Today, I wrap up my series on why I think compliance is at the Tipping Point. However as it is a Friday in October, I continue my tribute to the Man in the Shadows, producer Val Lewton, whose films for RKO had some of the most interesting and innovative use of techniques to induce horror that have been seen on screen. Today we honor a rarely seen Boris Karloff thriller, Isle of the Dead. In this film, a malevolent force in human form, named in the film the ‘vorvolaka’ is the antagonist. The film begins during the Balkan Wars of 1912.
Karloff, playing General Pherides, and an American reporter visit the Isle of the Dead to pay their respects to the General’s long-dead wife. They discover the crypt despoiled; hearing a woman singing on the supposedly uninhabited island, they set out to find her. They run into a large group of people and one of them tells Karloff that a vorvolaka, in the guise of the red and rosy Thea, is in their midst. The General laughs at such superstition and accepts an invitation to spend the night as one of the local’s guest. Of course, one by one, the characters begin to die off, eventually including Karloff. As he is dying and madness sets in, he believes he has seen the vorvolaka and that it must be killed off. After his death, the one remaining character intones, “It is done,” and then adds, “The general was simply a man who was trying to protect us.”
This final line seems to me to be a good introduction to this final blog post on why I think compliance is at a Tipping Point. I think we have come to a place where a Chief Executive Officer (CEO) will ask the Chief Compliance Officer (CCO) to come down to his office, close the door and say, “How are we doing?” This is not a manner in which CCOs have been traditionally utilized in the past. This is more than having a seat at the C-Suite table. This is a recognition that the legal, reputational and indeed business risks are now so great that only a robust compliance program can fully provide the affirmative shield to protect a company from falling into the morass of a business nosedive or even personal criminal liability for individual for senior executives.
The Yates Memo refocused the Department of Justice’s (DOJ) sights on prosecuting more individuals in white-collar cases, such as under the Foreign Corrupt Practices Act (FCPA). While the DOJ has always targeted individuals when it could do so, the difference now is companies must target individuals in their internal investigations. More importantly, will senior management now be targeted for prosecutions under the conscious avoidance theory that was used to prosecute Frederic Bourke? I believe the best way to stop any such claims is an effective compliance program where senior management can point to active participation through a variety of actions. It is through having such a compliance program that senior management may well have their best protection.
The new DOJ Compliance Counsel points directly to a company’s compliance program as the key element that the DOJ will consider. No one has said it better than Stephen Martin when he stated, “By retaining a compliance consultant with previous DOJ and in-house compliance experience, DOJ is sending a strong message to senior management and Boards of Directors that it is now critical that companies have a robust, effective and sophisticated compliance program covering both FCPA and non-FCPA risk areas…For companies, the “return on investment” is clear, the benefits of an effective compliance program far outweigh the costs of the program and help mitigate government enforcement and compliance related risks. For compliance professionals, the DOJ’s increasing focus provides the rationale for helping companies truly move to instituting and maintaining a practical, best practices compliance program that meets the rising expectations of the DOJ.” Once again it is the compliance function that bears responding to this DOJ initiative, through having a robust compliance program in place.
Next is the Volkswagen (VW) emissions-testing scandal. Here we have the first corporate scandal I can remember where a competitor has brought the ethics and compliance of its business rivals into question, through its singular actions. The VW scandal has now both Mercedes and BMW diesel auto emissions called into question. As recently as the General Motors (GM) ignition switch scandal, you did not hear regulators questioning Ford or Chrysler over their ignition switches. If a compliance program is designed to manage risk, how can you manage the risk of parties over which you have no control? I think the answer is that by having the transparency of a robust compliance program; if a company is required to defend itself in such a catastrophic situation, it will have the documentation to do so. For it is only in this manner that a company show it did not cheat regulations to win business.
Finally, is the last tipping point the Schrems decision from the European Court of Justice (ECJ), which invalidated the Safe Harbor provision through which American companies brought information developed through hotlines and internal information back to the US? The decision is much more far-reaching than simply the FCPA. For instance, Sarbanes-Oxley (SOX) mandates that a company have a hotline. But similarly to the response to the whistleblower provisions of the Dodd-Frank Act, companies must now be in a stronger position to quickly and accurately assess any potential violations that might be detected, reported or arise. This means not only thoroughly training your compliance function but it also puts more pressure on the underlying internal controls to give the compliance function the underlying information, on a more real-time basis about high-FCPA risk issues. Further, if you tie the Schrems decision together with the Yates Memo which requires a company to turn over information on individuals in very short order, to receive any credit from the DOJ, you see the need for a more robust prevention system in addition to other sources of information.
More than simply trying to protect, as Boris Karloff’s character was trying to do in Isle of the Dead, I think compliance has come to a Tipping Point where it will be the key discipline in a company which ties all of these disparate threads together because only compliance can be embedded into the business functions so that it can prevent, detect and remedy issues before they blow up into full blown criminal actions.