DOJ’s Andrew Weissmann and Hui Chen Talk Corporate Compliance in Exclusive Interview

By Laura Jacobus posted Feb 01,2016 09:58

  

Q&A
with
Hui Chen, DOJ Compliance Expert
and
Andrew Weissmann, Chief of DOJ’s Criminal Division Fraud Section

Laura Jacobus (LJ): Andrew and Hui, I so appreciate you both taking time out of your busy schedules to talk with me about Hui’s new role and your views on the ever changing landscape of compliance.

I know a number of people who believe that running a compliance team is the hardest job in a company. Clearly, compliance is not for the faint of heart. Beyond the fact that compliance is a new area that many have had to learn on the job, compliance professionals sometimes need to justify resources given the lack of evident positive impact to a company's bottom line. And that’s in addition to the long hours and often thankless work. The issue that they may be held responsible for the inaction of others seems to add insult to injury.

What are your thoughts about the challenges in the role of the compliance professional?

Hui Chen (HC): As a Justice Department (DOJ) expert consultant on compliance, I am aware that being in compliance is not for the faint of heart. You have to have backbone and good judgment and excellent people skills. As you have pointed out, compliance is not a profit center; it is a cost center, and it may be perceived as a cost center that ties the hands of profit centers. Starting from this somewhat disadvantaged position, compliance has to find ways to win and maintain the trust, respect, and cooperation from the rest of the company, and to do so without compromising its obligations or integrity.

Compliance is also challenging because it does not work as an isolated function, but rather relies on other functions to implement controls. The controls must be embedded in almost every aspect of a company’s operations that are not owned by compliance. For example, compliance can identify issues in a company’s financial controls, human resource (HR) processes, or sales strategy, but compliance does not have ownership of these functions and processes. In this example, without the commitment of finance, HR, or sales leadership, these issues cannot be remediated.

You also pointed out that compliance is a new area. Not only is it new, but it is evolving. The compliance risks that companies and organizations face change as new markets, new products and services, new ways of doing business, new business lines and models, and new technologies emerge. A diligent compliance professional has to constantly scan the horizon for emerging risks.

Finally, there is also the cultural translation of compliance. As businesses are becoming increasingly global, a whole range of behaviors and ways of doing business are new to many parts of the world. Compliance officers often find themselves on the front line of this cultural experience, and have to help their colleagues not only understand the compliance expectations, but ways to navigate towards these expectations in societies that are not necessarily accustomed to these behaviors. An on-the-ground compliance officer has the most difficult of all compliance jobs, in my opinion, of having to face all the other compliance challenges on top of being geographically and culturally isolated from their peers, with fewer resources than at the headquarters, and often being considered a cultural/social anomaly in their surroundings. I started my compliance career in such a role, and will always be mindful of the challenges of these on-the-ground compliance officers as I go about my work advising Fraud Section prosecutors.

LJ: What led you to compliance initially?

HC: I got into compliance somewhat accidentally. I was living and working in New York City when 9/11 happened, and spent some intense weeks as a volunteer to help the family members of the missing victims in applying for death certificates. Out of that experience, I ended up leaving Microsoft, where I was an anti-piracy lawyer, to get a divinity degree. There came a point when I realized that I very much missed being a lawyer. I reached out to my former colleagues at Microsoft, and they asked me if I wanted to be their first in-field compliance officer in China. This was the end of 2007, and I thought China was in a very exciting and dynamic point in its transformation at the time, and the experience would be an interesting one, so I agreed and relocated to Beijing and started in that role in the spring of 2008. 

LJ: You have an incredible background. What ultimately interested you about this position at DOJ?

HC: What really interested – actually, excited me was the possibility of making a difference. When Andrew Weissmann first spoke with me about this role, he described his vision of bringing corporate compliance to a different level by enhancing the way the Justice Department reviews the compliance programs. I was really drawn by this vision and the possibility that what I do in this role may make a positive difference in changing corporate behavior.

LJ: Andrew, what made you want to create this position at DOJ?

Andrew Weissmann (AW): I saw that we relied on the advice and expertise of professionals in all sort of fields – accounting, medicine, forensics, etc. – but had no compliance experts. I thought that I and other attorneys I work with could benefit from such expertise. There are several goals for this increased emphasis on compliance. It can make us more adept at evaluating corporate claims about compliance; to be sure we are holding companies to a high but realistic standard and not having the wool pulled over our eyes. I also want to reduce corporate crime. One important way to do that is to empower a robust compliance function within organizations. We can play a big role in fostering that development. 

