Episode Transcript
Speaker 0 00:00:00 Good morning, everyone. Uh, this has been DC, Annie, I am with affiliated monitors. Today's guest is the esteemed compliance evangelist, Tom Fox. I could go on for about an hour talking about Tom's accomplishments in the world of ethics and compliance. Tom's the author of a number of award-winning books on compliance, including the bestselling lessons learned from compliance and ethics. And he's written the seminal text on the nuts and bolts of anti-corruption compliance. And he has a new book coming out sometime in June called the compliance handbook volume two, Tom writes and comments frequently on issues related to compliance and ethics. In addition to his daily blog and his weekly biweekly podcast, he's a monthly columnist for compliance week and a contributing editor to the FCPA blog. He's a well-known and frequent speaker on issues related to compliance and ethics, and as mastered the use of social media in promoting compliance and corporate leadership. And he's the founder of the compliance podcast network. He's been a friend to affiliated monitors for many years now, and we're delighted to have him as our featured guest on the AMI podcast. So I've participated in a number of podcasts with Tom over the years where he leads the conversation. So today we're going to turn the tables on him and has him some questions and get to know him better. Welcome Tom,
Speaker 1 00:01:29 Then thanks so much for the introduction and it's great to be on your podcast for a change. So you
Speaker 0 00:01:36 And I have talked about for so many years about the start of affiliated monitors, what led you into the world of compliance?
Speaker 1 00:01:44 So my journey to compliance, uh, really started when I was an in-house lawyer at Halliburton, and I was assigned these two projects that are seared into my mind. I didn't know they were compliance related at the time, but they were a part of, uh, internal investigation that Halliburton was doing, which led to his first FCPA settlement. I was asked to review and literally read every agent contract that Halliburton had across the globe. At that time, it was 211. This was sort of, oh 4 0 5. I was also asked to read all of the joint ventures. That Halliburton was a part of at that time. It was 87 o'clock across the globe. I was given a series of questions to research in each contract, and I didn't know it at the time, but that was my introduction to compliance. I later became a general counsel at a company who was in 2007, had the, uh, highest FCPA find in the history of the world ever 27 million as a company called Abel.
Speaker 1 00:02:48 And I was a part of the team that came in after the FCPA settlement back then you didn't engage in remediation until you had settled. So I was part of the implementation team for the new, um, compliance program. And that was my introduction to compliance. Really. We had a very, and let me emphasize a very robust monitorship. And we learned a lot. I learned a lot about compliance. The company was sold eventually, and my job went away. So I went out into private practice and I decided to focus on what I had learned as a general counsel at the Abel subsidiary drilling controls. And that was the nuts and bolts of compliance. The social media aspect came about for the following reason. I had a short hiatus between leaving drilling controls and starting my practice, which was to race bicycles. And, uh, I did that for about a year until I was, uh, involved in an accident on a training ride that ended my cycling career.
Speaker 1 00:03:56 Uh, so I had to go back to practicing law and that's what led to compliance. But at that point I was pretty banged up. I was on a Walker and I couldn't leave my house except to go to physical therapy. So I started engaging in social media, Twitter, LinkedIn blogging, and that's, uh, really what started me on my social media path. If I'd been able to get out of the house to go meet people, to go to conferences, you know, go have dinner, go give a speech, that kind of thing. It might look very different today, but I couldn't, I could only mark it through social media, but I was able to create a worldwide compliance practice literally out of my house, through the use of social media. So it's, I mean,
Speaker 0 00:04:38 It's so interesting that you go from working in compliance to becoming the compliance evangelist. So how did that happen? And, and I, I say that, and I use that word really affectionately because, you know, people call me the compliance missionary, but now I'm talking to the evangelist, how did we get there?
Speaker 1 00:04:56 Sure. So in ancient Greek, or I guess even modern Greek, the evangelist means to bring her good news. And I adopted that moniker VIN because there is the United nations estimates. There's $3 trillion lost to the world's economy each year due to bribery and corruption. And early on, I realized that I could be a part of the fight against this huge global scourge. And that motivated me literally every day to try to do something, to move the ball forward for compliance. And that we all have a role in this fight, regulators like the department of justice. And the sec has a role to legislatures who write laws like the FCPA have a role. The judiciary has a role, but we in the corporate world have roles and we can embrace those roles and those roles can be meaningful. And as the compliance evangelists, I evangelize that compliance is the way forward to fighting this global scourge. And it has the also a benefit of actually making corporations run better, run more efficiently. And at the end of the day more profitably.
