Mark Worth on Corporate Compliance Fatigue and Being Fed up with the Monitor

There was a conference last month – The Global Compliance Ethics and Anti-Corruption Summit – held in Munich attended by chief compliance officers and vice presidents of some of the world’s largest corporations – including Fluor, McDonald’s, Bacardi, Allianz, CIBC, Carlsberg Group, Johnson Controls, DaVita and Louis Berger.

Mark Worth
European Center
for Whistleblower
Rights
Berlin, Germany

The organizers of the conference, Berry Professionals, also invited Mark Worth of the European Center for Whistleblower Rights to speak on the topic “answering the whistle – the challenges and opportunities of recent advances in whistleblower rights and protections.”

The cost to attend: $2,300 for a two day conference.

Worth did attend the conference, but instead of addressing the topic at hand, he launched into a lecture the executives were not expecting to hear.

“It was not open to the press,” Worth told Corporate Crime Reporter in an interview last week. “It was at the Hilton Hotel at the Munich airport. It was a closed room. There was no sign for it. You wouldn’t know it was happening there. I’m not saying they were trying to hide it, but it was not a public event. You had to pay around 2000 Euros to go. Except for myself, it was attended by compliance officers, vice presidents, compliance directors of large multinational corporations like Fluor, Carlsberg, McDonald’s, DaVita, Bacardi, Johnson Controls. Very large multinational corporations. These were the people who paid to be there.”

“These were not low or mid level people. These were people who were in charge. Some of them were at the vice president level. Many of these companies make their compliance officers vice presidents to give the impression that compliance is a high priority for them.”

“I was there the first day. It was a combination of lectures and workshop formats. The people were talking about how to set up good compliance programs, how to set up codes of conduct, how to communicate compliance issues to the staff of the company, how to respond when a scandal happens, how to do the compliance trainings, how to manage risk during joint ventures and mergers.”

“My job was to talk about whistleblower protection, how to set up a whistleblower hotline within the company. It all had to do with compliance. At least one fourth of the people who spoke talked about how the companies they worked for or had worked for had been investigated or prosecuted for crimes in the United States, the penalties they had to pay, the monitors they had, usually for three years.”

“It was a relatively small group of people. And they were generally unguarded. They were speaking in an unguarded way. There was a little bit of laughter in the room. They were very relaxed and talking openly and honestly about what they viewed as the difficulties of setting up a compliance system, getting people to participate, getting people to care about it.”

“But they still talked about it as an exercise as what many of them said was ticking the boxes. Doing compliance training online to limit the commitment of how much time staff would have to spend doing compliance. Several people used the term ‘compliance fatigue.’ One compliance officer said that the company was fed up with the monitor.”

“They did not take the issues seriously. They didn’t talk about real steps to make sure the wrongdoing didn’t happen again. At no time during the day did any of these people say – we have to make sure this doesn’t happen again. We have to regain the trust of the regulators, the public and our customers. We are sorry for what we did. We should have learned from our mistakes. That didn’t come up at all.”

“I wasn’t expecting people to flagellate themselves. But there was literally none of this. Whenever they talked about training, it was about ticking boxes, how to make sure that the compliance work done at the companies did not take too much time, so that they could get on with their work. In one respect, it makes sense.”

“But I was struck by, among other things, the frequent references to ticking boxes, compliance fatigue and how the whole thing was just an exercise they had to go through because they were ordered to do so by the Department of Justice.”

“They talked about how it cost millions of dollars to do the trainings. There was not an attitude of self reflection or deterrence to make sure these things didn’t happen again. They didn’t use the words crimes or scandals. They used the words topics and issues. They weren’t even talking about it in an honest way.”

“This is what was striking. They were very friendly with each other and backslapping. Even among themselves in a closed room, they didn’t talk honestly about what they had done wrong. They were skirting the wrongdoing, they were skirting the compliance responsibilities they had. Even during the workshop portions, the discussions were very superficial, not getting into any kind of detail.”

“Given how important these people are at these very large companies, I was expecting more of a university setting where they would talk about the technical aspects of compliance. That didn’t happen at all. But again, I was only there for one day.”

Why were you invited?

“I was invited because in Europe, whistleblower protection is formally on the anti-corruption agenda by the OECD and the UN. A lot of companies are required to set up some sort of whistleblower system.”

What do they mean by a whistleblower system?

“Setting up a contact point within the company, either in the audit committee, or the compliance office, or human resources, where someone can make a complaint internally within the company if they see something going on that is suspicious or criminal. Or setting up an outside hotline by a third party, where the company doesn’t know who is calling and the information is passed on anonymously to the company and the whistleblower’s identity is protected by the third party provider.”

You were asked to talk about that?

“That is what they asked me to talk about. But I didn’t talk about that because these internal systems and even the hotlines can often serve as a trap. The employees think they are protected, they tell their boss and they are retaliated against. The vast majority of whistleblowers are retaliated against in some way.”

“And I said to them – I am not going to help you retaliate against whistleblowers. I’m not going to do it. Compliance is more often not about complying with the law, but how to get around it. Every whistleblower law in the world has loopholes, and gaps and exemptions. And I am not going to tell you what those are. I am not going to tell you what the laws are. I am not going to tell you what laws are being proposed. I am not going to tell you about best practices. And I am not going to tell you about hotlines. You will just try and get around them and use the hotlines and internal systems as a trap to draw out the whistleblowers and then fire them.”

“And several companies represented at this meeting had gone up against whistleblowers, retaliated against them and had enormous fines.”

What did you say to them?

