I was at a conference earlier this year featuring a Chief Compliance Officer from a sovereign wealth fund with several thousand employees.  As he spoke, he elicited gasps when he said that all promotions had to be run through Compliance before they could be approved.  Since that conference, I’ve survey our clients, and I’ve found that a small but growing number of companies are implementing what once seemed impossible: Compliance is a becoming a gatekeeper to promotions at many companies. 

I, for one, am delighted with this trending best practice.  The benefits of it for companies are enormous.  They include:

1.      Weeding Out Bad Apples

In many companies, sales performance tops everything else.  Managers may identify “high performers” or champion those without a strong grasp on ethics if their numbers are good.  In some companies, HR files aren’t reviewed carefully to find previous disciplinary action when a person is being considered for a promotion.  Because of this, some bad apples may slip through the cracks and up the corporate ladder.  A review by the Compliance Officer should always include a review of any previous disciplinary actions, investigations, and/or complaints.  In this way, a Compliance review can be an important safeguard from allowing a bad apple to create a rotten tone from the top.

2.      Allowing for Pro-Active Response to Concerns…

Let’s say you’re feeling great this morning.  You can take on the world.  You make your to-do list and it’s 12 items long, but that’s OK!  You plan the metrics that you’ll track this year – all 16 of them.  You decide your Code needs a refresh, and that the project should start immediately.

Cut to six months later.  Your metrics tracking project has died, with you only tracking two basic metrics.  You’ve given up on the Code refresh after trying to set up a working group.  You feel defeated and decide to view news sites at work instead of trying to accomplish the next task on your to-do list…which has now grown to 14 items.

What’s going on here?  Author Vishen Lakhiani says, “We tend to overestimate what we can do in one year and underestimate what we can do in three years.”  In his book, The Code of the Extraordinary Mind, he argues that we tend to bite off more than we can chew in the short term, and not expect nearly enough of ourselves in the long term.  Both tendencies tend to work against our long-term success.  How can we counter this?…

“If we could sum up all the causes of hurt, pain, and hatred in one word, it would be expectations.”  - Ancient Proverb

Imagine the courage it must take to blow the whistle on unethical activity at your job.  Whistle-blowers experience fear of being fired, being found out, retaliated again, and losing their reputation, while wrestling with the desire to do the right thing.  But once whistle-blowers have made their report, they’re often disappointed and disillusioned.  This is frequently compliance’s fault.

What Happened?

Surveys and academic research shows that the vast majority of whistle-blowers report internally before reporting to regulators or the media. One survey found that 90% of whistle-blowers reported internally before filing qui tam lawsuits.  Why did they report outside?  One of the major reasons was their perception that nothing was done about their report.

Managing Expectations…

“Self-esteem literally means what YOU think of YOU, not what other people think of you, or it would be called other esteem or their esteem,” noted author and therapist Marisa Peer.  In her book, #IamEnough, the author encourages all of us to give ourselves the praise that we need an deserve. Her reasoning is sound: “Praising yourself is simply improving your internal dialogue so you can reap the benefits that receiving praise brings – even if you’re the only one giving it.” 

Many of us struggle with the feeling that no one appreciates us or pays attention to what we do.  Author Peer states that our mind responds to praise from whatever source it comes from – whether external or internal.  You can choose to celebrate all that is good about you and your performance without being egotistical or narcissistic.  Here are three ways to do it…

This is a guest post by Ramsey Kazem, East Coast Vice President, Spark Compliance Consulting.  He can be reached at rkazem@sparkcompliance.com.

Last spring, the Department of Justice issued a guidance document, which outlines the specific factors prosecutors consider in evaluating a company’s compliance program and deciding whether to bring charges, negotiating plea agreements, or offering leniency in assessing penalties.  The guidance makes clear that a “well designed compliance program should apply risk-based due diligence to [a company’s] third-party relationships.”  That is, a company must have a process in place to perform an appropriate level of due diligence before engaging a new third-party.  This process must be current, effective, and risk-based.

While the expectation is clear, the process by which a company meets this expectation is not as straightforward.  As with most things in compliance, there is no one-size-fits-all solution to satisfying this standard.  Indeed, a company must develop an approach to third-party due diligence that fits the company’s size, structure, industry, geographical presence, and risk profile.     

So how does a company go-about designing a third-party due diligence process that will meet the expectations described in the DOJ’s guidance document?  In this two-part series, we will share some guidelines and best practices for undertaking this effort.  In this part I of the series, we will discuss how to define the scope of a third-party due diligence program.  In part II, we will explain how to develop a risk-based process to effectively screen the in-scope third-parties for compliance-related risks.

Defining the Scope of a Third-Party Due Diligence Program

The first step in designing a third-party due diligence program is to define the scope of the program…