Speaker 0 00:06:09 Yeah. And I call it an asset right. Of the company. When you have a strong compliance program, you know, you over the years have touched on every aspect of compliance, you know, ethical culture controls, third-party due diligence and all of those kinds of things. What aspects of compliance do you find most interesting?
Speaker 1 00:06:29 Well, I suppose I should say like all of my podcasts on all of my children, I love them all the same. I find all of them inherently interesting. I find having management set appropriate and proper tone is a fascinating exercise. And you can tell a manager or a senior executive who is saying the right thing, but not necessarily doing the right thing from those who are doing the right thing and saying the right thing. I think risk assessments are fascinating way to look at the opportunities to make your businesses more efficient and more profitable. My father was a labor arbitrator who believed that in the union management context, termination was the ultimate sanction against an employee. So he believed that institutional justice was paramount in the labor contract phase. And that as a labor arbitrator, he would never uphold a termination of an employee unless procedural due process was given to that employee.
Speaker 1 00:07:31 So I'm very fascinated by discipline and incentives. How can you incentivize someone to do the right thing is always an ongoing question. I'm a lawyer. So the written word is still significant to me. And I actually happen to love writing policies and procedures. I think that's kind of cool. I agree. It's a nerdy thing, but nevertheless, it's cool. Uh, third-party due diligence is still the highest risk or third-parties are still the highest risk and FCPA. So I'm inherently fascinated around due diligence and how you have more effective due diligence and how a leopard doesn't change its spots so that if someone has something in their past, that's a bit untoured doesn't mean you can't do business with them, but it does mean you might need to watch them more closely and trust, but verify mergers and acquisitions are a fascinating area to me and how you can bring the, um, risk assessment and pre acquisition due diligence to really plan out what you do after you acquire a company and then continuous monitoring and continuous improvement there. It's now the department of justice has drawn a straight line from your risk assessment to continuous monitoring, to continuous improvement, which really points me in the direction that compliance should be viewed as a business process. And that as a process, it could be measured and managed and improved. So really all of those things fascinate me and whether it's a add or not, I get interested one area, and I'm fascinated with that for a little while and I get into another area and I'm equally as fascinating. This is
Speaker 0 00:09:11 So let me just follow up there because I think it's really quite interesting because I'm hearing in the words you just use that a company really can rehabilitate itself, right. By adapting, um, a strong compliance program and developing an ethical culture. And that's, I mean, you know, that, that's what we do as a company affiliated in our independent monitoring work. But so do you believe as the compliance evangelists that a company can be rehabilitated? Uh,
Speaker 1 00:09:36 Absolutely. And then I would point you to the recent article series of articles in compliance week about the Volkswagen monitorship and what struck me in those series of articles by Allie McDivitt, where she did that case study, it was not really the work of the monitor that seemed to me to be the biggest focus. It was the work of Volkswagen and how Volkswagen literally set up a structure to not simply deal with the monitor, but to implement the monitor suggestions and that they would bring to the monitor their own suggestions, but they were accountable. They communicated with their employee base about what was going on. And it was really the work of Volkswagen internally to change that culture, which had led to the massive scandal of, of diesel gate and the work of the monitor was certainly important. But, uh, it was the work of the company. It wasn't an outsider saying you shall do this. It was the company saying we will do this. You
Speaker 0 00:10:39 Know, again, just to sort of reflect back on your career in compliance and you know, all of the podcasts that you do, you've also combined sort of a love of football college and pro star Trek, star wars, classic rock, Marvel comics, and all of those kinds of things. And you've brought them into the world of compliance. How do all of these disparate cultural touchstones lead to, to the world of ethics and compliance?
Speaker 1 00:11:08 Well, first of all, I'm trying to be a storyteller and I'm trying to tell a story that's interesting. And that seems to be a great way to communicate, but in many ways, then compliance is doing the right thing and it may be doing the right thing when no one is watching. I've heard that, uh, ethics and compliance described as that. And there are so many examples in the real world, the cultural world, a fictional world of doing the right thing when no one is looking. And I love bringing those out because people remember those. Yeah.
