Post on 02-Dec-2014
description
Compliance, Transparency, & VisibilityA Perspective of the US Market:
Cloudy At Best
Michele DeStefanoProfessor of Law, University of Miami
Meeting of LAAW e.V. Munich GermanyOctober 2014
Corporations Around the GlobeChallenges
Changes in Legal Landscape
• Economic Downturn• Globalization• Enhanced complexity of regulatory
environment• Changing corporate criminal liability
rules• Enhanced Federal Sentencing
Guidelines• Aggressive settlement and consent
decree requirements
Despite Budget Freezes . . .
Corporations are Investing in Managing the Legal Risk of
Business
04/09/2023 DeStefano 5
Questions1. How Did We Get Here?2. How is Compliance being managed?3. What purpose does and should a
compliance department serve at a large publicly traded corporation?
4. Who SHOULD be responsible for compliance and what role should the Chief Compliance Officer play?
5. How do ethics and culture fit in?6. How should outside law firms be
involved?
SEEKING ANSWERSThe Compliance Study
Research & Methodology
The Compliance Study
• Secondary research• Primary Research:– Interviewed 70 General Counsels and
Chief Compliance Officers• @ large publicly traded corporations • across multiple industries including banking,
petroleum, and pharmaceutical
The Compliance StudyResearch Methodology
Stage 1 2006-2007 • 36 brief interviews – General Counsels of S&P 500 corps – Banking, pharmaceutical, and petroleum
04/09/2023 DeStefano 9
Stage 2 2010-2012• 35 in-depth interviews – General Counsels – Chief Compliance Officers
• Large, publicly traded corporations in 9 industries: – Pharmaceutical, Electric/Energy, Health
Care, Consumer Products, Petroleum, Professional Services, Financial Services, Government, Transportation & Logistics
04/09/2023 DeStefano 10
The Compliance StudyResearch Methodology
Caveats:1. Sample size is very very low2. Not a random sample 3. Self-reports by senior executives
which arguably have certain stories to tell
04/09/2023 DeStefano 11
The Compliance StudyResearch Methodology
Road Map1) Background2) Overview
1) The Compliance Function 2) Role & Challenges faced by CCOs3) Organizational Structure
3) Trends & Recent Developments– Hypotheses regarding
Departmentalization
4) Conclusion
BACKGROUND
Background: 1960s & 1970s
In response, other companies beefed up their compliance programs
Used strength of compliance Program as defense against Antitrust penalties
FCPA 1977 incented robust compliance programs
Background: 1980s & 1990s
OSGs mitigated corp criminal penalties if orgs showed effective compliance program
Fraud by Defense Contractors led to DOD reqs: written code, training, procedures
In re Caremark and the Business Judgment Rule
Background: 2000s
Revisions to sentencing guidelines recommend ethics & compliance programs
Sarbanes-Oxley Act change in focus on individual actors and corp fines to directing changes within corporate entity
Deferred Prosecution Agreements require structural changes to compliance function
Background: 2000s
2013 (2010): public federal database of payments & gifts made to physicians & teaching hospitals by medical device and pharmaceutical companies
Dodd Frank Act and the Whistleblower Program 2010
More & More Corporate Scandals
Compliance Has Gone
To
OVERVIEW
What Is Corporate Compliance?
04/09/2023 DeStefano 21
“Most people can articulate what a lawyer or auditor does for a living, but the average employee may
have difficulty defining ‘compliance.’” Jose A. Tabuena
Compliance Functionvs Legal
Both Legal and Compliance rely on
legal expertise and have a shared goal
to increase compliancewith the law
04/09/2023 DeStefano 23
Compliance Functionvs Legal
Compliance Function
detection, prevention and response policies
+
ethics initiatives
Compliance Function
• Builds policies and procedures• Trains and educate employees• Tests employees on adherence• Reports misconduct• Remediates
Key Substantive Areas
04/09/2023 DeStefano 26
• Fraud and Corruption– Gifts, anti-bribery, anticorruption, antifraud,
FCPA compliance, and data protection
• Employment/Labor Law
• Antitrust/Trade Regulation
• Environment/Health and Safety
• Securities Regulation
Challenges for the CCO
Compliance personnel are charged with communicating and providing training on the legal and ethical regulations to employees aroundthe world.
Challenges for the CCO
They are alsocharged with risk assessment and understanding risk tolerances
Challenges for the CCOInternational training is important not just to ensure compliance but “so that we can explain to the government, ‘We did all we could: we went there, we were there in person, they got online training, we did risk assessments. This still happened, but this is how we try to show we have an effective Compliance Program.’” CCO
Challenges for the CCO
Thus, in addition to audit and internal controls, training, ethics, and HR communications, compliance professionals need to understand politics.
