Listen to the podcast here.
Also! If you’re coming to the Chicago Compliance and Ethics Institute in October, I’m tackling this topic with four huge compliance leaders at a special 90-minute session. Join me!
Here’s the conversation 👇
Adam Turteltaub: Welcome to the Compliance Perspectives podcast. I’m Adam Turteltaub from the Society of Corporate Compliance and Ethics and Healthcare Compliance Association. Joining us today from about 60 miles away from me in Irvine, California is Kristy Grant-Hart.
Kristy is CEO of Spark Compliance Consulting, and she’ll be talking at the 2023 Compliance and Ethics Institute on the tug of war between globalization and localization when it comes to compliance programs, and that’s what we’re going to be talking about today.
The Code and the Values
Adam Turteltaub: Kristy, thanks for joining us for the conference. Thanks for joining here. And let me begin by asking and really addressing this sort of constant tug-of-war between these elements of what should be universal and what should be local. Let’s start at the foundational level for the compliance and ethics program, the company’s values, and Code of Conduct. Should it be one for everyone or is there room to adapt to local conditions?
Kristy Grant-Hart: Hi, Adam. First of all, thank you so much for having me. It is an absolute delight to be back. To answer this question, yes – mostly. The values should be the same for everyone. These are usually based on universal ideas. If you look at the way that values are framed, you usually get words like integrity or customer focus, innovation, and inclusion. There really shouldn’t be different values anywhere.
Your Code, to the extent possible, absolutely should be the same globally. Usually, this document is principles-based, so that tends to be fine.
Personally, I have had issues with works councils or unions if there is language relating to things like:
➡️ Mandatory training
➡️ Nepotism issues
➡️ Hiring of friends and family
➡️ Who can speak to the media
➡️ What kind of social media representations can be made.
Generally speaking, as much as you possibly can, your Code should be the same everywhere.
Where to Stay Global
Adam Turteltaub: So, beyond the Code, looking at other aspects of a compliance and ethics program, are there other parts that absolutely should remain constant?
Kristy Grant-Hart: I think that your letters and communications from your CEO and your executive leadership should be the same. If you need to, you can translate them, or you can use subtitles in videos. Those messages should be absolutely consistent because there shouldn’t be variations in that tone from the top, especially from that CEO.
The other things that should be consistent I think include reporting categories and investigations data. A lot of systems have categories that you can use and choose, or that your whistleblowers can choose when they are making reports. And if you don’t have the same categories everywhere, then you’re not going to be able to spot trends in investigations.
Similarly, if you’ve got root cause analysis, the process for reporting root cause analyses should be the same. You don’t want different categories, or different types of processes for that. You really need to be able to aggregate that data and that means consistency.
Another place may be risk assessment methodology. When you are looking at your risk assessments, particularly specific to say, bribery or trade sanctions, or if it’s part of the compliance risk assessment that feeds up into your enterprise risk assessment, you really need the same assessment so you can make those comparisons successfully.
The last one I would say is my own personal pet peeve, which is a ban on facilitation payments. I don’t care where you are in the world- it’s a bad idea, it’s illegal in most places – so let’s ban that because it’s just stupid to try to make that exception.
Where to Localize
Adam Turteltaub: Well, most of the white-collar bar will agree with you, so you’re not alone on that one. So, we’ve talked about places where there needs to be consistency. What are some places where aspects of the program may be localized safely?
Kristy Grant-Hart: I think the place we see it most often is in gifts and hospitality amounts. Obviously, you have places where 125 GBP (British pounds) would be a huge amount of money to take someone out, and I think that that needs to be seen in a reasonableness light.
Now, there is obviously a debate about whether we should use a reasonableness standard and give examples of that, or if we should use a specific amount (in our policies). If you’re using examples, reasonableness should be pretty well-defined so you don’t end up with arguments in an investigation.
Others (places to localize) are industry or country specific. Spark Compliance works with a lot of pharma clients and there are some places where government officials can’t accept anything or there is a very strict limit on lunch and learns, what you’re allowed to bring, and things like that. These rules may be very different in other parts of the world, both from societal norms and regulatory requirements.
I think as compliance professionals, we sometimes get so hung up on the idea that everything is a bribe if it’s not exactly what the policy specifically says. But I think that business can be done according to societal norms that don’t cross ethical lines, and we need to be really conscious of that. Of course, we don’t want anything that can be perceived as a bribe, but we also want to be reasonable in how we look at it too.
When it comes to other things outside of gifts and hospitality, there are frequently local variations in employment law. This is especially true if we’re dealing with non-discrimination. And I really find that a lot of compliance officers aren’t comfortable and don’t know what to do with this, for good reason. There are certain parts of the world where a certain percentage or number of ethnic minorities or indigenous people need to be hired by law, and anti-discrimination policies are, frankly, really difficult there if allowed at all. So that’s something we need to be aware of.
Another area is nepotism and conflicts relating to hiring. Frequently you have hiring of family members or supporting their businesses as the norm, especially in extremely small places. Even in America where you have one factory in one town, you frequently get that huge amount of nepotism and trying to get your friends and family hired. And it can be managed with complex disclosures, but there may be complexities and sensitivity.