Speaker 0 00:11:42 I think, I think it is interesting. And I think it does lead to conversations where people perhaps didn't take away from a star wars movie that kind of thought again, I think that it's fascinating that you move into that space and bring it home into compliance. So, so you do so many podcasts and, um, are recording and writing and all of that kind of stuff. The question is really, do you ever sleep, you know, how do you find the time to stay on top of all of the things that you have to read to be as knowledgeable as you are, and to do all of the various podcasts?
Speaker 1 00:12:15 Well, uh, I do sleep and interestingly in the, the COVID health crisis really caused me to have an, an exponential growth in my podcast network because there was basically nothing else to do. So, I mean, I do work pretty much 12 hours a day anyway, but during COVID, I couldn't travel. None of us could travel. Couldn't go to competence, couldn't come see you and you couldn't come to Houston. So all of those things, it turned out kind of kept me from really focusing on doing all of this work. And when I would just sit down and, and not have any other distractions. And then my wife and I would watch TV for a few hours at night. Uh, she was working from home as well. So, uh, it really kind of grew during, uh, the COVID health crisis and, um, always been kind of a pretty hard worker anyway. So all of that was pretty easy for me to do well.
Speaker 0 00:13:15 You certainly keep it fresh at the same time, right? There's an ability that you have to bring great people onto your podcasts and keep the topic moving forward. And, and you also bring sort of those different perspectives in compliance because as we know, there's no one size fits all and there's no right answer to every question. Um, but you're able to do that. So on our podcast, integrity through compliance, we were trying to seek out industry and thought leaders, right? To share relevant tips and real life stories with our listeners. If you were talking to an entrepreneur today, that's looking to start up a company, what advice would you give them on why they should consider upfront establishing an ethics and compliance program and trying to establish a, a strong ethical culture?
Speaker 1 00:14:09 So then I would take the concept that you articulated, which is compliance as an asset and a best practice compliance program in my mind, leads to greater business efficiency and leading to greater profitability or greater ROI. It's clear to me that companies that have a robust compliance program also have a great culture. They tend to have a speak-up culture. They tend to have a listen up culture, meaning they listen when someone raises their hand and speaks up. And that leads to highly motivated employees. If you are in any sort of requests for production response, a request for proposal response or RFP RFQ. And do you have a compliance program that is a market differentiator, and people will notice that if something untowards happens on social media or some reputational issue comes up, you are more well-suited to respond literally immediately if you have a robust compliance program. So that probably when we both began to start our journeys and compliance, it was viewed as much more of a reactive legal based protect the company. And now it's, I think 180 degree flipped to this is an asset and this asset we can improve this asset and that improvement will make us a more profitable business. And if you can start off that way as a startup or an entrepreneur in a new company, it's much easier to build it out when you have the infrastructure in place. Yeah.
Speaker 0 00:15:47 I completely agree with you. And it's so nice and refreshing sometimes when you see a startup or a company that's relatively new, have an effective compliance program, but not just the program, it's the commitment of the leadership, right? And it's the people in the company that are all part of compliance. I find it fascinating. And it really leads me to this question, because again, you and I have been at this for quite some time now, and that is from your perspective, how's compliance evolved right from those early days at Halliburton to now, because now it is more of a consideration, right. That companies look at,
Speaker 1 00:16:24 Right? So, uh, when I started or we started, I think it was more lawyer driven. I used to say policies and procedures were written by lawyers for lawyers and with pages and pages of definitions, sometimes citations, first compliance training program. I had the 287 page PowerPoint presentation, 7.5 hours with appropriate case law and citations throughout. It was absolutely fascinating to me as a lawyer. And it was absolutely useless to the business guys who fell asleep literally within the first 15 minutes, but we've evolved past that. And we evolved into, uh, being seen much more as a business process with an internal customer base who are employees that we need to market to, we need to sell to, we need to communicate with, we need to, um, take communication feedback from, and really operationalize compliance by moving it down into the front lines, rather than having it sit in the second line of defense in the corporate office in the United States, that really led to, I say one of the, the two biggest evolutions after the operationalizing of compliance have been the evolution of data and data analytics.
