of AB testing or comparison? We tried one reminder a week last time, let's do two reminders a week. How do we kind of know?

Derek Clune: Yeah. So at LRN, we currently have if a partner is using the LRN platform, we do have the overarching data of when they're sending reminders, when they're rolling out campaigns. We are just at the forefront with this new catalyst reveal dashboard of being able to look at that data and make prescriptive recommendations for organizations. And so what I've seen is a lot of there's really no one size fits all for any of these organizations and their communication strategies. You have some people who are rolling out training and communications once a year, some on a quarterly basis, some biannually. And so we're just at the forefront of being able to look at that data, look at the time of a completion, how many people completed before a due date and after a due date. And we're expecting sometime mid next year to be able to make those prescriptive recommendations.

And the exciting thing about this is the more people that we get onto this tool and using the tool, the more accurately we can prescribe different methods. So potentially we could say for a specific industry like tech, we see that Friday afternoons are a better time. This is very normal in sales and kind of marketing strategies for emailing. When's the most optimal time to send an email and somebody will look at it, 11:00 AM on Tuesday is something the last time I checked. So we want to be able to do that. But also within each of those communications, what are the collateral that are the most effective? A quick short video from the CEO that Emily is going to click on, is it the email spoof to look like it's coming from the CEO? That might get everyone's attention. So there's a lot of things that we're looking at currently, and we'll be doing that sort of AB test as you mentioned.

Emily Miner: Okay. Well, that's really fascinating. So it sounds like you and I should have another conversation in June or July of 2023, and you can tell us what you found with all of this. I love it. I think that's so interesting. And you're right that it's about building up that data pool, and it's only as good as the size of the data pool just like genetics testing. What percentage of me is Irish? So we talked a little bit about... You've mentioned Catalyst Reveal, and you're talking about LRNs platform. So I kind of want to turn to that now because this is a really exciting product launch for LRN. And we're launching out a whole new platform in just a few weeks in mid-October that will dramatically increase the ability for our partners to benchmark against some of those metrics that you were talking about before. And I know that you've played a lead role in designing what that looks like, and the feature functions, and how it work and making those choices. So one, can you tell us what Catalyst Reveal means? And then two, what will it enable our partners to do?

Derek Clune: Sure. Yeah, so Catalyst Reveal is the name that we've given to our new data and analytics platform. We want to reveal actionable data and insights to our stakeholders who are mostly ethics and compliance program administrators, who are really in the day to day nitty gritty of an ethics and compliance program and the data around that itself. Secondly, chief ethics and compliance officers, thirdly our leadership board of directors, et cetera. So the name reveal comes from the idea that we want to provide our partners with more actionable data so that they can get deeper insights into their employee populations. But also be able to use those insights through data to take action accordingly. So that's where the reveal comes from. [inaudible 00:15:10] itself really is we've really revolutionized our data and analytics platform to allow for administrators to do a whole lot more than they ever could through LRN.

Number one is the organizational aspect of the data and benchmarking just the single organization's data. So I have all the LRN employees. I want to be able to compare and contrast sales with finance, with marketing, and see how those test scores are on a quarterly basis year over year. That's something that's going to be within the tool. Additionally, as we're talking now, being able to benchmark those pieces of data to a larger LRN audience. So within a particular industry, how do we compare within an employee size of 5,000 to 10,000 organizations of that size? How do we compare with organizations with a revenue between 500 million and a billion dollars? And so going back to the beginning of our conversation, this allows our partners to internally benchmark and externally benchmark.

So they have the numbers and the data, and they're not in a vacuum because they can quickly with one click of a button look at the benchmark and see how they compare. And the main aspects of our initial launch in October are going to be the course data. So the course performance metrics that I mentioned that we know organizations are keenly attuned to, the company culture and measurements around that. And finally, the overall learner sentiment on the courses themselves. In the future will continue to add but those are the three core dashboards and benchmarking capabilities that partners will be able to have come in October.

Emily Miner: Yeah, just a quick note on the potential benchmark data pool because I hopped over to our director of communications to get some insight into our partner base. And we're looking at over 1000 partners from around the world with a combined 28.3 million employees, including a big chunk of the Fortune 500. So that's sort of the potential universe of comparative data that we hope our partners will have access to, so that's really exciting.

Derek Clune: My eyes light up when I hear that amount of possibility with this tool because it really is the more you put in, the more you get out. And so as the product manager of the tool, we'll be adding more capabilities such as the disclosures and certification management all around that. So you can see and in the future you can see the possibilities of, okay, if we identify a risk through a disclosure or a certification and we see that employee or that region is scoring low on say the conflict of interest course and they're not disclosing anything, we could hypothetically see potential for a high risk environment. There's a lot of really exciting things, and I know we have a bullet point to talk about what the future of this tool looks like. But it's going to be a game changer for LRN and I think for our partners as well.

Emily Miner: Absolutely. And thinking about the culture data, the ability to drill down into that one particular business unit or location that's scoring way below. And kind of what is raising that red flag and going in and comparing that with some of the other data that you've mentioned, more partners can collect on our platform. And kind of triangulating those and rolling out some early intervention, or refresher training, or leadership coaching, whatever it might be. But being able to have those different kind of data sources, those data feeds pulled together into one place so that you can look at them... We've been talking about in vacuums, you can look at them not in a vacuum is really exciting. I can't wait to see how our partners use it,

Derek Clune: Yeah, a single source of truth to be able to start the triage process whether that's for a high risk issue, or even if it's for triaging, okay, is this specific question in the specific course too difficult? Do we need to change the wording? Okay, we've changed the wording, do we see an improvement in performance? So we want to create that tool to really track the entire kind of ethics and compliance life cycle and just make the administrators' lives a little bit easier with that single source of truth, so that they have one place design specifically for them with the appropriate metrics that we found from our 1000 plus partners. These are the metrics that are most important so that they can build world class program.

Emily Miner: Yeah, so this is all really exciting. And I know that this is a kind of an area that you and I both have some personal passion around. But we would be remiss to not also acknowledge that there are limits to benchmarking and it's not a be all end all. And we should be thoughtful to guard against what's sometimes referred to as blind benchmarking. So I want to spend a little bit of time kind of talking about where benchmarking isn't helpful or what it can't do or what we shouldn't use it for. I guess just to start, you mentioned earlier one size doesn't fit all. And I think that we know that to be true and also the regulators acknowledge that as well. So the Department of Justice in their evaluation of corporate compliance programs, guidance document, talk about how one size does not fit all with respect to ethics and compliance programs and that organizations need to consider the risks.

So you talked about risk assessment as well. They need to consider their specific risks, their size, their industry, their geographic footprint, their resources, et cetera, when designing and implementing their ethics and compliance programs. So because all organizations are unique, even within a given industry there are some limitations. To give a concrete example that one of our colleagues in the advisory practice, Susan Deva shared with me. We conducted a program evaluation for two companies around the same time when we were looking at their program maturity and effectiveness. Both companies happen to be in the same tech manufacturing sector and they even produced really similar products. So one might be forgiven for thinking that our evaluations and our recommendations would be structured the same. But despite these companies similarities, they had really different risk profiles. So one company was a major exporter to the Chinese tech company, Huawei, which was sanctioned by the US government in 2019. Whereas the other company had a different customer based makeup.

So comparing policies and procedures around trade control for example, would not have been appropriate in this case. So that's one example of again, kind of using that term blind benchmarking. And we just have to be careful with what we're choosing to benchmark and recognize that not everything is benchmarkable or even if it is, should be benchmarked. I'm just curious kind of your thoughts around the limits of benchmarking or where we want to take it with a grain of salt. Obviously it has a lot of really positive uses that we've already talked about, but what are some of those that we need to just make sure we're kind of eyes wide open about?

Derek Clune: Yeah. I think you really want to make sure you understand the benchmark itself. So if you're looking at industry, what that makeup really is, or employee size. Two organizations of 10,000 employees can be wildly different as we know. One could be in retail, one could be in manufacturing and those have completely different risks. And so when you look at the numbers associated with the benchmark, like the average test score for this harassment course in your industry is an 80% and you're at a 70%, the immediate response is well I'm below the benchmark. But those could be wildly different organizations. And so I think understanding the benchmark itself is certainly critical to when organizations are looking at this. And even when that benchmark is... As you correctly pointed out, is correctly defined, each organization is still very unique. And so I think it is a great data point to use to orient yourself and navigate from not the end all be all solution.

Emily Miner: Yeah. And really by default the benchmark if it's a complete data pool benchmark, meaning it's including all the possible data points, it is by definition an average. And the average isn't always good. My beat at LRN if you will, or one of my beats is culture. And I've worked with a number of organizations in helping them to understand and evaluate their ethical culture and improve upon that ethical culture. And we typically do provide industry benchmarks related to that ethical culture data which is helpful. But I've been in a number of conversations with chief ethics and compliance officers where they say, we don't want to be average. We want to be better than average. So the benchmark is a helpful sort of orientation of where we are, but it's not something necessarily to shoot for. Maybe we want to shoot higher because our standards... What we expect is higher.

Just another little example, we recently, a few months ago I guess it was, did this benchmarking effort related to codes of conduct where we evaluated I think it was nearly 150 publicly available codes of conduct from the top listed companies in the US, UK, France, and Germany. And what we found was that over 70% of the codes we assessed had a flesch Kincaid grade reading level. And that's meaning the typical sort of grade level that one would need to have in order to understand the content. Over 70% had a reading level above a 9.5, but that's actually kind of commonly accepted to be too high. What we typically want to shoot for is like an eight and a half to nine and a half. And this is a sort standard range for not just codes of conduct but for material on a company website. Like any sort of content that is being consumed by people.

It's sort of a generally accepted appropriate reading level to be accessible to the majority of your audience, whatever the audience might be. So anyway in this case, we have the vast majority of codes reading at a very high reading level. But again, that's not necessarily what a company should shoot for. And in this case we would argue that they should shoot for something lower. So I think those are just... I completely agree with you, one, just understanding what is the benchmark. Is it a valid benchmark that we're comparing ourselves to? And then assuming that it is, how do we also just put that in context of our own organization, our own goals for ourselves, our internal comparisons year over year? I think that's really important. And I've had the privilege to work with a lot of companies for many years with respect to their ethical culture where we do these recurring assessments. And so we're able to track progress over time.

And what I have observed over about 10 years of doing this is the industry benchmark tends to be important kind of the first time. But as companies do this the second time and the third time and the fourth time, the industry benchmark I've even seen to sort of decrease in its relevance because at this point the company is competing with itself. Well, how do we improve versus last year and the year before that and the year before that? And that's where they're setting targets. We want to increase people's willingness to speak up by X points, how do we do that? As opposed to, well, here's the benchmark and how do we shoot for it? So that's just been an interesting trend that I've observed in how the benchmark is so helpful for setting that baseline but it can be less useful, the external benchmark. The internal benchmark is always useful but the external benchmark can become less relevant. I don't want to say useful but less relevant or less informing our goals as we go on in making investments in certain areas.

Derek Clune: Yeah, right. The benchmark becomes a trend internally and so you have the trend analysis. And the tool that we're building is really helping administrators identify those trends. You mentioned context is key, and you're so right there. And in talking with some of our account executives, they're very excited to get their hands on this data and share it with their partners so that they can make more better informed decisions around our recommendations as an organization to our partners. We know that these ethics and compliance professionals are busy. They are juggling multiple jobs, if you will, at once. And so our goal is just to make their lives easier and to again, prescribe best in class initiatives and actions that they can take. And so super excited to be able to take those benchmarks, take this data, and within the context of the organization in a specific environment be able to consult and add value.

Emily Miner: Yeah. So Derek, to close us out let's talk about the future. Let's talk about what's next. What is on the roadmap for Catalyst Reveal? We're launching in October. It has a lot of great features and functionality and the ability to reveal insights to our partners. What comes after that? What are we adding on?

Derek Clune: Yeah, so ending on a high note here, this gets me very excited. So I mentioned reveal insights provide actionable data, and I've touched on the prescriptive aspect of having the tool work for the professional. And so that's really where we're going to be focusing on in the next year and out into two, three years into the future. So what this looks like in practice is taking all of the data from the entire LRN product ecosystem, bringing it into this single source of truth so that we can... If you think of a spider web, can pull from different parts of the web whether that's a high risk disclosure, or a knowledge check score, or a unsigned policy, or if we're bringing in hotline information from a partner, a hotline call. We want to be able to have this network of an ecosystem that we can pull from different places into a single source of truth to provide that data.

And then taking the next step is to prescribe specific action of, okay, this is what we've identified within the tool and the tool suggests that you should do this. And a lot of the capabilities around that is around AI and ML, artificial intelligence and machine learning. And so some of the four key aspects that we're looking at in 2023 will be natural language processing and search. So you could similar to Google, go into this tool and type a full sentence question and the tool can provide you with the answer. What's the average knowledge check score for my harassment course? And it's going to populate that answer for you instead of the click through to get to that answer. To provide quick answers to the administrator or maybe even the senior leader, or the chief ethics and compliance officer that's walking into a meeting with the board and needs to know that information quickly. So one aspect.

Second aspect would be auto notifications around the data. So giving administrators the ability to kind of program the system so it works for them. Meaning if I know the average score for a course is 70% and someone's scoring 30%, I need to know that. I want to get an automatic notification that lets me know this business unit, this location, or this gift of this amount was given. I need to know that information. And so being able to have those automatic notifications and have the tool work for you is another aspect. Two more that we're working on is around the auto narratives. And so that the tool again, having the tool work for you and prescribing action. So based on the data, here are the high risk topics that we see in your organization. Based on this benchmark here within this industry are the trainings that most people are rolling out.

So having auto narratives around the data that change based on your filters or the data that's coming in. And then the last piece is going to be on a forecasting. And what forecasting will allow us to do is to do some predictive analytics in terms of where we want the program to be in the future. And so we could see... If we touch back on the campaign data, we can see that okay, out of the 10 reminders we've rolled out five, you're at 30% of getting 100% completion. Here's the forecast, here's the trajectory that we expect you to get by your 10 reminders. And so being able to forecast different components of the ethics and compliance program, all of these aspects or all of these capabilities go back to those really two points that I've [inaudible 00:34:16] on providing the actionable data, having the tool work for you, and then the prescriptive part of what should you do. We've identified this, now what do we suggest that you do?

