Rules Navigator

Transcript: Susan Divers podcast

Carmen Cracknell and Susan Divers
Photo: GRIP

GRIP

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Susan Divers, Director of Thought Leadership at LRN, spoke with GRIP about corporate ethics and how firms can change for the better.

This is a transcript of the podcast Susan Divers of LRN on the links between ethics and compliance between GRIP Senior Reporter Carmen Cracknell and Susan Divers, Director of Thought Leadership at LRN.

[INTRO]

Carmen Cracknell: Welcome to the GRIP podcast. In today’s episode, I’m joined by Susan Divers, Director of Thought Leadership at LRN. She is a qualified lawyer and consultant specializing in ethics and compliance. Susan, can you just say a bit more about you and about the report and your role in that?

Susan Divers: I joined LRN seven years ago after I flunked retirement. Prior to that, I was the Chief Ethics and Compliance Officer at a AECOM a global corporation with most of its employees outside the United States. I was there for nearly six years and I started their program. Prior to that, I was at SAIC for 13 years, a tech company that was also global. I was their Deputy General Counsel for International and then started their Ethics and Compliance Program as well. I’ve had a lot of hands-on experience in the industry. I joined LRN specifically because I’m very interested in best practices, given my experience, and interested in looking at what actually works and what doesn’t work so well in terms of ethics and compliance programs. Our annual report, the Program Effectiveness Report, is all about that.

Carmen Cracknell: I’m really interested in why ethics and compliance are linked together. Can you talk a bit more about the link between the two?

Susan Divers: That’s a really good question. Well, it used to be all about compliance, the classic solution to any problem that cropped up. A great example is the financial crisis years ago with Enron and WorldCom and all. The answer to that was SOX, the Sarbanes-Oxley. I still haven’t been able to figure out exactly how many pages are in it, but I know it’s over 2,000. Probably, it weighs about five pounds if you were to weigh it. That was the solution to everything in the compliance space. Then it gradually dawned on people both in-house and in the regulatory community that rules aren’t self-executing. When you think about it, if they were, nobody would ever have any trouble with teenagers. What really determines whether rules are followed or not is culture.

That’s ethics. That’s what are your values? What is your mission? Do you actually live your values, or do you just have them on paper and pay lip service? Regulators started to figure that out because, as you know, we’ve continued to have major compliance scandals since the financial crisis back in the early 2000s, whether it’s the mortgage banking crisis or the MeToo movement.

What really determines whether you have an effective ethics and compliance program is how effective the ethics part of it is because that determines how people actually behave.

Carmen Cracknell: Absolutely. Do you think that there are efforts right now by firms to simplify compliance? Because, like you say, there’s all these long extensive rules that are difficult for people to digest and put into place. Are there efforts to whittle it down?

Susan Divers: One of the things that emerged from our experience of the pandemic was a realization that it wasn’t enough to just shovel content at people, whether it’s policies or training or any other kind of program in the ethics and compliance space. It’s a bit like throwing seeds over the fence and hoping that you’ll get a really nice garden. During the pandemic, in particular, we saw a shift in our research and also in our client work where companies really realized that they had to design their programs to be employee engaging and to be employee facing. So we’ve seen a number of major improvements come out of that. One is that companies realized that they had to make the programs much more accessible. And during the pandemic, when people were fighting with their families for bandwidth at home, some of our companies, for example, Dell is a long-term client, they moved major parts of their ethics and compliance program onto a mobile app, including their hotline and their annual training. And that was very successful. And that put it at their employees’ fingertips, in essence.

Another area where I really see that is in training. And I would say that 20 years ago, the idea was the more the better. You would take an hour-long course and it would have mind-numbing detail about antitrust or anti-corruption.

And it sort of checked the box that you train people on all of that, but whether they could actually understand it or take away key principles, that wasn’t necessarily happening.

So in the training area, and certainly LRN’s training is a great example of that, we’re focused on shorter modules that are topical that you can take and then put away and then go back and take another one. You can revisit, for example, an anti-corruption. You can go back and refresh yourself on gifts and entertainment. And we also tailor training much more to role and function. In the past, it was sort of, if you were working for an airline, the training premise was everybody needs to know what the pilot needs to know, and that’s not the case. So now there’s much more emphasis on what do you actually do in the company and what’s your role and so what kind of training do you get? And our platform lets you select that. And it’s also a shorter, short-burst learning, frequent quizzes throughout the training so that you can see how you’re doing and if you’re actually getting it, the ability to test out where instead of taking the course again, you can test your knowledge and then take a refresher that’s at a higher level.

And all of those things are really designed with the employee in mind rather than just shoveling content at people. And then the last thing I’ll mention is we do a lot of work in policy simplification where you take long, very convoluted, hard to read, hard to understand, legally written policies and we turn them into much simpler, interactive policies that allow people to find what they’re looking for and use a lot of FAQs and other learning aids. So that’s definitely happened and that’s just going to continue to accelerate.

Carmen Cracknell: Yeah, I mean that technology-driven approach sounds like the way forward. There was some really interesting figures in the report. What stood out most to you this year?

Susan Divers: A couple of things, but starting kind of at the top is there is a big gap between high-performing programs and less effective ones. And when we looked at that data and we sort of matched it up, I do a lot of consulting with companies on their programs. I think some companies still focus on what we used to call checklist compliance where they say, “Okay, I have policies. I’ve got training. I’ve got audit. I’m good to go.” And those are sort of the less effective programs. I mean, yes, there are resources there. But again, the emphasis really isn’t on engaging employees necessarily or continuously updating your program to reflect evolving risks like the war in the Ukraine has made sanctions and money laundering areas of risk for everybody.

So the companies that sort of don’t have dynamic programs are less effective. And then the ones that do have effective programs are continuously improving and always looking at update their risks regularly and usually have engaged boards. So that was one really striking thing.

Another striking thing was the biggest obstacle reported globally. And we had 1,860 respondents this year from across the globe was that their internal systems were really hindering E&C program effectiveness. And that doesn’t surprise me. I’ve worked with Fortune 100 companies that don’t have good internal systems. They can’t put interactive web-based resources out on their E&C website. They track annual certifications like conflict of interest manually by Excel spreadsheet, which takes up a tremendous amount of time. And they don’t get any metrics out of their training, such as what are the topics that people struggle with? And how long does it take people to complete courses? And are there certain areas of the world or certain areas, groups of people who struggle with a particular topic? So that lack of robust internal systems, I think is really an interesting and somewhat surprising finding, especially in this day and age.

Carmen Cracknell: Yeah, it was interesting to see that a lot of firms identified a lack of cooperation from senior management and misconduct as an issue. What do you think can be done to remedy that?

Susan Divers: Yeah, that’s really in some ways the most important element of good ethical culture. And it’s one standard of justice for everyone. And if you think back to the Me Too movement and the scandals that unfolded, there was clearly one set of rules for one group of people. And then the successful leaders, I mean, the media companies were an absolute scandal in that regard, but it wasn’t just the media companies. And everybody knew what was going on and there were complaints about it, but nothing was done. And I mean, Wells Fargo fits into that category, Volkswagen, I mean, lots of scandals. And so that’s organizational justice, that if you engage in misconduct, if you violate the code of conduct, you’re held to the same standard as everybody else. And it’s really up to the board to make sure that that is the case, if senior management isn’t doing that themselves.

Carmen Cracknell: Absolutely. And the report mentions the Program Effectiveness Index. How exactly is this measured and what factors contribute to it?

Susan Divers: Well, when I started doing the report and took it on as a project when I first came seven years ago to LRN, we were doing the standard checklist approach where we rated program effectiveness based on how many times you updated your code of conduct or what your training completion rates looked like. In other words, kind of really activities, not meaningful change or impact. So we took a much more cultural approach and our kind of ranking questionnaire is focused on ethical values and culture drivers. So we asked questions about the comfort level of people speaking up and even taking issues one step beyond their normal manager, the levels of trust and respect in a company, the levels of transparency. And other factors like that, and of course, commitment to integrity, whether managers actually make decisions consistent with the code of conduct, particularly in a time of stress. And so we focus on those factors to determine who’s got highly effective program and who has a less effective program.

Carmen Cracknell: And is that measured by surveying employees?

Susan Divers: Well, when we do that for our clients, we survey the employees. But because this is a general survey that goes out, we ask those questions of compliance professionals. And so it’s not perfect, but it’s a lot better than just asking them the last time they updated their code of conduct to be able to do policies.

Carmen Cracknell: Because I guess they can speak more honestly and anonymously that way.

Susan Divers: Yeah, it’s totally anonymous. And from the differences we see year after year, we believe it’s effective and it’s a valid way of looking at whether programs are impactful or not.

Carmen Cracknell: And yeah, speaking of sort of the changes year on year, you’ve presumably worked on this report for a few years. What has been the major themes over the course of the last few years and the biggest change this year?

Susan Divers: You’re asking great questions. I have worked on it for seven years. And the biggest change was something that really surprised us. And there was a lot of speculation when the pandemic began that it would weaken ethics and compliance programs and that the businesses would be scrambling. And so they sort of say, hey, get out of my way. And instead, the data over the last three years has overwhelmingly shown that ethics and compliance programs played a key role in responding to the pandemic. And leaders were ranked very high. I think it was 82% of the respondents said this year that their leaders had acted consistent with values and had relied on values, not rules. I mean, you have to have rules, but what determines whether rules get followed or values in responding to the pandemic. And you can compare what happened to Apple’s plant in China, Foxconn, I think last year where the workers were locked in the factory and desperate to get out. And the stories that we have incorporated in not the serious report, but the one before of workers voluntarily coming to management and saying we will self-isolate in the plant for a month at a time to keep the electrical grid going. I mean, that’s values in action. So we really saw a very heartening story that way.

