CFO Magazine: Creating a Culture of Compliance

Standard

I was recently quoted in CFO Magazine for an article on creating an ethical culture within companies. Below are a few excerpts, including my comments.

In December, the federal government cited a “lax corporate control environment” at Alcatel, which extended right up to the CEO and CFO, as a primary cause of the scandal. It was a finding that more companies should take to heart.

Nearly a decade after the passage of the Sarbanes-Oxley Act, and amid heightened FCPA enforcement, the responsibility for shaping what is often called a “culture of compliance” inside U.S. corporations falls heavily on the C-suite — and, more than ever, on the CFO.

A culture in which employees feel they can report illegal activities or abuses can prevent problems from becoming disasters. This pertains not only to financial controls under the CFO’s purview but also to a broad range of operational risks, which can result in costly disasters like last year’s oil-rig explosion in the Gulf of Mexico and the implosion of Enron. In both cases, employees accused top management of ignoring their concerns about dangerous internal practices.

Who to warn, and how, remain open questions at most firms, but “if a CFO says, ‘That’s not my department,’ he or she should be fired,” says David Gebler, president of corporate-ethics consultancy Skout Group.

[snip]

CFO interviewed more than a dozen experts and examined several notable legal cases and compliance failures to determine the five most effective things finance executives can do to prevent risky or illegal activities.

1) Acknowledge that You Are Responsible
While the actions of a salesperson on the other side of the globe may seem well outside a CFO’s purview, Sarbox says otherwise. When CFOs sign off on financial statements, as they must do under the act, they are also verifying the accuracy of all corporate records, says Marie Hollein, president and CEO of Financial Executives International.

Adding to the pressure, the federal government recently gave whistle-blowers a powerful incentive to snitch. The Dodd-Frank Act awards bonuses of up to 30% of enforcement penalties to individuals who provide “original information” about illegal activity by their employer. Understanding the implications of the new incentives and crafting a policy that encourages employees to speak up is essential.

[snip]

3) Really Deliver the Message
“I am sick of the phrase ‘tone at the top,'” says Tracy Coenen, a Chicago investigator. Sending a message from on high is far more effective, she says, when it’s coupled with some face time. Making the effort to deliver this important message in person shows that “you’re a real person, and [your employees] can hear you say that it’s important to have an ethical company.”

The definition of “the top” is also changing. Regulators are demanding that boards of directors assume greater responsibility for shaping a company’s culture. The U.S. Justice Department’s recent bribery case against Panalpina blamed “a culture of corruption,” which “trickled down” from the board and senior executives to “employees who accepted bribery as a part of Panalpina’s standard business practice.”

Employees even adopted a nickname — “apples” — for bribes, according to the November settlement by the global oil-industry logistics firm. Panalpina pleaded guilty to two violations of the FCPA regarding $49 million in cash bribes paid to customs and government officials in Angola, Azerbaijan, Brazil, Nigeria, Russia, and Turkmenistan.

[snip]

5) Simulate a Crisis
When a crisis occurs, consultants say that it can be extremely difficult for C-suite executives to subsume their type-A personalities and develop a consensus-driven plan that can minimize further damage. For top managers who want to learn how politics and personalities can lead to a cover-up that worsens a crisis, consultants recommend they walk through who would be in charge if a crisis occurred.

Deloitte’s Pollard sometimes puts executives in a room and asks them to put on a fraudster’s hat: Could someone manipulate company records or processes to perpetrate a fraud, and if so, how? Who in the room has the knowledge and ability to commit fraud?

After one such series of brainstorming sessions, Deloitte catalogued more than 150 initial fraud risks for one public company. “When the CEO and the CFO saw that,” Pollard says, “it opened their eyes to things they had never considered.”

Leave a Reply