True Ethics, True Grit: Compliance is Leadership’s Toughest Challenge

March 1, 2018

Jed Hepworth spent 39 years working on international matters at Cargill, Inc, the biggest privately held corporation in the USA. As Latin American General Counsel for 20 of those years, he led 70 professionals living and practicing in the region. Amid the continuing torrent of corruption scandals in Latin America, implicating senior executives and presidents across the region, Tenácitas International invited Jed to share his insights.

Rare is the corporate leader who does not dread learning that the company – or he/she personally – is the target of the US Department of Justice or Public Prosecutor’s office for corrupt payments or price-fixing or some other gross violation of the law. Reading about a German auto executive arrested in Florida and held without bail until convicted, or Brazil’s Marcelo Odebrecht sentenced to 19 years in prison, brings home the personal risk senior managers run in a world of extra-territorial FCPA application and newly-aggressive enforcement by local authorities. And with Latin America representing around half of FCPA cases worldwide, it is ground zero for the DoJ.

Effective compliance management is an investment in controlling risk. Compliance management rooted in ethical values, risk assessment and efficacy – not in external appearances. Effective compliance management not only assures conformity with corporate ethics and legal standards. It also controls costs. And it makes compliance more sustainable.But the foundation of effective compliance management is not systems or structure or powerpoints. Its foundation is leadership. And in the current environment of short-term thinking by employees, uncertain regulation, and enormous performance pressure, there is no more complex a challenge to corporate leadership.  

Who would have imagined back in 2008, when the initial accusations were made leading to Brazil’s Operation Car Wash investigation, that it would result not just in multi-billion-dollar fines but in executives charged and imprisoned in Brazil and investigated and arrested in countries around Latin America? What executive in Brazil is not worried by local prosecutors’ discretionary authority under the “Clean Hands” law?  

Beyond personal risk, corporate leadership has to recognize as never before the financial impact of compliance failures and reputational damage. The cost of investigating and defending a claim of non-compliance can be crippling. Following bribery allegations in 2012, by late 2017 Walmart had spent $820 million on internal investigations and building a worldwide compliance function.

Fines and penalties make the headlines, but even if a company is not fined, it pays a brutal price for alleged wrongdoing. The cost of the diversion of senior leadership to crisis and reputation management instead of building the future cannot be quantified. Investigations and penalties are not restricted to the multinationals – the net increasingly catches many small fish as well.

Most corporate leaders are of course committed to ethical leadership and compliance with the law. They intend to honor the trust of all stakeholders – shareholders, communities and employees. However, many companies operate in locations where non-compliance is the norm, where the rules are unclear, where discretionary and abusive enforcement is routine, and where corruption is endemic.

So corporate leadership’s personal commitment to ethics and compliance is never enough by itself. Absolutely critical and foundational, yes – but never sufficient alone. Compliance cannot be solved to a certainty. It has to be managed. In a world where the legal rules are often unclear and where leadership has to empower and trust employees operating outside of leadership’s minute-by-minute oversight, a company focused not on managing compliance risk but only on the vain hope of avoiding compliance risk will be out of business.

A leadership team pretending that ethics are a matter of black and white is denying reality. Ethics by definition are moral principles that are given life in the actions of individuals and companies within a concrete context. A leadership team that thinks legal compliance alone is sufficient, and that ethics can be left to local custom and practice, is failing to lead.
Customs and practices are wildly variable. It is the duty of leaders to engage employees at all levels and in all places to buy into their corporation’s ethics. I found that agreement on what is morally right, after conversation and analysis, to be remarkably consistent. Indeed, all my experience teaches that it must be consistent to sustain compliance. The result is committed and inspired employees.

After 39 years working as in-house counsel in Latin America, I have profound respect for the size and complexity of the challenge in managing ethics and compliance, and for leadership that is consistently effective at responding. I learned from great leaders five core principles which I believe will serve every corporate leadership team that sees compliance as central to their company’s culture, value system and long-term success.

1) Lead by Example. Compliance leadership at every level is essential – starting most importantly at the top. Employees watch leaders with an intensity leaders fail to recognize, especially when an employee is asked to take hard decisions that do not maximize short-term gain for the company or the employee. A senior leadership team that says compliance is a core value but fails to be personally and actively engaged in ethics training and compliance communication – so that employees only hear about ethics and compliance from Human Resources or Law or the Compliance Function – is telling employees compliance is secondary. Further, a senior leadership team that finds ways to forgive and retain “successful” employees who violate the law or corporate rules is sending a powerful message that profitable non-compliance will be tolerated – essentially, that compliance is just for show. And a lower-level leader who gets away with dismissing values and compliance as irrelevant (or worse) to subordinates is effectively teaching non-compliance.

2) Ensure Values are Shared at All Levels. Compliance leadership has to be a matter of values that are shared at all levels and central to the company’s culture. If a company talks about ethics and compliance only in terms of the cost of non-compliance – fines, penalties, liabilities – the message to employees is clear: “Compliance is not our shared core value. We are just concerned about the cost of being caught.” Very few employees feel personal risk for behaviors that produce immediate gain to the company (and a bonus/raise for the employee). The biggest risk to an employee contemplating the approval of a bribe or cheating a customer to earn a bonus is still that of being fired (and rarely for cause outside the USA), some time down the road after the bonus has been paid and only IF the violation is discovered and IF senior leadership holds people accountable. So what is the most effective driver in that employee’s decision to step back and obey the law or the company’s ethical code? Understanding and sharing the company’s values and culture of compliance. Employees who demonstrate they do not share those values must be weeded out.

3) Base Compliance on Good Risk Assessment. Effective compliance leadership is the product of good risk assessment and hard analysis, not wishful thinking. Compliance training and enforcement that do not reflect the reality of the business and the employees who are trying to make the company successful is a waste of resources. Training that is not practical and immediate to the individual, not values-based, and not repeated, will fail. Most employees want to do the right thing and be successful. Few employees in my experience are intent on violating laws and company rules. Most get caught up in situations where their training does not supply answers or they are under tremendous pressure to deliver results and do not know where to turn for guidance and support. Leadership’s challenge is to provide that.

4) Deploy Adequate Resources. Effective compliance leadership requires resources (including senior leadership time) to analyze risks, set priorities, train, investigate and enforce. Those resources need to be proportionate to the risk and the strategy to manage them. While external resources bring breadth and depth of experience and specialized expertise, only internal leadership can focus that expertise for effective results. Assuring that training reflects real-world issues and a discussion of core values costs money but is effective. A leader’s repeated calling out of ethical and anti-bribery issues when evaluating strategies or opportunities drives home the message that leadership’s commitment to compliance is genuine. When a compliance failure occurs, failing to devote the resources required to investigate it thoroughly compounds the failure – and creates the appearance of covering up.

5) Be Accountable and Hold People Accountable. Leadership’s toughest compliance challenge may be accountability. Most senior leaders are comfortable talking about the importance of compliance and their personal commitment to the company’s values and ethics. They are frequently very uncomfortable sending in the lawyers and auditors and external investigators to dig into allegations or suspicions of misbehavior and to do hard interviews. Senior leaders are even more uncomfortable firing otherwise successful employees whose misbehavior is the product of fatally flawed judgment or a desire to make more money for the company or a response to a corrupt government official’s demand. But there is no more powerful message about compliance to employees than individual accountability – and the internal rumor mill in any company is more powerful than most senior leaders want to acknowledge.

Copyright 2018 Jed Hepworth