Extending the reach of management's commitment to compliance
Tuesday, June 4, 2019 at 8:28AM
Jarrod Baker in Malaysian Anti-Corruption Commission

U.S. regulators responsible for enforcing the FCPA have said they often encounter companies with compliance programs strong on paper but weak in practice. The prosecutors sometimes cite management's failures of omission or, worse, of actively conspiring to circumvent a program.

The DOJ helped focus attention on the issue of management commitment in the recently updated Evaluation of Corporate Compliance Programs guidance document. The guidance says in part,

Shared Commitment – What actions have senior leaders and middle-management stakeholders (e.g., business and operational managers, finance, procurement, legal, human resources) taken to demonstrate their commitment to compliance or compliance personnel, including their remediation efforts? Have they persisted in that commitment in the face of competing interests or business objectives?

The importance of "shared commitment" is widely recognized as a key ingredient of effective compliance. Here in Southeast Asia, the Malaysian Anti-Corruption Commission (MACC) has also focused attention on the same issue.

Earlier this year, the MACC issued its Guidelines on Adequate Procedures, which include the five principles of T.R.U.S.T. Some suggestions for management implementing TRUST in practice include:

Top Level Commitment - how are senior leaders in the organization through their words and actions encouraging the good and discouraging the bad?

Risk Assessment - how has the company’s risk assessment process accounted for risks identified?

Undertake Control Measures - have business units been consulted prior to rolling policies and procedures out? Are those with approval authority or certification responsibilities in relevant processes aware of what to look for, and when and how to escalate concerns?

Systematic Review, Monitoring and Enforcement - how are observations from controls testing reported and action items tracked?

Training and Communication - has the company provided tailored training for high-risk employees that addresses the risks they may face in their area of the business? What resources are available to employees to provide guidance relating to compliance policies?

With all this mind, I asked Richard Bistrong during a "fireside chat" we had in Singapore about the triggers of ethical decision making and the role of management. He talked about management finding and empowering "compliance ambassadors" who can be drawn from different roles from the field.

As Richard has discussed on the FCPA Blog, these compliance ambassadors can be in places far removed from management, yet able to identify compliance gaps and potential vulnerabilities, bringing those issues back to HQ, with recommendations on how to fix them. Unlike more senior managers, compliance ambassadors, embedded embedded in the workforce, are  employees who a peer might turn to for initial support when an ethical problem arises, feeling a greater level of comfort (and less intimidation),  communicating with someone  who has walked in their shoes.

How does a company go about finding such a frontline compliance ambassador? Perhaps it’s the employee you meet when trying identify high-risk corruption touchpoints in their role, who “gets it” with their responses, or proactively asks how they can improve compliance in their function.

Or maybe during a training session, it’s the employee who puts up their hand and shares their experience of a compliance issue they had to deal with in the field. Or perhaps it's the employee who raised a concern on compliance shortcomings in the past or who joined from another company known for their strong compliance program.

Whichever employees are identified as suitable compliance ambassadors, they can be a key way to magnify management's commitment to compliance, and help find and plug those inevitable gaps between compliance principles and practice.

______

Jarrod Baker is a Partner and the Southeast Asia Leader for forensic investigations at Deloitte based in Singapore. He's a Chartered Accountant and well versed in helping companies develop, implement and monitor effectiveness of their anti-corruption compliance frameworks. He can be contacted here.

Article originally appeared on The FCPA Blog (http://www.fcpablog.com/).
See website for complete article licensing information.