Monthly Archives: February 2016

Compliance Challenges in Australia and Asia

The first in a multipart interview, GRC Solutions ( Managing Director, Julian Fenwick, shares his experience, perspective, and practice, with respect to anti-bribery and compliance challenges for multinationals which are either based in Australia and/or Asia, or with subsidiaries in the region. Julian shares his views with how regulatory awareness in the region has impacted compliance efforts, addressing how anti-bribery compliance has  become “globalized.” For multinationals based in Australia and/or Asia, which are engaging with the United States, Great Britain, and other countries in their commercial activities,  the need to address the FCPA, The Bribery Act and other international anti-bribery conventions in business operations has never been greater.

In other words, the challenge of conducting business from Australia and Asia is much greater than local laws and regulations- it’s a global effort with significant training requirements.  In this context,  it’s imperative to provide consistent, yet tailored to the region and language, on-line training in order to instill employee compliance awareness, especially where there is increased risk. To hear more of Julian’s perspective,  and to find out about the GRC Solutions SALT Compliance e-learning platform, feel free to contact: [email protected]

Is There an Internal Ethics & Compliance Council In Us All?

The following guest post and video is by Nicole Rose, CEO and Founder, Create Training.

We all know about ‘the law’, but how about the laws within us that direct our behavior and decisions? Marc Hauser, evolutionary biologist and a researcher, suggests that we  all have a ‘moral organ,’ that comes from an unconscious and intuitive processes which takes place in our brain.  Is this really the case? If so, can we tap into this dynamic to support ethical practices? Let’s explore.

Common moral principles

 Let’s start with some basic principles that we may all be able to agree upon. See what you think:

  • The ‘intentional principle’: people tend to believe that intentional harm is worse than if something is done unintentionally.
  • The ‘action principle’: we are more likely to find harm reprehensible if it happens through a positive action rather than an omission.
  • The ‘contact principle’: we believe it’s worse to do harm through direct contact with a person rather than indirectly.
  • The ‘everyone principle’: if everyone is ‘doing it’, it is more acceptable than if only one person is doing it.

If you want to test your own principles, go to the Moral Sense Test and see how you cope with the unenviable dilemmas.

Evolutionary and environmental morals

As we evolved from infancy to adulthood we took on the moral codes of our environment. In our early years we had our own sense of morality and made our own moral decisions: ‘it’s not fair that he got more toys than me’ or maybe,  ‘I don’t want to share!’ As we got older we encountered the moral code of our parents and then of the world in which we operated and thrived. In essence, we were subjected to the moral code of our environment.

But our environment is also subject to the ‘acceptable’ moral code of the time. 100 years ago the environmental ‘moral code’ looked very different to what it does now. 100 years ago sex discrimination and drunk driving were neither morally reprehensible nor unlawful. Issues such as slavery, suffrage, and apartheid, as examples, all influenced the moral code of time, yet were swept away as those codes changed. In other words, morality is not a static influence, it changes.

Morality and bribery

Now let’s consider bribery and corruption.  What about the FCPA, from the late seventies, when it was enacted, compared to today.  Has our moral code developed so that bribery and corruption (in addition to being a crime) are now considered unacceptable behaviors, where they were once, ‘how we do business’?

If you interviewed a CEO of a large multi-national 40 years ago, would his view of overseas bribery be very different to what it is today? In my previous work as a lawyer, I was a told by one senior employee that ‘in the old days, the bigger the bribe the better the broker’. But attitudes are different now.  Along with the change in the law (1977) and enforcement of it, our revulsion to bribery has dramatically increased and been embedded into our internal moral code.

If we can appreciate the extent of our moral code, we can employ it to leverage our own decision making, with any issue. This opens up the realm of training from one where just teach people what the law is, to training that taps into their own internal ethics and compliance council.

