In February 2009, Captain Chesley “Sully” Sullenberger made a heroic landing of US Airways Flight 1549 in the Hudson River, saving all on board, after the complete failure of both engines over New York City. A few weeks later, in an address before the Committee on Transportation and Infrastructure of the U.S. House of Representatives, he made the following statement: “We know that we must always be prepared. We must always anticipate. We must always be vigilant. Expecting the unexpected and having an effective plan for dealing with it must be in the very makeup of every professional airline pilot.” [i] [ii]
While he was referring to his experience as a pilot, I believe we can draw parallels from his statements to the operation of an organization as it relates to compliance and business ethics: We know that we must always be prepared for corruption. We must always anticipate where we are most at risk for corruption to affect our business dealings. We must always be vigilant combating corruption and unethical actions. Expecting the unexpected and having an effective plan for dealing with it must be in the very makeup of every professional working for the organization.
The recent release of the movie “Sully” about that day in January of 2009 is a great example of how preparation, planning and execution make a big difference, not just in the cockpit of an airplane, but also, for risk preparation and systems in all organizations.
The compliance and risk areas of business have become moving targets. Similar to the condition an airplane faces when it takes off, the risk of doing business – particularly in a global economy – is increasingly complex and ever-changing. In flying, there are many unknown threats that cannot be accurately forecasted on the ground before takeoff. Similarly, for any organization, there are many uncertainties and unknown risks that can affect its ability to remain competitive while still operating in an ethical manner. At the same time, there are looming regulatory pressures in both industries threatening to change the course of business-as-usual at any time. Despite their many challenges, airlines have achieved quite extraordinary records for successful and safe operation, in part because they have established many layers of safety procedures and related checks — and strictly enforced the completion of these checks before, during and after flights. Businesses should consider following suit and put in place strategies, policies and procedures related to governance, risk management and regulatory compliance with a similar commitment to their enforcement. The strategy must refine best-practice solutions to improve performance, manage risk and streamline regulatory compliance and operational readiness. As in any journey, the people, mechanisms and leadership need to be ever vigilant in their pursuit of preparing for, predicting and eliminating risk.
Compliance implementation goes way beyond one person, one department or – in the case of flight 1549 – one airplane. It transcends the entire organization and the people it touches.
Setting up the risk mitigation systems and checks may be difficult, but it is necessary in order to facilitate a culture that minimizes risk and maintains compliance as well as preserving the business and its reputation for the life of the organization. Every penny we keep from going into fraudulent channels or being lost to criminals and/or incompetence is a penny that goes toward making the company and the lives of those associated with it better. The implementation of these policies and procedures protect everyone by putting controls in place that are consistent for all parties involved.
We do not have compliance programs for the company to make money; instead, we have those programs in place to keep the money the company makes and to be sure it continues to do so for the foreseeable future. In addition to monetary motives, there have also shown to be supplemental benefits to operating as a compliant or, rather, an ethical company. This is a lot like that of an auxiliary power unit (APU) on a large aircraft. The APU provides energy for functions other than propulsion. Compliance is an added benefit for the company, but its real value comes when there is a failure somewhere in the mechanics of the overall organization. It provides the leaders (or pilots) with extra assistance in righting the ship to keep the business functioning in times of crisis.
In our experience, effective compliance programs — ones that will also have the necessary agility and flexibility to respond to unforeseen risks —are characterized by the following elements:
“Expecting the unexpected and having an effective plan for dealing with it must be in the very makeup of every professional working for the organization.” [iii]
Having an effective compliance program can parallel many of the items that were essential to keeping Flight 1549 passengers alive. While there were negative impacts to the airline, there was no loss of life and the impact was minimized, not only by the great decisions made by the pilot, but also by the access to the APU in conjunction with the risk mitigation systems and checks that were in place before the incident. Companies can learn a lot from the structure that was in place to make all of this possible.
Leadership, or “tone from the top” is the single most important piece of the workflow. There needs to be a clear, concise and consistent message from leaders within the organization that the company is committed to doing the right thing in its business dealings. This commitment should be backed up by a proper investment of time, attention and resources in the tools that will facilitate compliance. Furthermore, leaders should clearly communicate that there will be consequences and repercussions for management, employees and third parties whose actions result in violations of the company’s code of conduct and/or in violation of government regulations against bribery and corruption.
One of the added benefits to strong leadership is the confidence it engenders in both employees and clients. Indeed, in Kroll’s 2016 Anti-Bribery and Corruption Report, respondents to our survey who reported high levels of engagement by their leadership and board members were significantly more likely to express confidence in their ability to detect misconduct as well as their satisfaction with the resources allocated to their efforts. [iv]
Leadership is driven by integrity; it can take years to build, but only moments to destroy, so it is vital to choose leaders well and be sure they are committed to “walking the walk” when it comes to doing the right things, and not just giving them lip service. If leadership is not clear on their stance against bribery and corruption, then uncertainty or a certain laxness can set in, the result being that employees, customers and vendors can start “abandoning ship” and disregarding crucial protocols or standards.
We must always be prepared for corruption.
Just as training assists pilots, crew and mechanics in accomplishing safe flights, so too can training enable a company’s staff to handle challenges related to compliance matters. Effective and consistent training programs should be deployed in such a way that everyone knows what to do when confronted with a potential ethical dilemma. For those times when lapses may occur (or are thought to have occurred), providing individuals with a safe means of reporting can be invaluable for ensuring that concerns are appropriately escalated and investigated accordingly. On Flight 1594, everyone had been trained, at least once, because no flight leaves the ground without the crew going over the pre-flight safety demonstration. Frequent and reinforced training works, as it did in the case of Flight 1594! It also works the same when addressing corruption concerns with employees of any organization. Employees and third parties need culturally and situationally meaningful training that is reinforced, much like the in-flight safety instruction, through some sort of measurable metrics such as an online quiz or in-person training. Kroll’s annual Global Fraud Reports have consistently found employees (current and former) to be not only the most common perpetrators of fraud and corruption, but also the ones who are close enough to witness and report bad behavior that might otherwise go undetected by management. Make sure they know how to respond.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
John W. Fanning is a Business Development Director in Kroll’s Compliance practice, based in the Houston area. John works to broaden Kroll’s presence in the South Central United States and Latin America, as well as to advise Kroll’s North American customers. In addition to his focus on client service, he is a subject matter expert in the compliance space. John works with multinational companies, providing best practices for anti-corruption/FCPA programs. He helps to develop effective strategies for using due diligence and technology for effective third-party risk mitigation through compliance solutions, AML, anti-corruption and FCPA disciplines.
John has held various roles in the governance, risk and compliance, information and legal industries for over 20 years. Prior to joining Kroll, John worked for both LexisNexis and Thomson Reuters. He has successfully helped Fortune 500 corporations, large law firms, government agencies and law enforcement professionals design, build, maintain and enhance their legal, due diligence and compliance information, work flows and internal processes. John leverages Kroll’s technology, his experience and the knowledgeable professionals and experts at Kroll to build comprehensive compliance solutions that help protect the reputation of clients.