Scientific Committee of the International Review
of Compliance and Business Ethics
By Keith T. Darcy, President
Darcy Partners Inc.
Introduction
As an organized profession the ethics and compliance world is arguably not more than six decades old. The pattern for its growth and development of the profession is clear – a series of corporate or government scandals followed by increasingly harsh reactions by lawmakers, prosecutors, and regulators. In my careers in financial services as well as in ethics and compliance I have long said, “Wherever there is money there is the potential for corruption. And wherever there is a lot of money there is the potential for a lot of corruption.” These episodes often are accompanied by severe market and economic decline. Warren Buffet, the American billionaire has quipped, “When the tide goes out, that’s when you know who’s swimming without bathing trunks.”
This essay will evidence numerous examples of this pattern, and the punitive consequences that ensue. What was once a heavily legalistic approach to ethics and compliance has increasingly focused on issues of integrity, corporate culture, companies’ relationships to climate issues and the future of business. It is important to remind us all where we have been so that the lessons learned are not forgotten. At the same, we need to follow the arc of the profession to understand where it is going.
The Birth of a Profession
Over the past five decades the ethics and compliance profession has experienced
significant growth and maturity. Unfortunately, much of this has resulted from the many failures of business to self-regulate which so often leads to an unwelcome result – more regulation. In 1974 Richard Nixon resigned as President of the United States which launched a global conversation about ethics, integrity, and character. The following year an investigation of a major U.S. aerospace company was found guilty of making questionable payments to numerous governments and uncovered 400 other companies involved in similar behavior which came forward under an amnesty agreement. This led to the passage of the Foreign Corrupt Practices Act (FCPA), Incredibly, the U.S. thus became the first nation to criminalize the behavior of bribes to foreign government officials. At the same time in Paris, the International Chamber of Commerce (ICC) adopted the Showcross Report and issued ICC’s “Rules of Conduct to Combat Extortion and Bribery.” Clearly, an increased emphasis on internal controls and legal liability laid the seeds for a new profession – ethics and compliance.
Despite these initiatives, issues of malfeasance did not disappear. In 1986 the illegal stock manipulation and insider trading investigation led to a conviction of Ivan Boesky, who spent 22 months in jail, and paid a settlement of $100 million. With Boesky’s cooperation, the junk bond king, Michael Milken, would be fined $600 million and, too, would spend time in jail.
Also in 1986, following allegations of waste, fraud, and abuse among defense contractors, the U.S. defense industry formed a self-regulatory body called the Defense Industry Initiative (DII). Working with the government, DII developed a model for internal ethics compliance programs to detect and prevent waste, fraud, abuse, and other wrongdoings. With the focus on ongoing internal programs relating to behavior and decision making, the compliance function began to take deeper root into the strategies and operations of defense companies.
In the early 1990’s a group of executives from other industries began to draw upon the experience of defense contractors gained through DII. Through the efforts of The Hoffman Center for Business Ethics at Bentley University, executives from non defense companies started exploring the prospects of creating a nonprofit, multi industry membership association where they could come together and share best practices.
Concurrently, on November 1, 1991, the U.S. Sentencing Commission (USSC) issued Chapter 8 of the Federal Sentencing Guidelines pertaining to crimes in the workplace. This landmark pronouncement raised two new risks: (1) a personal threat, and; (2) a corporate threat. The personal threat meant that executives may be subject to civil and/or criminal charges when an employee of theirs commits a crime in the workplace. Willful ignorance and willful blindness will not be considered a defense. In addition, under the corporate threat the company could be subject to mandatory fines up to $290 million. The Commission, however, very creatively offered a carrot along with the stick, i.e. those organizations that take meaningful step to develop effective ethics and compliance programs can mitigate those risks. Chapter 8 also laid out a detailed proscription of what an effective program would constitute. The implications of these new promulgations were not lost on those executives meeting at Bentley University. In early 1992 the Ethics and Compliance Officer Association was formed with nineteen original members. Through this act of mutual recognition, the ethics and compliance profession in the U.S. was born. Since then, similar organizations have been created in many countries across the globe where members collaborate with one another and share best practices, and where the Federal Sentencing Guidelines have become universally cited.
Since then, the evolution of ethics and compliance has been marked by periods of scandals and resulting enforcement responses. During the 1990’s, following deregulation in the energy, utilities, telecom, and financial services sectors the U.S. and global economies soared. Despite major scandals in the 1990s at BCCI in the U.S. and Barings Bank in England, neither of them affected the unstoppable growth in equity markets worldwide. Going into 2001 global economies began to slow and came to abrupt halt following the attacks on September 11, 2001. Shortly thereafter, Enron, the seventh largest company in the U.S. and which never experienced a down quarter in its financial history announced a $3 billion earnings restatement. Within five weeks Enron declared bankruptcy wiping out $63 billion in market capitalization.
Unfortunately, Enron was not the only scandal. Entering 2002, scores of other scandal plagued companies paraded across the newspaper headlines worldwide: WorldCom, ImClone, Tyco, Royal Dutch Shell, VW, France Telecom, Parmalat, Liverdoor, Siemens,
Daimler, Hyundai, Nikko Cordial, Xerox, Rite Aid, Computer Associates, UN Oil-for-
Food, and Arthur Anderson among others. The Dow Jones Industrial Average fell by
50%, and NASDAQ fell by 75 % as shareholders fled to safer investments. These
scandals exposed executive arrogance, fraud, conflicts-of-interest, and the failures of
board oversight, independent auditors, Wall Street analysts, rating agencies, and even regulators. The U.S. Department of Justice extracted heavy penalties from offending companies and imposed deferred prosecution agreements overseen by federal monitors.