And so those are all key initiatives that we have for 2023 with the overarching idea of making this tool as self-service as possible. We want admin to be able to go in here and do all this on their own. Obviously they can rely on LRN if they need to, but we want to give them the power to be able to do everything.

Emily Miner: Wow. Derek, I'm struck by how valuable these types of insights are going to be for our partners and ultimately their organizations. Like what is this in service of? This is in service of helping employees around the world know what the right thing to do is in any given situation. And know how to behave in alignment with their company's values and their code and inspire principal performance. That's so exciting to hear about the future. And 2023 is not that far away, sadly this year has flown by but wow, I can't wait to hear more. Thank you so much, Derek, for coming on and sharing your insight with us and sharing about these exciting updates for our company and for all the companies that we have the honor of working with. I look forward to coming back and speaking with you and what is it about? Eight months or so, so we can hear the answers to some of these questions that we asked. Yeah. Thank you so much, Derek.

Derek Clune: Yeah, likewise. I look forward to it, Emily.

Emily Miner: All right. Well, my name is Emily Miner, and I want to thank you all for tuning in to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled podcast is brought to you by LRN. At LRN our mission is to inspire principled performance and global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us @lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Friday Oct 07, 2022

S8E5 | Thirty years of influence: The impact of the US Sentencing Commission

Friday Oct 07, 2022

What you'll learn in this podcast episode

“Thirty years of innovation and influence” is the subtitle of the recent report issued by the United States Sentencing Commission. But what does that really mean in the context of the organizational sentencing guidelines? In this episode of LRN’s Principled Podcast, Eric Morehead, LRN Director of Advisory Services Solutions, is joined by one of the report’s authors: Kathleen Grilli, the General Counsel for the US Sentencing Commission. Listen in as the two discuss how the commission impacts business leaders and the creation of compliance programs.

Read LRN’s takeaways from the report here.

Principled Podcast Show Notes

coming soon

Featured guest: Kathleen Grilli

Kathleen Cooper Grilli is the General Counsel for the United States Sentencing Commission, having been appointed to the position on October 7, 2013. Ms. Grilli has been on the staff of the Commission since 2003, serving as an assistant general counsel from 2003-2007 and deputy general counsel from 2007-2013. As the General Counsel, Ms. Grill provides legal advice to the Commissioners on sentencing issues and other matters relating to the operation of the Commission. Ms. Grilli is the agency’s Ethics Officer and has conducted training on white collar crime and the organizational guidelines at numerous training events.Prior to working for the Sentencing Commission, Ms. Grilli was with the Office of Staff Counsel for the Fourth Circuit Court of Appeals. Before relocating to Virginia, Ms. Grilli was a partner in a small firm in Fort Lauderdale, Florida, handling civil and criminal litigation. Her previous work experience includes serving as an Assistant Federal Public Defender in the Southern District of Florida and as an associate at Akerman, Senterfitt and Edison, handling commercial litigation. Ms. Grilli is a member of the Bars of Florida and Virginia. She received a Bachelor of Arts in International Relations, with honors, from Florida International University. She graduated cum laude from the University of Miami School of Law.

Featured Host: Eric Morehead

Eric Morehead is a member of LRN’s Advisory Services team and has over 20 years’ experience working with organizations seeking to address compliance issues and build effective compliance and ethics programs. Eric conducts program assessments and examines specific compliance risks, he drafts compliance policies and codes of conduct, works with organizations to build and improve their compliance processes and tools, and provides live training for Boards of Directors, executives, managers and employees.

Eric ran his own consultancy for six years where he advised clients on compliance program enhancements and assisted in creating effective compliance solutions.

Eric was formally the Head of Advisory Services for NYSE Governance Services, a leading compliance training organization, where he was responsible for all aspects of NYSE Governance Services’ compliance consulting arm. Prior to joining NYSE, Eric was an Assistant General Counsel of the United States Sentencing Commission in Washington, DC. Eric served as the chair of the policy team that amended the Organizational Sentencing Guidelines in 2010. Eric also spent nearly a decade as a litigation attorney in Houston, Texas where he focused on white-collar and regulatory cases and represented clients at trial and before various agencies including SEC, OSHA and CFTC.

Principled Podcast Transcript

Intro: Welcome to the Principled Podcast, brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Eric Morehead: 30 Years of Innovation and Influence is the subtitle of the recent report issued by the United States Sentencing Commission, but what does that really mean in the context of the organizational sentencing guidelines?

Hello, and welcome to another episode of LRN's Principled Podcast. I'm your host today, Eric Morehead, Director of Advisory Service Solutions at LRN. Today, Kathleen Grilli, the General Counsel of the United States Sentencing Commission is joining us. She's one of the authors of this recent report, and we're going to be talking about how the commission impacts business leaders and the creation of compliance programs across the world. Kathleen is a real expert in this space and is a guest of ours last season where we talked about the seven hallmarks of an effective ethics and compliance program enshrined in the US Sentencing Commission's federal sentencing guidelines. Kathleen Grilli, thanks for joining us again on the Principled Podcast.

Kathleen Grilli: Well, thanks for inviting me, Eric. I appreciate it.

Eric Morehead: The commission just released this new report, The Organizational Sentencing Guidelines: 30 Years of Innovation and Influence. Even after more than 30 years, there are still, I think, at least from my perspective, many people who, when they start their career in compliance, are confused a little bit about why the Sentencing Commission is involved in corporate compliance. Can you talk just a little bit about how the US Sentencing Commission came to assume the role it has regarding compliance standards?

Kathleen Grilli: Sure. You say that people in compliance are confused about it, but the truth is, even in the criminal justice arena where the commission operates... Our guidelines are used in federal courts for sentencing organizations and offenders. Even in that arena, there's not really widespread knowledge about Chapter 8 and the hallmarks for an effective compliance and ethics program. That's because there aren't a lot of organizational cases sentenced every year.

But the reason the commission got into the business of corporate compliance has to do with its statutory mission. The commission was created in 1984 through a bipartisan piece of legislation called the Sentencing Reform Act, and that act did a couple of things as it related to sentencing of organizations. It provided that organizations could be sentenced to a term of probation, sentenced by way of a fine, and it required that at least one of those be imposed. This was something new.

It also subjected organizations to orders of criminal forfeiture, meaning the proceeds of the criminal activity could be taken from them, order of notice to victims, and orders of restitution. That act also created the commission, which is a bipartisan agency and tasked the commission with developing guidelines for use in criminal cases for sentencing. It told us what the purposes of sentencing are, which is just punishment, deterrence, protection of the public, and rehabilitation of the offender. The commission had to decide what to do for sentencing of an organization. Obviously, you cannot put an organization in prison. Unlike individual offenders where sentencing ranges in terms of incarceration are something of the norm, you had to figure out what to do to sentence organizations.

With an organization, as we know, the bottom line is they're in business to make money. In developing the organizational guidelines, the commission came up with its notion that it should use fines to incentivize self-policing. It would punish organizations who were not self-policing or not trying to prevent a crime or commit the offense with certain aggravating factors more severely than those who were trying to prevent and detect crime. That's how we got into the business of corporate compliance.

Eric Morehead: Yeah. And it is interesting that the original writ was from the statute that you examine this. Can you talk a little bit about how the commission got specifically to those hallmarks, those programmatic pieces that we talked about a little bit on our last podcast a while ago? What was the process for the commission to get to those standards, those specific compliance pieces of the puzzle, if you will?

Kathleen Grilli: The commission started its work in 1986 on organizational guidelines with a public hearing at which it received testimony from a variety of witnesses across various different wakes of the world: academics, people in business, government agencies, and the like. Over about a five-year period, because as I said, the Commission started its business in 1986 and didn't actually promulgate the organizational guidelines until 1991. During that period of time, there were numerous public hearings attended by a wide range of witnesses from different areas of the law, academics, government agencies, business owners, representatives of just different industries, and the like. The Commission had these hearings, they heard testimony, the Commission went back and developed drafts with proposals for how organizations would be sentenced. They published those drafts. The process of publishing is really a solicitation for public comment, so they got public comment on the drafts. This went on for a good period of time.

In the meantime, the Commission was doing research. We had academics writing proposals and giving us ideas on how to implement the purposes of sentencing, which again, as I said, were just punishment, deterrents, protection of the public, and rehabilitation. Eventually, it came back to how does an organization get in trouble to begin with? An organization doesn't act alone. We have this theory in the law called vicarious liability where an organization is held responsible for the acts of its agents, meaning its employees. If the employees are the bad actors, everyone finally came to the conclusion that the best way to incentivize or prevent corporate crime was for the organization itself to self-police and to direct its employees and talk about what is and is not appropriate. That's how we ended up with compliance standards.

At the time that they started all this work, compliance and ethics was not widely accepted in the industry. There was a little bit of compliance in the context of antitrust and then there was, in the defense industry, there was an initiative relating to that. Those ideas got floated before the commission and it generated a lot of interest. That's how they started developing the standards.

Again, the standards were included in proposed guidelines that were published and they got public comment and not long before the actual vote where they adopted these guidelines. Even folks who were skeptical about whether this was going to work or not thought that the Commission had gotten the hallmarks of a compliance program right. They thought that they made sense and that they gave sufficient guidance to folks on what would and would not work.

Eric Morehead: That's a really important point too, and I often will say this when I'm talking to people and I talk about my background. Full disclosure, I'm a former employee of the US Sentencing Commission, so I have a strong belief in the mission of the organization. But oftentimes, I will say, "Well, they were first," and part of being first is you've tried different things and maybe you don't know exactly what's going to work and what is going to be successful. But I think over time, and this report really homes in on that, this notion that the direction that the Commission took from '86 to '91 really has paid off a lot of benefits.

One of the conclusions, one of the key conclusions from the report is that perhaps one of the biggest wins for the organization over the years is the widespread of adoption of the guidance and, in particular, the standards for what makes an effective compliance program.

I have a two-parter here. Do you think the Commission recognized in '91 how important that might be? And does the Commission today understand the overall importance of the organizational guidelines, and in particular, 8B2.1, those compliance hallmarks? Did they understand it then and what's the understanding of the Commission now of the relative importance of these?

Kathleen Grilli: Well, let me just back up a minute and just say that the commissioners who promulgated the organizational guidelines in 1991 no longer serve on the Commission. Commissioners have term limits. It's a different group then. It was a different group in 2004 that made the changes that brought ethics into the standards for compliance and ethics programs. As we were talking about before we started this podcast, we have a brand new group of seven new commissioners recently nominated by the President and confirmed by the Senate. You have different folks working on it. I can say that in the process of doing the research for this publication and others that I've worked on in this area, the Commission I don't think ever expected what we see today 30 years later. This widespread influence not only in terms of its use in the criminal justice arena, but how it has impacted other agencies.

And we'll talk about that and the global reach. The Commission itself said, "This is an experiment." They had hopes that it would lead to better actors in the corporate world, but those were hopes and there was a lot of skepticism from the business community when this process was ongoing about whether this was going to work or not. I think we're always blown away when we realize the impact of it, and I say that from a personal point of view, too. Because when I came to the Commission and I've been on the staff for some time, I was not aware of Chapter 8. I had never represented in court an organization, but only individuals.

And the first time I went to a compliance and ethics program where I saw and understood how well received and well regarded and what an impact we had had outside of the criminal justice arena, it sort of blew my mind that I know Judge Murphy and her Commission in 2004 or just before 2004, when they adopted the changes, they learned about it too when they came on board and it sort of blew them away. And I don't know with my current new bosses how well informed they are about this. This is really one of the reasons why, before they came on board, the staff and the then Commission, the one member, Judge Brier wanted to put this report out, memorializing the 30-year anniversary of the organizational guidelines. We're very excited about it, I have to say.

Eric Morehead: No, it is an amazingly effective rubric that the Commission put together and that the Commission is taken a measured approach from my opinion, both in 2004. And then I had an up-close look in 2010 when I was on staff through that process. I think that its impact is pretty incredible 30 years later, looking back.

One of the other things that's incredible... And I talk about new things when you come to the Commission. I had never really paid much attention to sentencing data until I joined the Commission in 2007. And the majority of the actual pages of this report have a lot of really interesting data about the organizations that have been sentenced over 30 years. Some key takeaways include trends that many of us, for those of us who are sentencing nerds, have seen over the years about the impact on small organizations, for example, versus larger organizations, making up the vast majority of defendants in that data set.

To me, a lot of looking for what makes... Because compliance professionals that are listening to this podcast and that are not necessarily interested in sentencing per se, but interested in the sentencing guidelines because of compliance, they're looking for what makes a successful compliance program from sentencing data. To me, a lot of it is what you don't see. It's sort of like looking for... I liken it to looking for a black hole when you're an astronomer. You can kind of tell the telltale characteristics of a black hole existing because of how it affects everything else. And we don't really see organizations that have successful programs in this data. There were just 12 organizations out of those 5,000 or so in 30 years.

Kathleen Grilli: 11.

Eric Morehead: 11. See? I even increased the number. It's just 11 organization out of 5,000 or so, 4,900 and some change, that have ever been deemed to have a successful program. What are some other striking things that you and the team noticed looking over this data and these trends for 30 years?

Kathleen Grilli: Let me just first say what this data is and what it is not so that listeners can understand why they may not find what they're looking for as to what makes a successful compliance program from the data. This data is for organizations, whether it be a corporation, a closely held corporation, partnership, whatever, but organizations that a federal prosecutor has decided to charge and gets convicted of a federal crime. It doesn't include organizations that the prosecutors decide, "Oh, we're going to enter into a deferred prosecution agreement or a non-prosecution agreement." It doesn't include organizations where a regulatory agency has seen that they violated some of the regulations, but they've decided not to proceed against them criminally but to pursue civil adjudications.

I mean, in some ways, this data is about the folks that prosecutors decided were the worst of the worst organizations. You don't see what makes a successful compliance program in this data, but I like to say what we do see is that some of the things that the Department of Justice says to you about what they're looking for in deciding whether to prosecute an organization or not might find support in this data. We concluded that the lack of an effective compliance and ethics program might be a contributing factor to criminal prosecutions against organizations. And what specifically led us to that?

Well, in the 30 years that we've been collecting data, overwhelming majority of the organizational offenders in our data set didn't have any program at all, much less an effective program. 89.6%, as you said, as you mentioned and asked me the question, there were only 11 sentences in fiscal year 1992 that got a culpability score reduction for having an effective compliance and ethics program. And I want to stop on those 11 because we went back. Everybody's always interested in what happens with those organizations or why was their program effective? And we were not able to suss a lot of information from the documentation to sort of tell people what it was. There wasn't a lot of descriptive information in the documents we received that would answer that question, but there's only 11 of them. And most of those 11 were very small organizations. It means they didn't have to have a very complex type of program.

