Building a Best-in-Class Corporate Compliance Program

Building a Best-in-Class Corporate Compliance Program

An Interview with Daniel A. Rowley, General Counsel and Government Compliance, GE Home & Business Solutions

September 01, 2010

2009 was an unprecedented year in terms of the number of regulatory enforcement actions undertaken by government agencies such as the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) and 2010 looks to end as another banner year for enforcement actions. Between the increased focus of the Obama administration on foreign corruption and bribery and the fallout from the Madoff ponzi scheme and other frauds that were exposed as a result of the financial meltdown, corporate regulation is at an all-time high.

For example, more Foreign Corrupt Practices Act (“FCPA”) indictments were brought in the past year than over the previous seven years combined, and, as of mid-year, the DOJ had approximately 130 open investigations. Further, both the DOJ and the SEC continue to request additional funding to provide more personnel and more sophisticated training for its existing personnel.

In years past, most of the enforcement action has been focused on large multinational corporations; however, many recent indictments focused on relatively small corporations, including a small family-owned business with fewer than 10 employees. Aside from the change in focus on organization size, there has also been a change in enforcement and investigation strategies. Previously, the majority of regulatory enforcement was the result of information provided by whistleblowers or voluntary disclosures. Today, regulatory agencies are being much more aggressive in ferreting out alleged wrongdoers through undercover investigations and covert sting operations.

Given this trend in enforcement action, it is critical for corporations, large and small, to develop compliance and reporting programs that can help them prevent or quickly detect and resolve any potential regulatory violations. I recently had the privilege of speaking with Daniel A. Rowley, General Counsel for GE’s $9 billion Home and Business Solutions segment. GE Corporation (“GE”) has a reputation for excellence and is consistently ranked at or near the top of Fortune Magazine’s Most Admired Companies. Given the expected continued increase in corporate regulation and enforcement discussed above, Mr. Rowley agreed to share some insights into best practices utilized by GE to protect the global business giant from fraud, corruption, conflicts of interest, regulatory violations, etc.

Mr. Rowley is the General Counsel and Government Relations Leader of GE Home & Business Solutions. This $9B segment includes: GE Appliances & Lighting and GE Intelligent Platforms. He also serves as the lead lawyer for GE’s Information Technology organization and its company-wide software center of excellence. In addition, Mr. Rowley leads GE’s Commercial Practice Group.

He joined GE as Counsel at Transportation Systems in 1992. Since 1998, he has been the General Counsel of several GE businesses, including Aero Energy, Energy Products, Transportation Systems, Equipment Services, Plastics, and Enterprise Solutions. While at GE Energy, he led the Power Products Group and the Commercial Law Group. Mr. Rowley also led the government relations teams at Transportation Systems, Equipment Services, Plastics, and Enterprise Solutions.

Mr. Rowley graduated with a BA from Wittenberg University and a JD from the University of Virginia School of Law, where he was Executive Editor of the Law Review. He was also law clerk to Chief Judge Collins J. Seitz, U.S. Court of Appeals for the Third Circuit. Prior to joining GE, he practiced law in Washington, D.C. at Covington & Burling and as a partner at Nixon, Hargrave, Devans and Doyle. His D.C. practice included a variety of U.S. and international government relations and regulatory issues, including election law, lobbying, communications, and financial institutions. While there, he specialized in non-recourse financing and mergers and acquisitions.

Stout: How large of a legal staff is required to support your objectives for the Home & Business Solutions segment?

H&BS has 33 people in the Legal function across Appliances & Lighting and Intelligent Platforms.

Stout: What are your go-to/can’t live without resources for effectively leading the legal and government compliance initiatives of the Home and Business Solutions segment?

Everyone on the team is essential. Many wear multiple hats and we work well as a team on all projects. Not just the members of my team, but we partner with business teams and corporate resources to meet our objectives.

Stout: With business segments that span every corner of the globe and annual revenue in excess of $150 billion, failure to manage risk or enforce corporate compliance could be catastrophic for GE. GE appears to have been able to effectively manage these risks, for the most part, by: 1) setting a zero-tolerance tone at the top; and 2) developing an internal system for self-policing and investigation of potential compliance violations. Let’s start with setting a zero-tolerance tone at the top. Tell me more about GE’s “The Spirit & The Letter”. What is contained within “The Spirit & The Letter” and when and how was it developed?