Speaker 1 00:17:42 And then the input of behavioral psychology into trying to incentivize people to do the thing and with data, how can we improve our compliance program by measuring it, and then, uh, managing that measurement really, that leads to the concept of risk management of compliance, and with risk management, you have a greater opportunity for profit, if you can manage risk appropriately, quickly and efficiently. That of course has really led to where we are now, which is the explosion in ESG. And people see ESG as a corporation's outward facing as opposed to CSR, which may have been more inward facing. And I wrote an article today about why compliance should lead the ESG effort, the skills we've learned as compliance professionals and the tools available to us, I think lend themselves leading that effort. And I see a broader remit for compliance into 20, 25 and beyond. So you say
Speaker 0 00:18:47 That, and I agree with you, and it's sort of quite interesting how compliance has evolved. I mean, I think about when we started in 2004 and the first compliance programs that we drafted were hundreds of pages, right? With all of the details, you know, minutia, and now they are much more scaled down and much more geared toward people. And the people that work within the company at the same time, we say that over these years, compliance is now an industry. It wasn't like that. You know, when I started in 2004, but it is an industry now, and there's a lot of people that are going, coming into the world of compliance. What advice would you give to those people who are looking to enter the world of compliance and ethics?
Speaker 1 00:19:29 Well as a compliance practitioner or a compliance product provider, either because I think there's both right. Go, go in either direction as a compliance practitioner van. I think the days of perhaps people like you and me, you and ex prosecutor, myself, a recovering trial lawyer coming in to compliance, there may be less of those days going forward. And the skill set of incoming compliance practitioners may be much broader than, than perhaps we were trained academically, uh, the skills of data, data science, uh, behavioral psychology. I can see a wider variety of, of skills and to think of this really as a business process. And how can you use compliance? How can you improve this business process in all of the facets that we've talked about? So I think if someone wants to get into compliance, first of all, it's one of the top fields around, because I think it's going to be leading corporate efforts for many years to come. So I think you'll have lots of opportunities, but you need to not only know how to read a spreadsheet, but go beyond that and look at numbers, understand what numbers mean and how you can implement changes based upon what those numbers tell you
Speaker 0 00:20:44 It is continuing to evolve is, and ethics, something that should be taught in a college or a graduate degree program.
Speaker 1 00:20:50 Absolutely. I taught a compliance program at south Texas college of law. This past term business ethics, I think, should be a part of every MBA program, uh, because I'm learning the quantitative skills to lead as a manager or senior executive are certainly critical, but equally critical is that tone you set and the leadership skills and the empathy that you're able to, um, articulate to your employees will go a long way as well. So I'm a firm believer it should be taught in law schools and it should be taught in business schools. Yeah,
Speaker 0 00:21:24 I think so, too. So let's talk about your new book compliance handbook volume two, I read compliance and book volume one, which was so comprehensive and so brilliantly and, and well written. I mean, so that people can understand that it wasn't, you know, theoretical and it was, it was more practical. Tell us about volume two.
Speaker 1 00:21:45 Sure. So volume one really focused on the operationalization of compliance, moving, compliance into the front first line of defense, moving it down to the business unit, helping the business unit be able to implement the strategies, tactics, and tools of compliance in the second volume or the second edition, which comes out next month. Published by Lexus nexus are really focused on three key releases of information from the department of justice. And one from OFAC in 2019, we had the evaluation of corporate compliance programs supplemented by the 2020 update in June of 2019. OFAC came out with a compliance framework. And then in July of 2019, the department of justice antitrust division came out with its evaluation of corporate compliance programs. Each had a little bit different focus. And what I try to do is synthesize their different focuses down into one kind of coherent framework that the compliance practitioner could implement.