LJ: Hui, will you focus in any one particular area – pharmaceutical, banking, tech – given your wide-ranging background?

HC: I am involved in all of the cases with a corporate compliance element that is before the Fraud Section, which investigates and prosecutes a range of cases across all of those industries. In my first months, I have been involved in cases in healthcare, oil and gas, retail, manufacturing, beverages, banking, telecom, and airlines. I also want to take this opportunity to correct what appears to be a misperception some have of my role: it is not limited to FCPA (the Foreign Corrupt Practices Act) compliance.

LJ: Thank you for clarifying this misperception about the breadth of your role. Assistant AG Caldwell has been quoted as saying that “hiring of a compliance counsel [you] should be an indication to companies about just how seriously we take compliance.” I would wager a guess that compliance professionals generally do take compliance very seriously.

Do you believe your work/the work of this role will help to establish benchmarks that compliance professionals in general may be able to use to justify necessary resources, programs or processes at their own companies (to help others take compliance just as seriously)?

HC: Again, let me emphasize that this role is about more than FCPA. The approach to an effective program that detects and prevents misconduct, whether that misconduct is corruption or something else, is the same: It requires cross-functional commitment and collaboration. I believe that an effective compliance program requires the commitment of the whole company to compliance, especially its leadership and key stakeholders. I think of compliance assessment in a way that may be similar to how an insurance company might risk-assess a car and driver: The various components of the compliance function, such as data analysis and controls and due diligence, are like the control panel, seat-belts, and air bags. The control panel tells you when your engine overheats or your tire pressure is low or maintenance is due, and the seat belts and air bags minimize your harm should you be in an accident. None of those, however, will stop a reckless driver who ignores all the warning signs or drives drunk. So I would argue that, in order to assess a compliance program, not only do you want to check if the panel lights and safety devices are working, but you want to look at the driver’s behavior. The driver is the leadership and key stakeholders of the company: Do they pay attention to warnings? Do they maintain the car on schedule? Do they have any qualms about driving while drunk? In other words, I believe that compliance works only when the ownership and the commitment are shared, and that means the efforts of ensuring compliance get the right resources and processes must be a shared effort. So, if technology is needed to enhance a compliance process, the IT function needs to be fighting for that resource; if the payment process needs to be strengthened, finance should be responsible for making sure that’s done, etc. As I advise the prosecutors on the assessment of compliance programs, I thus look at stakeholder buy-in and accountabilities.

LJ: Hui, I love your car and driver analogy – it’s a fantastic visual! What do you both hope to accomplish in general and specifically to assist the compliance professional?

AW: I hope that, in seeing how seriously the Department of Justice takes compliance, we will strengthen the voice of the compliance professionals and help them get a stronger seat at the table as a key stakeholder in how businesses are run. 

HC: In approaching this role, not only do I draw from my own experience as a compliance professional, but even more so I rely on the countless conversations that I have had, and will continue to have, with my fellow compliance officers. When a compliance officer is sitting across the table from the prosecutors of the Fraud Section, she or he now knows that the prosecutors will also have input from someone who has some appreciation of the job to help them evaluate a company’s commitment to compliance in real and operational terms.

LJ: There have been some critics of this new role who feel that prosecutors already know enough about compliance programs to make a determination about a paper vs. an of substance compliance program. 

Hui, you have the unique experience of having acted as both a prosecutor and a compliance professional. What are your thoughts about what your separate experiences bring to this role?

HC: Both experiences very much inform my work in this role, as would be expected. You know I now work in the very same building where I worked as a young prosecutor twenty-some years ago. It makes me feel like things have come full circle. As a prosecutor, you focus on making cases: Finding and piecing together evidence to establish corporate and personal criminal liabilities. You have a view of a case that is at the same time broader and more focused than the compliance piece: You are looking at testimonies, transactions, evidence admissibility. 

The compliance piece currently comes into the picture primarily as a part of remediation, one of several factors that prosecutors consider when making resolution decisions. In this way, prosecutors tend to examine compliance after criminal conduct has become known and investigated. Prosecutors also do not usually have exposure to the operational side of business and may not fully appreciate the complexity it requires to turn a design on paper into full operation – not just the process challenges, but the cultural and political challenges. My experiences in both roles help me in translating the challenges, in helping the prosecutors contextualize the compliance piece more concretely so that it not only more fully informs how they evaluate resolutions, but also how they approach investigations. Many times, that can lead to a more exacting probe into what companies are telling the Justice Department about compliance. But it can also lead to concurrence with the approach a thoughtful and committed company has taken to compliance. 