And the last example I’ll give is alcohol use. I lived in London for nine years. I worked in-house and as a consultant all over Europe. Company-sponsored canteens that have beer or wine in them are really very commonplace. Absolute bans on alcohol when the company’s actually providing it as a lunch option are very bizarre. And I think that we need to be conscious that some of this localization makes sense from a societal perspective.
Adam Turteltaub: It is often these small things and it’s often things that are difficult to get a read on. I was just traveling internationally. I told the person I was meeting for lunch, I’ve warned them, we have a no-gifts policy. I’d be paying for my own. The person said, great, and said they’ll pick a reasonably priced restaurant, but that was still $65 a person for lunch, and that was the definition of their reasonable. So, in terms of localization, how much would be too much?
Kristy Grant-Hart: I think you want to avoid confusion whenever possible. So that’s what we are really trying to do when we’re advising our clients, we always err toward having one standard or policy where it makes sense to do so. Because if you’re creating confusion, you really should stop.
I was doing an internal investigation when I was an outside counsel at one of the big law firms, and that company had local policies all over the place, but they didn’t have good version control and they didn’t have date stamps. And so, what you ended up with was people who would produce 10 different PDFs within Singapore and they’re all different. Good grief, that was a mess!
So, if you’re going to have localization, you need to have really strong controls so that you can find whatever is applicable at the time.
You have to have a pretty high bar for localization. There needs to be a really, really good cause, – legally based or blatantly obvious – or problems could occur. And if you’re going down that localization route, I think it’s critical that the policies are:
➡️ Easy to find
➡️ That they’re kept up to date
➡️ That there’s version control
➡️ That they’re trained on
➡️ Communicated about
➡️ That they’re very clear.
You need to make sure that the folks are able to distinguish where the global policies are and where the local policies are to avoid that problematic issue. And very importantly, there needs to be follow-up so that if you end up with a root cause analysis that says people couldn’t find and don’t understand the policies, you can respond to that.
Prosecutorial and Business Challenges
Adam Turteltaub: Now, there’s always going to be a risk that someone, whether an employee or a prosecutor may say, why is it okay to do X in one country but not okay to do it in another? How should the compliance team respond?
Kristy Grant-Hart: Well, typically the easiest way to make that not be a problem is to follow the strictest law. In response to GDPR or banning facilitation payments, many of our clients simply say, we’re going to go with the strictest reading of this, therefore we don’t have to have different website settings everywhere. We don’t have to have different subject access request processes. We’re just going to do this thing everywhere. So that’s the easy way to do it.
If you’re going to have this sort of prosecutorial or legal angle, ultimately every prosecutor that I’m aware of is a lawyer, the government is prosecuting you. So, if you’ve got a legal argument about why something is legal in one country and not another and, (and this is important and), the laws aren’t extraterritorial like the FCPA, where if you’re subject to it, then if the conduct happens anywhere in the world, it’s still a problem. If you actually have a local law that is local, your legal counsel should be able to make the argument successfully that wherever we have legality, it is legal, where it isn’t, it isn’t legal. So, I would take that legal angle if I were dealing with a prosecutor.
Dealing with executives is different. If you’re dealing with executives on something like this and there is a concern that a prosecutor would be unhappy, I would go back to the company’s value in its code.
If there is a concern about localization, if something is technically legal, but the localization effort will cause a conflict with the values, then the values should win every time. This is square in compliance’s wheelhouse to say, no, we’re going to do the right thing, and that’s what we’re here for.
Local Custom Challenges
Adam Turteltaub: So, one last question as we’re talking. A lot of times a policy that seems totally fine is fine in most places, in a given region, would cause an issue. Whether it’s against local custom or something else dramatic that you couldn’t necessarily foresee. How do you find out from people honestly, when that’s the case and avoid the person who’s just saying, oh, you can’t do that here because it’s inconvenient or they just don’t feel like it?
Kristy Grant-Hart: I think that this is where your network within the company is so critical. If you are lucky enough to have a Compliance Champions or Ambassadors program, especially one that really works, this is definitely where you want to socialize policies before you put them out.
When I was a Chief Compliance Officer, I had allies in every region based on people who were friendly to compliance, and who were believers in compliance. Any major initiative that was going to come out – I tried to run by them first because where you have trusted allies, you can really understand what’s going on.
If you don’t have one yet, you can ask folks like your HR people who they trust in the different regions, or you can ask the HR folks themselves. And of course, there’s your legal counsel who, if they’re regional, will know the law better or at least point you to someone who does so that you can have some backup within a local area. You can try to find out what will work on the ground and make sure that you are suggesting things that are going to work and that are reasonable. Because when compliance seems reasonable, you are much more likely to have adoption of whatever it’s you’re trying to roll out at a local level.
Adam Turteltaub: Making it work on the local level is going to be key in a big global company. Well, Kristy, thank you so much for sharing these insights with us today and at the 2023 Compliance and Ethics Institute. I want to thank all of you for taking the time to listen. I’m Adam Turteltaub from SCCE and HCCA. I hope we’re able to expand your compliance perspective.