The Magna Carta and Scrutiny of Your Compliance Program

by Thomas Fox

Magna CartaSunday, June 15 was Father’s Day so for all us fathers out there, it was our day and I hope that you enjoyed and cherished it. It was also the anniversary of what I believe was one of the greatest achievements in Anglo jurisprudence, the signing of the Magna Carta, by King John and the Barons who opposed his tyranny. In 1215, the barons rose up in rebellion against the King’s abuse of feudal law and custom. The legal document drafted up for King John, required him to make specific guarantees of the rights and privileges of his barons and the freedom of the church.

On June 15, 1215, King John met the Barons at Runnymede on the Thames and set his seal to the Articles of the Barons, which after minor revision was formally issued as the Magna Carta. I have visited the field at Runnymeade where the Magna Carta was signed. Next year will be the 1100th anniversary of the signing of this document. For me, the Magna Carta is symbol of the sovereignty of the rule of law over the King. Its grant was of fundamental importance to the constitutional development of England and to the rest of the common law world such as the United States.

I thought about how King John was forced to sign the Magna Carta, clearly against his will, when I read an article in the May issue of the Harvard Business Review (HBR), entitled “How to Outsmart Activist Investors”, by Bill George and Jay W. Lorsch. While the article focuses on steps a company can take before an activist shareholder buys into a company and demands changes, I thought the process of preparation that the authors listed as something that a Chief Compliance Officer (CCO) should consider in his or her company’s compliance program.

The authors lay out the problem faced by company’s as follows, “Their game is simple: They buy stocks they view as undervalued and pressure management to do things they believe will raise the value, such as giving more cash back to shareholders or shedding divisions that they think are driving down the stock price. With increasing frequency they get deeply involved in governance—demanding board seats, replacing CEOs, and advocating specific business strategies.” They proposed a six-step process that allows a company to be ready for such an attack. However, I saw these six-steps as delineations a CCO could institute which would prepare a compliance program for a wide range of reviews, including audits, reviews by government regulators, queries by Board members or other high ranking company officials who may want to know more about a compliance program on a quick basis. So I have adapted the authors’ six steps to advise the CCO on how to be ready for such an event or perhaps a myriad of others.

Have a Clear Strategic Focus and Stick to It

In their article, the authors pointed to PepsiCo’s move to it’s “Performance with Purpose, a strategy targeting three growth areas: (1) “good for you” products, including Quaker Oats and Gatorade; (2) product innovations; and (3) emerging markets. Part of the idea was to fund the substantial investments—including acquisitions—required to build these categories with the cash flow from PepsiCo’s core business. PepsiCo did precisely that, acquiring a number of food and beverage companies in emerging economies such as Brazil, India, Russia, and Ukraine.” For the compliance practitioner, I think it means you need to stick to your guns and move your program forward. It does not mean that you will not hit road bumps along the way but if you have something like Stephen Martin’s suggestion for a 1 – 3 – 5 year program in writing and are following it, you can reject calls for major mid-course changes. 

Analyze Your Business as an Activist Would

In their article, the authors said, “CEOs need to ensure that their boards understand the tactics of activist investors and have a game plan for responding. That means analyzing both how the activists might try to increase short-term shareholder value—through spin-offs and divestitures or financial engineering such as stock buybacks and increased debt—and the company’s possible vulnerabilities in strategy and capital structure. Specific examples from other companies can help.” For the compliance practitioner, I believe this means you need to keep abreast of the most current information available on the Foreign Corrupt Practices Act (FCPA) or other types of anti-corruption compliance. While the 2012 FCPA Guidance still provides some of the best articulation of what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) believe constitute an effective compliance program, you should still monitor enforcement actions and other information. So if your company is in the tech space, the March HP enforcement action is something you should review to determine if any of HP’s compliance failures might have implications for your company.

Have Your External Advisers Lined Up in Advance and Familiar with Your Company

The authors believe that to fight such proxy challenges “both management and the board must have external advisers whose guidance they can rely on.” However, for the compliance practitioner, it means that you have taken steps to assess and verify the efficacy of your compliance program. Certainly you can benchmark your program against others in your industry but also having third parties assess, benchmark and verify your compliance program can be an excellent way to show where your program stands if someone comes looking at it.

Build Board Chemistry

Obviously when fighting an activist investor, Board cohesion is paramount. The authors note, “Activist investors are often out to divide a target company’s board. To address the issues they raise in an objective and constructive manner, directors need the unity that comes from years of building board chemistry. That chemistry is enhanced through repeated engagement on important issues, weathering crises together, and candid dialogue with the CEO. The latter requires a high degree of transparency from the CEO and a willingness to share even the most sensitive information involved in decision making. To cope with an activist’s challenges, directors must be fully committed to the company and its long-term objectives.” But the same is true for a CCO. Having Board support is imperative to any long-term success for a compliance program. It is up to you to develop the relationships and provide timely information so that there are no surprises, or as few surprises as possible, in the area of compliance.

Perform in the Short Run Against Declared Goals

Just as “the best defense against an activist investor is consistent performance that realizes the company’s stated goals; anything else makes the company vulnerable”, I believe that a compliance program should also measure itself against stated goals. The FCPA Guidance makes clear that a compliance program begins with a risk assessment. The reason is not only to use the risk assessment to determine where your compliance program might stand but also to create a road map for future enhancements. It is also important to set realistic expectations. Overly ambitious compliance goals, which ultimately fall short can trip up a CCO and make a program vulnerable to criticisms.

Don’t Dismiss Activist Ideas Out of Hand

The authors note “Most activist investors are smart, motivated people who often notice things that boards and managers overlook. It is generally worth listening to their recommendations and implementing the ones that make sense.” For the CCO or compliance practitioner, I have long advocated listening to the business units to help see what works and what does not work. This does not mean a compliance program can only be followed when feasible, but it may require compliance program flexibility to allow it to not only measure and assess risk but to adequately manage compliance risk.

Doing What’s Best for All Your Shareholders

The authors believe “One of a board’s most important roles is to ensure that the company stays true to the mission and values that have made it successful. In recent years several activist fund managers with no industry experience have come to corporations with proposals for radical, unproven course changes. Sometimes major changes are needed, but companies that allow outside activists to implement them without full and careful consideration risk losing the commitment and engagement of their employees and customers.” Similarly, a CCO or compliance professional needs “to work to ensure the long-term viability of the company’s [compliance] mission and strategy.”

Whether you are a lawyer or not, I believe that the Magna Carta is one of the most significant legal documents in the history of Anglo jurisprudence. Even if King John signed it at the point of a knife to his throat, or not, it became one of the foundation documents for English and, later, American law. But another lesson one may draw from it was that King John was not prepared when his Barons revolted against him. The HBR article provides a clear path for the compliance practitioner to follow to prepare for excess, outside, unwanted or other scrutiny.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.