As almost everyone in America knows, Lance Armstrong spoke for the first time about his performance enhancing drug use in a two part television event last week on Oprah. On the first night he admitted for the first time that he used performance enhancing drugs during his seven wins at the Tour De France. The title of my colleague Doug Cornelius’ piece in Compliance Building really said it all in his article “Lance Armstrong – A Lying Liar Just Like Madoff”. Cornelius said “What caught my attention about the Armstrong interview was the window into the mind of a pathological liar. Armstrong had been telling the lie over and over and over. He lied to the public. He lied to the press. He lied to cancer survivors. He lied under oath.”
Commentators have already begun to deconstruct the interview and I will cite to several of them in this article. But I want to focus on three points which the compliance practitioner can glean from Armstrong’s career and interview and how that information can be used to create a more robust ethics and anti-corruption compliance program.
I. Tone At the Top
It all starts with the top of any organization. In his interview Armstrong admitted that he was the head of the teams that he rode on for each of his seven Tour De France wins. It was he that set the ‘Tone-at-the-Top’ and what that meant was that he set the tone for the use of performance enhancing drugs. But Armstrong waffled on by saying that “everyone else was doing it” and that he really didn’t gain an advantage as it only “leveled the playing field” between himself and the other riders. All of this is like any business which puts success not only as the Number One goal but the only goal.
In an article in the online publication Slate, entitled “How Lance Armstrong Is Like Lehman Bros.”, Daniel Coyle looked at the fall of both Armstrong and Lehman Brothers. Coyle found that in the case of both Armstrong and Lehman Brothers “a culture of excess and risk led to record-breaking performances, and then to catastrophe. In both cases, the behavior in question was driven by a distinct set of social forces, including a win-at-all-costs culture, lack of regulation, and the credulousness of journalists and the public.” Further, the sport of cycling is like “a trading floor: small, tightly knit teams competing daily, with great intensity and effort, for marginal rewards. A single percentage point can make the difference between winning and losing.”
a. The Difference Between Winning and Losing
While in cycling there are only 3 places on the podium, Lehman Brothers seemed to misunderstand that in the business world, there can be multiple winners. I have heard both Preet Bharara, the US Attorney for the Southern District of New York, and Stephen Cohen, Associate Director, Division of Enforcement of the Securities and Exchange Commission (SEC), both say essentially the same thing, and that is that there is plenty of business out there for companies to secure without engaging in bribery and corruption. Bharara went even further and said that those companies which move away from the sweet spot of doing business in an ethical manner to the edges of a system which tempt violations of the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act are more likely to draw regulatory scrutiny. But perhaps the best example I have heard was during an interview I did of a company employee who told me that there was simply “too much money to be made in the middle of the road” without engaging in the high risk conduct which might require him to violate the FCPA.
b. The Chances of Getting Caught
As noted by Coyle, most cyclists who cheated “did so largely without fear of being caught. During the Armstrong era, cyclists regarded drug testers with the same nod-and-wink aloofness with which Wall Street firms regarded the SEC.” That statement is why companies must maintain vigilance in their FCPA or Bribery Act compliance programs. Indeed, both the US Department of Justice’s (DOJ) minimum best practices compliance program and the UK Ministry of Justice’s Six Principles of an Adequate Procedures compliance program point towards not only internal controls but also internal audit as key components of your compliance program. Whether you view it in the McNulty Maxims of “What did you do to prevent it?” and “What did you do to protect it?” or in the Ronald Reagan formulation of “Trust, but verify”; your compliance program must do more than just have policies and procedures in place, it must also have clear controls.
I recognize that in cycling you can play the system to try and beat the tests, which Armstrong did. You can even try and bribe or schmooze your way out of a positive test; you can even have a friendly doctor who back-dates documents for you to show that you had a prescription for that banned and illegal substance. However, with rigorous internal audit, coupled by skeptical external auditors and use of continuous monitoring tools, companies should be better placed to detect indicia of bribery and corruption.
c. It is the government’s enforcement that backs up the fight against bribery and corruption
Coyle ended his piece by stating that “The Armstrong era happened because doping worked so powerfully and lucratively that no one—not riders, not cycling’s governing body, not the media—was willing to stop it. It was a time of hollow magic.” This ‘hollow magic’ did not end until “the federal government and USADA began their respective investigations, did the truth begin to emerge.” Lance Armstrong yelled from the highest mountain, the question is how, even with a system biased and stacked against him, did he never fail a drug test?
This last sentiment seems to me to be nearly the same thing that many commentators are saying about the FCPA; that it needs to be lessened or softened so that US companies “can be competitive”. As Coyle noted, “Many of us instinctively presume that cheating creates a level playing field. In fact, it does precisely the reverse. Widespread cheating rewards the few who have the best information, the most money, and the highest risk tolerance.” The US led the way with the passage of the FCPA back in 1977 and has continued to lead the way since that time, both through the OECD and through leading international enforcement efforts. Does all of this make business better? For my money it does, but I leave it to my colleague Dick Cassin who phrased it in the following manner “Is there less bribery and corruption – I don’t know but I know that there is more compliance.”
II. Compliance Training
I have heard and read Alexandra Wrage speak about compliance training. One of the things that struck me the most was that she has said that there is 5% of your employee base that your training cannot reach because they have no interest in doing business ethically. Perhaps Armstrong is like one of those 5%., if so, the key is to weed out such employees in the hiring process.