Jack of all Trades: CCO plays many roles: from confidant, to cop, to counselor, to tattletale
Ideal Compliance Officer Skillset
04/09/2023 DeStefano 31
• Project Management
• People/personal• Motivation• Leadership• Thick Skin• Legal?
• Training/Teaching • HR • Communication• Public Relations• Auditing• Internal controls • Risk Taker
Little Uniformity in Organization
04/09/2023 DeStefano 32
Compliance was Part of the Legal Department and Reported to General Counsel
04/09/2023 DeStefano 33
Steady Decline in Reporting to GC
2011
To GCOther
2012
To GCOther
2013
To GCOther
Data from PWC annual surveys of over 800 corporate compliance officers
Trend
04/09/2023 DeStefano 35
DEPARTMENTALIZATION
TRENDS & RECENT DEVELOPMENTS
Slew of Corporate Misconduct
04/09/2023 DeStefano 37
New Regulations and Increased Penalties
04/09/2023 DeStefano 38
Voluntary Compliance Initiatives
04/09/2023 DeStefano 39
Involuntary Compliance Initiatives
04/09/2023 DeStefano 40
Although the government (e.g., OIG of the SEC and the DHHS)
does not *require*
corporations to have a separate
compliance department, or a certain set of
ethics and compliance programs and training
. . . 04/09/2023 DeStefano 41
. . . their
unofficialstance
isthatthey
*should*
04/09/2023 DeStefano 42
Four Examples
04/09/2023 DeStefano 44
2004 – Medicaid Pricing Fraud $293M
5 Year Corporate Integrity Agreement
• Reporting hotline• Develop employee training• Revamp written codes of conduct• Designate a chief compliance officer who
would report directly to the Chairman, CEO, and President of the company. – The chief compliance officer “shall not be or
be subordinate to the general counsel or chief financial officer.”
04/09/2023 DeStefano 46
2004 – Fraudulent Revenue Projection $250 Million
Settlement Agreement
• Develop employee training• Revamp written codes of conduct• Designate a chief compliance officer who
would report directly to the Chairman, CEO, and President of the company. – The chief compliance officer “shall not be or
be subordinate to the general counsel or chief financial officer.”
• Corporate Monitor
04/09/2023 DeStefano 48
2009 – Illegal Promotion of Drug Uses $2.3 Billion
5 Year Corporate Integrity Agreement
• Develop employee training• Revamp written codes of conduct• Designate a chief compliance officer who
would report directly to the Chairman, CEO, and President of the company. – The chief compliance officer “shall not be or
be subordinate to the general counsel or chief financial officer.”
• Corporate Monitor
04/09/2023 DeStefano 50
2010 – Insider Trading Investigation
SEC Saga Continues
• Recommendation – one department with primary compliance responsibility– Remained under Office of GC
• But in 2011 . . .– The SEC GC was named as a defendant in
Madoff bankruptcy suit– SEC was criticized for organization
structure of compliance– In response, SEC separates compliance
function to reports to the SEC Chairman
The reaction by the DDHS and SEC
DEPARTMENTALIZATION
04/09/2023 DeStefano 52
04/09/2023 DeStefano 53
• Changes in corporate liability rules
• Some of the Federal Sentencing Guidelines
• Best Practices developed by governmental entities • OIG Compliance Program
Guidance• Institute of Internal Audit• In-House Counsel Conferences
This Reaction is Consistent with Recent Guidelines and Recommendations
Inconsistent with other corporate practices and mandates that put
compliance in the hands of lawyers . . .
04/09/2023 DeStefano 54
Examples
ABA Task Force on Corporate Responsibility recommended that general counsels oversee compliance (with direct oversight by the Board)And MR 1.6 (may)and 1.13 (must)
04/09/2023 DeStefano 55
Recent Federal Sentencing Guidelines enable GC to oversee
Compliance
SEC §307 of Sarbanes-Oxley puts the GC in role of whistle blower/gatekeeper2004 Investment Company Act 'Compliance Rule' enables GC to oversee compliance
Despite the debate over who should play gatekeeper, more and
more corporations are departmentalizing
04/09/2023 DeStefano 56
Review: Government Mandates
• Corporate Reporting– Sunshine Act– Dodd Frank– Sarbanes Oxley
• Internal Policies and Programs– Revised Written Codes of Conduct and Enhanced
Training
• Corporate Monitorships• Departmentalization
– CCO separate from GC– Direct access to the Board
Potential Objectives of Government Mandates?
• Increase actual compliance with the law (and prevention of noncompliance)
• Increase transparency externally & internally– So that company AND government has
increased access to information in order to monitor and catch noncompliance
• Increase visibility & entrenchment – To enhance importance of and commitment to
compliance internally– To demonstrate government has acted
ButAre the
Objectives Being Met?