More than half, 58.3%, of organizational offenders sentenced under the fine guidelines got a culpability score increase for involvement in or tolerance of criminal activity by upper management would suggest to you. If the management or the substantial authority personnel are in on it, they may well end up sentenced before a federal court. I think that's an important point, too. And very few of these organizations, we'd only saw 1.5% overall that did the three things that get you the maximum reduction off your culpability score, which is self-report, cooperate, and accept responsibility. There were very few organizations, even though there were many that pleaded guilty and accepted responsibility, that actually self-reported. That's important because you hear the Department of Justice talk about why that matters. And this data sort of offers support for the fact that it does.

And then the other thing we saw is that courts are now ordering organizations to implement effective programs in about 20%, one-fifth of the cases that come before them when they impose probation. This was the kind of data that we thought would help fuel the discussion or the debate on the importance of having an effective compliance and ethics program. The other thing you should note about our data, I think it's important too, is that a good percentage of the organizations that have been sentenced over the last 30 years are smaller organizations. It's not large publicly-traded Fortune 500 companies. It's smaller, less number of employees. I think that matters too.

Eric Morehead: That's a trend that I think we've noted in the data, because the size of organizations, the number of employees has been a data point that the commission has released over the years on an annual basis. And by the way, as it's worth mentioning for people who are interested, there'll be a link in the show notes here for this particular report we're talking about. But the Commission puts out data all the time. And at least on an annual basis, there's the Sentencing Commission's Sourcebook on sentencing, which has discussion on organizational cases and includes some of this data. You don't have to wait 30 years to see the trends again. You can keep up with it at the Sentencing Commission website.

Yeah. The small organizations... I think a big surprise to people who have first heard about this because we see the headlines all the time about the Enrons and, I'm going to date myself here, World Comps and Volkswagen and some of the other organizations. Some of those aren't actually even criminal sentences, as you point out. Those are deferred prosecution agreements or civil settlements of some sort, but those are the companies that make the headlines. It's the little guys, small and medium-sized organizations, that take these big hits more frequently than the larger organizations. That, I think, is surprising to people who aren't familiar with the data, but that's a consistent trend throughout the entirety of the enforcement, at least throughout the 30 years that the Commission's been keeping track.

Kathleen Grilli: Yeah. It may change now, given what the Department of Justice said last week.

Eric Morehead: Yeah. You never know. Yeah never know. We'll have to pay attention and then look at the Sourcebook next year and see what the differences are. The other impact beyond our friends at the Department of Justice and the courts throughout the United States is the impact that the Commission and the organizational sentencing guidelines and these standards have had on other enforcement agencies besides the criminal enforcement and also internationally, which I think is very interesting.

Can you talk a little bit... And that's documented in chapter three of this report. The first chapter is talking a little bit about the history. The second chapter is the data that we were just discussing. And then chapter three talks about how the USSC has encouraged other enforcement agencies and regulators to focus on good governance and compliance. Can you discuss a little bit about what the team found when you researched that?

Kathleen Grilli: Yeah. I think that using the word that the USSC has encouraged suggests that there's some sort of active work going on by the Commission. Let me just say that I don't think that is a fair statement. The Commission did its work and let its work speak for itself, and it has sort of spread throughout regulatory agencies and/or the globe just because it makes sense, I think. Anyway, that's my personal opinion. But I made reference to the Department of Justice, and so I'll start with a Department of Justice if I could.

The Attorney General, where it's his designee is an ex-officio member of the Commission, a non-voting member. Obviously, the Attorney General Department of Justice were actively involved in the development of the chapter eight itself and then the subsequent amendments in 2004 and 2010. But you see the impact of the guidelines in their evaluation of corporate compliance programs and all of the information that they release and discuss on how they focus on compliance in deciding how to prosecute an organization.

Just last week, the Deputy Attorney General, Lisa Monaco, talked about changes that they're going to make. There was sort of an oblique reference to our data, which is that there's been a drop in corporate prosecutions that we see in the data. I think there were less than a hundred last year, and they talked about sort of reversing that trend and looking at that, that the department thinks this is important. And they've placed a lot of importance recently on compliance programs because she said companies need to actively review their compliance program to ensure that they adequately monitor for and remediate misconduct or it's going to cost them down the line.

Kenneth Polite, who is the... I think it's Assistant Attorney General of the Criminal Division. He's a former chief compliance officer and they've made a lot of emphasis in the department on active review of programs and true independence for the chief compliance officer. That's the Department of Justice who obviously are actively involved in using the guidelines in federal courthouses, but then you have other regulatory agencies.

I'm going to run through them real quick and just say the SEC, HHS, EPA, FERC, which is Federal Energy Regulatory Commission, and the FAR all have requirements built into them about compliance programs. And most of them say that they're looking to the guidance on the guidelines. Some of them adopted them full scale, some of them may have modified them a little bit. And all of that came after chapter eight in 1991. All of those agencies look to the guidelines.

And then we see that if you look internationally at what's happening around the world in terms of anti-corruption, anti-bribery, and all the like, that elements of the hallmarks for an effective compliance and ethics program found in the guidelines are making their way into legislation, into programs, into initiatives that foreign governments are releasing. And I can't even keep track of it, truthfully, but it seems to be coming up more and more and more.

When the Commission promulgating the guidelines in 1991, they described them as an experiment. We wanted in this publication to sort of show, did the experiment bear fruit? And I think all of that suggests that it did. These changes and everything that goes back to those original seven steps laid out in the guidelines and elevated in 2004 to give them a little more prominence. It really is very, very exciting. I feel bad. I sound sort of like I'm patting myself on the back, and so I want to make it really clear to the listeners. I was not on this staff in 1991. I wasn't working on this. I did not have anything to do with the 2004 amendments. I came into it after the fact, but it's just really exciting to see it and to see the impact and how well regarded the Commission's work is.

Eric Morehead: No, I think that's right. I think the report really sums up what I think a lot of us have felt. Again, I'm probably biased, but a lot of us have felt this way for a while, that the standards, really, have set the bar and provided kind of a North Star for compliance programs for that whole generation, that whole 30 years. And it's made a difference in millions of people's daily lives in their working lives, because it affects how their company operates for the good or for the bad. And that really makes all the difference to us. I think you guys can successfully pat yourselves on the back a little bit.

Well, last thing, again, knowing that we're talking to a lot of compliance officers who hopefully have, if they're new, have a little bit more appreciation as to why the US Sentencing Commission is involved in their lives, are there other takeaways from the research and work that the team put into this report that you think are particular importance for compliance professionals or things they should be aware of?

Kathleen Grilli: Well, one of the things that I hear when I intend conferences and one of the things that I think folks [inaudible 00:26:26] is the fact that there's not enough investment in compliance. The bottom line in business is money and making money, and you can't necessarily provide metrics that show how your work is going to add to the bottom line. Then it's hard to make the case. Now, I know these days, in recent years, folks have come up with ways to measure how compliance and ethics does contribute to the bottom line, and I really believe it does. But this data can offer you the picture of what happens if you don't.

Eric Morehead: Yeah.

Kathleen Grilli: Because since 1992, courts have imposed nearly $33 billion in fines on organizational offenders. The average fine was over $9 million. Although the median was a little lower, it was only $100,000. But for a small mom and pop organization, a hundred grand is a lot of money. And the other thing is that courts will sentence organizations to probation. Over two thirds of the organizational offenders in the last 30 years have been placed on probation with an average term of 39 months, where you're going to have to be reporting to a probation officer and complying with all these requirements. And that's time consuming and costly, too, when you think about it. There's a little bit there that can answer the mail in terms of why am I going to invest in compliance and ethics.

Eric Morehead: I'm a big believer in making the positive business case, but you also need to make the "everybody's going to go to jail" case too.

Kathleen Grilli: Well, especially in light of the recent guidance that the Department of Justice, I mean, where they're going to be looking at individuals and they're going to be requiring organizations to give up all individuals who might be involved, I think that's something that folks should keep in mind as well. It's important because it's not just going to be the company, it's going to be the employees too.

Eric Morehead: Yeah. And again, that's important data. That's in chapter two of this report, that over 50% of the time over the period, you've got at least one living, breathing human being who's also faced charges consistent with the charges that the organizations faced. It includes actual human beings in this process, not just the organization.

Kathleen Grilli: I think we're only going to see an increase if the department's guidance holds true that those numbers may go up.

Eric Morehead: Yeah. We'll have to check. We'll check in next year after the Sourcebook comes out and see if the trend has moved. Kathleen Grilli, it's been a tremendous honor again to have you on our podcast and really appreciate you taking the time.

Kathleen Grilli: Oh, it's an honor for me to be here. Thank you so much for inviting me.

Eric Morehead: No problem. My name is Eric Morehead and I want to thank all of you for tuning in once again to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us lrn.com To learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen, and don't forget to leave us a review.

Friday Sep 30, 2022

S8E4 | See something, say something: Bystander intervention training insights

Friday Sep 30, 2022

What you'll learn in this podcast episode

Most of us have heard the phrase, “If you see something, say something.” But what does that look like when someone witnesses bad behavior in the workplace? How can companies help their employees be active bystanders in the face of misconduct? In this episode, LRN colleagues Felicity Duncan, senior instructional designer, and Kristen Motzer, learning director, share their expertise on bystander intervention training and how organizations can effectively give employees the knowledge and skills they need to step in and help their coworkers. Listen in as the two share insights from their latest course development for the training library at LRN.

Principled Podcast Show Notes

[1:22] - What does it mean to be a bystander, and why do organizations have bystander training?

[3:05] - Unpacking the idea of a “Speak up culture”.

[3:40] - Why don’t people get involved when they see problems?

[6:08] - How to train people to be active bystanders?

[9:36] - Why are scenarios so important?

[12:14] - How DEI relates to bystander intervention.

[15:26] - How having a robust bystanding and speak up culture will benefit partners.

Featured guest: Kristen Motzer

Kristen Motzer is an experienced leader in values-driven, empathetic behavior change. As Learning Director for the LRN Library she oversees course content development and online, blended, and facilitated learning experiences. She has expertise in human-centered learning design and has developed and managed education and learning programs at institutions such as NYU Langone Health, NeuroLeadership Insitute, Stanford University, Xavier University, and the Cleveland Clinic. Kristen holds a BA from Wright State University and an MA from Carnegie Mellon University and resides in Chicago.

Featured Host: Felicity Duncan

Dr. Felicity Duncan believes that training and communication interventions have the power to transform behavior, including driving people toward more ethical treatment of those around them.

Felicity graduated with a Ph.D. in Communication from the University of Pennsylvania. After teaching at the college level for several years, she transitioned to workplace education to have a bigger impact on working adults by providing them with the training they need to truly thrive in their roles. At LRN, she is focused on developing high-impact, behaviorally focused content for the LRN Library. Her most recent project saw her working with the Library team to create a powerful new DEI Program that includes not only LRN’s world-class Inspire courses but also a set of microlearning assets designed to support, reinforce, and guide behavior change.

Principled Podcast Transcript

Intro: Welcome to the Principled Podcast, brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Felicity Duncan: Most of us have heard the phrase, "If you see something, say something." But what does that actually look like when someone witnesses bad behavior in their workplace, like bullying or harassment? And how can companies help their employees be active bystanders in the face of misconduct? Hello, and welcome to another episode of LRN's Principled podcast. I'm your host, Felicity Duncan, Senior Instructional Designer here at LRN. And today, I'm joined by my colleague Kristen Motzer, the Learning Director of LRN's Library Course Content. Kristen has over 20 years of experience in technology supported learning and development, and I am a PhD with a decade of experience working in both academic and professional training environments. Kristen, thanks for joining me on today's Principled podcast. So, let's start with the basics. What does it mean to be a bystander and why do organizations have bystander training? Can you explain the sort of core idea here?

Kristen Motzer: Sure. A bystander is someone who witnesses misconduct but isn't directly involved in the situation. So, they see something happening, but they're not actually a part of it. So, being an active bystander is about doing something as opposed to just standing by when you see someone being harassed or bullied or abused. And there's actually a lot of research showing that bystander intervention can have a major impact. When bystanders intervene in situations in the right way, they can stop abuse in its tracks, support victims, and really make perpetrators reevaluate their behavior.

However, very often bystanders witness abuse and harassment and say nothing. That's why we need active bystander training that equips people with the tools they need to intervene successfully when they see something wrong. So, recently we've seen a lot of interest in bystander training from our partners, and Chicago now has an requirement for our long bystander of training for employees in Chicago. But really beyond that, there's a recognition that engaging your workforce to do something, to fight back, to say this is not behavior that we want to have in our workplace can be really powerful. And it's creating a speak up culture.

Felicity Duncan: So, tell me a little bit more about this idea of the speak up culture. What do we mean by that?

Kristen Motzer: So, it's creating an environment where people feel safe to be able to speak up. Of course, speaking up is a little bit scary. You don't know what's going to happen. There could be retaliation, things could change. The folks that usually eat lunch with might not want to eat lunch with you anymore. Things might change an environment that we spend a lot of time in at work. So, creating a safe space where there's an expectation that you see something that you don't want in your workplace culture, you're going to speak up and say something.

Felicity Duncan: So, obviously acts of bystander intervention is really important. We really want this speak up culture that's going to help us build a better workplace environment. So, why don't people get involved when they see problems?

Kristen Motzer: It's a great question, and it's really important to understand that it's not because people don't care. It's not that we're bad people at work or wherever we might be. It's that we're human. And intervening can be really difficult. Psychology has shown research from the 60s and onward that people have good intentions, and people tend to actually believe that if they saw something happening like harassment, discrimination, that they would get involved. But when it actually happens, that intention that they would get involved disappears and they just freeze up. And it's because of our fight, flight, freeze response kicking in. We're facing an unknown situation. We don't know how the people involved will react, and we're just scared of looking stupid, upsetting someone, getting into trouble, being embarrassed besides the possible outcomes like having some kind of retribution losing our job or our workplace friendships. So, from a biological and neuroscience perspective, our brains flood with stress hormones and react as though we're facing something like a bear, a really dangerous situation even though it's a social threat, not an actual bear, it can feel just as intense.