For more than 125 years, GE has demonstrated an unwavering commitment to performance with integrity. At the same time we have expanded into new businesses and new regions and built a great record of sustained growth, we have built a worldwide reputation for lawful and ethical conduct.

Each of us must make the right decisions and take the right actions. At a time when many people are more cynical than ever about business, GE must seek to earn this high level of trust every day, employee by employee. This is why each GE employee makes a personal commitment to follow our Code of Conduct. This set of GE policies on key integrity issues guides us in upholding our ethical commitment. All GE employees must comply not only with the letter of these policies, but also their spirit. Leaders are responsible not only for the tone at the top, but also for creating a culture of compliance and operating in a manner consistent with our Spirit & Letter.

GE Code of Conduct

Obey the applicable laws and regulations governing our business conduct worldwide.
Be honest, fair and trustworthy in all your GE activities and relationships.
Avoid all conflicts of interest between work and personal affairs.
Foster an atmosphere in which fair employment practices extend to every member of the diverse GE community.
Strive to create a safe workplace and to protect the environment.
Through Leadership at all levels, sustain a culture where ethical conduct is recognized, valued, and exemplified by all employees.

Stout: How is “The Spirit & The Letter” incorporated into daily life at GE? How is it shared with new employees and how is it kept “top of mind” for those who are not new to the company?

Upon joining GE, all new employees receive a copy of GE’s Spirit & Letter handbook, which sets forth GE’s policies in a clear and easy-to-read format. The Spirit & The Letter has been translated into 31 languages so it is accessible to every employee every day, everywhere we do business. The handbook is complemented by a comprehensive, online compliance training course that provides an overview of our company’s policies and procedures and is mandatory for all new employees.

Thereafter, compliance is embedded into the company’s operating processes so that it becomes a natural part of how we work and what we do every day, not a bolt on. The company’s compliance rhythm is reinforced by a regular training cycle for existing employees and regular ongoing communications. This rhythm assures that GE’s employees are knowledgeable, aware, and committed to assuring a world class culture of integrity.

In addition to the annual knowledge, we have a regular training cycle for new and existing employees. The business leaders reinforce in their regular ongoing communications.

Stout: What role does your department play in responding to integrity concerns raised by employees, auditors, or other outside parties?

Integrity concern reporting and resolution is an essential part of the foundation of the company’s compliance program and culture. The legal operation’s role in open reporting is multi-dimensional. First, the concerns that arise from the Ombuds and other channels provide important information about potential risks in your operation. The legal operation is engaged in reviewing these risks as a means of early warning about potential issues. Second, the legal operation plays an important role in assuring that any and all investigations are carried out according to a consistent process and that the outcomes of investigations are systemically addressed. Finally, the legal operation – together with other functional leaders – participates in regular reviews of trending data
on whether employee reports are increasing or decreasing. This information provides valuable data about the health of your culture.

We have a clear no-retaliation policy stated in the “Spirit & Letter”. In addition, investigations are conducted with the greatest degree of confidentiality possible. And appropriate people in management are involved on a strict “need to know” basis in order to properly address and rectify any compliance breakdowns.

Stout: “The Spirit & The Letter” outlines the steps to GE’s Investigation process when an integrity concern is raised. Step One is Assigning an Investigation Team. How is an Investigation Team typically developed? Is it staffed with company insiders or do you look to external resources, such as outside counsel, or other subject matter experts (e.g., technical experts, forensic accountants, fraud examiners, etc.)?

It depends on the nature of the concern that has been raised. People are trained and we pull in the trained experts when necessary, but most are handled internally.

Stout: What are the most common instances where outside resources are utilized?

We handle the majority of our work internally. In certain instances where we can benefit from outside opinions and expertise, we do use outside counsel and other experts.

Stout: From the General Counsel’s perspective, how has “The Spirit & The Letter” impacted to work of your department?

It sets our clear expectations for all employees and leaders and assures that we have the same set of rules around the world, everywhere, everyone, and every day. The Spirit & Letter also establishes the non-negotiable expectations of employees to speak up when they have an integrity concern, and guidance on the many channels available for raising those concerns. As General Counsel, I rely upon the health of the open reporting system as our first and best line of defense for spotting potential issues.

