Holistic Approach Key to Building Global Compliance Program

By Pamela Babcock Mar 18, 2013
LIKE SAVE PRINT
Reuse Permissions

NEW YORK—Organizations can face myriad challenges building a global compliance program, but a broad-based approach that includes a global risk assessment, buy-in from management and business units, cross-functional teams, and cultural competency is key, speakers said recently.

“It’s really about having a holistic idea of business ethics and ethical culture,” said Joseph M. Azam, an attorney and global compliance and ethics counsel at Oracle Corp. He spoke at the Global Ethics Summit, presented by the Ethisphere Institute and Thomson Reuters on March 6, 2013.

During the session, leaders from Oracle and Avis Budget Group (Avis) discussed key elements of their global compliance programs, the on-the-ground role that the HR and finance departments can play—particularly in emerging markets—and what they’ve learned putting their programs together.

A Closer Look at Oracle’s Program

Azam’s department does global internal investigations into alleged fraud, embezzlement, bribery, corruption and conflicts of interest. It’s no small task: the $40 billion Redwood Shores, Calif.-based software and hardware firm has more than 120,000 employees in more than 100 markets worldwide, he said.

He said that his department “owns” the code of conduct, the anti-corruption policy, and the anti-boycott policy, along with policy development, training, and business and commercial counseling around the company’s agreements and ethical business practices.

Oracle has four headquarters-based attorneys who manage the compliance and ethics program globally, but a team of about two dozen employees globally support the program as its “feet on the ground,” Azam said.

Mary E. Doyle, the company’s vice president of legal and chief compliance and ethics officer, reports to the general counsel, with a dotted line to the company’s finance and audit committee. There are three line attorneys who report to her, including Azam, and who have regional responsibility for investigations and commercial work.

A designated regional ethics and compliance employee works in each region. The company also has skilled investigators for enforcement issues, works closely with audit staff, and has a dedicated staff member in charge of ethics and compliance communications and training on topics such as the Foreign Corrupt Practices Act and the U.K. Bribery Act.

Azam said it’s important to have someone who understands the psychology and methodology behind ethics and compliance training, as well as how to develop training materials.

What Avis Is Doing

Parsippany, N.J.-based Avis has $17.4 billion in annual revenue, about 28,000 employees, and now does business in 10,000 locations in 175 countries, according to Bob Muhs, vice president of government affairs, corporate compliance and business ethics for Avis.

Muhs said he’s “the day-to-day operational person” behind the program. For years, the program lacked a formalized structure, he explained, but lawyers, operations and finance staff “would sit on a regular basis and go through what we saw and we’d fix the problems.”

Muhs’ staff includes three others who do compliance work, but he also relies on regional counsel; program staff; and the company’s privacy officer, risk manager and cybersecurity head to be part of the core team.

While staff is important to running a global program, Muhs said the goal is not necessarily to add headcount, but to use staff “efficiently and effectively” and to get buy-in so they become “ambassadors of what you’re trying to promote.”

Avis holds weeklong risk-assessment meetings with a cross-section of employees—from rental agents to controllers—representing various countries. Those employees then return to their countries as ambassadors and are recognized by country management for the work they’re doing, in addition to their day job, to help the company act in an “ethical and honest fashion,” Muhs said.

How to Set Up a Global Compliance Program

Companies looking to set up a global compliance program, speakers said, might want to consider the following:

Do a risk assessment and make it an ongoing process. Develop a “heat map” that shows where company risk is.

Get buy-in from leadership. Having had a conversation with an executive about something noncontroversial eases the way when Azam’s department has to ask questions about a global acquisition, slow down a transaction or deny a partner. His team works to get buy-in beyond leadership at headquarters and from senior regional leadership in the business.

“Cultures differ, languages differ, but revenue is revenue,” Azam noted.

Get partners in the program, including HR and finance. Azam said a challenge in emerging markets is that big companies try to find the most “efficient and inexpensive way to manage their business in places where they don’t have a huge investment yet.”

Oracle is moving away from the “hub and spokes model” where someone in Dubai, for example, is trying to figure out what’s going on in Nairobi, he said.

“We’re trying to make sure we have people from HR, finance and, ideally, legal who are near the offices where we want to be able to pay closer attention and those people are our partners at every level. Having those people within those markets and visiting those markets is really critical for us,” he said.

Be culturally competent. Companies can either ignore or engage with the realities of doing business around the world. Azam said he thinks that a lot of companies, “through arm’s-length training, tend to ignore them.” Go to local markets and talk to employees, management and partners. Listen to what they have to say.

For example, Oracle attorneys make sure they are aware of acknowledged local law, and the tolerance for corruption and ethical decision-making.

“We want to talk about that in a way that shows we studied up on where they are coming from,” Azam said. “And then we want to let them know where they need to be.”

Make sure people know where to seek answers. If you don’t know the answer to an ethics or compliance question, don’t guess. Someone at your company should be able to answer the question, Muhs said. Be sure employees know where to get that answer.

Pamela Babcock is a freelance writer based in the New York City area.

Quick Links:

SHRM Online Global HR page

Keep up with the latest Global HR news.

LIKE SAVE PRINT
Reuse Permissions

SHRM CONNECT

Join SHRM's exclusive peer-to-peer social network

Join Today

Job Finder

Find an HR Job Near You

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect