How to Assess and Mitigate the Risk of Misconduct Occurring and Not Being Reported

Transcription

1 How to Assess and Mitigate the Risk of Misconduct Occurring and Not Being Reported October 15, 2012 Presented by: Chip Jones Kathy Cooper Franklin Brad Siciliano Presented by: Earl M. Chip Jones, III Littler Mendelson, P.C. Dallas Office (214) Katherine Cooper Franklin Littler Mendelson, P.C. Seattle Office (206) Bradley Siciliano Littler Mendelson, P.C. New York Office (212)

2 Littler at a Glance Littler is the world's largest law firm exclusively devoted to representing management in employment and labor law matters. Compliance and Ethics Practice Group Investigations Designing incident management systems Program Development and Evaluation Analyzing Risk Policy and Procedure Development Training and Education Legal research 3 Enterprise Risk Management WHY WORRY ABOUT UNREPORTED MISCONDUCT MORE TODAY? 2

3 In the Wake of Recent Corporate Scandal In today s regulatory environment, it s virtually impossible to violate the rules....it s impossible for a violation to go undetected, certainly not for a considerable period of time. Bernie Madoff, 2007 Employee Mistrust of Management: Survey Says 2011 Maritz Employee Engagement Survey finds: 25% of employees report less trust in management than 2010 Only 10% say they trust management to make the right decision in times of uncertainty Only 14% believe their company s leaders are ethical and honest Only 7% believe senior management s actions are consistent with their words 3

4 The Disconnect Senior Executives consistently have a higher perception of their companies culture than other employees Compliance & Ethics Leadership Council, August 2011 The Whistleblower: Who, Where and Why? In 2011, 45% of U.S. employees said they had observed misconduct in the previous 12 months Approximately two thirds of those who observed misconduct reported it Eighteen percent of employees who report misconduct ever choose to report externally (i.e., either initially or as a subsequent report) Of those who report externally, 84% said they did so only after trying to report internally first Seventy two percent of employees who believe their companies reward ethical conduct chose to report misconduct Only 57% of employees who did not see ethical conduct rewarded in their company chose to report 4

5 2012: The Year of the Bounty Hunter Enterprise Risk Management WHAT IS ENTERPRISE RISK MANAGEMENT? 5

6 How to Succeed The underlying premise of ERM is that every entity exists to provide value for its stakeholders. All entities face uncertainty, and the challenges for management is determine how much uncertainty to accept as it strives to grow stakeholder value. ERM Integrated Framework, COSO, Sept Competitive strategy is "a combination of the ends (goals) for which the firm is striving and the means (policies) by which it is seeking to get there. What is Strategy? Michael Porter, Harvard Business Review, 1996 Choose a Framework Deloitte ISO COSO A process... applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of objectives. ERM Integrated Framework, COSO, Sept

7 Or Create Your Own Reputation Go to Jail Financial Federal Sentencing Guideline Assessment Operational Measure Assess Prioritize Strategic Risks Define Your Risk Appetite Tier 1 Tier 2 Tier 3 Provide resources to mitigate and/or install internal controls Identified improvements can be made with existing resources Risks are tolerable but will manage risks with a continuous improvement focus 7

8 Make It a System Risk Council absorbs results of operations, new strategic plans, industry events, etc. to annually refresh risk inventory, radar, and mitigation plans. Results and Plans Risk Council Council meets 2 4 times per year to update risk inventory and radar, review status reports, and discuss emerging risks. Council updates Executive Team as necessary but at least once per year. Executive Team Measure performance consistent with the way business success is measured Annual Initiatives Audit Committee Chief compliance officer updates Audit Committee each quarter on KPIs and Tier 1 activities and annually on FSG self assessment. Compliance objectives built into annual performance management plans How Does It Work? BUSINESS OBJECTIVE RISK Expand to Eastern Europe Corruption Accurate financial forecasts Pre booking revenue Lower cost of debt Rate fixing (LIBOR) 8

9 Pre Booking Sales Culture History Incentives Autonomy Policy Training Controls Testing Reporting Harm Sales quota and month over months growth driven organization with senior management led by former sales people. None Compensation heavily tied to hitting monthly sales targets. Compensation not impacted by returns, chargebacks or aged receivables. Sales manager only approval needed if product is available and order is within customers credit line. General policy language but no detailed procedures None Credit department monitors accounts receivable aging and credit lines. Sales department manages returns. High level review of aggregate numbers as part of the audit process. Silo ed reporting structure through each departments management. Inflated bonuses and commissions; misrepresent company performance; excess returns; customer annoyance; inaccurate forecasts. Corruption Culture History Incentives Autonomy Policy Training Controls Testing Reporting Harm New markets have reputation for corruption None identified inside the organization Company is making a big investment to expand in high risk countries Additional research and investigation required. General policy language but no detailed procedures Ineffective check the box training Facilitation payments permitted and no legal review required None Speaking up is discouraged Severe criminal penalties and sanctions 9