So, when this happens, it's really hard for humans to overcome these instincts and get involved. So, we freeze. We try not to make eye contact, we put our heads down, try to hide, and if we're in a group, behavioral psychology research is found that it's even worse. So, when there's multiple people witnessing a situation, everyone's kind of expecting someone else is going to take action, and we sort of take the lead of kind of like group think. We take the lead from those around us, and if they're not doing anything, then we won't do anything. We have all these reasons why people don't intervene when they're bystanders. And Felicity, given these barriers, how do you train someone to be a bystander at work? I would love for you to take me through how you created the Inspire Active Bystander Training.

Felicity Duncan: Well, luckily for us, the research that you mentioned earlier that talks about why bystanders don't intervene also gives us hope. It shows us how we can overcome those barriers to intervention. At what it really boils down to is being prepared, right? Being ready to get involved in these situations. But the truth is, it's a long road to get learners to that point. So, I'm going to walk you through what we did and why we think that works. So, we begin our training by acknowledging that this is hard. As you said, a lot of people assume that if they're in a bystander situation, that they're going to do the right thing, and then when it actually happens, they're unprepared for how scary it is, and for how strongly and viscerally they react to that fear, right? And so what we try to begin with is getting our learners to understand what to expect, right?

We're really frank about the fact that it's going to be scary. Your palms are going to be sweaty, your heart is going to be pounding. You're going to be really afraid, all right? And telling them that feel the fear, but overcome it because that is not a reason not to intervene. It's just part of the experience. And so, in that way, we try to help prepare them for how it's actually going to be. What they're actually going to feel when a situation arises where they need to make some kind of intervention. Then what we do is we give learners some very practical strategies for how to intervene. And again, we're preparing them, right? We give them a literal list of step one, step two, step three, Here are four possible approaches to intervention. Here's how you would implement those approaches to intervention. So, it gets incredibly practical so that when learners are faced with these situations in the real world, they don't have to think like, "Oh, what am I going to do?" They have a set of actual steps that they can take.

And then finally, we let them essentially practice using literally dozens of real world scenarios. And there's an important point here that I want to make about our training is that it's really focused on the workplace. Now, a lot of the research that you mentioned earlier, and a lot of general bystander research comes from non-workplace environments. So, a lot of it comes from campus sexual assault prevention and also from street harassment. So, we're getting involved in preventing street harassment more recently. And those are really different situations to what you'd face in the workplace, right?. In a street harassment, there's a real threat of violence, its strangers. What's at stake is perhaps your physical safety. And of course in sexual assault, if we're talking particularly, a lot of this work is done on college campuses, there's a lot more social pressure. People are really afraid of offending their friends. And that's really different to what's at stake in the workplace.

You mentioned earlier the issue of retribution and retaliation. So, if I get involved, is that going to undermine my promotion? If I say something, am I going to start getting put onto bad projects? So, we really try to dig into the fears and issues that arise in a workplace context and our scenarios are really focused on that.

Kristen Motzer: So, let's talk about this a little bit more. You mentioned scenarios multiple times, and I know this learning experience that we've created includes dozens of scenarios. So, why are these so important?

Felicity Duncan: It really comes down to that question that you asked originally. What can we do to help learners overcome their biological resistance to saying something and get them to actually take action when they're witnessing misconduct? And as we said, the key is preparation. And we know the best way to prepare for a situation is to really think in very concrete terms about what you would do in that situation. In all kinds of training scenarios, we really focused on planning and preparation to help you deal with the situation that might be emotionally difficult.

And so, our scenarios illustrate dozens of real world scenarios that our learners or people encounter every day. So, a coworker telling a sexist joke maybe, and abusive customer using racist language. And then we look at like, "How do you handle those situations as a bystander who is witnessing misconduct?" So, in other words, we ask people, "What would you do in this situation? What's the right thing to do? What are the possible consequences of doing that?" And that gives us an opportunity to talk about retaliation and sort of the protections that exist in workplaces to keep people safe from retaliation.

So, the idea is to really help learners engage with the practical steps that they should take when they're bystanders. Because the more someone plans their responses to different situations, the more likely that person is to actually take action when they're faced with those situations. And what we want to do by giving all these scenarios, by giving these practical strategies and steps that we're providing in our training, is equip learners with a practical toolkit of responses. So, when they're in that bad situation and their heart is pounding and their palms are sweating, and they're feeling anxious and they're scared, they don't have to think, "What should I do?" They know what to do and they're ready to do it. And that's really the only way to help people overcome these natural biological barriers to intervening in bad situations. But Kristen, I want to ask you, in our library, we've put bystander training in our diversity, equity, and inclusion suite of content. So, why have we conceptualized bystander training as part of DEI?

Kristen Motzer: That's a really great question and an important one. So, if we think about our philosophy at LRN, and within our inspire content with the library, we think about DEI as the antidote to harassment and discrimination. So, diversity, equity and inclusion content around respect, allyship, these are the kinds of things that the mindset and the skills we build that will prevent harassment and discrimination.

So, if we think about bystander and being able to put that respect and allyship to work, when you see something that needs to be dealt with, that should be reported, bystander intervention isn't just about harassment and discrimination and these kinds of scenarios. It's about as much that helps our HD programs. It's about a kind of culture that you want to build. It's not just about preventing the worst kinds of sexual harassment and discrimination. It's about actively speaking up and knowing that when people see microaggressions, when they see subtle behavior that excludes people, that hurts victims. But it's not illegal. It's not quite at that level of being something illegal, but it's saying, this is not something that we want to see in our culture and our culture, we treat people with respect no matter who they are.

And DEI is about building a culture that gives everyone the freedom to be themselves and the tools they need so they can thrive and make their best contribution and be these ethical employees in this ethical culture that we want to have. And we have to decide that's what we want to create, and that's what we want to protect. So, it's more than just preventing the worst kinds of bad behavior. It's about being intentional in saying instead of just thinking prevention, we're going to build. We're positively choosing these behaviors that create an equitable and inclusive culture for everyone. So, we see bystander training as a critical part of this broader DEI program, and it's really seeing it as a tool that can enable our partners and employees to create and maintain the kind of culture that they want to have at work.

Felicity Duncan: I think that's a really important point, and it's essentially the difference between doing the baseline of compliance and moving further beyond that to actively create good. At LRN, we argue that by doing that, by going beyond, we obey the basic rules to we actively try to make a great environment, that is a real business advantage for organizations that that taking those extra steps is not only the right thing to do, but it's also the smart thing to do. So, can you talk a bit about how you would see having a robust bystander training program and having a speak up culture is actually going to benefit partners beyond the sort of avoiding the fines and problems that come with harassment?

Kristen Motzer: Absolutely. That's a great question. So, if we think about this kind of culture where employees speak up, it's a culture where employees feel trust. And we know that employees feel that trust, not only will they speak up, but they will behave more ethically. In general, they will feel, this is the environment we're in, this is what the culture expects from me. This is what the highest levels of leadership expect from employees and from our culture. This is what we do here. So, if you think about that trust and that psychological safety of being able to be who I am and know that I can speak up, if I see behavior that I don't want in the workplace, I go to work to do a good job, to do something that I'm passionate about doing, and I shouldn't have to worry about am I going to get harassed today or discriminated against.

So, it's really in everyone's best interest to create this culture, because also the trust, it increases engagement. So, every organization wants engaged employees. It's good for business. So, if we think about this kind of culture that encourages people to be themselves and to stand up for others, then you've got employees who are engaged with the organization, with its values and the mission that it's trying to achieve, and that's good for everyone.

Felicity Duncan: See, and I think it's really important to draw these connections because you can think about bystander training as being, well, there's this new Chicago requirement and we're going to have to give people an hour of bystander training and get that compliance box ticks. But I think it's really important for companies to think about this more broadly. About culture, about engagement, about having happy people in your office who are there for more productive, right? None of this is happening in isolation as a box ticking exercise. It's really all about building the kind of workplaces where people want to be.

Kristen Motzer: Absolutely.

Felicity Duncan: But clearly this is a conversation we could be having all day, but we are out of time for today. Kristen, thank you so much for joining me on this episode. My name is Felicity Duncan, and I want to thank you all for listening to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcasts on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Friday Sep 23, 2022

S8E3 | What is the purpose of the United States Sentencing Commission?

Friday Sep 23, 2022

What you'll learn in this podcast episode

A few weeks ago, the United States Sentencing Commission (USSC) issued a report titled The Organizational Sentencing Guidelines: Thirty Years of Innovation and Influence. The publication summarizes the history of Chapter Eight’s development and discusses the two substantive changes made to the elements of an effective compliance and ethics program. So, what does this mean for compliance professionals? In this episode of the Principled Podcast, host Jen Uner, Strategic Communications Director at LRN, talks about the guidelines with Eric Morehead, Director of Advisory Services at LRN. Listen in as the two discuss how these updates—and the wider USSC—impact corporate governance.

The purpose of the U.S. Sentencing Commission is to study and develop sentencing policies for the federal courts. The Commission serves as an information resource for Congress, the executive, the courts, and the public on matters relating to federal crime and sentencing. Our episode today focuses on Chapter 8, which addresses organizational sentencing guidelines, not individual sentencing guidelines which is also a significant focus for the USSC.

Principled Podcast Show Notes

[1:24] – Explanation of the new publication from the U.S. Sentencing Commission and why it matters.

[6:42] - How the original standards have held up over the last 30 years.

[7:51] - Eric outlines some of the highlights of the most recent publication.

[12:53] - The real repercussions for organizations.

[14:58] - The relationship of the Sentencing Commission with the DOJ and SEC.

[18:33] - Steps organizations should take when crafting their own E&C programs.

[21:43] - The role of company culture in determining how effective the program will be.

Featured guest: Eric Morehead

Eric Morehead is a member of LRN’s Advisory Services team and has over 20 years of experience working with organizations seeking to address compliance issues and build effective compliance and ethics programs. Eric conducts program assessments and examines specific compliance risks, he drafts compliance policies and codes of conduct, works with organizations to build and improve their compliance processes and tools, and provides live training for Boards of Directors, executives, managers, and employees.

Eric ran his own consultancy for six years where he advised clients on compliance program enhancements and assisted in creating effective compliance solutions.

Prior to joining NYSE, Eric was an Assistant General Counsel of the United States Sentencing Commission in Washington, DC. Eric served as the chair of the policy team that amended the Organizational Sentencing Guidelines in 2010.

Eric also spent nearly a decade as a litigation attorney in Houston, Texas where he focused on white-collar and regulatory cases and represented clients at trial and before various agencies including SEC, OSHA and CFTC.

Featured Host: Jen Üner

Jen Üner is the Strategic Communications Director for LRN, where she captains programs for both internal and external audiences. She has an insatiable curiosity and an overdeveloped sense of right and wrong which she challenges each day through her study of ethics, compliance, and the value of values-based behavior in corporate governance. Prior to joining LRN, Jen led marketing communications for innovative technology companies operating in Europe and the US, and for media and marketplaces in California. She has won recognition for her work in brand development and experiential design, earned placements in leading news publications, and hosted a closing bell ceremony of the NASDAQ in honor of the California fashion industry as founder of the LA Fashion Awards. Jen holds a B.A. degree from Claremont McKenna College.

Principled Podcast Transcript

Intro: Welcome to the Principled Podcast brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Jen Uner: A few weeks ago, the United States Sentencing Commission issued a report titled The Organizational Sentencing Guidelines: 30 Years of Innovation and Influence. The publication summarizes the history of Chapter Eight's development and discusses the two substantive changes made to the elements of an effective compliance and ethics program. Hello, and welcome to another episode of LRN's Principled Podcast. I'm your host, Jen Uner, strategic communications director at LRN, and today, I'm joined by my colleague, Eric Morehead, director of advisory services solutions at LRN. We're going to be talking about the guidelines, and how it impacts corporate governance and what compliance professionals need to know. Eric Morehead is a real expert in the space as he once worked on these guidelines in a prior role at the US Sentencing Commission. He advises LRN clients now on these topics. Eric, thank you for coming on the Principled Podcast.

Eric Morehead: Thanks, Jen. It's good to be here.

Jen Uner: So hot off the press is this new publication from the US Sentencing Commission. Tell us about what it is, why it matters, and especially to owners of compliance programs at their organizations.

Eric Morehead: Well, it's sort of a look back over the last 30 years. The Sentencing Guidelines for organizations were first promulgated and came into effect in 1991, so technically the 30th anniversary was last year, but the report has just come out now, and over those 30 years, there's been about 5,000 organizations that have been sentenced under the US Sentencing Guidelines. The Sentencing Commission and the Sentencing Guidelines have to do with federal sentencing, so either individuals or organizations who have been charged with a federal offense and find themselves in a federal district court, somewhere in the United States, and they either have pled guilty, or been found guilty by a jury, or found guilty by a judge after a bench trial, and now they're being sentenced. So when you sentence an individual, obviously, that can include a fine in restitution, but also time in a federal penitentiary.

You can't jail an organization, but the Organizational Guidelines have put together over the last 30 years standards by which the judge can assess fines, restitution, and also order when necessary compliance reforms and implementation. Since you can't put the organization behind bars, you can however, put the organization on probation and require the organization to make some necessary reforms, if you will. So that's a kind of quick background of what the guidelines are for those of you who weren't sure, and why they matter to us, because the implementation of compliance standards is baked into any kind of probationary sentence or sentence that's handed down to an organization, or can be baked into, I should say.

Jen Uner: And you have personal experience at the USSC.

Eric Morehead: Yes, I worked at the Sentencing Commission from about 2007 to 2011, and during that period, there have been two amendments to the original guidelines that were first put out in 1991 for organizations. The first was in 2004, partly in response to Sarbanes-Oxley and the legislation that came out at that point around implementing reforms for organizations and their governance, but also there was back at the time in the early 2000s, a task force put together that the Sentencing Commission took some advice from. And so they made some amendments in 2004. The primary thing that happened in 2004 is that these compliance standards that are in the Sentencing Guidelines were put more front and center.

They had been what are called application notes before, and they were actually promoted, if you will, to an actual textual listing in the guidelines. Just making them more prominent is really what it boiled down to. Also, putting a little further definition around the components of an effective program, training, governance and oversight, written standards, and procedures in place, reporting mechanisms, that we all know most organizations have an anonymous reporting mechanism, a hotline or helpline out there. That comes out of these standards that were first put together by the US Sentencing Commission. They were the first national standard in the United States anyway that suggested having a reporting mechanism, including with an anonymous option.

