Five Signs Your Company Lacks Integrity
It is always easy to second-guess or look back with 20-20 hindsight on a compliance breakdown and point out all the problems that were ignored or created by corporate actors. There are common factual scenarios that recur in DOJ and regulatory enforcement actions, some of which fall into certain categories.
While defense counsel (being effective advocates) often argue that bad actors are often “rogue” employees, the reality is rarely limited to a few bad apples – to the contrary, bad apples usually are the result of rot in the barrel or the environment or culture which tolerates (or even encourages) cutting corners, making sales numbers or financial targets.
The trick is to focus on those indicators that may provide an accurate measurement of a company’s culture of trust and integrity and an early warning to responsible officials and legal and compliance officers.
In reviewing government and regulatory enforcement actions, there are some common “traits” or circumstances that appear in those companies that eventually were subject to government intervention.
Here are five common issues or traits I have observed:
Lack of gatekeeper authority (in practice or in policies/procedures): Evidence of a lack of a culture of trust and integrity is often reflected in the role and authority of critical gatekeepers. In a number of recent enforcement actions, risky and even illegal transactions were authorized notwithstanding objections or lack of approval from legal and/or compliance. When legal and compliance oppose or raise questions concerning a specific action or transaction, a company dedicated to trust and integrity will: (1) have a specific control requiring compliance and/or legal approval of the transaction; and (2) enforce the specific control. In many cases, legal and compliance raise concerns, and management responds with arguments why legal and compliance are wrong and attempt to browbeat legal and compliance to approve the transaction or to let it go. In other cases, legal and compliance are allowed to opine but they have no authority to block or delay a transaction.
Another indicator of lack of gatekeeper authority is the role of internal audit and the handling of specific findings of deficiencies that need to be remediated. A company that lacks trust and integrity will not require an audit subject to remediate a specific deficiency by a certain date and not require audit committee monitoring/reporting of such remediation efforts. If the internal auditor only has the authority to “suggest” modifications or improvements, the company, by definition, is sending a message of its lack of trust and integrity.
Culture language as a “feel good” strategy. Companies confuse “ethical culture” with feel good pronouncements of values and principles, coupled with trite sayings that the company “does the right thing.” Not all communications strategies fall into this category, but an important question is whether such communications are followed up in meaningful and tangible efforts. In other words, a company has to translate its culture pronouncements into action, meaning specific conduct so that leaders and employees know how their ethical culture translates into specific job functions and duties. Equally important is a commitment by compliance officers to measure, monitor and report on the company’s culture. A real commitment to an ethical culture, or trust and integrity, requires much more than just words – that is the critical issue for companies committed to trust and integrity.
Lack of (or reduced) commitment to ethics and compliance. We are observing two negative and important trends in the ethics and compliance industry – a reduction in compliance budgets and resources and an increase in retaliation rates against employees that report concerns. These two trends, which will hopefully be reversed, demonstrate the absence of a real and sustained commitment by company leadership and managers to implement and expand robust ethics and compliance programs. Compliance officers have been able to reduce the number of “paper” programs that exist, but they have been slowly losing ground in promoting a sustained commitment to ethics and compliance. Senior managers are quick to reduce or reject compliance budget demands and the results are a strangling of compliance programs.
Rationalization of misconduct implications. A company that uncovers misconduct, conducts a root cause analysis and remediates its compliance program to reflect lessons learned is committed to ethics and integrity. But companies that uncover misconduct and rationalize explanations to limit the inquiry reflect a fundamental absence of integrity – companies committed to trust and integrity do not restrict efforts to uncover misconduct because they recognize the importance of addressing problems and misconduct.
Singular obsession with quarterly financial results and financial targets. Companies have to maintain a healthy balance between sustained growth and quarterly performance. Earnings management is not, by definition, unethical or illegal – to the contrary, businesses have to commit to positive earnings management strategies as an important performance tool. The danger in this are, which is significant, is when a company becomes “obsessed” or solely focused on quarterly financial performance, to the detriment of longer-term growth and sustained performance. Short-term objectives may be balanced against longer-term perspectives and tradeoffs may be needed. Companies that fail to engage in this healthy balancing are at risk, and lack careful attention to value and importance of maintaining a culture of trust and integrity.
Mr. Volkov,
I enjoy your posts… while they often suggest the obvious, your approach to resolve issues are not “hard core.” Integrity and compliance are requirements any ethical organization must logically strive to succeed. If that were to succeed in real life, we would not need regulators. But today’s lack of integrity and compliance extend to the regulators as well. Boeing and Wells Fargo are prime examples of the failure of our regulatory system to work.
Two words describe regulations today. Self-regulation. The FAA passed their regulatory authority to the parties being regulated, based on the faulted theory, in Boeing’s case, that they would know their product better than the regulators. Wells fargo is another example of self-regulation, presuming the wrong-doer, as an insider, could fix the problems.
Self-regulation has dominated the financial industry for decades. The National Association of Insurance Commissioners (NAIC) work closely with the insurance industry to write laws that regulate the industry, and when many commissioners retire from their positions, they become board members of the insurance companies they regulated. If you read insurance law in most states, you will find the regulations provide no assurances that the 401k investor, for example, will have protection from the misdeeds of the insurance company service providers. In fact, the regulations clearly reduce the rights of savers to that of a Class 2 claim.
The message our government regulators are sending to the parties they regulate is we will not regulate your sins, but if you own up to your mistakes, through self-regulation, then we will be on your side. The classic example of this was the recent SEC regulatory action against a number of companies under the Share Class Selection Disclosure Initiative (the SCSD Initiative).
This so-called “self-reporting” of criminal activity by investment advisers includes an “eligibility” function requiring the wrongdoer “cease-and-desist” the criminal activity, and the settlement will include “disgorgement” of their “ill-gotten gains.”
No admission of wrong-doing is required, and it will be business as usual for the adviser. One day soon I can see other regulators adopting such an approach. It will bring closure for all sorts of crimes, and the criminal will basically go unpunished.
Your timely advice will be taken seriously only when we prosecute the wrongdoers in these companies and and bring them to justice. Forget the Non-Prosecution Agreements, Deferred-Prosecution Agreements, and the SEC’s SCSD Initiative. Most importantly, rewrite the Federal Sentencing Guidelines and quit trying to prosecute corporations rather than individuals. We have never met a corporation that commited a crime, and never will.