Speaker 1 00:22:49 In addition to the documents or rather releases of information from the department of justice. We had an update to the FCPA resources guide. The Seminole one volume document issued originally issued in 2012 by the department of justice and securities and exchange commission that was updated in July of 2020. So I incorporated that update into the book as well. I've mentioned data, data analytics. I have an entire chapter around that issue and how that relates to internal controls monitoring and updating. And then I wanted to take a look at compliance literally in 2025 and beyond. So I have an entire chapter around that, but it you're right van it's a nuts and bolts handbook designed for the compliance practitioner that they can sit down the first chapters, 31 days for an effective compliance program where I give you idea or one topic rather a day with three key takeaways that you can do for your compliance program. At the end of 31 days, I think you'll have pretty close to effective compliance program and then deep dive chapters to the board of directors, internal investigations, internal controls, training and communication business ventures in addition to third party. So joint ventures and other business ventures, innovation as well as policies and procedures. So it's a comprehensive manual. It is in my opinion, the best one volume handbook on how to design create and implement a best practices compliance program,
Speaker 0 00:24:26 Outstanding looking forward to it very much and wish you the best with it for those listening. Tom has given us a code for a discount on the purchase of the book it's for pre-sale. And it's a, we'll give you the code with the notes to this podcast. So Tom, one of the things that we see with companies that have well established compliance programs, right? Not at the store, but they're now well-established is keeping the program fresh. You know, training gets stale. The words in the compliance program, which people will have to read are the same. And we hear sort of a sense of boredom and how do I get through this training as quickly as I can, from your perspective, and you know, all of the things that you've done and learned, how do you keep compliance fresh?
Speaker 1 00:25:12 Sure. And that, that's a very real question and reasonable question then, uh, you have to keep compliance pressure by bringing fresh examples. It's basically the same strategy I employ in my podcast network. And in my blog writing, I try to bring historical events, famous people who may have passed away current events from non-fiction and fiction, whatever it may be, but you can create communications around compliance to keep it fresh with short burst of appropriate targeted communications that is disguised as training. If you figure out who needs the targeted training in your organization, probably it's 20 to 10% of the people, 80 to 90% of the people, a good ethics and compliance reminder annually is probably going to be enough, but for the gate keepers and the people on the first line of defense, they need more effective communications. So keep that fresh.
Speaker 0 00:26:11 Yeah. I couldn't agree with you more. I mean, I've heard feedback from those companies that are doing exactly what you said, shorter bursts and disguising compliance as part of just a conversation within like a team meeting or that kind of thing. And the reviews are overwhelming that it's the best training they've ever had and they feel much more a part of the compliance effort in doing that. A couple more questions for you, and I'm glad this is here for you to have a little bit of a plug. Why should people listen to your podcasts?
Speaker 1 00:26:42 They should listen to my, because they're the most fun podcasts in compliance or the most comprehensive podcasts and compliance. And you can have anything from as little as five minutes, each day of compliance and corruption news of the day to start your day all the way up to a one hour round table of top compliance commentators every other week, talking about the things that have caught their attention and everything in between. So if you're interested in any shape or form of compliance, there's a podcast for you on the compliance podcast network.
Speaker 0 00:27:23 And just going to piggyback on that by saying, you keep it fresh, you keep it pertinent and you keep it interesting. All right. And what more can anybody, any listener asked for? I mean, making compliance it's interesting is I think something that you've mastered and you have been very innovative in the approach to compliance. So you were, you mentioned earlier about, you know, some elements like ESG sort of taking compliance out to about 20, 25, right? What's the future of compliance and ethics programs, you know, from your perspective?
Speaker 1 00:27:57 Well, I think they, it will be a continuation of some of that evolution we've seen, which increased exponentially during the 2020 phase of the COVID health crisis. Uh, one, I think we will continue to see compliance evolve as to a business process. There will be a much greater input of data, data analytics. We are now seeing the use of AI and machine learning in a company such as ABM, Bev and others. That seems to be kind of the cutting edge there. And the compliance professional will have at their fingertips larger amount of data, which will point towards if something is becoming a problem. If there is an issue we will move from simply a detect mode or detect mainly mode to a preventative mode, to even a prescriptive mode so that we stop problems before they become issues or legal violations.
Speaker 0 00:28:56 Tom, this has been terrific. And I want to thank you for participating in the affiliated monitors podcast. Keep up the great work. And again, thank you so much for all that you do and all that you contribute to the world of compliance.
Speaker 1 00:29:11 Well then thank you. It's been a ton of fun to be on the other side of the microphone. And as always, I look forward to continuing the conversation.
Speaker 0 00:29:18 Excellent. Be well, thanks everyone for listening.