Enforcement, discipline, and incentives often overlooked, but the Sentencing Guidelines have been talking about incentives for the past couple decades as well. And then in 2010 while I was there, the second amendment to the Organizational Sentencing Guidelines was undertaken, and that also strengthened that relationship between the governing authority of the organization, the board of directors, or whatever the oversight of a particular organization might be, because these guidelines affect not just public companies, but any kind of organization, so nonprofits, governmental agencies. Any kind of organizational structure is contemplated by the guidelines, and the 2010 amendments strengthened that relationship between the people actually responsible for the program and the governing authority of the organization, and also provided some incentives for organizations to come forward and to reform their programs. So those things have all happened over the years.

Given the length of time that the Sentencing Guidelines have been in effect, now 30 years plus, to only have gone back and revisited them twice is not that significant. So they've been kind of bedrock standards that have existed and been well known. We often talk about them as the hallmarks of an effective program for this entire time, and the commission gathers data, and so the other big piece of this report that's very interesting is there's 30 years worth of data. And in fact, the majority of the report goes through in much detail about the demographic characteristics of organizations that have been sentenced over the years, how many organizations have received credit for having an effective program. Spoiler alert, not very many out of the 5,000, less than a dozen. So that's the other great thing about this report for those of us who are interested in compliance is you have a great wealth of data to see what the characteristics are, and how organizations have gotten into real serious trouble in the past.

Jen Uner: So you were saying there have only been two amendments since inception?

Eric Morehead: Yes.

Jen Uner: That's pretty interesting, because it kind of speaks to how enduring.

Eric Morehead: Yeah, they got it right, and the primary takeaway in this report in the executive summary in the beginning is that the biggest impact that the commission sees for its work is that these standards have become so universally accepted, and that's not just in the United States. That's across the world. These standards are seen to be when you're talking about effective compliance programs, they're seen to be sort of the bedrock, if you will. There are obviously other international standards out there in Europe, and Asia, and other places where government agencies and international agencies like the OECD Good Guidance that came out well over two decades ago itself.

They all kind of trend and follow the same path, if you will, that the Sentencing Guidelines started 30 years ago. So it really has been the guiding light for not just individual organizations that want to build a better program, but also other regulators out there, whether that's the Department of Justice, or other agencies here in the United States, or international organizations that are adopting compliance standards.

Jen Uner: So the most recent publication, it provides great historical context about the commission and its impact. Can you outline some of those highlights? I remember that the report is chock full of charts, data, as you were saying, which is great if you're needing to report about program effectiveness, for example. What do you think is most salient for leaders in that report?

Eric Morehead: Yeah, as far as those particular pieces of data, nothing here if you've been paying attention to the sentencing guideline data over the years, and every year, I should mention that the Sentencing Commission puts out what they call the Sentencing Source Book, and that has a lot of data about not only individual's sentencing, which is the primary thing that the Sentencing Commission collects data on is the actual, real living human beings that are being sentenced year in, year out in federal courts around the nation, but it also includes data on the organizations that have been sentenced in that prior year. So if you've been paying attention over the years and looking at these source books, you will have noted that pretty much year in, year out, the vast majority of organizations that are sentenced, 70% of them have less than 50 employees, and 12.1% have 99 to 400 employees.

And just a very small percentage, 8%, have more than 500 employees. So the vast majority of organizations that get sentenced are very small, but if you think about it, that makes logical sense, because smaller organizations tend to have less governance structure, probably have less resources, probably don't have a compliance program, and that's certainly the finding that courts when they review these cases 89.6% of the time, so almost 90% of the time organizations have been found not to have a program in place, or what was in place was not significant enough to be considered a compliance program. So those two figures seem to correlate well, right?

The organizations that face the most serious repercussions are small and also don't have a program, so probably hadn't even contemplated having a program before misconduct occurred. The other real striking piece of information that comes out of this report and is also something that's been consistent through the years is the number of actual living human beings that are being sentenced along with the organizations in these cases. When we look at these cases, often we're talking about the demographics of the company, how many employees they have, what sort of crimes they have been found guilty of, how big the fines are, et cetera, but sometimes what gets lost in that discussion is the fact that if there's misconduct that's occurred, very often, there are individuals who are charged right along with the company for violations of the law. And in fact, over time, 53% of these cases include at least one other individual, and sometimes multiple individuals, who've also been charged with crime.

The other really striking piece of data out of this that I think a lot of people don't realize is the vast majority of individuals who are charged are not considered "high level", so these are folks that have some authority to engage in whatever behavior underlies the conduct that led to a criminal offense. So they probably are not at the very lowest level of the organization most of the time, but they are not necessarily in the C-suite. Only 25.7% of the individuals charged with an offense along with an organization were considered high level. So almost three quarters of those individuals who find themselves facing criminal sanction, potentially going off to the federal penitentiary are folks that are not considered high level in their organization, and I think that is perhaps counterintuitive, because we oftentimes hear the headlines of executives and other senior folks in organizations getting in trouble and facing criminal sanction, but the reality is the opposite of that.

Jen Uner: That's kind of scary, I got to say. I mean, it makes me as an individual in the company really want to pay attention to my compliance training.

Eric Morehead: Certainly. Anytime an organization... And granted these cases are not as numerous as situations where organizations may have an investigation and might settle with either the Department of Justice or an agency, like have a civil settlement, something short of a criminal conviction, and there are a lot of situations where organizations might receive a subpoena or have some sort of investigation that occurs, that just ends without any kind of charges or settlements being attained. So there's a lot of data that we don't have, right? Where things may not go perfectly, but don't go quite as bad as ending up with a criminal conviction, but it is scary to consider that there are individuals that are being charged right along with these organizations for this misconduct.

Jen Uner: It's really interesting, because so often inside organizations, you've got pressure on one side to perform or deliver in a certain way, and then you can find maybe shortcuts. I mean, I don't know how else to describe it, but a quicker way to get there that maybe is potentially outside the law. So it's true that there are real repercussions for taking those shortcuts, and also for not speaking up, if you see something.

Eric Morehead: Yeah, and the real repercussions here for organizations, again, you can't jail a company. You can only fine them. You can order restitution. A federal judge can order them to implement compliance reforms, put together a program if they don't have a program. Those are all things they can do, but the other thing to consider here too is if you take a federal felony conviction, and you are an organization that does any amount of work with the federal government, you can be debarred from future federal contracting, so that can very often... Taking a federal conviction beyond the fines and the costs associated with having to defend the organization against those charges, if it actually ends up with a conviction, and your organization relies heavily or primarily on government contracting, that's the end of the organization. I mean that's the death penalty.

The best example of that that we all can probably remember is Arthur Andersen. When they took the federal conviction in Houston for conduct involving Enron, that was the end of Arthur Andersen. They could no longer audit public companies, and they were debarred from government contracting, obviously, after that point too, and that was just the death sentence. Oftentimes when we're looking at these cases, when we look at the data, those are organizations that just had no options, because if there were any options before that to settle the case, to make reforms, to have some sort of civil settlement, those on-ramps just weren't available to them.

Jen Uner: I do remember that whole upheaval. My father was in accounting at I think Ernst & Young at the time. I can't even remember, but I do remember that massive upheaval for Arthur Andersen, and how they had to completely pivot the entire business.

Eric Morehead: Yeah. The consequences reputational and lost opportunity, real bottom line business costs involved in having misconduct, even if it doesn't rise to the level where we're talking about Sentencing Guidelines or having to implement Sentencing Guidelines for the organization, just an investigation can really derail an organization in a significant way.

Jen Uner: I'm going to ask kind of a uninformed question now. It's because I'm not a lawyer. This is going to be maybe really obvious for others, but in case you're like me, can you describe what the Sentencing Commission's relationship is with the DOJ and the SEC, and how do these organizations sort of interrelate? We so often hear about DOJ guidance, for example. How is that different from Sentencing Commission?

Eric Morehead: Over the years, we've seen more and more guidance both here in the United States and abroad from prosecuting entities like the DOJ, but also other regulatory agencies like SEC, and many of these regulatory organizations have compliance standards they put together. As far as I'm aware, they're pretty universally based on the same basic standards that we talk about in the Sentencing Guidelines. The DOJ guidance, and primarily we're talking about the memoranda that the criminal division has put out periodically since I think 2017 with the most recent iteration being the 2020 summer one, I believe, that guidance is based and explicitly cites the Sentencing Guidelines as its fundamental basis. Now, obviously there's a lot more detail and specificity within the DOJ guidance.

The difference between guidance from the Department of Justice, other guidance that you might see in other agencies, but particularly the memoranda that we're talking about from the DOJ, is that can be withdrawn at any time, and as we've seen over the past few years, it can be amended at any time. It's only a few years old, and it's been amended twice. The DOJ, if there's a change of administration or a change within the hierarchy of the criminal division, those new officials that come in may want to make a change. The former deputy attorney general in the prior administration had talked about doing away with memoranda from the department altogether and codifying everything in as much as you can codify it in the US Attorney's Manual. So there are various things that could potentially happen at any time.

Because the US Sentencing Commission is a rule making organization, there's a whole process that the commission has to go through before there are changes made to the Sentencing Guidelines. That's one of the reasons why there have been very few amendments to the Organizational Sentencing Guidelines over the years is because there's a whole process involved. The commission first has to publicly publish its intention to make any changes. It'll often, if there are proposals to make changes, it will seek public comment, often have a public hearing, and then it votes. And once a commission votes, if a new amendment is promulgated, then it's sent to Congress to both the House and the Senate, and they have a period of time to either make changes or not allow those guideline amendments to come into effect, but if they don't do anything, they automatically come into effect and basically have the force of law as the Sentencing Guidelines.

Now, granted the Sentencing Guidelines don't officially apply to your organization except when you're in front of a federal judge being sentenced, right? So if there's no sentence, there's no criminal offense where the sentence is being determined, the guidelines don't have any official capacity, but we've all taken them as the standards by which we measure the effectiveness of a program. So I guess what I'm saying here is I think any guidance is helpful guidance. Certainly the DOJ guidance has been very helpful and added more detail into what regulators are looking for when they peer into an organization, but just the sort of bread and butter basic pieces of a compliance program are always going to reflect back to those seven hallmarks of an effective program within the Sentencing Guidelines, because they're pretty immutable.

Jen Uner: So if you're building an E&C program, what are the steps that organizations should be taking to lower their risk? Can you go into a little bit more detail on that? How do you unearth all the rules that apply, and how can you effectively transmit them to the people in your organization?

Eric Morehead: Yeah. Whether you're using the Sentencing Guidelines, looking at the guidance from the Department of Justice, or guidance from international organizations like the OECD or others, I feel like, and this is backed up by the specific guidance that the department has given over the past few years of what they look for, every organization is unique. It's its own unique snowflake, right? And so you're going to have your own unique risk profile, and you're going to have to develop your own unique compliance program to be an effective control for those risks. So you evaluate all of these standards, but you put together a program, and you put together standards that really address what your program needs.

One of the key provisions of the Sentencing Guidelines, by the way, is what I would call the not one size fits all provision. The guidelines from the very beginning stages of when they were developed had this notion that not every program is going to look the same, not every program is going to be as extensive as other programs. Smaller organizations that are purely domestic here in the United States, for example, and maybe are smaller probably don't have the same exposure to anti-corruption concerns, for example, foreign bribery anti-corruption concerns that international organizations might have for just as an example. So really the best advice is to make sure that your program meets your needs, and so the first step along that process is evaluating and figuring out what your needs are.

What are compliance risks that your organization faces, and how are you addressing those risks, and do you need to reform those controls, put more resources behind training or monitoring and auditing, or whatever it might be to address those particular risks? So it's really an investigation of what you face as an organization, what are the risks you face, looking at all these standards, reading the guidance from the department, reading specific guidance that might apply to your organizations, for example, if there are particular compliance requirements. If you're a government contractor, you have to have a written code of conduct. You have to post certain reporting materials if you're a government contractor.

So there are some particularized compliance requirements, depending on who you are, and how your business is operating, and you have to be aware of all those standards, but you develop a program that fits your organization, that is very specific and customized to the risks you face, the resources you have to use, because not everybody has the same resources. So you have to make some tough calls sometimes as a compliance officer or the person responsible for compliance at an organization, because you may not be able to do all the things you really want to do, but you have to figure out and prioritize the things you need to do.

Jen Uner: Which makes me think about corporate culture, right? Because every company's culture is also unique and completely attuned to its own size and position of the marketplace, and where it trades, and who it does business with, and all of those pieces.

Eric Morehead: Yeah, the ethics side of compliance and ethics is the determining factor very often, right? The culture of the organization really tell the tale as to how effective or ineffective ultimately you're going to be. You may need more controls. You may have some potential risks that need to be addressed. Even if you have a super strong culture, you can't just get by on culture alone, because organizations are made up of a lot of individuals, and some of those individuals may have bad intent, but it's hard to imagine how you could properly resource an organization that had a poisonous culture, right? If you don't have values, if you don't have an effective ethical framework that everybody is primarily operating under, you can pour money onto systems, controls, tools, and it may not make any difference whatsoever. You can have a compliance budget that is the top budget out there, but if the culture is ruined or ruinous, then it's going to be really hard to have an effective program.

Jen Uner: Yeah. I think they famously have said, "Culture eats strategy for breakfast."

Eric Morehead: Yeah, and that's really true. I've seen different ends of the spectrum, right? I've seen organizations where the culture was hard to know how you would start to climb back up that hill and reform the culture, and how you would be able to have an effective program without having a positive, ethical culture, but I've also seen the other end too, which is less frequent, but also potentially problematic, where organizations... And sometimes I see this, for example, a good example of this would be a nonprofit where mission is really important, and everybody has a very ethical outlook, and they wouldn't be working at a nonprofit and particularly in difficult circumstances unless they really were all about the mission and had a very positive, ethical attitude, but they don't have a lot of structure. They don't have a lot of resources. And so there's always the potential that there could be failures and misconduct, because for instance, they might be a good target for an outside data privacy issue, right? Because they don't have strong data security systems.

Jen Uner: I was just going to say data privacy.

Eric Morehead: So you can be at both ends of the spectrum as far as that culture piece goes, and still have some serious compliance risks.

Jen Uner: So there's definitely always a need for E&C training for sure.