“I said I am not going to help you with your whistleblower systems because you will use those systems as a trap to identify the whistleblower and then fire them, destroy evidence, get around the investigations, cover up facts. The companies can’t be trusted to investigate themselves.”

If the organizers knew that you were going to say what you said, would they have invited you in the first place?

“I don’t think so. They wanted me to talk about best practices. There is no such thing as a best practice for a corporation. There has been no public evidence of a whistleblower system at a corporation ever working. And if it has worked, they haven’t told anybody about it. And they should. And at this meeting, I made that point. I said – if you know of any company that is doing this the right way, they should make their data public so other companies can be inspired to do it the right way.”

Do you know of no company that has an effective whistleblower program?

“I don’t know of any company large or small that has put out any kind of data, statistics or information of any kind even suggesting that they have a well functioning system.”

All of the millions of dollars spent on compliance, hotlines, whistleblower programs is a way for corporations to monitor and retaliate against whistleblowers?

“I can’t tell you that happens everywhere, but we have seen many examples of that happening. The person walks into HR and says – my boss is a crook. They are outing themselves. The company is doing this under the guise of compliance and protecting the person – ”

You know of no case where a compliance system has rooted out wrongdoing within the company so that the company gets to fix the problem?

“I know of no case. And we have been trying to find out for eight years. Show us the data. How have you followed up on the reports? Have you referred criminal allegations to the authorities? If an employee comes to you with evidence of a crime, do you report that to the authorities or not? And I haven’t seen any examples of that ever happening. It’s only after the information has come out. I follow this very closely. I have never seen this happen.”

“These are very large corporations. They have had many problems and scandals. Massive fines. If they took this seriously and wanted to root out corruption and prevent it from happening again, this conference would have been much more serious, substantive, helpful, instructional, informative. It was none of those things.”

“I could have helped them. But I didn’t want them to trap the whistleblowers I am trying to help. Whenever people call us, we say – keep your name out of it, don’t tell anybody what you know. There is a ninety percent chance, according to the data, something will happen to you. In the UK, an NGO surveyed 1,000 whistleblowers – people who called the NGO for help. And they found that the number one response after the whistleblower made an internal report was nothing, no response. And the number two response was – you are fired. This was in the U.K. which has an incredibly high level of rule of law. Why on earth would I help a corporation set up an internal whistleblower system? It’s the definition of a trap.”

“In the old days, a whistleblower would send a plain envelope to a newspaper with the evidence and go back to work. Ironically, many of these whistleblower laws that require companies have an internal reporting system – these are often working against the interest of the whistleblowers. In the old days, you didn’t have to report internally. You wouldn’t even think about it. It would be stupid.”

How would you set up a whistleblower program?

“I would build an external encrypted system that nobody could hack into. The information would never get to the company. It’s all managed externally. And if the report of a crime comes in, it goes straight to the police, the regulators or the authorities. You can’t give the companies any chance to cover up, destroy evidence, circle the wagons, if you want to have a truly independent investigation and justice.”

Does such a system exist?

“Yes. There is one in Italy called GlobalLeaks. And there is one in Germany called Business Keeper. It’s all external, it’s all encrypted. The company has no idea who sent it. The person gets a code number. The information is all managed externally.”

Let’s get back to the end of the conference that you attended. After you gave your talk, what was said?

“One woman asked me to please talk about best practices for companies. I again repeated that I wouldn’t do that. I explained why.”

Was there any blow back after that?

“People were muttering. One woman got angry at me. She said she wanted to ask me a question, but didn’t. One person, a younger gentleman who worked for a bank in Germany, afterwards in the hallway, shook my hand and thanked me, said they needed to hear that. But after that I left. Even though there was one more session remaining.”

Was it a paid gig?

“They did offer me a speaker’s fee.”

What did they offer you?

“It was about $400. I got an email today from the organizers asking me to apologize to two of the participants. I wrote back saying I thought they should apologize to the public.”

“There was absolutely nothing I said that was not true. I used data, I used statistics, I used examples, dates, names places. There was nothing I said that was an opinion. I have never been a whistleblower myself. It’s based on research I’ve done for the UN, for the European Commission, for the OECD, for many government agencies. We’ve done more public research on whistleblower practices than anybody in the world.”

“Most of what I said was publicly known. They weren’t expecting what I said. They were not taking responsibility for their actions. They were very breezy in how they were talking about the prosecutions – as if it didn’t involve them. There was somehow some kind of an air gap between them and what their company had done wrong. There was a total sense of denial. I was there to say – you guys did this. Why are you talking about this in such a lighthearted casual way? If you want to fix the problem, talk about it seriously.”

“Given how many people were laughing, I think most of the people in the room knew that compliance was a joke.”

What were they laughing at?

“They were laughing about compliance training, about having a monitor, about looking forward to having the monitor period end, about doing the training on line and not having to put a lot of effort into it. I was taken aback by the laughter.”

“If you were in a room of vice presidents of major corporations, you would expect them to be sober and caring about what they are doing.”

“Why isn’t there a three strikes and you are out rule? Why aren’t you banned from the public if you commit three of these major crimes? If you are a lawyer, or a doctor or airplane pilot, they will take your license away if you engage in repeated wrongdoing. Why aren’t these people banned from working at publicly traded companies?”

“Many people in that room looked at this as a field trip to Munich, as a joke, another box ticking exercise. Most people in that room who spoke were not serious about what they were saying.”

[For the complete q/a format Interview with Mark Worth, see 32 Corporate Crime Reporter 47 (12), December 3, 2018, print edition only.]

Copyright © Corporate Crime Reporter
In Print 48 Weeks A Year

Built on Notes Blog Core
Powered by WordPress