10 Interest Rate Setting (LIBOR) Culture History Incentives Autonomy Policy Training Controls Testing Reporting Harm Extremely competitive. Recent mortgage loan crisis demonstrated excessive risk taking Could impact equity based compensation. We have only 1 seat on 16 member committee that submits rates. No policy related to the submission of data. None None None Several claims of retaliation have been made Harm would be significant if other banks colluded in submitting data. Risk Inventory Tier 1 1. Misconduct Not Being Reported 2. Risk B 3. Risk C Severity Likelihood Tier 2 1. Pre booking revenue 2. FCPA Violations 3. Sharing data with peers Tier 3 4. Risk X 5. Risk Y 6. Risk Z 10

11 Step One: Know Your Risk Profile What Happens When Key People Are Unaware of the Risk Profile 11

12 What Happens When Key People Are Unaware of the Risk Profile Step Two: Mitigate the Risk: Establish Reporting and Incident Management System 12

13 Internal Reports of Misconduct: Who, Where and Why? In 2011, 45% of U.S. employees said they had observed misconduct in the previous 12 months Approximately two thirds of those who observed misconduct reported it Eighteen percent of employees who report misconduct ever choose to report externally (i.e., either initially or as a subsequent report) Of those who report externally, 84% said they did so only after trying to report internally first Seventy two percent of employees who believe their companies reward ethical conduct chose to report misconduct Only 57% of employees who did not see ethical conduct rewarded in their company chose to report 25 Supervisors Receive Majority of 1 st Reports 56% Your Supervisor 26% Higher Management 6% Other 5% Hotline/Help Line 5% Other Responsible Person Including Ethics Officer 3% Someone Outside Your Company 26 13

14 1. Effective Report and Intake Procedures 2. Speak up training for manager & employees 3. Notification protocol 5. Effective remedial measures and appropriate way to track and communicate discipline before it occurs 4. Effective investigation protocol including training for investigators 6. Reporting and Communication 27 Step Three: Mitigate the Risk: Internal Controls, Testing and Auditing 14

15 Pre Booking Sales Separation of Duties Purchase Order: Follow sales transaction end to end. Return Authorizations: Work backwards Bills of Lading 3 days before the end of the close Credit Aging Reports Extending credit terms Anti corruption Expense Reports Foreign Consultant/Supplier Contracts Due Diligence Background Checks Recent Hires Marketing Expenditures Intercompany Transfers Accounts Payable Compliance Certifications 15

16 LIBOR Situations Understand the process Clear policy and procedures Fiduciary disclosures Trade group involvement Industry best practice projects Multi employer situations & communication reviews Establish firewalls Step Four: Mitigate the Risk: Make Culture a Strategic Priority 16

17 How Do You Deal With This Behavior? Assess Your Culture Cultural surveys Benchmark reporting Exit interviews Conduct a program review Determine stakeholder communication preferences and expectations Identify opportunities to drive program awareness: training, communication and internal marketing 17

18 Train Managers to Encourage Speaking Up by Welcoming the complaint or report (with words and body language) Break down hierarchical reporting habits Taking the time to listen Active listening, asking questions Showing the employee they care Understanding of importance of contacting compliance immediately Letting the employee know what is going to happen and that you will follow up with the employee Being professional, respectful, and thankful Retaliation will not be tolerated Reporting Rates Rise When Ethical Commitment is Perceived to be Stronger Weak or Weak Leaning Ethical Culture Strong or Strong Leaning Ethical Culture 18

19 A Conversation About Culture Some CEOs, execs and Board Members hate the word The language and branding shift away from compliance and toward integrity / doing the right thing ; sell the vision Explicit and concrete examples help: Responsibility or rules Will people take personal responsibility to address issues, or is it the job of somebody else? Candor or quiet Will people speak up if they see questionable business conduct? Accountability or acquiescence What happens to great performers who violate the Code? The Training Value Proposition Catch misconduct early Empower potential reporters and give them an alternative to the government Send the employer s message Help create an ethical culture Establish legal defenses 19

20 The Training Trend Post Dodd Frank, increased employee communication and training is expected by 74% of respondents 83% at publicly traded companies Increased manager communication and training about handling allegations of wrongdoing is expected by 66% of respondents 72% at publicly traded companies Survey, Society for Corporate Compliance and Ethics (SCCE) and Health Care Compliance Association (HCCA), July 2011 Solutions Policies Not just stand alone Not cookie cutter Not tucked away Training Not just a one time event Don t limit to ethics training Work on solving problems in your actual environment, not whether a situation violates the policy Practice ethical response project yourself Require thinking about how decisions really made 20

21 Questions? How to Assess and Mitigate the Risk of Misconduct Occurring and Not Being Reported Earl M. Chip Jones, III Littler Mendelson, P.C. Dallas Office (214) Katherine Cooper Franklin Littler Mendelson, P.C. Seattle Office (206) Bradley Siciliano Littler Mendelson, P.C. New York Office (212)