Eric Morehead: Yeah, training in Sentencing Guidelines, and the guidance from the Department of Justice, both are really clear about we are not interested in one size fits all. We are not interested in how big your budget is. We just want to make sure your budget is right, that the governing authority and the organization has addressed this properly and is serious about compliance, but if you're a smaller organization or an organization where the risks are being properly addressed without spending a lot of money, that can be perfectly fine. Again, depends on the individual organization, and what is their risk profile, how are they addressing those risks, and are they meeting the other big picture criteria of having some standards that everybody knows about, training where appropriate, having proper governance and oversight, and monitoring and auditing, having a reporting process, where people can ask questions and report concerns, properly enforcing the rules, and disciplining people, and having incentives. And that's the one that often gets missed. That's been in the Sentencing Guidelines for years now, and has is mentioned in the guidance. How do you incentivize proper behavior at your organization? That's really important too.

Jen Uner: There is so much that goes into building an effective E&C program. I'm sure we could be talking about this all day, but we are running out of time. I am so glad you could join me today to talk about this report and why it matters to every organization. I know we'll be including a link to that report in our show notes at LRN.com. My name is Jen Uner. I want to thank you, Eric, for joining me today.

Eric Morehead: Thanks, Jen. It was my pleasure to be here.

Jen Uner: And I want to thank everyone for listening to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at LRN.com to learn more, and if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen, and don't forget to leave us a review.

Friday Sep 16, 2022

S8E2 | The evolving responsibilities of today’s boards

Friday Sep 16, 2022

What you'll learn in this podcast episode

How are boards of directors of major companies coping in 2022 with the increasing expectations from so many stakeholders? How can directors equip themselves to meet oversight challenges and ensure that their companies do business in the right way? In this episode of the Principled Podcast, guest host Dr. Marsha Ershaghi Hames explores the critical role of boards in shaping ethical corporate culture with Diana Sands, an accomplished corporate leader who currently sits on the boards of SP Plus Corporation and PDC Energy. Listen in as the two discuss the evolving responsibilities and tools for today's boards, including guidance from the latest report from LRN and Tapestry Networks: Assessing Corporate Culture: A Practical Guide to Improving Board Oversight.

Principled Podcast Show Notes

[2:15] – Diana Sand’s background and its impact on her board roles.
[8:07] - The push for board culture refreshment and ESG priorities.
[12:06] - Thoughts on changing attitudes toward board culture.
[15:37] – Board needs for transparency, accountability, and communication.
[18:34] - Navigating structural impediments and the Assessing Corporate Culture report.

Featured guest: Diana Sands

Diana Sands brings over 30 years of business experience to her board and advisory roles having held senior executive finance and governance positions across multiple industries. Diana currently serves on the boards of SP+ (Nasdaq: SP), PDC Energy, Inc. (Nasdaq: PDCE), and National Philanthropic Trust (the largest independent
provider of donor-advised funds). She is the Board Chair for Start Early, a non-profit champion for quality early learning. She is also an advisor to New Vista Acquisition Corp. and to Ethisphere (a global leader in defining and advancing the standards of ethical business practices). Diana retired from The Boeing Company in 2020 where she
was an executive officer and Senior Vice President, at the Office of Internal Governance and Administration. Reporting to the CEO and to the audit committee, Diana oversaw a diverse team including ethics & investigations, compliance risk management, internal audit, security, and internal services. Previously, Diana held senior finance roles at Boeing including corporate controller where she signed and oversaw the development of the company’s financial statements, and head of investor relations where she was the primary management liaison with investors and industry analysts. She also led financial planning & analysis and worked in corporate treasury. Prior experiences include leading financial planning & reporting for General Motors Corporation and working at several companies in audit and product line finance positions. Diana has an MBA from Northwestern's Kellogg School of Management, and a BBA from the University of Michigan Ross Business School.

Featured Host: Dr. Marsha Ershaghi Hames

Dr. Marsha Ershaghi Hames is a partner with Tapestry Networks and a leader of our corporate governance practice. She advises non-executive directors, C-suite executives, and in-house counsel on issues related to governance, culture transformation, board leadership, and stakeholder engagement.
Prior to joining Tapestry, Marsha was a managing director of strategy and development at LRN, Inc. a global governance, risk and compliance firm. She specialized in the alignment of leaders and organizations for effective corporate governance and organizational culture transformation. Her view is that compliance is no longer merely a legal matter but a strategic and reputational priority.

Marsha has been interviewed and cited by the media including CNBC, CNN, Ethisphere, HR Magazine, Compliance Week, The FCPA Report, Entrepreneur.com, Chief Learning Officer, ATD Talent & Development, Corporate Counsel Magazine, the Society of Corporate Compliance and Ethics and more. She hosted the Principled Podcast, profiling the stories of some of the top transformational leaders in business.

Marsha serves as an expert fellow on USC’s Neely Center for Ethical Leadership and Decision Making and on the advisory boards of LMH Strategies, Inc. an integrative supply chain advisory firm and Compliance.ai, a regulatory change management firm.

Marsha holds an Ed.D. and MA from Pepperdine University. Her research was on the role of ethical leadership as an enabler of organizational culture change. Her BA is from the University of Southern California. She is a certified compliance and ethics professional.

Principled Podcast Transcript

Marsha Ershaghi Hames: How are boards of directors of major companies coping in 2022 with the increasing expectations from so many stakeholders? How are boards equipping themselves to meet the challenges of overseeing organizations? And how can directors ensure that their companies are doing the right things and doing business in the right way?

Hello, and welcome to another episode of LRN's Principled Podcast, where we continue our conversations about the critical role of boards in shaping ethical corporate culture. I'm your guest host Marsha Ershaghi Hames, a partner at Tapestry Networks. And today, I'm joined by Diana Sands, an accomplished corporate leader who currently sits on the boards of SP Plus Corporation and PDC Energy. Today, we're going to talk about the evolving responsibilities of today's boards, many of which are outlined in the newest report, Assessing Corporate Culture, a report from LRN and Tapestry Networks. Diana, thank you so much for coming on the Principled Podcast.

Diana Sands: Thank you, Marsha. It's great to be here.

Marsha Ershaghi Hames: Let's kick off. Diana, you had an accomplished career, retiring as an executive officer and senior vice president in the office of internal governance and administration at the Boeing Company. And you have now turned to service on corporate boards. Your career has spanned a variety of leadership roles across multiple industries and disciplines. Maybe for our listeners, we can kick off by hearing more about, just tell us about your background and career and how this has informed your approach to serving as a director.

Diana Sands: Sure. And thank you again, Marsha, for having me. As you noted, across 30-plus years, I worked in various industries, including professional services, consumer products, and industrials, mostly in finance roles. I held several finance leadership positions, including corporate controller at Boeing. And my last role, as you alluded to, before I retired, was reporting to the CEO and the audit committee in a chief administration and chief ethics and compliance role. As you also mentioned, I currently serve on both public company and nonprofit boards.

Marsha Ershaghi Hames: How has this experience started to really shape or inform your approach to serving as a director?

Diana Sands: You know, Marsha, I think the breadth of my experience is mainly what shapes me as a director. I've been part of a lot of different business opportunities and challenges. And with that, I tend to think pretty holistically, whether it's assessing an opportunity starting with a strategy all the way to how it can be practically executed, or dealing with a particular challenge, which often means quickly yet systematically gathering facts, evaluating options, and then taking actions.

I do believe that the best way to leverage experiences is not to automatically duplicate what one has done in the past. In fact, I don't really love hearing a director simply stating, "This is what we used to do at XYZ Company." I think the greater value from past experiences is a director's ability, because of those experiences, to quickly absorb an existing situation and think through the possible outcomes. And that's the approach I tend to try to take in the boardroom.

Marsha Ershaghi Hames: We're going to dive into some of how you're transferring some of your unique background as a compliance and ethics officer into the boardroom. But first, I want to take a step back. I mean, when I look across 30 years, across all the sectors that you have developed your career in, you were probably or likely one of the few women executives in these fields. I'm just curious, as you look back, were there any mentors or, I'll use the term sponsors, that sort of provided more guidance, influence, coaching through developing your career journey?

Diana Sands: Yeah, definitely. And I think you're right. I was often the only female and/or minority in rooms during my career. I do think the good news is that it's changing, albeit maybe slowly, but it's changing across all sectors. But having said that, mentors are definitely important, and I had several great ones. Most of them, by the way, were white males because that's who I was primarily working with. But I remember one very early in my public accounting career, a manager who showed me tough love as he reviewed my work papers. He was really hard on me and my work, but it was formative in the way I think today. In fact, that holistic approach I mentioned earlier is in large part thanks to this person who taught me early on to always think about that bigger picture.

And then later in my career, another mentor, one of the CEOs I worked closely with, pushed me to aspire for more than I might have otherwise. He's the one who coached, or maybe coaxed is the better word. He coaxed me to take on some roles that went beyond my comfort zone. But ultimately, those were the roles that enabled me to ascend to the C-suite, which also was critical in getting my current board positions.

Those are a couple mentors, I've had several, but I think the common thread across all my mentors is that they not only took an interest in me, but they really pushed me to be better, to stretch, and to be uncomfortable. I think that's important to advance in a career and in life, I think.

Marsha Ershaghi Hames: No, it's so true. Let's continue down this path. You do bring a unique background to the board as a former compliance and ethics officer. It's not a typical skill set that we see serving today on the other side of the table. Tell me a little bit about how that maybe shaped or influenced landing your first board seat and how the lens in which you look at information or assess decisions is impacted by this background.

Diana Sands: Yeah. You know, I think that's absolutely right, Marsha. In fact, my board roles were obtained not so much because of my ethics and compliance experience, but because of my finance background. They were boards that were specifically looking for a financial expert, which I can be deemed as one, because public boards, as you know, need some number of financial experts.

But interestingly, I find that when I contribute in the boardroom today, it's more often from my broader governance and ethics and compliance experience. I'll often ask questions about how things get done at the company, which alludes to culture, gets at culture, not just what gets done. Monitoring risk management is a key responsibility of boards. And again, I find my broader governance experience helpful in those discussions.

Marsha Ershaghi Hames: Talking a little bit about your broader, bigger picture experience around governance, excuse me, there have been a lot of conversations about the need to change the chemistry in the room, the culture of the board. And board refreshment is kind of at the top priority of this dialogue. So, composition, what are the skills we need in the room to support some of these governance practices? What are you seeing from your vantage point? Are things changing? Are boards more open today to soliciting and considering other types of skills and backgrounds for board seats?

Diana Sands: Definitely, yes. I think board refreshment is an important topic in many boardrooms these days. In fact, all of my boards, not just the public boards, but my nonprofit boards as well, have been talking about board composition and board refreshment. I think they're all looking for diversity. I do think companies and boards are beginning to look now for individuals who have broader experiences than just those who have been a CEO, CFO, or operating leader, which I think is what was very common years ago as boards were trying to fill their boardrooms. There are certain experiences like cybersecurity and ESG, for example, which are experiences much more being sought after today in boardrooms.

Marsha Ershaghi Hames: Yeah, no, and I mean, it takes us to the next segment I wanted to dive deeper into with ESG priorities right now. There's one thing to draw on outside experts, but it's another thing to be able to interpret data, really try to develop the linkages, ensure that conversations with the right folks in management are clear on advancing, but with the focus on climate risk and people-talent issues, and cyber and technology. I mean, how are some of your boards thinking or approaching thinking differently around oversight of these issues and the types of skills that you need in the room?

Diana Sands: Yeah, indeed. All those topics you mentioned are really relevant in the boardroom today, especially as regulatory bodies are considering what additional reporting requirements may be required in these areas. I think having board members who have practical experience, by the way, in these areas, cyber, climate, technology, is really helpful and almost becoming necessary, especially if their experience is recent because many of these areas are so rapidly evolving.

Even talent management is different than it was a couple decades ago. The workforce today can span multiple generations. It's more technologically savvy and more diverse than ever. So having board members who are in touch with today's environment is important, which I think is driving a lot of refreshment activities.

I would also go back to something I said earlier. I think that it's important that directors don't immediately rely on the way they did things years ago. Oversight of these evolving issues requires being on top of how they're evolving. So to your point, leveraging expertise within the company with external consultants, advisors as needed, and listening to those board members with these recent experiences, I think is critical. And then of course, ensuring that these topics are given the appropriate time in the boardroom is also important, which I'm certainly seeing in all of my boards.

Marsha Ershaghi Hames: So you're seeing a shift more so, because it seems like almost every committee is becoming an ESG committee. So, how do you keep this focus?

Diana Sands: You know, it's funny because one of my companies, sometimes one of the board members will mention, "Wow, we're actually talking about an operational issue today." And this company's pretty well run. Because so much time we're spending now on these topics, because of everything we've just been talking about, it is getting more time and attention in boardrooms. And to your point, you're right. I think boards are also trying to figure out how to make sure that there's some deliberate discussions around them, and more and more ESG-type committees are being created. But there's no doubt, more focus in these areas today than there were in years past.

Marsha Ershaghi Hames: Yeah, yeah. Well, let's go back to a comment you also made about the tone or the theme of, well, this is how we used to do things. That lends me to a question more on board culture. It is always more comfortable to lean on the levers of the past. It's consistent, it's what we know. As I've certainly spoken to a number of newer directors or directors that are occupying newer seats, I've heard varying input on, do they feel as comfortable voicing or asking unpopular questions or challenging the status quo.

I'm sort of curious from your vantage point and your current experience, do you see any type of shift or shift in momentum around assessing board culture, boards being a little bit more cognizant of, we need to assess our culture of how we discuss, debate, challenge things. What are some of the changes that you're seeing, if any?

Diana Sands: Yeah, I do think, Marsha, that culture in all organizations is becoming much more important to examine, and more organizations are doing so. Some of that, I think, it's unfortunately because of the terrible events in recent years related to racial inequities. But I'm also hoping some of it is because it's simply just becoming clearer to everyone that culture really does drive everything that happens in an organization. And I am finding that boards, again, at least the boards I'm part of, again, both public and nonprofit, have been going through some sort of process to advance its own culture. I think that's really good, in my view.

I will also say that I think there's a bit of kind of personal responsibility in this. I do try to take on personal responsibility to help advance culture in every group I'm part of. I'm talking, these are day-to-day actions, not big initiatives. For example, things I try to do include not being afraid to bring up a different view. You alluded to that, especially if it's a minority view. I'll try to do it respectfully and productively, but I'll make sure, and I'll really deliberately in my head, make sure to express that view.

