Last week I attended the 2012 Global Ethics Summit hosted
by Ethisphere. The first event was a conversation between Mark Mendelsohn and
Brackett Denniston, Senior Vice President and General Counsel of General
Electric (GE). They both had some interesting observations on the current state
of Foreign Corrupt Practices Act (FCPA) compliance. Dennison believes that the
conversation on FCPA compliance has evolved to "What can organizations do to
create a culture of compliance on a world-wide basis?" To answer this question
he gave three overarching themes.
First it all starts with the ubiquitous "tone-at-the-top"
but it means more than simply saying the right things on a regular basis.
Denniston believes that senior management must "speak often and be sincere" in
communicating this tone. If they are not sincere, he believes that employees
will pick up on this immediately and any efforts to instill such a culture of
compliance will be doomed to fail. Second, senior management must "walk the
talk" through both discipline and a system of rewards. The discipline must be
clear and delivered decisively. The rewards must be not only direct financial
remuneration but also the internal promotion of persons who do business in an
ethical manner, under the Company's Code of Conduct. Lastly, a company as a
whole must have the willingness to listen. He directed these remarks to
helplines and other mechanisms where employees can report compliance violations
or even raise concerns. He was clear that there must be be directly stated and
enforced, that there is a no retaliation policy for all reports made in good
faith. This also requires a company to keep accurate measurements of such
reports and to design and refine its processes around these metrics.
Mendelsohn asked Denniston what were his three biggest
challenges at GE regarding compliance and ethics. Denniston responded that the
biggest challenge was in integrating acquisitions into the GE compliance
culture. This is challenging in remote sites around the globe particularly in
locations which do not have a senior management presence nor are visited by
senior management on a regular basis. The second area is improper payments on a
global basis. While noting that GE bans facilitation payments, these are still
a challenge as are payments made through gifts, entertainment and travel.
Lastly, he expanded his answer on the top three challenges to add regulatory
compliance in general.
Denniston believes that the key for any company is how
they will respond when a compliance issue arises. Within the GE world he said
that the thing he worries about is that an issue will arise and the local
business team will try to clean the matter and will not disclose it to the home
office. From afar, such a response would appear as a cover-up of a reportable
FCPA violation, even if no one in the US was involved. It could lead to a
conclusion by the Department of Justice (DOJ) or Securities and Exchange
Commission (SEC) of an entire failure of a company's compliance program.
Recognizing that the cover-up is always worse than the original event, this
would seem to echo Number 3 of Paul McNulty's Maxims of "What did you do when
you found about it [a compliance violation]?"
Picking up on his point about one of the things a company
must do is listen to its employees, Denniston re-emphasized that communication
is important but that a company must also measure the effect that these
communications have. Metrics are an important aspect to creating and
maintaining a culture of compliance at GE because it allows the company to base
its compliance program enhancements on quantifiable data. He added that this
helps dissipate the confusion between quality in the overall company compliance
regime and simple regulatory compliance.
In a very interesting response to a Mendelsohn question
along the lines of "is there too much FCPA enforcement?" Denniston responded
that he did not think so as he believes that the DOJ has "got it right."
However, he does not believe this is the case with the SEC. He said that the
problem, in his opinion, is around how much "fuzziness" there is from the SEC
on the credit a company will receive for a self-disclosure. This is true even
if the SEC has a principle which is consistent; Denniston believes that it does
not always play out so clearly in practice.
Dennison ended his remarks in responding to a Mendelsohn
question on "the single best compliance innovation at GE, during his
tenure?" Being a good lawyer, Denniston had three single best compliance
innovations. They were (1) every year GE tried to introduce a substantive
improvement to its compliance program. These improvements are generated from a
variety of sources, from local business unit employees to his aforementioned
metrics to lead to an enhancement. (2) The continued efforts in the company to
increase reporting of any compliance issues so that they might be evaluated by
an appropriate compliance professional. He gave an example of a geographic
region which had an inordinately low number of reports of compliance issues,
which Dennison viewed as a negative. He sought to have this number increased by
a minimum of 20% annually, which was achieved. In other words, if there are no
reports, GE wants to know why there are no reports. (3) He said that there is
now the creation of an unanticipated risk list. This has turned into an
early warning system of issues that might pop up on the compliance radar,
however it also forces all employees engaged in the exercise to come up with
compliance issues the company is not currently thinking about in any detail.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other professional
advice or services. This publication is not a substitute for such legal advice
or services, nor should it be used as a basis for any decision or action that
may affect your business. Before making any decision or taking any action that
may affect your business, you should consult a qualified legal advisor. The
author, his affiliates, and related entities shall not be responsible for any
loss sustained by any person or entity that relies on this publication. The
Author gives his permission to link, post, distribute, or reference this
article for any lawful purpose, provided attribution is made to the author. The
author can be reached at email@example.com.
© Thomas R. Fox, 2012
For more information about LexisNexis
products and solutions connect with us through our corporate site.