HypothesisEfforts to Increase Compliance Transparency & Visibility lead to a
result that is cloudy at best
In Other Words:Preemptive Departmentalization
Hypothesis
Departmentalization may not increase:
– Objective #1: Actual compliance– Objective #2: Transparency– Objective #3: Visibility/Entrenchment
OBJECTIVE #1:INCREASE ACTUAL COMPLIANCE
May Not Increase ComplianceSeparation
May Not Increase ComplianceTension
May Not Increase ComplianceTurf Wars
May Not Increase ComplianceViewed As Outsider
May Not Increase ComplianceWatch Dog AND Cost Center
“I think compliance is the
world’s longest four letter word
XXXX
and it initiates a response in
people that is negative.”
- CCO
Interviewee
May Not Increase ComplianceLack of Power & Influence
‘C’ for ‘Chief’ ≠ Unlock the Door to the “C-Suite”
“[E]ven if the chief compliance officer reports to the [board] or CEO, they are going to have the same problem, because chances are the CEO is going to want to listen to the general counsel . . . because they are their trusted legal advisor. Very rarely is the compliance officer reporting to a CEO, because that’s what the CEO wants.” – CCO/Assoc. GC
May Not Increase ComplianceNo Guarantee
Right Professional with Right Skills
May Not Increase ComplianceFalse Complacency
May Not Increase ComplianceLack of Responsibility
May Not Increase ComplianceLawyers Subrogated
. . . Decrease in Gatekeeping Role
May Not Increase ComplianceRevival of the Legal Technician
May Not Increase ComplianceLawyer Cast of Mind
04/09/2023 DeStefano 76
04/09/2023 DeStefano 77
May Not Increase ComplianceDouble Trouble
OBJECTIVE #2:INCREASE TRANSPARENCY
04/09/2023 DeStefano 79
May Not Increase TransparencyStrengthens Support for Attorney-Client Privilege
04/09/2023 DeStefano 80
May Not Increase TransparencyMay Increase Info Shielded by
Attorney-Client Privilege
04/09/2023 DeStefano 81
May Not Increase TransparencyOrganizational Structure
Doesn’t Tell The Real Story
MORAL MAZES
STOP GAPS
04/09/2023 DeStefano 82
May Not Increase TransparencyInternal Social Networks
Are More Telling
MORAL MAZES
STOP GAPS
OBJECTIVE #3:INCREASE VISIBILITY & ENTRENCHMENT
May Not Increase Visibility & Entrenchment
No Lightening Rod Salesmen
04/09/2023 DeStefano 85
May Not Increase Visibility & Entrenchment
Talismans - Form Over FunctionOrg Charts Codes Of
Conduct andTraining Manuals
Formal Systems = Weakest Link
04/09/2023 DeStefano 86
04/09/2023 DeStefano 87
May Not Increase Visibility & Entrenchment
Emphasis ≠ CultureEasy to Control: Routine Check the Box
Harder to Control: Complex, multifaceted,About ethics and morals
04/09/2023 DeStefano 88
Genuine Motivation is a Combo
Motivation: Carrots? Or Sticks?
04/09/2023 DeStefano 89
Money Can Take the Good Out of Doing Good
04/09/2023 DeStefano 90
And Penalties Can Justify Non-Compliance
04/09/2023 DeStefano 91
04/09/2023 DeStefano 92
Complianceinitiatives
do not accountfor the reality
that employeesdo not necessarily
recognize a dilemmaas an
ethical one
Many Ethical Dilemmas Result from Blind Spots
04/09/2023 DeStefano 93
04/09/2023 DeStefano 94
. . . Think Pinto
. . . Think The Challenger
Or Desensitization and Ethical Fading
04/09/2023 DeStefano 95
CONCLUSIONS
04/09/2023 DeStefano 97
ConclusionsLook Through the Looking
Glass
04/09/2023 DeStefano 98
ConclusionsLook Through the Looking
Glass
Recommendations• Look inward at actual decision making
processes of individuals and at the informal values, culture, and networks– Conduct a network analysis to determine
communication flow and critical stopgaps
• Liability mitigation to corporations that make changes based on internal findings on the networks and ethical culture that exists beneath the org chart
04/09/2023 DeStefano 100
"Everything's got a moral, if only you can find it.”
Lewis Caroll, Alice’s Adventures in Wonderland
and Through the Looking Glass
04/09/2023 DeStefano 101
Sometimes the hardest task is not solving but
instead, finding the problem
Compliance, Transparency, & VisibilityA Perspective of the US Market:
Cloudy At Best
Michele DeStefanoProfessor of Law, University of Miami
Meeting of LAAW e.V. Munich GermanyOctober 2014