I also try to bring out every voice in the room. I will often ask someone for their thoughts if they've been quiet, and that happens even in boardrooms. There are always some folks who speak more and some who speak less. And finally, I still try to make sure I personally am feeling some discomfort at times, again, something I learned from my mentors. It's one reason the boards I sit on today, Marsha, are part of industries different than what I've worked in in the past. They're learning experiences for me.

Also, in a boardroom, and maybe as simple as going over to talk to that person who is most different than I am, the one I have the least in common with. I'll sometimes actually have to force myself to do that because it may be a bit uncomfortable, but I know it will help advance the culture and the dynamic of the group. Yes, I think cultures are shifting in boardrooms. I think each of us should think about what we can personally do to help that journey.

Marsha Ershaghi Hames: You've been a part of contributing, and not only to the ethics, culture, and compliance network, but also the Assessing Corporate Culture framework that was recently released. And these insights also came up both in the interviews and in some of the questions that were being developed. One was around the need for greater transparency, a sense of accountability, and better communication or optimization of communication, not only amongst board members, but also between the board and management.

A few executives raised, "We want to be able to bring difficult news to the board and be able to have that conversation." Tell me, in your experience, what can this look like? Or how practically, what role can the directors play to create the space to encourage more of this open communication and transparent communication?

Diana Sands: First of all, those qualities you mentioned, transparency, communication, accountability, they are really important and they're hallmarks of a strong culture. And there's no question, there's many pieces of data that show these healthier cultures drive better results.

I think the board sets the tone in many ways. The board's own culture actually flows down in many ways to what the management team and the company, what they do and they operate. If the board operates in an environment of inclusiveness, of open dialogue and debate, and the management team sees that, and the board engages in that kind of behavior with the management team, that will affect the dynamic where those tougher issues can be brought up and discussed. And it also flows throughout the organization. So I think it's really important.

I do think on the topic specifically of raising those difficult issues, it's not easy, but good boards, I think, do create the space for that. I think to start with, the board actually has to, board members themselves need to be willing and wanting to hear those difficult issues. And then the directors actually have to do some work to help pull them out. It's always easy or nice. It's nice for board members, it's nice for everyone to hear good news. But we also have to, I think, proactively be asking, "What's not going well? What is the management team worried about?"

Seek out those tougher issues and be willing to deal with them alongside management. I think that's what board members can do. But I don't think it's necessarily all that easy because it can be hard to hear and it can be hard for management teams to share the tough news. But I think the more the board and the board members make it easier for them, where we listen, we're willing to listen to them, we want to hear them. We may not like what we're hearing, but we need and want to hear them. And we're willing to work with them through those issues. That'll help set the environment for those tougher issues to be brought up and discussed, which is absolutely, we all know, necessary for effective boards to do.

Marsha Ershaghi Hames: Another insight that came out of this report that you contributed to was also structural impediments. I know you certainly can draw upon your experience both as a senior executive with oversight of compliance and ethics, and now on the other side of the table, but one of the directors said just the structure of boards can make it difficult for a board to really get a clear picture of culture.

I just want to get your perspective on how important or critical is it for the board to hear from other management voices? I mean, typically, boards have looked to CEOs to get an overall understanding or pulse on culture. How important is it to bring other voices in like the compliance officer, ethics officer, or CHRO? Is there an independence opportunity? Is there contextual opportunity? Just love to get your perspective on that.

Diana Sands: Oh, totally. And by the way, you've mentioned this report a couple times. I do want to give credit to Tapestry and LRN. You all did an excellent job on this guide. And also frankly, on convening the conversations that led up to this guide being developed. I just want to put that out there, Marsha. I think it was an excellent, it is an excellent product.

But yeah, I think it's really important for board members to engage with, certainly, obviously, the CEO and his or her leadership team is often who the board will engage with. And I think that's really important, members of that senior leadership team. But then also going deeper, we've talked about this in some of our conversations, going out and kind of seeing sites where you get a sense, you get a sense. It depends how big the organization is, and it's often you have to keep in mind as we discuss, management teams will put forth their best team, their best people. But you do get a sense when you're out there engaging. So I think engagement by board members with team members is important.

I do think having that dialogue with those leaders who I think in many ways are touching and influencing and seeing culture, the company's, every day, whether it's the chief ethics and compliance officer or the chief HR officer, or the chief legal council, depending on how the organization is structured. It is really important for board members to have direct engagement with them as well. I think many boards do, but I think board members need to be really attentive to those engagements because you can pick up a lot, not just from the tactics of what's going on and the results of what's going on at the company, but also you get a lot of indications of culture when you talk with these folks in the company.

Marsha Ershaghi Hames: And my final question, Diana, and I appreciate you highlighting the report, but how are you thinking of leveraging some of the guiding points from the report? I mean, you contributed to helping us develop questions that directors can use for reflection and questions that they can certainly explore with management teams. But speaking to your peers, you've got directors listening, how can they use this framework as a roadmap with their peers and management teams?

Diana Sands: Yeah, first I want to spread, and I'm going to do this with my context, but I really just hope this guide gets out. It's really great, what you all have done. You've got summary points. If you just want to go on the website and look at some of the summary points and some questions boards can ask. Or you can download the whole guide, which I think is just, like I said, really well done. There are a lot of practical tips there. What I plan to take out of it, I hope others do, there are some questions there that boards can ask. There are examples of how the board can itself set a good example of culture. And it also notes ways we can measure culture with tools that are likely already being used at companies, like surveys, internal audit reports, and employee-related data.

I think importantly, when I stepped back and looked at it again, even though I was part of the team that gave you input on putting this together, but when I stepped back and read it again, I think it will help directors, when they look at this guide, realize that many topics already discussed in boardrooms provide an opportunity to delve deeper into culture.

For example, DE&I statistics, which are regularly being talked about now, I think, in most company boardrooms, company mission and value statements, hotline reports. These among many others are ways to discuss company culture. Risk management is another one. And in fact, in one of my boards, we had an annual risk management dialogue where all the board and C-suite members had to complete a risk tolerance survey. It was just part of their normal risk management process. But when we talked about it, it was fascinating as we reviewed the results to see the similarities and differences. And we ended up having a great conversation about culture.

I think this guide is just a really practical and useful tool for board members to just realize, actually, that in many ways, there are avenues to delve deeper into culture and that obviously, it's really important to do so.

Marsha Ershaghi Hames: So true. And I think one of your colleagues on the committee of contributors of this said, "We just have to get the conversation started."

Diana Sands: Exactly.

Marsha Ershaghi Hames: It's just important to start asking the questions and get the conversation started. But Diana, we're out of time, but there's so many insights that you've shared with our listeners today. Some great nuggets here that we can take away. I want to thank you for creating time and space to share your thoughts and for joining us on this episode. So Diana, thank you.

Diana Sands: It's been my pleasure. Thanks, Marsha.

Marsha Ershaghi Hames: And to all of our listeners, my name is Marsha Ershaghi Hames, and we appreciate you all for tuning in to this episode of the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at LRN.com to learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Friday Sep 09, 2022

S8E1 | How can boards assess corporate culture and improve oversight?

Friday Sep 09, 2022

What you'll learn in this podcast episode

What is top of mind with board directors when they think about corporate culture, ethics, and compliance? How can leaders best assess culture in the companies they oversee? In the season 8 premiere of the Principled Podcast, LRN Director of Advisory Services Emily Miner is joined by Dr. Marsha Ershaghi Hames and Dr. Eric Baldwin at Tapestry Networks to discuss how board members can improve oversight. Listen in as the group shares insights from Tapestry Networks and LRN’s joint report Assessing Corporate Culture: A Practical Guide to Improving Board Oversight, which draws from a working group of nearly 40 directors and executives representing over 60 public companies.

Principled Podcast Show Notes

[0:29] - Emily welcomes listeners to this episode with Marsha and Eric of Tapestry Networks.
[1:46] - A discussion on the recently published report, “Assessing Corporate Culture: A Practical Guide to Improving Board Oversight.”
[6:14] - Why the report offers a practical framework and what needs it seeks to address.
[9:59] - The key findings or pillars of the report.
[15:22] - How the report helps leaders answer “How?” questions.
[20:30] - What is the potential broader impact of the report?

Featured guest: Dr. Eric Baldwin

Eric Baldwin is a principal at Tapestry Networks, working with teams in the firm’s corporate governance and financial services practices. Prior to coming to Tapestry, he served for several years as a research associate at Harvard Business School (HBS), where he collaborated with faculty on a variety of research and writing projects covering topics ranging from organizational culture and change management to corporate strategy and healthcare policy. Prior to his time at HBS, Eric taught in the religious studies departments at Franklin & Marshall College and Boston University, while earlier in his career he served in engineering and operations roles at ON Technology Corporation, a software development firm based in greater Boston.

Eric holds a PhD in religious studies from Boston University and a BA in history from the College of William and Mary.

Featured guest: Dr. Marsha Ershaghi Hames

Featured Host: Emily Miner

Emily Miner is the Director of Advisory Services at LRN’s Ethics & Compliance Advisory practice. She counsels executive leadership teams on how to actively shape and manage their ethical culture through deep quantitative and qualitative understanding and engagement. A skilled facilitator, Emily emphasizes co-creative, bottom-up, and data-driven approaches to foster ethical behavior and inform program strategy. Emily has led engagements with organizations in the healthcare, technology, manufacturing, energy, professional services, and education industries. Emily co-leads LRN’s ongoing flagship research on E&C program effectiveness and is a thought leader in the areas of organizational culture, leadership, and E&C program impact. Prior to joining LRN, Emily applied her behavioral science expertise in the environmental sustainability sector, working with non-profits and several New England municipalities; facilitated earth science research in academia; and contributed to drafting and advancing international climate policy goals. Emily has a Master of Public Administration in Environmental Science and Policy from Columbia University and graduated summa cum laude from the University of Florida with a degree in Anthropology.

Principled Podcast Transcript

Intro: Welcome to the Principled Podcast brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.

Emily Miner: What is top of mind with board directors when they think about corporate culture, ethics and compliance? How can leaders best assess culture in the companies they oversee?

Hi, and welcome to another episode of LRN's Principled Podcast. I'm your host, Emily Miner, director of advisory at LRN. And today I'm joined by Dr. Marsha Ershaghi Hames and Dr. Eric Baldwin partner and principal respectively at Tapestry Networks. We're going to be talking about corporate culture and how board members can improve oversight. Marsha and Eric have just collaborated with us at LRN on a report entitled, "Assessing Corporate Culture: A practical guide to improving board oversight." The report presents insights from a working group of nearly 40 directors and executives representing over 60 public companies, including some of the largest companies in the world: Cigna, Sony, McKesson, Lockheed Martin, CDW, Coca-Cola, Excel Energy and Palo Alto Networks included. Marsha, Eric, thanks for joining me on the Principled Podcast today.

Marsha Ershaghi Hames: It's great to be here.

Eric Baldwin: Thanks for having us, Emily.

Emily Miner: Okay, so let's jump right in. This report, a guide really, assessing corporate culture is the result of working group sessions of the ethics, culture and compliance network. Marsha, let me start with you. What is the ECCN, who are its members, and how did it come to be?

Marsha Ershaghi Hames: Sure. Great. We're happy to continue to share the Ethics Culture Compliance Network progress. This network was founded in the summer of 2020. I mean, it was during the thick of a pandemic. Companies were spiraling. It was just a lot of crisis management and companies were starting to take a real reflective step back. They were assessing where do we need to look? How do we need to assess our planning for longer term future? And the conversation emerged initially, Emily, as a forum. It was a safe space to convene. Public company directors and senior executives, namely chief ethics and compliance officers, to really start exploring values, corporate culture and the role of ethical decision making in business.

Emily, if I can highlight just a few key aspects that the stakeholders of ECCN started to really prioritize over the last two years, number one, the need for boards and executive teams to align and articulate culture so that management feels supported. Number two, to address the challenge of getting ethics and culture on board agendas and to really promote directors going deeper with management, we're going to get to shortly. Number three, ECCN stakeholders have continued to really want a forum to share peer to peer examples, pragmatic examples of the need for better communication and greater transparency between the CECO, the broader management team and the board.

Emily Miner: Thanks, Marsha. Having sat in on some of these sessions, I know that those specific examples that you just alluded to, those were among some of the most powerful conversation prompts. So I think that the members got a lot of value out of that. I certainly know I did. And so this report builds on a report that we, Tapestry Networks and LRN, collaborated on last year, activating culture and ethics from the boardroom, which was a really insightful temperature check on board's attitudes about culture. Eric, can you talk about that project and how it led to this latest one?

Eric Baldwin: Sure. With the last year's activating culture report, we had set out to understand the realities facing boards and their oversight of ethics and culture. What were their key concerns, the challenges they face, current practices. So to get at that, we interviewed 40 directors who occupied about 80 seats on public company boards with the aim of getting a really broad view of board oversight of ethics and culture. What we found was a pretty diverse range of practices across boards, in terms of what kinds of information they were receiving, their engagement with their management teams, including how often they heard from their chief ethics and compliance officer, a range of assignments of committee responsibilities and really it's just a variability and how much attention the issues get from boards.

We also found a real lack of comfort among directors. So directors recognize the importance of culture and the risks associated with ethical lapses or with unhealthy cultures, but recognize that their ability to oversee culture doesn't have the level of clarity and rigor that you find in other aspects of board oversight, like say financial reporting. So there's a real gap between the seriousness of the risk associated with culture and the importance of culture on the one hand and director's sense of their ability, or lack of ability, frankly, to effectively oversee that set of issues. So given that, it seemed crucial to start to develop some board-level tools and practices that could help directors make their oversight of ethics and culture more robust.

Emily Miner: Thanks, Eric. I know that this latest report traces its roots back to those earlier insights that you were just describing and the need for a practical framework that board members could adopt. Tell us why this framework and the specific needs it seeks to address.

Marsha Ershaghi Hames: Yeah. So maybe I'll take that one. So to Eric's point, we have conversations with 40 directors in 2021 and coming out of it, it was the spirit of action. How can we now take action? So the consensus was, we want a simple, practical framework to start to advance a conversation, just get the conversation started. Think of it like a simple roadmap. How can we take this into the boardroom? How can we start to connect with management with simple prompts, questions. Help us organize our thoughts about how to activate and get the conversation started. Then, another goal was the input was we want to have a peer-reviewed framework. We don't want a treatise. We don't want a commission study by a third party. We want to be a part of driving the frame for what we think will have the greatest impact, both within board rooms and for the boards to explore directly with management.

