Corporate Ethics: Is Ethical Conduct on Your Checklist or in Your Corporate Mindset?

In one widely reported case, employees from a branch office in the U.S. told leadership at their European HQ that the company had been lying to federal regulators and falsifying information.

Rather than choosing Door #1, that is, being aghast and leaping into swift corrective action, leadership picked Door #2, saying they didn’t want to hear about it. Billions of dollars later, they probably wish they’d selected Door #1. Or, better yet, Door #3: spending a fraction of the fines, settlements and disruptions, and having genuine culture where everyone from the CEO to middle managers to the receptionist knows what it means to be ethical and what to do when they see wrongdoing.

Three experts in the area of corporate compliance spoke to an audience of in-house and outside counsel at the Northeast Corporate Counsel Forum in April 2017. They were Donna Bucella, president of Compliance, Guidepost Solutions LLC, whose extensive background includes serving as the first female U.S. Attorney in Florida, as well as leadership roles with the Department of Justice, Homeland Security and the Defense Department. She was also the first director of the federal government’s Terrorist Screening Center.

Joining Bucella was Susan Frank Divers, a senior advisor with the global compliance firm, LRN Corporation. She is former global compliance chief at AECOM, an international technology and management services company with more than 90,000 employees and $18 billion in sales. Divers developed and ran the corporation’s award-winning compliance program.

The third panelist was Pamela Cothran Marsh, partner, Berger Singerman LLP, of Tallahassee, Fla. Marsh is a former U.S. Attorney in Florida, and served on the U.S. Attorney General’s Advisory Committee, including the Subcommittee on Counter-Terrorism and National Security.

The Pace and Scope of Enforcement

Bucella started the discussion this way: “No industry is immune from regulatory oversight,” pointing to the fact that 2016 saw $4.7 billion in False Claims Act (FCA) fines and $2.48 billion to resolve claims brought under the Foreign Corrupt Practices Act (FCPA). She said companies are pursued by more than just the U.S. Department of Justice; they also can be investigated by, as examples, various bank task forces and other regulators.

“People wondered with the Trump administration whether there will be an easing of regulatory scrutiny and enforcement,” Bucella said. “State AGs are ramping up, and they don’t need DOJ to enforce the laws. We won’t see any slow down.”

But, she said, “Companies don’t have to pay all this money. You have to make the investment up front.”

Divers agreed, saying the pace of allegations surfacing in-house at companies is on the rise. Where boards once saw internal investment as a bad thing, they are starting to realize that if you find problems in-house first, you can remediate them, she said. “Internal investigations play a role in that,” Divers added.

As an example, Divers noted that General Electric Co.—which she said is a leader in the ethics and compliance field—has an exemplary open-reporting system. It includes not just a hotline but also a compliance dashboard and training managers—plus a desktop icon for all employees—where people can report potential violations with a mere click.

From Sandwiches to Power Plants

“Some of the complaints might be,” Divers joked, “‘someone always takes my parking spot’ or ‘someone stole my sandwich,’ but some of it is ‘we falsified cracks in the Fukushima nuclear reactor when we submitted our reports.’ GE talks about this openly,” she said.

“From an in-house perspective,” Divers continued, “make sure you have a culture and mechanisms so people can raise issues before they metastasize. It’s a way to get your board to understand how the compliance program works, what are some of the issues that are coming up, and where is the real risk in the company. The last thing you want to do is hit your board cold with an outside indictment. It’s never good. Use your in-house compliance program to maintain a reporting culture, a ‘listening up’ culture, so you avoid having to work with U.S. Attorneys as much as you can.  . . .”

When things reach the level of indictments, Marsh said those are times when a company especially needs a compliance professional. “I see the terror that hits a board once they get a subpoena or an FBI officer knocking on their door. That’s when it’s important to have a very calm person inside who already knows who to call and how to respond, because everyone, from top to bottom, is going to be nervous. And you need someone who’s going to say, ‘It’s ok. Go back to work. We’ve got this, and we can resolve it.’”

It’s important for boards to understand that the well-known “Yates memo”—drafted by former Deputy Attorney General Sally Quillian Yates in the Obama administration (later famously fired by the Trump administration)—“demands full and complete cooperation from everyone from top to bottom,” Marsh said. “That really causes people to start looking at one another and finger-pointing. It means the lawyers in-house need to start thinking about who needs a lawyer. The board, the CEO, the CFO, the GC? Do they all need lawyers? If so, will those lawyers work together? Will there be an agreement? If so, will everyone share that information with the government? That full and complete cooperation thing is a very difficult line to cross when working with clients, boards and audit committees, and trying to figure out from the internal investigation side what is it that went wrong and what is it the government is looking at.”

We're Here to Help

“The government says,” Marsh continued, “‘Our [Assistant U.S. Attorneys (AUSAs)] will help you. You don’t have to boil the whole ocean when you’re looking for what crime is there. We’ll tell you what crime we think might be there and we’ll help you figure out who we think the targets are.’”

