Using HR to Change Your Company’s Compliance DNA

Using HR to Change Your Company’s Compliance DNA

In his Editor's View column, in the August issue of Compliance Week, entitled, "Compliance, Collaboration and HR", Matt Kelly wrote about the interaction of Compliance Departments and Human Resources (HR). He noted that while Compliance Departments may look to HR to support internal investigations, HR can also be used to assist in "molding company culture." However, it is rarely used for this function. I heartily agree with Matt's sentiments. In addition to supporting internal investigations, I believe that HR can be used in some of the following ways to assist the Compliance Department. It can be a key component in changing or maintaining your company's compliance DNA.


 A key role for HR in any company is training. This has traditionally been in areas such as discrimination, harassment and safety, to name just a few, and, based on this traditional role of HR in training, this commentator would submit that it is a natural extension for HR's function to expand to the area of Foreign Corrupt Practices Act (FCPA) compliance and ethics training. There is a training requirement set forth in the US Sentencing Guidelines and companies are mandated to "take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals' respective roles and responsibilities."

What type of training should HR utilize in the FCPA compliance and ethics arena? The consensus seems to be that there are three general approaches which have been used successfully. The first is the most traditional and that is in-person classroom training. This gives employees an opportunity to see, meet and interact directly with the trainer, not an insignificant dynamic in the corporate environment. It can also lead to confidential discussions after such in-person training. All FCPA compliance and ethics training should be coordinated and both the attendance and result recorded. Results can be tabulated through short questionnaires immediately following the training and bench-marked through more comprehensive interviewing of selected training participants to determine overall effectiveness.

Employee Evaluation and Succession Planning

What policy does a company take to punish those employees who may engage in unethical and non-compliant behavior in order to meet company revenue targets? Conversely what rewards are handed out to those employees who integrate such ethical and compliant behavior into their individual work practices going forward? One of the very important functions of HR is assisting management in setting the criteria for employee bonuses and in the evaluation of employees for those bonuses. This is an equally important role in conveying the company message of adherence to a FCPA compliance and ethics policy. This requirement is codified in the US Sentencing Guidelines with the following language: "The organization's compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct."

Does a company have, as a component of its bonus compensation plan, a part dedicated to FCPA compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. HR can, and should, facilitate this process by setting expectations early in the year and then following through when bonuses are released. With the assistance of HR, such a bonus can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice.

In addition to employee evaluation, HR can play a key role in assisting a company to identify early on in an employee's career the propensity for compliance and ethics by focusing on leadership behaviors in addition to simply business excellence. If a company has an employee who meets, or exceeds, all his sales targets, but does so in a manner which is opposite to the company's stated FCPA compliance and ethics values, other employees will watch and see how that employee is treated. Is that employee rewarded with a large bonus? Is that employee promoted or are the employee's violations of the company's compliance and ethics policies swept under the carpet? If the employee is rewarded, both monetarily and through promotions, or in any way not sanctioned for unethical or non-compliant behavior, it will be noticed and other employees will act accordingly. One of the functions of HR is to help ensure consistent application of company values throughout the organization, including those identified as 'rising stars'. An important role of HR in any organization is to help in building trust throughout the company and recognizing the benefits which result from that trust.

Background Screening

 A key role for HR in any company is the background screening of not only employees at the time of hire, but also of employees who may be promoted to senior leadership positions. HR is usually on the front lines of such activities, although it may in conjunction with the Legal or Compliance Departments. This requirement is discussed in the US Federal Sentencing Guidelines for Organizations (FSGO) as follows "The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program."

What type of background checks should HR utilize in the FCPA compliance and ethics arena? The consensus seems to be that HR should perform at least routine civil, criminal and credit background checks. Care should be noted in any such request made in countries outside theUnited Statesas such information may be protected by privacy laws or where the quality of such information is different in substance from that of the United States. For instance in the United Kingdom, the request of a credit check can negatively impact a prospective employee's credit score so such a background check may not provide useful information to a prospective employer.

Additionally, although it may be difficult in the United States to do so, a thorough check of references should be made. I say that it may be difficult because many companies will only confirm that the employee worked at the company and only give out the additional information of dates of employment. In this situation, it may be that a prospective employer should utilize a current employee to contact former associates at other companies to get a sense of the prospective employee's business ethics. However, it should be noted that such contacts should only be made after a thorough briefing by HR of the current employee who might be asked to perform such duty.

A company can also use HR to perform internal background checks on employees who may be targeted for promotions. These types of internal background checks can include a detailed review of employee performance; disciplinary actions, if any; internal and external achievements, while employed by the company and confirmation of both ethics and compliance training and that the employee has completed the required annual compliance certification. A key internal function where HR can be an important lead is to emphasize that an employee, who has been investigated but cleared of any alleged ethics and compliance violations, should not be penalized.

When the Government Comes Calling

While it is true that a company's Legal and/or Compliance Department will lead the  response to a government investigation, HR can fulfill an important support role due to the fact that HR should maintain, as part of its routine function, a hard copy of many of the records which may need to be produced in such an investigation. This would include all pre-employment screening documents, including background investigations, all post-employment documents, including any additional screening documents, compliance training and testing thereon and annual compliance certifications. HR can be critical in identifying and tracking down former employees. HR will work with Legal and/or Compliance to establish protocols for the conduct of investigations and who should be involved.

Lastly, another role for HR can be in the establishment and management of (1) an Amnesty Program or (2) a Leniency Program for both current, and former, employees. Such programs were implemented by Siemens during its internal bribery and corruption investigation. The Amnesty Program allowed appropriate current or former employees, who fully cooperated and provided truthful information, to be relieved from the prospect of civil damage claims or termination. The Leniency Program allowed Siemens employees who had provided untrue information in the investigation to correct this information for certain specific discipline. Whichever of these programs, or any variations, that are implemented HR can perform a valuable support role to Legal and/or Compliance.

Doing More with Less

 While many practitioners do not immediately consider HR as a key component of a FCPA compliance solution, it can be one of the lynch-pins in spreading a company's commitment to compliance throughout the employee base. HR can also be used to 'connect the dots' in many divergent elements in a company's FCPA compliance and ethics program. The roles listed for HR in this series are functions that HR currently performs for almost any US company with international operations. By asking HR to expand their traditional function to include the FCPA compliance and ethics function, aUS company can move towards a goal of a more complete compliance program, while not significantly increasing costs. Additionally, by asking HR to include these functions, it will drive home the message of compliance to all levels within a company; from senior to middle management and to those on the shop floor. Just as safety is usually message Number 1, compliance can be message Number 1A. HR focuses on behaviors, and by asking this department to include a compliance and ethics message, such behavior will become a part of a company's DNA.


I have previously written about Catelas software, see here. It does some very cool stuff. The Catelas guys are putting on a series of events to highlight their software and its uses in a FCPA compliance program. On Tuesday, August 23 and August 30, at 1 PM EDT, they are hosting a webinar entitled, "FCPA Investigations - Generate a Risk Assessment report, identify all key people & content before you fly!" Information and Registration can be found here

Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2011

For more information about LexisNexis products and solutions connect with us through our corporate site.