Compliance and the Failure to Escalate

Thursday, June 30, 2011

Thomas Fox

59d9b46aa00c70238bb89056cfeb96c0

In a previously life I was a civil trial lawyer. For a portion of that career I defended companies in catastrophic injury cases.

One common themes running through each of the catastrophes which underlay the inevitable litigation was there was always one point where if an action had been taken, or in some cases not taken, and accident would probably not have occurred.

That concept also translates to the compliance world as well. In almost every circumstance where a significant FCPA or Bribery Act compliance violation has arisen, if the issue had been reported or at least sent up the chain for consideration, there is a good chance that the incident would not have exploded into a full FCPA compliance violation.

Matthew King, Group Head of Internal Audit at HSBC calls this concept “escalation” and he believes that one of the more key features of any successful compliance program is to escalate compliance concerns up the chain for consideration and/or resolution.

This means that in almost every circumstance regarding a compliance issue he had been involved with, at some point a situation arose where an employee did not report a situation or event up to an appropriate level for additional review.

This failure to escalate leads to the issue not reaching the right people in the company for review/action/resolution and the issue later becomes more difficult and more expensive to deal with in the company.

A company needs to have a culture in place to not only allow elevation but to actively encourage elevation. This requires that both a structure and process for that structure must exist.

Then the company must train, train and train all of its employees. Lastly, while a whistleblower process or hotlines are necessary these should not be viewed as the only systems which allow an employee to escalate a concern.

The starkest example of which I am aware of this failure of escalate is the HP matter involving its German subsidiary and allegation of bribery to receive a contract for the sale of hardware into Russia.

The Wall Street Journal has reported that at least one witness has said that the transactions in question were internally approved by HP through its then existing, contract approval process. Mr. Dieter Brunner, a contract employee who was working as an accountant on the group that approved the transaction, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004.

It didn’t make sense,” because there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses, Mr. Brunner said. He then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, “I assumed the deal was OK, because senior officials also signed off on the paperwork”.

Think what position HP might be in today if this temporary employee had escalated his concern. Initially, HP would not have been under investigation by governmental authorities inGermanyand Russian.

In the United States, both the DOJ and SEC are investigating the transaction. More ominously for HP, investigators from these jurisdictions are also now investigating other international operations, including those in Russia and the former CIS states to ascertain if other commissions paid involved similar allegations of bribery and corruption as those in this German-subsidiary’s transaction.

The key would appear to be both having the systems in place to allow such escalation and to train all employees, including contract employees on how to escalate an issue. So is your company encouraging its employees to escalate their concerns regarding a transaction or do your employees simply approve a transaction because everyone else has done so?

Matthew King, Group Head of Internal Audit at HSBC was interviewed by Project Counsel Founder Gregory P. Bufithis. A YouTube video of the Gregory P. Bufithis interview of Matthew King, see may be viewed by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

Cross-posted from Tom Fox Law

Possibly Related Articles:
13061
General
General Legal
Legal Compliance Management FCPA Employees Whistleblower
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.