Of particular note, in July 2002 the U.S. Congress passed the Sarbanes Oxley Act (SOX) which focused on three specific audiences: the accounting profession, which previously was a self-regulated profession (peer-to-peer) by the creating a government regulator; (2) boards of directors, by imposing strict new demands on their oversight activities, and; (3) senior executives setting out new standards for them managing risk. In sum, SOX was a bill clearly aimed at “tone at the top,” and the implementation of efforts to fortify corporate culture.
Fast forward to 2008, the markets began to once again experience irrational exuberance and uninhibited self-interest. A collapse in the over-inflated real estate markets and mortgage-backed securities which financed them gave birth to The Great Recession, which exposed over two-hundred and fifty Ponzi schemes worldwide, massive frauds, bribery and corruption, insider trading, money laundering, and price fixing. In all $34 trillion in global equities were lost and 20 million people lost their jobs. It took extraordinary measures by central banks everywhere, along with multi-billion-dollar stimulus programs to bring the markets back from the brink of a global depression.
In December 2009 the UN Convention Against Corruption (UNCAC) met in Doha Qatar wherein 150 nations agreed not only to have laws against bribery and corruption (many did but never enforced them), but also decided to hold each other accountable for enforcement. This resulted in significant cross-border cooperation by enforcement authorities heretofore unknown.
In May 2010 the Organization for Economic Cooperation and Development (OECD) issued its Good Practice Guidance on global standards for internal controls. For the first time they added to their promulgations the essential importance of tone at the top, ethics standards, and a culture of integrity, citing the Sentencing Guidelines. In July, the UK Bribery Law was enacted.
In July 2010 the U.S. the congress passed the Dodd Frank Act to tame the overindulgences of Wall Street. Among its provisions included the whistleblower bounty program, wherein anyone from a listed company that brings an issue of malfeasance to the attention of the Securities and Exchange Commission that results in a settlement of $1 million dollars, or more is entitled to receive between 10 and 30%. To date over $1 billion has been paid to such reporters. Several other countries have enacted similar whistleblower programs. Clearly, what was once a U.S.-centric, highly legalistic approach to issues of malfeasance has now converged into global expectations by enforcement authorities everywhere.
Looking Ahead
Where is the ethics and compliance profession today? Despite significant actions and requirements over the decades by enforcement authorities, the professionalization of the ethics and compliance function, and the increasingly sophisticated oversight by governing authorities, risks keep rising. Whack-a-mole issues remain, such as bribery and corruption, money laundering, conflicts of interest, etc. At the same time new risks are constantly emerging. Witness major new scandals at VW, Wells Fargo Bank, Petrobas, VimpelCom, Theranos, Boeing, Deutsche, TD Bank, Uber, and FTX.
The new frontier for risk unquestionably is in the field of technology: hacking; disinformation; cybercrime; ransomware; the dark web, data security; Chat GPT; private messaging sites and; artificial intelligence. One thing we know – technology can inform but can never substitute judgment. Look at the world we live in today:
- When was the last time you got your Fuji film processed at the pharmacy?
- Moocs offer online courses which is transforming higher education and the way we learn.
- Today’s cars park themselves. Tomorrow’s cars will drive themselves.
- Flying taxis are on the horizon.
- Your iPhone is a portable mall, a bank branch, bookstore, radio, and t.v.
- Google allows you to search for anything, anywhere, and anytime – for free. In the process they know exactly where you are, every interest you have, and from which they derive predictive pattern of behavior to sell.
- The largest transpiration company in the world is Uber – and they own no cars.
- The largest retailer is Alibaba – and they own no inventory.
- The largest hospitality company in the world is Airbnb – and they own no real estate.
- The largest content company in the world is Facebook – and they produce no content.
In addition, given the instant access and universal availability of information corporations are increasingly subject to criticism by the media, competitors, customers, social critics, and even employees themselves. Society today is more informed. Gaps are emerging between a company’s stated values and their business practices. At stake is a company’s trust with every stakeholder.
The C-suite plays an enormous role in support of a company’s E+C efforts. Leaders must develop a culture where employees are encouraged to discuss their day-to-day dilemmas. Lines of communication must be open to stakeholder inside and outside the organization. Today’s leaders must create an organizational culture unhampered by fear. Such leaders are committed to problem finding, not just problem solving. They must embrace error, even failure, because it teaches more than problem solving. They encourage healthy dissent, and reward those brave enough to say no.
The payoff is even more significant. This trust, once developed, will extend to customers, regulators, employees, and the public. It will develop a renewed sense of pride, dedication, and loyalty to the company.
For sure, the role of ethics and compliance executives have become increasingly risky and complex. It is imperative that E+C professionals find ways to partner with other risks managers in the firm, e.g. internal audit, HR, legal, and business leaders. In addition, sharing best practices with colleagues from other firms and industries and learning from them is essential to stay ahead of new and emerging risks, and finding effective ways to mitigate against them. Progress can only be sustained through the collective actions and practical partnerships of committed businesses working together with governments and civil society organizations.
As we look ahead, however, the true measure of success of the efforts of ethics and compliance executives must be seen not just in terms of operational and legal compliance or limiting the liability to the company, but also in how the efforts contribute to the success of the enterprise.
Darcy Partners 