In essence, we want to associate law and policy with how people internally relate to what’s ‘right and wrong.  We can do this through something I call ‘relatable storytelling’: a story that is believable,  that someone can relate to, and that relates to the law/policy of choice. Storytelling allows us to do two wonderfully advantageous and yet perfectly harmonious things- dip into people’s imagination, and also help them to relate it to their own memories, makeup and experiences. When that happens, we can index people’s decisions to their own moral code and the world is your compliance oyster!

Want to give it a try?

As an example in practice, we explore behaviors and morals in our video series ‘Corrupt Casino’. We analyzed the morals (or lack of them) in the stories of high profile cases in order to contrast these behaviors against people’s general moral code.  Part 1 is here. See what you think and send me your thoughts!

Interesting article? Would you like to know more?

Contact Me
Trust as a Fig-Leaf of Poor Compliance and Management

Trust as a Fig-Leaf of Poor Compliance and Management

The following guest post is by Oliver May. 

Trust is an important, nurturing presence in the workplace. There is a level of trust inherent in all controls, and NGOs are often dependent on trust, especially in emergency operations, distant field offices, and when working with volunteers. Untrusting workplaces feel austere, and create additional stress among those who work in challenging environments.

But trust can be abused. Research has suggested that non-profits are very trusting environments (link here), and that elevates their vulnerability to fraud and corruption (link here & here). This creates a challenge, as there is little to justify the perception of workers in this sector as trust worthier than others. Career choice is not an indicator of honesty, and neither is honesty absolute – people are complicated, the sum of internal and external factors acting upon and through them.

Thus, there are good reasons to look again at the extent of our cultures of trust – especially for NGOs, non-profits, and charities.

Fraud and corruption hide and masquerade, so if we are too trusting, we never dig deep enough to find out when something dishonest is afoot. Meanwhile, research suggests that the majority of detected occupational fraudsters are usually without prior convictions nor previous dismissals for fraud-related conduct (link here).

Furthermore, when managers describe a ‘culture of trust’ in their organizations, they need to ask themselves – is this really part of an intentional and managed organizational culture, or a phrase being used to cover mismanagement including conflict-aversion and/or complacency?

Trust is important, but fraud and corruption can be enabled when:

  • The organizational culture is not deliberately focused, articulated, monitored and reviewed;
  • Trust is used an excuse for failing to maintain adequate controls and asking questions;
  • Trust becomes a cover to avoid training staff and volunteers to manage resources properly;
  • Trust is allowed to morph into complacency, including the absence of risk management.

The first step to striking the right balance is to recognize that a culture of trust must not be at the expense of vigilance. Ways we can foster trust, without sacrificing our resilience to fraud and corruption, might include:

  • Robust vetting. Prevent the wrong people from getting into the organization – sampling claims in resumes, ensuring that criminal record checks are conducted, and conducting online searches are among a few recommendations.
  • Know when trust is being abused. What do ‘red flags’ look like? Trust does not preclude asking questions, probing anomalies or taking prompt action when they are identified.
  • Have proportionate internal controls…. A culture of trust does not negate the need for controls. It means having just enough to manage the risks.  It also, of course, means having a holistic organizational counter-fraud and corruption framework.
  • …And follow those controls. It is often the failure to follow procedures and systems that corrodes trust in the workplace. Following some, but not others, makes staff feel untrusted, often wondering, ‘why am I being checked on thisbut he isn’t on that?’. And when the routine non-compliance of their colleagues goes without management challenge, staff can be left suspicious – is something dishonest and collusive afoot? When that happens, uneven enforcement leaves staff uneasy and confused, the norms of their workplaces unclear. To feel safe, secure and successful, we all need to know that boundaries apply to all employees without discretion.
  • Articulate the value of policies, procedures, and systems. People often see them as ‘red tape’ – whereas they are often better framed, for example, as teamwork– following them enables colleagues in other teams to do their job, knowing what to expect and when.
  • Develop internal culture and do so intentionally. We can defend against the use of a ‘culture of trust’ as a fig-leaf for poor management by defining the culture we want, and how we intend to measure it. Poor behaviors are then easily compared against this standard.

