This is a guest post written by Diana Trevley, Spark Compliance Consulting’s Chief of Global Services.

We’ve seen the good, the bad, and the ugly when it comes to Codes of Conduct.  In 2018, Spark Compliance launched Spark Score, a new benchmarking standard that measures how your compliance program looks to the outside world, and as part of our groundbreaking research, we’ve reviewed hundreds of Codes of Conduct at companies of every size and across all industry.  Following are the top five best practices consistently displayed by companies that receive a high Spark Score:

 1.      Tailored to YOUR Company

 Creating a bespoke Code is deceptively time-intensive, but incredibly important because people don’t read what they perceive to be boilerplate language.  Some of the best practices we have seen from Spark Score’s highest-scoring companies include the following:

• The Code has your branding, logos, fonts, and colors

• Leadership (generally the CEO) introduces and endorses the Code

• The authority and autonomy of the CCO is emphasized

• The name of your CCO and DPO are included instead of being referred to just by their title

• The origins of your company and what values led to its success are prominently featured

• Highest risks are prioritized and given separate sections

• The Code references operations and locations where your company actually does business

• Leaders and employees from various levels, locations and departments are featured in photographs and interviews.  (Extra Credit:  While professional photography is great, less formal photographs of employees at promotional and charity events, at holiday parties, or even socializing in the break room really create a personal touch AND it will get your employees to crack open the Code with each new update to see whether they and their friends are featured in it.  One of our clients revamped their Code by including employees with pictures of their dogs.  It was a huge hit.  Just be sure that you are complying with local data protection laws.)

• The Code includes a FAQ section of actually frequently asked questions at your company

2.      Online and Easy to Find

If you’ve got it, flaunt it!  While most companies do have their Code of Conduct on their website, there are still some companies that don’t post their Code. …

Groundbreaking Results: Join us for a Webinar on Benchmarking Your Compliance Reputation

I'm delighted to be partnering with Steele Compliance Solutions to present a webinar unveiling the groundbreaking results from our research into the external reputation of compliance programs.  During this webinar you'll learn critical information to answer questions like:  What does your company’s external appearance say about your company’s commitment to compliance and ethics? What are others in your industry doing? And perhaps and most importantly, what are best practices in this critical space?

Join us for a webinar to hear the results of this research and to find out how companies in your industry scored using Spark Compliance’s proprietary algorithm, that scores programs in six critical areas:

• Code of Conduct 

• Corporate Governance 

• Whistle-blower Provisions 

• Anti-Bribery Commitments 

• Data Privacy 

• Supply Chain / Modern Slavery / Sustainability 

I'll be presenting with Tony Charles, Chief Client Officer for Steele.  Sign up HERE to join us, Tuesday, March 5th, 11:00 AM EST (4:00 PM GMT).  See you there!

SIGN UP HERE

“I’m good with faces, but I never remember names.”  How many times have you heard someone say this?  Have you said it yourself?  If so, you’re missing a critical opportunity to make people feel special and to create an immediate sense of familiarity and warmth. 

Dale Carnegie, author of How to Make Friends and Influence People, said, “A person’s name is to him or her the sweetest and most important sound in any language.”  What should you do if you have trouble remembering names?  Here are five ways to make it easier.

Say Their Name Back to Them Immediately

Most people shake hands when they are introduced in a professional setting.  When this happens, take the opportunity to say the person’s name back to them immediately.  Let’s say you were just introduced to Juanita.  When she shakes your hand, repeat back, “It’s so nice to meet you, Juanita.”  By using the name immediately, you’re more likely to cement it into your mind.  You’ll also be able to be corrected early on if you get the name wrong or mispronounce it.  It’s much better to be immediately corrected than to learn weeks or months later that you’ve been calling someone by the wrong name.

Not only should you repeat the person’s name after you meet them, but you should also say it again when you part ways.  “It was so nice meeting you Shantok,” will solidify the name in your head, as you’ve now said it at least twice. 

Find a Celebrity to Associate with Them…

When was the last time you thought through your third-party management and due diligence process?  Perhaps you inherited a system that was in place when you arrived, and you’ve never changed it.  Perhaps you’re trying to manage it on an Excel sheet.  Perhaps you know it’s a problem, but you’ve never actually done anything about it…

Considering that 90% of reported FCPA cases involve a third-party intermediary, and one-in-two global enforcement actions involved a third-party, your third-party risk management program is a crucial part of your compliance program.

Is your current third-party risk management and due diligence system up-to-scratch?  Here are five questions you should be asking yourself to find out.

Question 1: Is my system truly risk-based?

The most frequent problem we see in due diligence program reviews is non-risk-based systems.  This usually happens because a conservative lawyer or compliance person worried that a risk-based system might let a problematic party through the system, endangering the company.  What tends to result from this blunt-instrument approach is over-spending and too much attention spent on lower-risk third-parties.

The DOJ endorses a risk-based approach.  The DOJ’s Resource Guide to the Foreign Corrupt Practices Act states that “performing identical due diligence on all third-party agents, irrespective of risk factors, is often counterproductive, diverting attention and resources away from those third-parties that pose the most significant risks.  DOJ and SEC will give meaningful credit to a company that implements in good faith a comprehensive, risk-based compliance program, even if that program does not prevent an infraction in a low-risk area because greater attention and resources had been devoted to a higher risk area.”

Ask yourself whether lower-risk parties get a lower level of due diligence and whether the hoops those parties jump through are smaller than those required for higher-risk third-parties.  If the answer is no, re-think your approach.

Question 2: Is my system consistently applied? …