LJ: Andrew, how important was it to you that the person in this role have this dual background?

AW: It was manna from heaven to have reconnected with Hui in this new position. She has an ideal background.

LJ: How difficult is it to determine if a company has a paper program or a real program in place, in which the company is trying to do the right thing? 

HC: I think compliance officers know the answer to that question: It’s not that difficult. It is something that you know, frankly, early on in one’s tenure on the job. The answers are not in the glossy diagrams of a company’s “core values” or their training slides; rather, they are in what happens in real life, in the smallest details that manifest themselves in the company’s daily operations. You look to see not just what the policy and procedures say, but how they are actually incorporated into the operations of the company. It’s one thing to have a policy that requires third-party due diligence; it’s quite another for all the steps of the due diligence to occur and to be actually built into the procurement and accounts payable operations.

I also look to see how the most front-line workers understand their jobs: Does the clerk in the accounts-payable room understand his job to be processing payments as quickly as he can, or does he understand that he is supposed to keep an eye on certain things and escalate issues he identifies? Does the new salesperson understand her job to be making the deal at all costs, or does she understand that there are boundaries? I also look at empowerment and consequences: Are the compliance and control personnel empowered to identify, escalate, and address problems? Are there consequences of non-compliance: Processes continually improved based on lessons learned; people disciplined for non-compliance; or deals rejected and approvals not granted?

LJ: How important do you think culture, values and integrity are in an effective FCPA compliance program?

HC: I do not believe any compliance program can be truly effective if it is set in an organization whose culture and value are fundamentally incompatible with or hostile to it. 

Integrity has become such a buzz word that I think it’s lost its meaning. Just about every company has that word among its core values, as did Enron. I would say integrity is absolutely important to a compliance program if it is real – if every employee in the company can actually articulate what it means to have integrity, and how that plays out in their day-to-day work. Absent that, as a buzz word, it’s overused.

LJ: Switching gears for a moment to the Yates Memo -- do you think that the Yates Memo will ultimately have a negative effect on employee cooperation in company investigations?

AW: No. I think it serves to make companies fully aware that they cannot receive cooperation credit if they shield the criminality of individual employees.

LJ: Do you think that the memo will have a chilling effect on people wanting to run compliance at a corporation?

HC: I don’t think so. As a compliance professional, I was quite encouraged by the Yates Memo. I think a focus on individual accountability is a positive development for those who want to prevent and detect misconduct in corporations. 

LJ: In thinking about the overall compliance landscape, what type of resources and benchmarking/sharing would you like to see among compliance professionals -- and in what form would that be? 

HC: My role is not to opine about such questions. We deal with compliance as it relates to a particular criminal matter.

I would note that such collaboration occurs frequently. As a compliance professional, what I have found most useful have been the conversations with other compliance professionals. In my experience, it is when a few compliance officers sit around a table that the most helpful benchmarking and sharing occurs.

LJ: As a relatively young legal niche, compliance has been evolving significantly already – seemingly away from the white paper and written word and toward the innovative use of metrics/measurable statistics. How important do you think the role of metrics and technology is in the world of FCPA compliance?

HC: In all areas – not just FCPA – this is extremely important in my view. I think strong compliance must be data driven. When I was recruiting compliance officers, one of my questions was to ask the candidates to articulate what types of data they would monitor. 

My expectation was that a good compliance officer should be able to rattle off a list off the top of their heads and their list will tell me the level of their sophistication as a compliance professional. Similarly, when I look at compliance programs, the kind of data that they do and do not monitor tells me a lot about how sophisticated their program is. 

LJ: Hui, what will make you feel that you have been successful in this role? And Andrew, what are your success factors for this role? 

HC: As a consultant, my most important measure of success is my clients’ satisfaction. At the end of the day, I would like the attorneys in the Fraud Section to find my input helpful to their work. As a corollary to that, I hope to contribute to Andrew’s vision of bringing corporate compliance to a different level, in a way where companies understand that before the Department of Justice, there is an expectation that corporate compliance programs will demonstrate tangible and operational shared commitment from the leadership and all stakeholders. As a result, I hope to see compliance more routinely – not just at the presentation table at Justice Department, but at the table in the executive meetings and boardrooms as a strategic partner.

AW: Amen.

LJ: A fitting end to a fabulous conversation! Many thanks to both of you for your time, thoughtfulness, and incredibly compelling and insightful words.


Copyright 2016 Laura Jacobus

Find Laura Jacobus at https://www.linkedin.com/in/laurajacobus

Click here to view the press release on ECI’s website.

0 comments
7797 views

Permalink

Tags

Comments