Remember. organizational culture exists, intended or not.  Taking hold of it and shaping it can make it a really powerful enabler of our missions.

Trust can be a great asset to NGOs, non-profits, and charities – as long as it is within an organizational culture that also actively reduces the risk of fraud and corruption, and consciously strives to maintain the right balance.

This article was adapted from a blog post at

Author Bio

Oliver May is a consultant, speaker, and writer on reducing fraud and corruption in the humanitarian and global development sector. He was Oxfam GB’s Head of Counter-Fraud and is a former officer of the UK’s Serious Organized Crime Agency. Oliver’s book, Fighting Fraud and Corruption in the Humanitarian and Global Development Sector, is out in June 2016 and he blogs at Oliver can be contacted at [email protected], and he tweets on fraud, governance and compliance issues at @oliverbmay.

Interesting article? Would you like to know more?

Contact Me
What Good Compliance Looks Like: Part III

What Good Compliance Looks Like: Part III

I concluded Part II of “What Good Compliance Looks Like” with “compliance and tone at the top are more than stated values, it’s about operational and unspoken values.  It’s about a seat at the table of business strategy.”

But what of corporate integrity, where does that intersect business strategy, operations and values?

How about this: “integrity has become such a buzz word that I think it’s lost its meaning.” But wait, the I in that sentence wasn’t me, it was Hui Chen, DOJ Compliance Expert, in an interview with Laura Jacobus on the ECI Connects Blog (here). Ms. Chen added that when integrity can be defined and articulated as to “how that plays out in their (employee) day-to-day work,” then it becomes much more than an overused buzzword.

But how? It goes back to the compliance challenge of shaping and impacting employees who are outside their organizational perimeter. As Ms. Chen states, it’s about addressing those parts of the organization where compliance does not have ownership all “functions and processes.”  But how can a compliance officer, often seated at the home office, with possible budgetary restraints, and who might or might not be familiar with the cultural, political and ethical challenges that different regions present, break through the barriers and achieve Ms. Chen’s “cross-functional commitment and collaboration.”

In sales, we used to speak of “force multipliers.” Those were individual’s or agencies who served as powerful references for other potential customers. In the defense industry, having your product evaluated and purchased by a special weapons or special forces team would serve as a such a strong market indicator. Thus, by focusing on a smaller group of recognized end-users, a sales team might secure a favorable market reference that would then get amplified to the wider marketplace. It’s a more deliberate form of ‘word of mouth,’

So, where are the compliance force multipliers? Are there employees who can serve as compliance ambassadors, driving ethics and compliance to the front-lines of international business? Do they exist?

The answer came to me this week in preparing for a global corporate event. In this multinational, the Chief Compliance Officer delivers a powerful message to international sales and business development managers: “You are not a passive recipient of our compliance programs. You are compliance.”  He recognizes that compliance can’t be everywhere, and that to populate new compliance manuals to cover every permutation of human behavior and risk, would be a lot less effective than to create an army of compliance envoys as part of being an international sales executive.

And to create that cadre, you don’t need an outside consultant, professional or practitioner. What you need is a vision, and to trust.  Michael McAlevey, Chief Legal Officer and Business Development Leader for GE Aviation, in an article Ethical Leadership: How Does It, and Should It, Shape Corporate Compliance? (Ethisphere, Q4/2015), states, “where trust and individual freedom co-exist, there is less reliance on process and bureaucracy.” While those on the front-lines need to embrace compliance programs and compliance personnel as a partner to success, compliance needs to empower and trust those in the field as the front-line messengers of ethics and compliance to their peers and reports. You can’t convey that in a manual, but when that two way trust is achieved, it is the ultimate compliance force multiplier.

Autonomy and rules, as Mr. McAlevey states, “live in tension.” He adds, “process and regulation cannot and should not reach to every corner of corporate life.” Challenging your front-line executives to deliver integrity and  compliance as a path to success, is part of what Mr. McAlevey speaks to when he references Lord Moulton’s “obedience to the unenforceable.” It’s about “doing the right thing where there is no one to make you do it but yourself.” Empower your leaders to that standard and watch it cascade throughout the organization.

That’s compliance as much more than a PowerPoint or on-line training. That’s empowerment, trust and creating a sales team that is compliance, and which brings Ms. Chen’s “commitment of the whole company to compliance” to life.

I will be speaking more about how incentives influence can amplify or dilute this potential at Compliance Week 2016 (link here).

Interesting article? Would you like to know more?

Contact Me


What Good Compliance Looks Like: Part II

What Good Compliance Looks Like: Part II

In a prior post, I shared the view of a CEO of a Fortune 500 company, who launched his talk at a compliance event by asking “what does good look like?” In that post, I concluded with how “I spent the better part of my career avoiding and evading compliance, but I now appreciate that compliance leaders want those outside of their perimeter to be successful, and they want them home with their families.”

So, let’s reflect some more on what good compliance looks like. Let’s start with a question: What Was Volkswagen Thinking?

In an Atlantic article titled with that very same question, which addressed a number of corporate scandals, including VW, the Ford Pinto, and the Challenger disaster, author Jerry Useem concluded: “the sequences of events fits a pattern that appears and reappears in corporate misconduct cases, beginning with the fantastic commitments made from high.” And when those “fantastic commitments,” are made without the input of compliance, they can become stand-alone red-flags for future misconduct.

As Bazerman and Tenbrunsel share in Blind Spots, “underlying formal systems are informal norms and pressures that exert far more influence on employee behavior than any formal efforts could,” adding that informal systems “teach employees what behavior is really expected of them.” In my experience, incentives, forecasts and business strategy represent a tremendous unspoken message of organizational values and ethics. When organizations speak to a ‘win above all else’ mentality, including lucrative incentives and aggressive forecasts in high risk areas, then compliance can be viewed from the front lines as “ethics marketing.”

What I have  come to appreciate is that the compliance community understands that peril, and as Scott Killingsworth recently shared in a WSJ interview (here), when compliance personnel “are in from the start you have a chance…to foresee what compliance risks are and put in some protections and some cautions early on.” I call that baking in compliance risk before boots hit the ground, and to shore up processes and programs to make sure that spoken and unspoken messages are aligned.

If compliance is not a part of that business discussion, including setting strategy, goals and incentives, especially in high-risk (low integrity) regions, then the compliance team may be left with the unenviable task of ‘catching falling knives.’  I hear those trepidations from compliance personnel when they share their concerns of how the voice of “growing the business” is drowning out the voice of “how to grow the business.” That’s bad for everyone.

This dynamic was well addressed in a recent discussion I had with Dr. Susanne Marston, Vice President & General Counsel, APM Terminals, in preparing for an event where I addressed her leadership team. Susanne shared with me (and my appreciation to her for putting it in writing):

Richard, while we certainly understand that a robust compliance program must have the tools to raise awareness and insure that employees understand rules, policies, and procedures as to prevent violations, that’s not enough. We know that rules don’t necessarily drive behavior. So we need to be very clear with our international teams that compliance does not conflict with the business objectives, and that in fact, the two are complementary parts of business strategy.”

When compliance is a part of that business discussion, then the reality which Ms. Marston and Mr. Killingsworth describes is much more likely to occur. While Ben DiPietro’s reporting (here) of a survey released by Convercent and the Ethisphere Institute  (here) shows “that while the compliance function is gaining in prominence within many organizations, it’s still ‘falling short of having input on company strategy,’” might be somewhat disheartening, that it’s now in the mainstream of the discourse is entirely encouraging.

Compliance and tone at the top are more than stated values, it’s about operational and unspoken values.  It’s about a seat at the table of business strategy.

Interesting article? Would you like to know more?

Contact Me