Stout: One component of the “The Spirit & The Letter” is a discussion of the obligation of GE employees to raise integrity concerns regarding potential non-compliance with GE policy. In addition to the option of raising concerns with the Board of Directors or within the chain of authority in an employee’s business unit, GE has also implemented an Ombudsperson process that allows employees to voice integrity concerns anonymously. Tell me a little bit about the background and history of the Ombudsperson process.

It is our obligation under the Spirit & Letter to report any suspected non-compliance. We have a responsibility to the GE community including our company, our colleagues, and our stakeholders. At GE, we are committed to creating a culture of compliance in which employees feel free to raise compliance concerns.

Employees’ immediate supervisor or manager should always be available to discuss any concern. Alternatively, employees may contact either their manager’s manager or any senior manager as they deem appropriate. A new, online compliance training course provides managers with information and tools should a concern be raised to them. Employees are protected against retaliation for raising a concern. In some instances confidentiality cannot be guaranteed. For example, if law enforcement authorities must be involved or the employee is one of a limited number who are in a position to be aware of the concern. Concerns can always be raised anonymously with a local ombudsperson or the lead ombudsperson. GE’s Ombuds network has nearly 700 ombuds leaders around the globe who are trained to receive and document concerns.

Stout: How does your office/department interact with GE’s Corporate Ombudsperson? Does each business segment at GE have its own Ombudsperson department?

We work closely with them to assist in investigations. Every business has a global network of ombudspersons to complement and support the corporate resources.

Stout: In making the decision to implement the Ombudsperson program, I am sure GE spent a great deal of time evaluating the perceived cost/benefit of the program. The challenge to a cost/benefit analysis of such a program is that there appear to be many associated intangible benefits that are difficult to quantify. Based on the results of the program to date, do you believe the program is a sound investment decision?

It is absolutely a good investment. Effective compliance programs leverage the knowledge and observations of their employees, who are often in the best position to observe potential compliance issues at the earliest possible stage. We want to make it easy for them to raise concerns through whatever channel they most trust. Providing a healthy Ombuds network across the globe assures that there is always someone the employee can trust that is just a short walk or a phone call away.

Stout: What are the challenges to implementing and maintaining the effectiveness of such a program?

You must select people employees will feel comfortable going to. You must also train those involved for intake, analysis, and feedback. Communication throughout the process is key to all stakeholders. Employees need feedback and data on how the open reporting process is working in order to trust that the system is effective. GE reports statistics about its Ombuds program through its annual Citizenship Report as well as through employee meetings and other fora.

Stout: What suggestions could you offer to organizations that do not have the significant financial and personnel resources of GE yet want to implement a system that will provide employees with an effective avenue for voicing integrity concerns?

Generally these are not full time jobs. You can also use the web and e-mail as effective ways for people to submit things with anonymity. The personal component is a great avenue for people outside of their normal business. The program is key to having leaders who reinforce and create an environment that is open and encouraging. It is also critical to remember that in the vast majority of cases, employees will go first to their managers with a concern. Training managers on how to recognize a concern, how to respond to the employee and where to escalate those issues does not have to be expensive and can be a very effective means of assuring that you are hearing about the integrity concerns of your employees.

Stout: In addition to simply implementing the Ombudsperson program, GE took the process a step further by benchmarking and publicly reporting key metrics from year to year on its website. How important do you believe the public reporting of these governance metrics is to the success of GE’s integrity program as a whole, and the Ombudsperson program, more specifically.

It’s important to demonstrate to our stakeholders the standards that we are holding ourselves to.

Stout: What are the biggest challenges you see on the horizon for your office within the Home and Business Solutions segment? What opportunities are you excited about?

With every business of this size there are opportunities and challenges. We’re excited about driving growth, and I am lucky enough to be a part of that process.

Conclusion

Ensuring regulatory compliance should be a priority of all corporations, large and small. As Mr. Rowley indicated, although GE certainly has vast resources to support its corporate compliance programs, there are many low cost strategies companies can implement regardless of size or available resources, such as educating and training employees as to what are/are not acceptable behaviors and activities, and training management how to respond to any integrity concerns that are raised.

Finally, just as important as training and education to prevent compliance violations, companies must also be prepared to respond in the event they are the subject of some type of enforcement action. Even the best developed programs will not eliminate all possibility of violations, as evidenced by the 2009 SEC investigation at GE’s Capital segment. However, having an effective compliance and response program in place can often go a long way toward quickly resolving any enforcement action and limiting potential fines or criminal charges.