Mobile Edition
Print
Get the Mag
Weekly Updates"Dangers lurk in the water for unwary corporations and their officers- the courts and the government are setting more and more standards for corporate compliance. Stiff sentencing guidelines and personal civil liability can result from in fractions." (1)
"My job is to get the business for the company in Asia, Africa and the Middle East. Nobody tells me to bribe but I know what I have to do to get the contract. It is implicit that I am to do what it takes and not make a mess of it. That means it is untraceable and everything looks legal." (2)
Small businesses may be so focused on economic survival that they may be woefully ignorant of the application to their companies of laws covering fraud, environmental concerns, zoning, export controls, bribery, antitrust and price fixing, discrimination and harassment. Or, as the person in the quote above signaled. he understood the law but chose to ignore it-calculating the chances of being caught were negligible. Some think that only larger corporations have to worry about such laws and regulations. Yet small companies can run afoul of the law as Denny Herzberg and the Vitusa Corporation (3) found out after an indictment for violating the Foreign Corrupt Practices Act and resulting plea agreement. Or as Metcalf & Eddy Inc. (4) in 1999 discovered in a Final Judgment of Permanent Injunction and Consent Order regarding another Foreign Corrupt Practices Act case (travel and lodging) that ignorance of the law is costly.
After the Organizational Sentencing Guidelines (5) went into effect in 1991, it was noted that a higher percentage of small- and medium-sized business became ensnared in prosecutions. (6) This may well be because the larger companies can afford attorneys and the initial costs of implementing a compliance program. Also, and as important, they understand the incredibly high costs of not having a compliance program. A compliance program as defined by the guidelines is a generic term that means an "effective program to prevent and detect violations of the law." (7) A compliance program that meets the federal criteria may possibly precipitate the government's elimination of the criminal charge or reduction of the fine under the Federal Sentencing Guideline formula. (8) Companies have begun to employ ethics officers who help monitor compliance programs. One clue to the dramatic interest of business in these programs is the growth from 12 ethics officers in 1992 to 540 in 1999 according to the Ethics Officer Associa tion. (9) But how has this interest by management trickled down to the employees, such as the employee in the opening quotation, who are responsible with others for securing the bottom line of the company every day? What guidance do they have?
What are employee attitudes?
An anecdotal illustration of employee attitudes is the quotation from the unidentified U.S. expatriate assigned overseas. However, anecdotes have real limitations. Is he an anomaly? How many others act as he does? Are employees like him found more often in small companies? We don't have the answers to these questions. However, in 1999, KPMG (10) sent out questionnaires to 3075 prequalified working adults. They received 2390 completed surveys for a response rate of 78 percent. " The following details some of the results: 76 percent of employees in all industries surveyed reported observing a high level of illegal or unethical conduct in the last year. The response of 81 percent was found in consumer markets. (12) The types of problems observed were: (13)
The survey polled employees about what they thought caused the misconduct: (14)
Furthermore, employees believe that management doesn't or can't deal with the problem: (15)
These survey results are troubling and underscore a corporate business doublespeak. It appears that corporations may be paying lip service to ethics and legal compliance but are perceived as not being serious or sending the message that the talk is just for the "paper trail."
Ask professors who have surveyed their business students about what the students have observed in their work experience and similar results will be revealed. Students report observing widespread theft of inventory off the loading docks, expense account padding, kickbacks and the omnipresent double sets of books in cash businesses and the accompanying payments "off the books" to employees. However, all it takes is a few dramatic headlines to begin to grab the attention of business people to rethink these illegal business practices. (16) Thus, given both the anecdotal and survey data, business managers need to pay attention to both compliance programs and training for employees.
What are Compliance Programs?
The main criteria of compliance programs can be found in The Guidelines sec. 8A 1.2 Note 3(k) requiring" reasonably designed, implemented and enforced" and with use of "due diligence to prevent and detect criminal conduct." (17) This is not a template that all businesses simply copy the language and fill in the blanks, There are seven "minimum" steps that must be in every compliance program: (18)
1. The organization must have established compliance standards and procedures to be followed by its employees and other agents that are reasonably capable of reducing the prospect of crime. Application Note 3(k)(1)
2. Specific individuals within the high-level personnel of the organization must have been assigned responsibility to oversee compliance with such standards and procedure. Application Note 3(k)(2)
3. Use due care not to delegate discretionary authority to individuals who the organization knew or should have know might engage in illegal activities. Application Note 3(k)(3)
4. Taken steps to communicate effectively its standard and procedures to all employees and other agents... [through] training programs or by disseminating publications that explain in a practical matter what is required. Application Note 3(k)(4)
5. Taken reasonable steps to achieve compliance with its standards e.g. by utilizing monitoring and auditing systems... and by having in place and publicizing a reporting system whereby employees and other agents could report criminal conduct by others in the organization without fear of retribution. Application Note 3(k)(5)
6. The standards must have been consistently enforced through appropriate disciplinary mechanisms. Application Note 3(k)(6)
7. After any offense has been detected, the organization must have taken all reasonable steps to respond appropriately to the offense to prevent similar offenses--including any necessary modifications to its program to prevent and detect violations of the law. Application Note 3(k)(7)
These seven points reflect the skeleton of a compliance program. The individual company needs to conduct a specific risk inventory. Obviously securities law will not affect some businesses. The company must then tailor the program to best manage those identified risks. A management structure needs to be established with a mechanism such as a hotline or ombudsperson to deal with complaints. As part of step one, many companies choose to articulate the corporate vision in a code of conduct that specifically fits the company. (19) A compliance officer is appointed who reports to both the CEO and the board audit committee. The more regulated the industry-such as healthcare, chemical, and securities-the more detailed the program need be.
What is to be done?
Small- and medium-sized companies need to think about how to systematically reduce their liability risk. Some argue that being ethical positively affects the bottom line. Others, more pragmatic, would argue that while being both ethical and legal may be more expensive in the short run, it would pay off in the long run. Of course there are yet others who argue that the legal minimum is all that is necessary and no good deed goes unpunished--but they may be unpersuaded by any logic. The fear of bad publicity about a firm is a powerful motivator to do the right thing in the first place because it can be difficult to undo. In the international arena, there is also a more noble reason for supporting compliance programs (with their accompanying codes of conduct and ethics training), because they deter corruption in civil society, which has a dramatic impact on economic growth and the stability of democracy. (20)
A compliance audit will identify the areas of risk to that particular company. For example, instituting an email policy and management of email communications is critical. Emails have come back to haunt even the wealthiest man in America, Bill Gates, and many less well-known figures, as well. Second, the audit is not a one-time occurrence but occurs regularly. Training is critical to overcome the problems KPMG identified earlier that workers don't believe the company is serious. The program must closely follow the listed seven requirements.
Last, the company should consider appointing an ethics officer/ ombudsperson who will function as the veritable "canary in the mines" for the company. Some will look at this and say "get real" -that is not how business is done-it ignores the reality of the vast cash economy that goes unreported to the IRS and the way wheels are greased in this country and all over the world. (21)
Yet, the world is changing with the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions outlawing bribery went in effect in February 1999. (22) This action signals that the international community is becoming united in seeing the pernicious effect of bribery of officials. The convention addresses the problem of bribing non-governmental officials too--a problem that received recent attention with the International Olympic Committee problem of bribery in Salt Lake City. (23) How many people are willing to face the reality of going to federal prison for several years for "crime in the suites?" (24) Each businessperson should ask employees if they are willing to break the law, risk trial and imprisonment for an extra couple of thousand dollars?
FEED