Nevertheless ethics and compliance training is still important. Indeed “Conducting effective training programs” is listed in the 2005 US Federal Sentencing Guidelines (USFSG) as one of the factors the DOJ will take into account when a company, accused of an FCPA violation, is being evaluated for a sentence reduction. The USFSG states:
“(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.”
Wrage wrote in Ethisphere Magazine that she believes there are two general approaches to ethics and compliance training. The first approach focuses on knowledge of the rules “as clear and sharp as barbed wire” so that the cowboys in the company will not run wild. This is the approach most US in-house lawyers feel is required for their company’s operations and sales teams and is generally designed to help avoid criminal liability.
The second approach focuses training on ethical values and is more prevalent in Europe where ethics and compliance are more designed to communicate a company’s underlying corporate values in its operations. This approach anticipates that most employees are decent and law-abiding and will not knowingly engage in bribery and corruption. Additionally, you can never create enough rules to govern every situation and train each employee on every rule so a company must hire trustworthy people and give them sufficient information to make the correct ethical and compliant decision. Ms. Wrage characterizes the two different approaches as “ethics” vs. “values”.
Both approaches have merit but both can catastrophically fail without the other components of an effective compliance program. For instance, having a “Gold Standard” Code of Compliance and Ethics alone is not enough. Although it was not brought down by a FCPA violation, the Enron Code of Ethics was viewed (at least at one time) as one of the strongest in the energy industry. And not to focus on US companies only, Siemens had one of the most robust Codes of Ethics for a European company before its multi-billion dollar or euro, take your pick, fine and profit disgorgement. So the training on both of these company’s “Gold Standard” codes of ethics did not turn out to be too helpful. But, as pointed out by Kerri Grosslight, in her article “Minimize Risk by Maximizing Accountability” in Security Leadership, training is one of the key components. So if the cycling team is unethical at the top, like every team Armstrong rode on was, training will probably not be any more effective than it was at Enron or Siemens.
So what should a company’s training focus on to be effective? It appears that effective ethics and compliance training should emphasize on both approaches. Americans are long taught what the rules are in whatever life they choose. They expect to be told what the rules will be so that they know where the line is drawn and that they should not step over it. Probably the single comment I have heard the most when putting on ethics and compliance training in the US is “Just tell me what I can and can’t do”. However, really effective training requires that employees be able to apply the rules to the incredibly wide and ever-changing situations that confront them in the real world. This is where communicating a company’s values are important.
I think that the third ethics and compliance lesson to be drawn from the Armstrong interview is in the area of whistleblowers. Armstrong admitted that he was a ‘bully’ to those who said, hinted or even implied that he had taken performance enhancing drugs. He attacked ex-teammates; wives of ex-teammates and even a masseur who saw him take such substances. He put on an aggressive PR campaign for the better part of the past decade, to which the wife of ex-Tour De France winner Greg LeMond said “I can’t describe to you the level of fear that he brings to a family.”
While I would hope that most American and European companies have moved past the situation where whistleblowers are ostracized or worse threatened, one can certainly remember the GlaxoSmithKline (GSK) whistleblower Cheryl Eckard. A 2010 an article in the Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.”
More recently there was the example of NCR Corp., as reported in the Wall Street Journal (WSJ) by Christopher M. Matthews and Samuel Rubenfeld, in an article entitled “NCR Investigates Alleged FCPA Violations”, who stated that NCR spokesperson Lou Casale said “While NCR has certain concerns about the veracity and accuracy of the allegations, NCR takes allegations of this sort very seriously and promptly began an internal investigation that is ongoing,” about a whistleblowers claims of FCPA violations. In a later WSJ article by Matthews, entitled “NCR Discloses SEC Subpoena Related to Whistleblower”, he reported that NCR also said “NCR has certain concerns about the motivation of the purported whistleblower and the accuracy of the allegations it received, some of which appear to be untrue.”
Lastly, is the situation of two whistleblowers from the British company EADS. As reported by Carola Hoyos in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, Hoyos told the story of two men who notified company officials of allegations of bribery and corruption at the company and suffered for their actions. The first, Mike Paterson, the then financial controller for an EADS subsidiary GPT, internally reported “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Paterson was so marginalized in his job that he was basically twiddling his thumbs all day at work.
The second whistleblower was Ian Foxley, a retired British lieutenant-colonel, who had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. In December 2010, Foxley discovered some of the concerns which Mike Paterson had raised. According to Hoyos, “The morning after he discovered Mr. Paterson’s concerns he assessed the emails that Mr. Paterson had told him he had written over the previous three years.” This led to Foxley to flee Saudi Arabia with documents of these suspicious payments, which he has turned over to the Institute of Chartered Accountants and the UK Serious Fraud Office (SFO).
What does the response of any of these three companies say about the way that it treats whistleblowers? Is it significantly different from the bullying Armstrong admitted he engaged in during his campaign to stop anyone who claimed that he was doping? While I doubt that companies will ever come to embrace whistleblowers, the DOJ’s recent FCPA Guidance stated that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” However, by marginalizing, attacking or even making a whistleblower fear for their life, such actions can drive a whistleblower to go the DOJ, SEC or SFO. The Guidance recognized that “Assistance and information from a whistleblower who knows of possible securities law violations can be among the most powerful weapons in the law enforcement arsenal.”
So what is the compliance professional to make of the Armstrong confession and how can it be used for a compliance program? At the most basic level, it’s don’t lie; don’t cheat; always do the right thing and you won’t get into trouble. But more than those basic concepts, the Armstrong experience can be a useful tool for the compliance practitioner in educating others about these concepts and to provide a solid benchmark from which you can review your company’s compliance regime.