“They’ve said that publicly,” Marsh said, “and I’ve heard Sally Yates say it publicly. But I’ll tell you from my experience, I’m not finding it. I’m not finding it with the AUSAs. They’re still going with the old ‘Oh no, we can’t talk to you. We can’t possibly talk to you about an investigation. We can’t even confirm or deny there is [an investigation].’”

Bucella said that in False Claims Act cases, companies have created some creative and complex ways to get around the regulations and the rules. In one high-profile case involving [Chinese telecommunications company] ZTE Corp., she said, the company created separate companies to trade with Iran and give them U.S. intellectual property. “When I read the fact patterns in many of these huge settlements—there’s no question. This is not a technical violation. This is VW general counsel’s office. They sat there and basically prepped the business unit owners and said, ‘Guess what. We’re going to have a litigation hold next week (wink wink, nod nod) those documents better not exist.’  Ok. They got fired.  . . . They were complicit not only in lying and cheating on testing, but also lying and cheating on the factual investigation. ZTE Corporation? The General Counsel basically was lying to the government when they were in the middle of a grand jury investigation. They settled for $1.19 billion.”

Let it Out

Most companies want to keep the problems inside, Bucella said, and people do complain about ethical issues. “Yeah,” she agreed, “you will get things like ‘Someone stole my sandwich out of the refrigerator,’ but they might complain about, ‘Hey, we lied about these records to the government.’ If they are complaining and you’re not listening, the risk is they will take it to social media.”

“Or,” Divers added, it goes qui tam and they become a whistleblower for an award.”

“Yes, because they are frustrated,” Bucella said.

“From the internal perspective,” Divers added, “we at LRN spend a lot of time looking at companies and what happens and why.”  When you look at [cases involving] Volkswagen, or Wells Fargo or [blood-testing company] Theranos [Inc.], employees raise issues early on. In VW it started almost immediately in a very constructive way. People in California reported to Germany and said [paraphrasing], ‘We need to disclose.’ And leadership said, ‘we don’t want to hear it.’ We see this again and again and again.”

Blind Obedience

“If you have a company that is based on secrecy and blind obedience, those are pre-conditions for misconduct,” said Divers.

With regard to Volkswagen, Bucella added that the concept of whistleblower is a new concept in Germany. “Whistleblowers were not acknowledged. They were fired.  . . . It was management, and the email traffic was unbelievable. Senior managers saying [paraphrasing] ‘this person is trouble,’ and ‘they don’t need to be here any longer’ and bingo, they’re fired.” As a result of the settlement VW will probably be the leader of compliance culture in the EU, Bucella said.

With regard to whistleblowers in the U.S., Marsh said that the SEC is already saying that if you give an employee a severance agreement, it cannot bar employees from talking to regulatory agencies, or complaining about the company, or accepting any money in a qui tam case. In California, severance agreements are not permitted to include a prohibition against being a whistleblower. In Florida it’s not that way, she said, adding she hopes this is an issue the Supreme Court will review.

“It is critical to deal with a whistleblower in a very responsible way from the beginning,” she said. Having a plan for that before you ever get a whistleblower and training on that with your managers will prevent those retaliation claims later on.”

Additional Takeaways

• Simplistic ethics and compliance statement are more effective than those “written by lawyers for lawyers.”
• Corporate ethics policies cannot be things that sit on a shelf. There must be comprehension and complete buy-in from the CEO on down. It can’t be something merely committed to paper, it has to be part of how people think.
• Corporate ethics policies must be looked at as a “living document,” accompanied by regular and meaningful training programs.
• Middle managers are key to heading off compliance problems.
• Develop a culture, supported by mechanisms, of reporting problems internally.
• Develop a culture of “radical transparency,” and know that the Yates memo requires it from all corners of the corporation.
• Know the members of your board and how to best communicate with them.
• Like the people they are, boards and board members are all different in terms of their appetite for risk and their pet peeves.
• Be aware that board members have their own networks internally and externally, and get information from friends and contacts that will guide their concerns.
• Always perform a root-cause analysis when things go off the rails. This is critical to the future of your organization.  
• In all major compliance cases, the improper activity had already been reported via company hotlines or their equivalent. It’s important to have a “listening culture.”

Video Recommendation

Finally, to get more of a flavor of how to create a truly effective program, the panel highly recommended a video, now on YouTube™, of a roundtable held at the New York University Law School. The panel was moderated by Jennifer H. Arlen, Co-Director of the law school’s Program of Corporate Compliance and Enforcement, with panelists Hui Chen, Compliance Counsel Expert at the DOJ and Andrew Weissmann, Chief of the DOJ Criminal Division’s Fraud Section. They were particularly taken by the insights share by Hui Chen, who has also been with Microsoft, Pfizer and the Standard Chartered Bank in London.  Before that she was a U.S. Attorney and a trial attorney with the DOJ. Click here to see the video.