Emily Miner: You've talked a little bit about the approach to developing the framework, talking to the 40 directors and the peer-to-peer nature of it. What else about the approach of how the framework was developed, do you think contributes to the power of what it ultimately offers to boards and management teams?

Eric Baldwin: Yeah, I can jump in here. As Marsha noted, we really wanted this to be as useful and practical for boards as possible so we thought it was really important that it'd be grounded in the experience of directors. We knew that there was a lot of good practice already going on in boardrooms. So if we could tap into that collective knowledge and pull that together, it could be really valuable. So the way we went about that was to recruit and convene a working group of about 12 to 15 members, 10 of whom were sitting public company directors. Several of those directors are current or former chief ethics and compliance officers so they've got deep experience in that space that they bring into the boardroom. We also included a couple of sitting senior ethics and compliance executives who report into boards on these matters on a regular basis to bring their perspective, as well as our colleagues from LRN, who brought their expertise in culture measurement.

So, we brought the group together several times for virtual discussions, for peer exchange, to really surface the challenges and gaps that they're experiencing, to share and vet existing practices and tools and identify some key insights and good practices that are already going on. So out of that, our team developed a draft framework, which we shared then with a larger group of about 40 directors and ethics and compliance executives to pressure test our recommendations and get additional feedback before publishing the piece this summer. So I think what really gives it its power is that it's grounded in the experience of the boardroom, it's peer developed and peer vetted and rooted in the efforts of directors and practitioners.

Emily Miner: Yeah. Thank you, Eric. And just to underline something that both you and Marsha shared, I think something that's so compelling about it in terms of being grounded in that experience is, as you mentioned, many of those directors are current or former chief ethics and compliance officers. So being able to hear from people that have worn both of those hats or are wearing both of those hats, I think is so powerful. So let's keep on talking about the framework. What are the key findings or pillars? I know that there are five pillars of the framework and I'd love for you to expand upon those five pillars for us.

Eric Baldwin: Yeah. I'm happy to try to do that. There's a lot of insights there, so I'll try to be brief. As you mentioned, there are five key themes here, and we see them not so much as a series of steps, but more as sets of interlocking practices or that can mutually reinforce each other. So briefly, the first is really just to make ethics and culture a priority. We've heard from directors that culture and ethics often don't get enough time and attention in the boardroom. They get pushed to the bottom of crowded board agendas. So a key step is simply just to ensure that they get priority on the agenda, that they get enough time and attention. It's really crucial. We heard that boards communicate to management that culture and ethics are priorities, which they can do by pushing for information, asking questions, following up, probing. Management needs to know that ethics and culture are board priorities.

The second is for boards to take a look at their own culture. Boards have their own internal cultures and the culture of the board influences the culture of the organizations. They sort of set the tone from the top. But directors tell us that boards don't often examine their own cultures in a rigorous way. So it's really important for boards as one member put it, to take a hard look at their own culture. In this, it's especially important for boards to assess their openness and transparency and the level of trust, both among the directors and between the board and the management team, and especially their willingness to hear difficult news and how the board responds to bad news or to hard truths. A key element we heard of ethical culture is trust and transparency and to foster an environment where bad news travels fast. That starts with the board and the board's willingness to hear bad news.

The third is the challenge of being able to articulate the elements of culture and really to describe and articulate the culture you're aiming at, what you want to see in your corporate culture. The challenge here is that culture can be a very fuzzy and abstract concept. It's implicit, it's unspoken rules and norms, and that makes it really hard to measure and assess.

So anything boards and management teams can do to make discussions of culture more concrete and precise will really help. This can mean breaking down ethical culture into various components, things like trust, willingness to speak out, fairness, organizational justice, so that boards and management teams have a clear answer to the question, "When we talk about culture, what exactly are we talking about?" A key insight here was the importance for boards to be active partners with their management teams in defining and articulating the attributes of a desired ethical culture, rather than just sort of hearing them from management. Contributors told us that the process of defining what a good culture looks like by fostering a robust and structured discussion of culture is as important as the outcome. So boards need to be involved in those discussions early, rather than just the management team coming to them and saying, "Here's what we think our culture should look like."

The fourth is really about the tools that they use to measure and monitor culture. This is all about information and data and how it comes to the board. There's a pretty common range of data and information sources that boards depend on and there's plenty of data. But the key is for boards to get that information presented to them in the right way so that it has enough context that it can really make sense to them. So one key issue for boards we found is to push their management teams to report to them in such a way that insights from a range of data sources are integrated into a coherent picture or narrative. So survey data or data from culture surveys is overlaid with safety data, turnover data, and cost of hotline for example. Boards are really looking for a more integrated view from their management teams. Anything that will help generate a narrative or surface patterns that help boards know where they need to follow up and probe and potentially allocate more resources is really helpful.

Then finally is the issue of establishing clear communication lines. There's a lot of information relevant to culture that comes from a lot of different functional areas bearing on ethics and culture. So boards need to push their management teams to be able to develop a holistic view and really ask the question who, if anyone, in the management team owns culture and owns reporting on it and can give a really coherent and holistic view of culture. The same goes for the board. At the board level, different committees on the board, get reporting from different management teams and information can become siloed. So the key question is how can boards overcome that tendency and make sure that the entire board is getting a full picture of culture.

Emily Miner: Thanks, Eric, you did a great job of covering a lot of detail, very succinctly so I appreciate that. You framed a lot of those pillars in the form of a question: so how can boards do this, how can boards and management team collect the right data and interpret it together and break down those silos, et cetera, so I want to go into those hows a little bit because we call it a practical guide. So how does that manifest? How can this guide, I'll call it a guide and not a report, how can this guide help boards in their oversight of culture?

Marsha Ershaghi Hames: Yeah, so Emily, maybe I'll jump in on that one. So to Eric's point as he went through these five key pillars and big insights or meta themes that jumped out, each pillar is supported with countless examples, practical scenarios, and we've even lifted up some direct quotes that came from all of the contributors. So part of this is practically speaking, we want to help agitate that curiosity from the directors. We want to encourage them, look behind the numbers, start asking some of those uncomfortable questions. We wanted to give them, when you talk about sort of manifesting, how do we give directors a simple roadmap or framework to go into, to start within their own boardrooms, and then to look at opportunities to connect and communicate with management, to build that bridge, to forge an ongoing dialogue. So this is not an overnight put your hero cape on.

This is to start to create essentially more of that accountability partnership, a dialogue between management and the board and framing it in these five buckets. So it's, step one, are we even prioritizing this? So that can be a series of conversations. Step two, have we aligned as a board and management team? Have we been engaged as a part of articulating and assessing and understanding what is that desired culture? Are we as a board reflecting? So as Eric was going through these, it's you need to have a roadmap essentially to start agitating some of that dialogue. We wanted these pillars to become levers to begin that process to engage with management.

Emily Miner: I love the way that you are framing this as agitating the dialogue. There's such a great mental, descriptive image. So thank you for that, Marsha. I know that one of the features of the report or the guide to help agitate that dialogue is a series of questions that can serve as a starting point for this dialogue with management teams and within boards. Can you share some of those compelling prompts?

Eric Baldwin: Yeah, I'd be happy to give some examples. I think questions for boards are really a key tool in their tool belt. One of the things that boards are expected to do is offer a credible challenge to management, and it's really through asking questions that they do that. So we did include a number of questions, I think they're probably more than two dozen appended to the end of the report. I will not read anything like all of them at this point, but I'll give you a couple of examples of some of the questions that we include in the report. Again, many of them line up with some of the key buckets that we identified above. One would be just to ask yourselves as boards, have we identified the cultural attributes and behaviors that align with our stated values and our purpose? How can we effectively articulate the culture we're trying to achieve? This in turn would guide management's efforts to measure culture.

Another question for the board to reflect on is, does our culture, that is the board's culture, encourage management to share those difficult truths with us? How open to debate and disagreement is our board? Then we also include some questions that boards can ask their management teams. One is to simply ask, to what extent can you provide the board with an integrated view that incorporates information from a range of sources of data into a single picture for us? How can you give us an integrated view of culture? Then another question for management is, are you able to communicate directly to the board when necessary? Do you feel you have the necessary independence to bring issues and questions to the board? So those are just a few examples of a number of questions that we've included in this report.

Emily Miner: Thank you. I think that's another feature of the practicality of this. I mean, boards can in some sense sort of lift these questions up and apply them in their own contexts. So recently LRN's Ty Francis, our chief advisory officer had a conversation with Tom Fox, who I think we all know as the voice of compliance and founder of the Compliance Podcast Network. Tom called this report prescient more than once and cited both recent statements of Lisa Monaco, deputy attorney general, and rulings of the Delaware Supreme Court about the need for boards to take a more active role in monitoring and measurement. So with those statements, that context, occurring around the same time as the release of this guide, what do you see is the potential broader impact of the guide, the framework with the five pillars, the practical examples and discussion prompts? What do you see as the potential impact of that?

Marsha Ershaghi Hames: So maybe I'll take the lead here and, Eric, if you want to share any other thoughts ... But if we take a step back, this came up in ... so we had a summit, Emily, that you, of course participated in, where we brought together all of the Ethics Culture Compliance Network contributors, not only of the report, but other key stakeholders. It was interesting, a few people pointed to this and they said that if you look at the foundations of corporate scandals over the last few decades, there's a pattern that points to the failure to speak up and a correlating fear of retaliation. So it's that notion of someone always knows what's going on. Right?

So when you look at the statements of Lisa Monaco and the Delaware Supreme Court about boards taking a more active role, you have to take a step back and look at what is the role that boards can play to encourage and drive a culture that is more transparent and more open. How can a board activate open dialogue? How can a board establish a more transparent tone. We know, there's enough research around this, that culture's fundamental to business and tone at the top matters.

I could even say, and Emily, you and I have collaborated, full disclosure, over years in my consulting days. I saw this. I can just draw anecdotally that in 22 years of consulting, I would come across so many compliance executives who just felt like, "Hey, is my company going to make the investment in my team, and are they going to prioritize culture?" CECOs, they're under a lot of pressure to operate as a resource, enforce policy, developed policy. They're regarded as the primary architects of culture, but oftentimes we're also labeled as a cost center. So some of this stuff has been coming out as you know, Emily and Eric, and our conversations around like, "Are we leading on this or are we in a reactive mode?"

So I would say in terms the broader impact of this framework, it's the notion of how can we be proactive? How can we put a framework and a roadmap in front of the board to agitate the curiosity, to ask for more data behind the numbers and to empower boards and management teams to get the conversation started. To Eric's point, it's like, is it a toolbox? Is it a tool set? Well, yes, it is. It's been pressure tested by peers. It was developed by peers. They're trying it in their own boardrooms. Some of these stakeholders are current or former chief ethics and compliance officers so there's an appreciative inquiry of the tensions on both sides of the table. So in my opinion, I really forecast that this is going to have a catalyzing impact on the industry. Eric, I don't know, thoughts on your end too.

Eric Baldwin: No, I would just say, I think one of our hopes here is that as directors bring this into the boardroom and, Emily, you're right to point out that it does seem like the expectations for boards in oversight in this area are going nowhere but up. It is our hope that this is a tool that helps them meet those heightened expectations. But also that it's only a starting point, that boards will use the tools in this framework to get the conversation started and come back to us with further recommendations of what would be additionally helpful to assist them in their oversight here.

Emily Miner: Well, I, for one look forward to following along and participating and seeing what the impact is and how this framework is used and what the feedback is from those that use it. Marsha, Eric, it has been such a delight speaking with you today about the genesis of this report and all of the insights assembled from such a stellar working group. We're out of time for today. But for those listening, if you're interested in learning more about the report, the framework, et cetera, please look at the link in the podcast description. My name is Emily Miner, and I want to thank you all for listening to the Principled Podcast by LRN.

Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us at lrn.com to learn more. And if you enjoyed this episode, subscribe to our podcasts on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen. And don't forget to leave us a review.

Friday Aug 26, 2022

Listen again | Using ethics and values to rebuild, not just recover, from corporate crisis

Friday Aug 26, 2022

What you'll learn on this podcast episode

Stories of compliance failures aren’t strangers to news outlets or entertainment networks. But while the circumstances can make for great media headlines, what is arguably more interesting is watching how those companies respond. In this episode of the Principled Podcast, host Emily Miner is joined by Carlos Villagrán Muñoz, Gerente de Compliance (Director of Compliance) at CMPC. Listen in as the two discuss how, over the past decade, CMPC has sought to not just recover from a significant compliance failure, but rebuild—stronger—by focusing on ethics, culture, and values.

To learn more, download the 2022 E&C Program Effectiveness Report.

Featured guest: Carlos Villagrán Muñoz

Carlos Villagran is a Chilean attorney who graduated from the Pontificia Universidad Católica de Chile with a Master of Laws (LLM) degree from Georgetown University (US). He currently serves as Director of Compliance of CMPC, a 100 years old Chilean-based holding, one of the worldwide leading manufacturers of pulp, paper, packaging, personal care, and other forest products. With more than 19,000 employees, CMPC has industrial operations in 8 countries (LatAm) as well as commercial offices in the US, Europe, and China, selling and distributing its products to more than 45 countries around the world.

He has previously served as Compliance Officer for the Chilean operations of Liberty Mutual Insurance and Mitsubishi UFJ Financial Group, as well as Legal Intern at the World Bank’s Integrity Compliance Office.

Featured Host: Emily Miner

Emily Miner is the Director of LRN’s Ethics & Compliance Advisory practice. She counsels executive leadership teams on how to actively shape and manage their ethical culture through deep quantitative and qualitative understanding and engagement. A skilled facilitator, Emily emphasizes co-creative, bottom-up, and data-driven approaches to foster ethical behavior and inform program strategy. Emily has led engagements with organizations in the healthcare, technology, manufacturing, energy, professional services, and education industries. Emily co-leads LRN’s ongoing flagship research on E&C program effectiveness and is a thought leader in the areas of organizational culture, leadership, and E&C program impact.

Prior to joining LRN, Emily applied her behavioral science expertise in the environmental sustainability sector, working with non-profits and several New England municipalities; facilitated earth science research in academia; and contributed to drafting and advancing international climate policy goals. Emily has a Master of Public Administration in Environmental Science and Policy from Columbia University and graduated summa cum laude from the University of Florida with a degree in Anthropology.