Last week Matt Kelly scored the first interview with the Department of Justice’s (DOJ) former Compliance Counsel, Hui Chen after she left the DOJ. Kelly posted it on his Radical Compliance podcast site and its available on his website, RadicalCompliance.com. It is a fascinating interview which provides a Chief Compliance Officer (CCO) and compliance practitioner with several important elements from the DOJ’s Evaluation of Corporate Compliance Programs (Evaluation) document released in February. Chen also provides insight into what the DOJ considers important in assessing the effectiveness of a best practices compliance program. When you couple that with the two Foreign Corrupt Practices Act (FCPA) declinations issued by the DOJ last month, a CCO is armed with valuable information on how to best navigate the FCPA criminal investigation process.
Kelly began his interview by asking how the Evaluation came about. It arose from two separate needs and observations by Chen when she joined the Fraud Section as Compliance Counsel. The first came from her initial training to Fraud Section “prosecutors in December 2015, shortly after I started there. I walked through the components of compliance programs and talked about how I would be probing companies on these topics.” From these observations and in discussions with the then Fraud Section Chair Andrew Weissmann, it was decided that some type of list of questions would be helpful for the prosecutorial staff to assist in assessing compliance programs for companies in a FCPA investigation. Indeed, Chen noted her initial draft of the Evaluation was created in January 2016, over one year before it was released on the Fraud Section website.
Chen then began to sit in on presentations by companies under investigation, regarding the state of their compliance programs. From this initial round of such presentations, Chen “felt repeatedly like companies were not presenting the information that would be helpful to us.” She gave Kelly a couple of examples. First, she would inquire “if they have ever disciplined people under those policies or how specific controls would work, I would get blank stares.” In the requirement of reporting, Chen noted, “They would show us posters of their hotlines, but then when I ask about the actual reporting data and how they use that reporting data to help detect misconduct, I would again, get the blank stares.”
These were not the responses that Chen felt provided any substantive information on what goes into making a best practices compliance effective. She said, “We wanted people to see that we put a lot of emphasis on evidence and data. Don’t just tell us that you have a hotline. Show us how you know it’s working and how you’re using the information that you gain from these hotlines. When you say you have a great compliance portal, don’t just show us screenshots of it. Show us the hit rates and how you use that data to help you refine how you communicate with your audience.” The same was true for the requirement of strong leadership by senior management and tone from the top. Chen related, “If you tell us you have a strong, talented top, show us what concrete actions your leaders have taken personally to demonstrate that. It’s not just some words that they say” but show the evidence. (Here please note the three most important things in compliance still matter: Document, Document, and Document).
Chen emphasized the Evaluation is not simply to be used or even considered as a checklist. It is designed to have CCOs and compliance professionals think about their compliance programs by asking questions. She explained, “Questions invite people to think. I like to call them evaluation questions. My goal is really to get people to really think about what they’re doing, what is the goal they’re trying to accomplish, how are they going to measure the results, how do they know it’s working. I’m a big fan of asking questions. The result of that, I’m hoping is that people really get to think about what they’re doing and why they’re doing it and how do they know that they’re successful at it.”
It will be no surprise to any CCO or compliance professional that the Evaluation was based upon the Ten Hallmarks of an Effective Compliance Program, which appeared in the 2012 FCPA Guidance (still the best one volume resource on all things FCPA). Chen added an 11th component because she believes it is “really important that companies begin by looking at what happened. That really drives everything in terms of their presentation to the Justice Department.” Chen went on to explain, “The first root cause analysis set of questions. I think that set of questions needs to be asked of any type of manifest at risk that the compliance officer sees. If you can’t pay attention to small failures that might have resulted in no harm at all then you are going to end up missing the failures that do result in harm.”
Chen so strongly believes in the root cause analysis approach she stated, “I think every time when you see a problem as a compliance officer, you want to do that root cause analysis. You had an approved … Something got approved or did not get approved before it happened. No harm was done. Why? Why did that system fail? Was it because the person who is doing the approval was too busy? Was it because people didn’t understand? They really need to think through.”
Chen also wants the Evaluation to get CCOs and compliance practitioners to consider the structure of their compliance program and how it inter-relates to the company’s risk profile. In other words, how well is compliance operationalized? She stated, “Think through what are the different risks that your company faces and think about how each of these elements actually could impact on how you manage and deal with that risk. I would use the more of the structure of it. I would use the approach that I hope is consistently clear through the document is that the quest for thinking through what you want to accomplish, how you’re goanna do it, who are you going to work with to accomplish those things, and how you measure the results, what data are you getting need to collect to inform your decisions along the way.”
Chen also noted she is still frustrated that the Evaluation has not “propelled the level of thinking I was hoping for” as she still hears too many meaningless buzzwords around compliance. She stated, “I think really getting beyond the buzzwords, all these industry jargons that we throw around and actually asking what does it mean for our individual employees as they face decisions that they have to make every day. I think that’s something that we can all do a lot better on.” Solid words for every CCO and compliance professional to consider going forward.
[View source.]