And I think programs have continued to really play a key role. It helped embed them in the business and operationalize ethics and compliance. And then the other thing we’ve seen, particularly this year, is a great focus on data analytics. And that’s being driven in part by regulators who have started speaking very frequently about the need to have data analytics. And the Department of Justice has just brought in Matt Galvin, who used to be at, you know, Heizer-Busch InBev and who pioneered in that area. So being able to see real data about how your employees are interacting with your program. And I gave you some examples in the training space, but you can also look and see, you know, what the error rate is on submitting annual COI certifications. I mean, do people do it? Do they do accurate certifications? Are there any patterns that you need to pay attention to? As I mentioned in training, are there gaps where people are really struggling with a particular topic? Because that tells you that that’s an area where you should invest more. So that’s something that we’ve seen year over year, but it’s really becoming even more of a kind of must-have rather than a good-to-have.

Carmen Cracknell: Yeah, and I was going to ask about the changes since the pandemic, which you’ve already talked about. What about the impact of recent political events? I know there was a piece in the report about Ukraine and tension with China and Iran. Can you say a bit more about that?

Susan Divers: Sure. I mean, that is an area, those three factors, that has led to trade controls, like export controls, and then money laundering and sanctions. There’s a quote in the report, I think, from the Deputy Attorney General in the US from September, where she said that trade controls and sanctions have become the new Foreign Corrupt Practices Act.

Every company has to worry about that because it can be in your supply base that you’re trading with a sanctioned entity. You have to screen for that. You have to make sure that you’re not hiring subcontractors that are owned by prohibited parties. You have to make sure that you’re not transferring technology, and those controls have gotten much tighter in the wake of the Ukraine War and the sanctions on Iran and on China. I don’t think our data shows that people are lagging somewhat in that area. It may, unfortunately, take some really big prosecutions to get people’s attention there.

Carmen Cracknell: Yeah. I’ve heard experts in compliance say that regulation only really moves forward when a big disaster happens, and then they put something into place. That seems to be how it was.

Susan Divers: I think that’s right. But there’s an interesting case. I wrote a blog post about it a couple of months ago. An LA, Los Angeles-based company that supplies false eyelashes.

It turned out that the false eyelashes they were buying from China were actually manufactured in North Korea. It sounds trivial, but if it turned out at the Oscars that half the people on the red carpet were wearing North Korean eyelashes, it’s illegal. I don’t know what fine they paid in the end, but it’s a strict liability statute saying, “I didn’t know” isn’t really a bar to being prosecuted.

Carmen Cracknell: That is crazy. How do you see regulation going forward in the next year? What do you anticipate being in your 2024 report?

Susan Divers: Well, an area that we did talk about in this report, because it’s just kind of come to the fore, is that the Department of Justice has been making clear, particularly last September, a few months ago, the Deputy Attorney General made it very clear that their number one priority is personal responsibility for misconduct.

What that means in practice is that they want to know who was responsible if there was misconduct in a company. The way that frequently works is an investigation will be done and if it’s not done very rigorously and there isn’t organizational justice, the conclusion may be, “Oh, it’s a few bad apples and we got rid of them. We’re done. Let us go. No fines, please.” The Department of Justice made it crystal clear that that’s not what they want to see in terms of resolving misconduct investigations in unfavorable terms. At the same time, the SEC, and by the way, these regulations affect a whole host of companies that are global because anybody that does business in the United States or uses the financial system can be subject to prosecution. If you’re traded on any of the exchanges, whether you’re French or English or Chinese, you’re subject to these laws. But at any rate, what the SEC said is they want to see clawback and also the Department of Justice said this.

If you are an executive who was involved in misconduct or turned a blind eye, you may not even have participated, but it happened on your watch, they want to see the company clawback some of your compensation and bonuses. That’s a big shift.

Carmen Cracknell: Yeah. We’ve obviously covered that story on our site and it seemed like a major piece of legislation, the clawback rules going forward. I think those are all my questions. Have I missed anything important that you’d like to add?

Susan Divers: No, I think you’ve done a really good job of picking. I love your questions. You really picked out the really interesting ones, I think, in what we’ve seen. I will mention that there’s also been, I don’t know if you’ve covered it, it’s just begun to get some attention, but there are some interesting developments in shareholder derivative lawsuits going on in Delaware where the focus was on the former chief HR officer of McDonald’s and a court decision just allowed shareholder derivative action to go forward on the basis that he had a duty of loyalty to the company.

So when red flags came up about sexual harassment, not doing something is not acceptable as a response. I think that’s going to be interesting in the next year or two to see where that goes.

Carmen Cracknell: Yeah, I did see that story. Interesting. Great. Well, thank you so much for speaking to me today and for your time. It’s been very interesting and hope to reconnect in the future.

Susan Divers: Thanks for having me. It’s been a pleasure.

Carmen Cracknell: Thank you very much.

Listen to the audio.

You may also like