The Emperor Has No Clothes: Copycat Compliance
It has been proven over and over again that the emperor isn’t wearing any clothes, but most people don’t want to look at a naked emperor – Frank Zappa
Compliance does not mean just checking off a box and continuing business as usual. All too often, small and mid-size companies, private and public, are adopting cookie-cutter compliance programs and moving on to the next project. That is a recipe for disaster.
Let’s take 50 random mid-size and small, publicly-held companies and search their internet sites for a stand-alone anti-corruption compliance program – you will find, at best, for half of them a standard one paragraph reference to FCPA compliance. The language starts to look familiar and you then realize that either someone is selling a standard Code of Conduct or lawyers are just copying each others’ product.
Companies that follow this path have done nothing to help themselves. Narrow-minded corporate leaders have earned a false sense of security. In the unfortunate event that a company then violates the FCPA, the company has no protection whatsoever.
Justice Department attorneys have heard the refrain over and over. Outside counsel comes in to the Justice Department and informs the prosecutors the company has detected possible “improper” payments, has initiated an internal investigation and is implementing remedial measures to “improve” the “existing” compliance program. The DOJ prosecutors have a good question – why didn’t the company’s compliance program prevent this from occurring? The answer – it was really no compliance program whatsoever. The DOJ prosecutors know what they are looking at – copycat compliance with no real significance. This is a very common occurrence.
Compliance requires leadership, dedication, and resources. Turning the corner on profitability for a publicly-held company does not mean that compliance is a back burner issue. Corporate leaders in mid and small size companies need to take a deep breath and make sure that compliance grows with the business. Someone has to take ownership of compliance. Even if it is uncomfortable to bring the issue up with senior management, the issue has to be addressed.
Those who dare to expose the nakedness of the company’s compliance program should not be afraid to do so.
All corporate compliance manuals should have tests at the end. It used to be new hires got a manual and signed a receipt promising they had/would study same. Each time we write such a manual, we conclude with a test to allow documentation of mastery of the subject from ethics to violence and sexual harassment. Regardless of how well a program is written, regardless of its provenance (and I cringe as the spouse of a writer, therefore one who embraces the philosophy of copyright dearly), the primary consideration is that the message has been delivered and there is measurement to show that it is understood. Step two of course is monitoring to determine the lessons are translated into practice.